the Internet Windows Android
Expand
the main

Regulatory materials. Documents of July 6, N 676

(as amended by the Decree of the Government of the Russian Federation of November 14, 2015 No. 1235, from 11.05.2017 No. 555)

In accordance with Part 6 of Article 14 of the Federal Law "On Information, Information Technology and Information Protection", the Government of the Russian Federation decides:

1. To approve the accompanying requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases.

2. To establish that the activities provided for by the requirements approved by this Resolution are carried out by federal executive bodies within the budget allocations provided for by the Federal Law on the federal budget for the relevant fiscal year and the planning period for manual and management in the field of established functions.

3. Recommend other government agencies, in addition to the federal executive bodies and executive bodies of the constituent entities of the Russian Federation, as well as government bodies of state extrabudgetary funds, local governments to be guided in their activities with the requirements approved by this Resolution.

Chairman of the government
Russian Federation
D.Medvedev

Requirements for the procedure for creating, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases

Approved
Decree of Government
Russian Federation
dated July 6, 2015 № 676

I. General provisions

1. This document defines the requirements for the implementation of measures to create, develop, commissioning, operation and conclusion from the operation of state information systems and further storage of information contained in their databases carried out by the federal executive bodies and the executive authorities of the constituent entities of the Russian Federation ( Further, respectively, the system, executive authorities) in order to improve the effectiveness of the implementation of authority of executive authorities as a result of using information and communication technologies.

1 (1). In implementing the executive authorities, measures to create, develop, commissioning, operation and conclusion from the operation of systems and further storage of information contained in their databases should be carried out:
(a) Requirements for the protection of information contained in systems established by the federal authority of the executive authority in the field of security and the federal executive authority authorized in the field of countering technical exploration and technical protection of information, within their powers;
b) Requirements for the organization and measures to protect the information contained in the system.

1 (2). In order to fulfill the requirements for the protection of information provided for in paragraph 1 (1) of this document (hereinafter referred to as the requirements for information protection), the executive authorities define the requirements for the protection of information contained in the executive body system, for which they carry out:
a) the definition of information to be protected from illegal access, destruction, modification, blocking, copying, providing, distribution, as well as other unlawful actions for such information;
b) Analysis of regulatory legal acts, methodological documents and national standards, which must be configured;
c) classification of the system in accordance with the requirements for information protection;
d) determining the threats to the security of information, the implementation of which can lead to a violation of the safety of information in the system, and the development based on the security of information security threats;
e) Determining the requirements for the information system (subsystem) of the protection of information contained in the system.

II. Requirements for the procedure for creating a system

2. The basis for creating the system is:
a) the obligation of the executive authority to create a system provided for by regulatory legal acts;
b) the decision of the executive body on the creation of the system in order to ensure the implementation of powers assigned to him.

3. The creation of the system is carried out in accordance with the technical task, taking into account the model of the safety threats of the information provided for by sub-clause "G" of paragraph 1 (2) of this document.

Model of information security threats and (or) The technical task for the creation of the system is consistent with the federal executive authority in the field of security and the federal executive authority authorized in the field of countering technical exploration and technical protection of information, within their powers in terms of the implementation of the established Requirements for information protection.

The technical task for the creation of the system should include the requirements for the protection of the information contained in the system in accordance with subparagraph "A" (1) of this document.

4. Technical task for creating a system and a model of information threats to the information is approved by the official of the executive authority, which is entrusted with the appropriate authority.

5. The procedure for creating the system includes the following sequentially implemented steps:
a) the development of documentation for the system and its parts;
b) the development of working documentation for the system and its parts;
c) development or adaptation of software;
d) commissioning work;
e) conducting preliminary tests of the system;
e) conducting experienced operation of the system;
g) carrying out acceptance tests of the system.

6. The stage of development of documentation for the system and its part includes the development, coordination and approval of the documentation in the amount necessary to describe the complete set of design solutions (including the protection of information) and sufficient to further fulfill the work on the creation of the system.

7. The system of developing working documentation for the system and its part includes the development, coordination and approval of the documentation containing the information necessary to perform the work on the commissioning of the system to operate and its operation, and the procedure for exploiting the system containing the information necessary for maintaining the level of maintenance operational characteristics of the system (including information protection) established in the design decisions specified in paragraph 6 of this document, including:
a) a list of employee actions when performing the tasks of system operation, including a list, species, volumes and frequency of work on ensuring the functioning of the system;
b) control of the performance of the system and components providing information protection;
c) a list of faults that may occur during the operation of the system and recommendations for actions in their occurrence;
d) The list of operating modes of the system and their characteristics, as well as the procedure and rules for the translation of the system from one work mode to another with the indication of the required time.

