Diasoft Digital Q.Security

Main article: Security Information and Event Management (SIEM)

The Q.Security platform will provide tasks such as authentication, managing user roles and access policies, logging information security events, and many other system tasks related to meeting information security requirements.

2023:

Obtaining the certificate of FSTEC of Russia

Diasoft received FSTEC Russia Certificate No. 4732 on compliance of the Digital Q.Security platform (formerly Diasoft FA# *) with the information security requirements for level 4 trust and technical specifications. The company announced this on November 16, 2023.

According to the certificate of the FSTEC of Russia, Digital Q.Security is software that has built-in means of protection against unauthorized access to information that does not contain information constituting a state secret, and also implements the functions of identification, authentication, access control, registration of security events and software integrity control.

The use of the Digital Q.Security platform certified by FSTEC allows credit institutions to comply with the Bank of Russia requirements for the use of certified application software, which are enshrined in the relevant provisions and GOST R-57580 (683-P (clauses 4.1., 4.3.), 719-P (clauses 1.2., 2.5, 2.14., 3.8-3.10., 4.6., 6.9., 6.10.), 757-P (clauses 1.8)). Also, the use of Digital Q.Security facilitates bringing the infrastructure in line with the decree of the President of Russia No. 250, federal laws of 187-FZ, 152-FZ and orders of the FSTEC of Russia No. 17, 21, 235, 236, 239.

Of the two ways to fulfill the requirements of the Bank of Russia, we chose to obtain a certificate for level 4 trust of the FSTEC of Russia. This made it possible to make Digital Q.Security accessible to customers and avoid the risks inherent in the alternative option associated with the implementation of the assessment of the estimated level of trust (OUD4). The requirements of the Bank of Russia often change, OUD4 assessment should be carried out directly in the customer's IT infrastructure on a regular basis as code changes are issued. At the same time, there are no rules and criteria for assessing the scope and result of such work. This makes the assessment of OUD4 a formal, expensive and resource-intensive task, "said Alexey Poletaev, director of information security at Diasoft.

Digital Q.Security is certified by the FSTEC of Russia for working with Western and domestic operating systems and DBMS, which allows for smooth and phased import substitution.

Product Presentation

Diasoft on May 15, 2023 announced the development of a product for automatic overlay and verification of the UNEP.

The software product "Electronic Signature," implemented in a microservice architecture on the Digital Q.Security technology platform, automates the processes of overlaying and checking UNEP (enhanced unqualified electronic signature). The use of the product reduces the labor costs of employees to perform routine operations in organizations of any area of ​ ​ activity.

Each incoming message signed with an electronic signature must be verified, and only then can you continue to work with it. As a rule, verification is carried out in specialized software manually. The Electronic Signature software product will allow you to automate this process. It automatically "captures" the document from the file store and checks the superimposed electronic signature. This is very useful if your organization receives documents at the end of an employee's working day on a regular basis.

In a message or document, for example, in a report that is already ready to be sent to an external organization, the software product automatically signs an electronic signature. The product independently determines the certificate for signing based on existing rules. Using BPM processes allows you to flexibly configure working with two or more signatories and checking several overlaid signatures.