FSTEC on regulation of information security during the pandemic
Valery Vasiliev | 02/15/2021
Vitaly Lyutikov
The annual forum "Security Technologies" is of great interest due to the active participation of Russian regulators in the sphere of information security. At the recently concluded regular "TB Forum", the FSTEC of Russia held a separate conference "Current Issues of Information Security".
Of the many questions related to this topic, Deputy Director of the FSTEC of Russia Vitaly Lyutikov suggested that conference participants focus on the issues of ensuring information security during remote work that have become relevant over the past year and a half of the pandemic.
He prefaced his speech with a statement that FSTEC, citing a request from some experts, decided not to share its long-term plans with the expert community. From now on, the Service intends to notify the public only about what it has already done, so as not to "stir up the minds of some experts by saying that we promised [something] and did not fulfill it; we will not promise, but will work based on the fact - a document was released, and everyone rushed to implement it." For this reason, he largely structured his speech as an overview of the results of the Service's work in 2020.
Over the past year, amendments were belgium whatsapp data and made to the regulation on FSTEC (presidential decree of 31.08.2020 No. 535) in terms of granting the Service the authority to determine the procedure for certifying information technology objects. According to regulators, this will speed up the development and publication of regulatory legal acts determining the mandatory nature of certain certification-related procedures, primarily those for failure to comply with which one or another liability is imposed.
After signing this decree, FSTEC began developing a document defining the procedure for certification of information technology facilities that process classified information (currently at the Ministry of Justice for state registration) and a document defining the procedure for certification of facilities that process confidential information - such facilities include state information systems, other critical information infrastructure (CII) facilities, personal data information systems (being finalized based on the results of discussions by the expert community). Vitaly Lyutikov emphasized that as a result of all the changes, control over the certification process, primarily on the part of FSTEC licensees, will be strengthened.