8. The software development or adaptation step includes the development of the system software, the choice and adaptation of the purchased software, as well as in cases and how to certify the developed software software and information security tools for information security requirements.

9. The commissioning stage includes an autonomous setup of technical means and software parts of the system, downloading information to its database, comprehensive targeting of technical means and system software, including information protection tools.

10. The preliminary test phase includes:
(a) The development of a program and methods of preliminary tests, in accordance with which the system is checked for performance and compliance with the technical task for its creation;
b) checking the system for performance and compliance with the technical task for its creation;
c) elimination of malfunctions identified when conducting such tests and making changes to the documentation and working documentation for the system;
d) Registration of the test report and the act of acceptance of the system in trial operation.

11. The stage of trial operation includes:
a) the development of the program and the technique of trial operation;
b) trial operation of the system in accordance with the program and technique of trial operation;
c) refinement of system software and additional adjustment of technical means in case of detection of deficiencies identified during the operating operation of the system;
d) Registration of the Act on the completion of the experienced operation, which includes a list of shortcomings that need to be eliminated before the operation of the system.

12. The stage of acceptance test includes:
a) testing the system for compliance with the technical task for its creation in accordance with the program and methodology of acceptance tests;
b) analysis of the results of eliminating the shortcomings specified in the act on the completion of the pilot operation;
c) Registration of an act of acceptance of the system commissioning.

III. Requirements for commissioning system

13. The basis for commissioning the system is the legal act of the executive authority of the commissioning system, which determines the list of measures to ensure the commissioning system and establishing the start of operation.

14. Legal act of the executive authority on commissioning commission includes:
(a) Events on the development and approval of organizational and administrative documents that define information on the protection of information during the operation of the system, the development of which is provided for by regulatory legal acts and methodological documents of the federal executive authority in the field of security and federal executive authority authorized in the field of countering technical intelligence and technical protection of information, as well as national standards in the field of information protection;
b) measures for certification of the system according to the requirements of information protection, as a result of which in the cases established by the legislation, cases are confirmed by the compliance of the protection of information contained in the system, the requirements stipulated by the legislation of the Russian Federation on information, information technologies and the protection of information;
c) measures to prepare the executive authority to operate the system;
d) measures to prepare officials of the executive authority to operate the system, including those responsible for providing information protection.

15. Entering the system is not allowed in the following cases:
a) failure to comply with the laws of information protection established by the legislation of the Russian Federation, including the lack of a valid certificate compliance with the requirements of the safety of information;
b) the absence in the register of territorial placement of control facilities provided for by the rules for the implementation of the placement of technical means of information systems used by government agencies, local governments, state and municipal unitary enterprises, state and municipal institutions, in the territory of the Russian Federation, approved by the Government Decree of the Russian Federation dated July 6, 2015 No. 675 "On the procedure for monitoring compliance with the requirements provided for by part 2.1 of Article 13 and part 6 of article 14 of the Federal Law" On Information, Information Technology and Information Protection ", information about the placement of technical means of information system in the territory Russian Federation;
c) Failure to comply with the requirements of this section identified during the implementation of controls in accordance with the rules for monitoring compliance with the requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their data databases approved Decree of the Government of the Russian Federation dated July 6, 2015 No. 675 "On the procedure for monitoring compliance with the requirements stipulated by Part 2.1 of Article 13 and part 6 of Article 14 of the Federal Law" On Information, Information Technologies and Information Protection ".

16. The term of operation of the system cannot be earlier than the deadline for the end of the last event provided for by the legal act of the executive authority on commissioning the system.

IV. Requirements for the procedure for the development of the system

17. The system development activities are carried out in accordance with the requirements established to create a system.

V. Requirements for the procedure for operation of the system

18. The basis for the start of operation of the system is the occurrence of the deadline established by the legal act of the executive authority on the commissioning system specified in paragraph 13 of this document.

19. The executive body operates the system in accordance with the working documentation specified in paragraph 7 of this document.

Vi. Requirements for the procedure for the output of the system from operation and further storage contained in its information databases

20. The basis for the output of the system from operation is:
a) the completion of the life of the system, if such a period has been established by the legal act of the executive authority on commissioning the system;
b) the inexpediency of the operation of the system, including the low efficiency of used technical means and software, a change in legal regulation, making management decisions, as well as the availability of other changes that impede the operation of the system;
c) Financial and economic inefficiency of the system operation.

21. In the presence of one or more grounds for the output of the system from the operation specified in paragraph 20 of this document, the executive authority approves the legal act on the output of the system.

22. Legal act on the output of the system from operation includes:
a) the basis for the output of the system from operation;
b) a list and deadlines for the implementation of the system with exploitation;
c) order, deadlines, storage mode and future use of information resources, including the procedure for providing access to information resources from the operation of the system and ensure the protection of information contained in the system derived from operation;
d) order, deadlines and ways to inform users about the output of the system from operation.

23. The list of measures to derive the system from operation includes:
a) the preparation of legal acts related to the output of the system from exploitation;
b) work on the decommissioning system, including work on uninstalling system software, to realize the rights to system software, dismantle and write off the system of system, ensuring the storage and further use of system information resources;
c) ensuring information security in accordance with the documentation for the system and organizational and administrative documents on the protection of information, including the archiving of information contained in the system, the destruction (erasing) of data and residual information from the machine carriers and (or) the destruction of machine media .

24. If the regulatory legal acts of the Russian Federation has not been established otherwise, then the storage time of the information contained in the system databases is determined by the executive body and cannot be less than the storage time of information that are established for storing documents in paper, containing such information.

25. The exploitation of the system from operation cannot be earlier than the deadline for the end of the last event provided for by the legal act on the output of the system from exploitation.

The document is provided by a consultant

Government of the Russian Federation

About requirements

List of changing documents

In accordance with Part 6 of Article 14 of the Federal Law "On Information, Information Technology and Information Protection", the Government of the Russian Federation decides:

1. To approve the accompanying requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases.

2. To establish that the activities provided for by the requirements approved by this Resolution are carried out by federal executive bodies within the budget allocations provided for by the Federal Law on the federal budget for the relevant fiscal year and the planning period for manual and management in the field of established functions.

3. Recommend other government agencies, in addition to the federal executive bodies and executive bodies of the constituent entities of the Russian Federation, as well as government bodies of state extrabudgetary funds, local governments to be guided in their activities with the requirements approved by this Resolution.

Chairman of the government

Russian Federation

D. Medvedev

Approved

decree of Government

Russian Federation

Requirements

To the order of creation, development, commissioning,

Operation and output from government

Information systems and further storage

List of changing documents

(as amended by the Decree of the Government of the Russian Federation of 01.01.2001 N 1235)

I. General provisions

1. This document defines the requirements for the implementation of measures to create, develop, commissioning, operation and conclusion from the operation of state information systems and further storage of information contained in their databases carried out by the federal executive bodies and the executive authorities of the constituent entities of the Russian Federation ( Further, respectively, the system, executive authorities) in order to improve the effectiveness of the implementation of authority of executive authorities as a result of using information and communication technologies.

II. Requirements for the procedure for creating a system

2. The basis for creating the system is:

a) the obligation of the executive authority to create a system provided for by regulatory legal acts;

b) the decision of the executive body on the creation of the system in order to ensure the implementation of powers assigned to it.

3. The creation of the system is carried out in accordance with the technical assignment approved by the executive authority or being an integral part of the documentation on the purchase of goods, works, services for state needs.

4. The technical task for the creation of the system is approved by the official of the executive authority, which, in accordance with the distribution of responsibilities, the authority is assigned to the approval of such technical tasks.

5. The procedure for creating the system includes the following sequentially implemented steps:

a) the development of documentation for the system and its part;

b) the development of working documentation for the system and its parts;

c) development or adaptation of software;

d) commissioning work;

e) conducting preliminary tests of the system;

e) conducting experienced operation of the system;

g) carrying out acceptance tests of the system.

6. The stage of development of documentation on the system and its part includes the development, coordination and approval of the documentation in the amount necessary to describe the complete set of design solutions and sufficient to further work on the creation of the system.

7. The system of developing working documentation for the system and its part includes the development, coordination and approval of the documentation containing the information necessary to perform the work on the commissioning of the system to operate and its operation, and the procedure for exploiting the system containing the information necessary for maintaining the level of maintenance Operational characteristics (quality) of the system established in the design solutions specified in paragraph 6 of this document, including:

a) a list of employee actions when performing the tasks of system operation, including a list, species, volumes and frequency of work on ensuring the functioning of the system;

b) system performance control;

c) a list of faults that may occur during the operation of the system and recommendations for actions in their occurrence;

d) The list of operating modes of the system and their characteristics, as well as the procedure and rules for the translation of the system from one work mode to another with the indication of the required time.

8. The software development or adaptation phase includes the development of the system software, the choice and adaptation of the purchased software.

9. The commissioning stage includes an autonomous setup of technical tools and software parts of the system, downloading information to its database, comprehensive targeting of technical means and system software.

10. The preliminary test phase includes:

(a) The development of a program and methods of preliminary tests, in accordance with which the system is checked for performance and compliance with the technical task for its creation;

b) checking the system for performance and compliance with the technical task for its creation;

c) elimination of malfunctions identified when conducting such tests and making changes to the documentation and working documentation for the system;

d) Registration of the test report and the act of acceptance of the system in trial operation.

11. The stage of trial operation includes:

a) the development of the program and the technique of trial operation;

b) trial operation of the system in accordance with the program and technique of trial operation;

c) refinement of system software and additional adjustment of technical means in case of detection of deficiencies identified during the operating operation of the system;

d) Registration of the Act on the completion of the experienced operation, which includes a list of shortcomings that need to be eliminated before the operation of the system.

12. The stage of acceptance test includes:

a) testing the system for compliance with the technical task for its creation in accordance with the program and methodology of acceptance tests;

b) analysis of the results of eliminating the shortcomings specified in the act on the completion of the pilot operation;

c) Registration of an act of acceptance of the system commissioning.

III. Requirements for commissioning system

13. The basis for commissioning the system is the legal act of the executive authority of the commissioning system, which determines the list of measures to ensure the commissioning system and establishing the start of operation.

14. Legal act of the executive authority on commissioning commission includes:

a) measures to prepare the executive authority to operate the system;

b) Events on the preparation of officials of the executive authority to operate the system.

15. Entering the system is not allowed in cases:

a) the absence in the register of territorial placement of control facilities stipulated by the rules for the implementation of the placement of technical means of information systems used by government agencies, local governments, state and municipal unitary enterprises, state and municipal institutions, in the territory of the Russian Federation, approved by the Government Decree of the Russian Federation From July 6, 2015 N 675 "On the procedure for monitoring compliance with the requirements provided for by part 2.1 of Article 13 and part 6 of article 14 of the Federal Law" On Information, Information Technology and Information Protection ", information on the placement of technical means of information system in the territory Russian Federation;

b) non-compliance with the requirements of this section identified in the course of control in accordance with the rules for monitoring compliance with the requirements for the procedure for creating, development, commissioning, operation and withdrawal from the operation of state information systems and further storage of information contained in their databases approved Decree of the Government of the Russian Federation, specified in subparagraph "A" of this paragraph.

(p. 15 as amended. Decree of the Government of the Russian Federation of 01.01.2001 N 1235)

16. The term of operation of the system cannot be earlier than the deadline for the end of the last event provided for by the legal act of the executive authority on commissioning the system.

IV. Requirements for the procedure for the development of the system

17. The system development activities are carried out in accordance with the requirements established to create a system.

V. Requirements for the procedure for operation of the system

18. The basis for the start of operation of the system is the occurrence of the deadline established by the legal act of the executive authority on the commissioning system specified in paragraph 13 of this document.

19. The executive body operates the system in accordance with the working documentation specified in paragraph 7 of this document.

Vi. Requirements for the Procedure System

of operation and further storage contained

in its information databases

20. The basis for the output of the system from operation is:

a) the completion of the life of the system, if such a period has been established by the legal act of the executive authority on commissioning the system;

b) the inexpediency of the operation of the system, including the low efficiency of used technical means and software, a change in legal regulation, making management decisions, as well as the availability of other changes that impede the operation of the system;

c) Financial and economic inefficiency of the system operation.

21. In the presence of one or more grounds for the output of the system from the operation specified in paragraph 20 of this document, the executive authority approves the legal act on the output of the system.

22. Legal act on the output of the system from operation includes:

a) the basis for the output of the system from operation;

b) a list and deadlines for the implementation of the system with exploitation;

c) order, deadlines, storage mode and further use of information resources, including the procedure for providing access to information resources withdrawal system;

d) order, deadlines and ways to inform users about the output of the system from operation.

23. The list of measures to derive the system from operation includes:

a) the preparation of legal acts related to the output of the system from exploitation;

b) work on the decommissioning system, including work on uninstalling system software, to implement the rights to system software, dismantling and write-off system technical means, ensuring the storage and further use of the system information resources.

24. If the regulatory legal acts of the Russian Federation has not been established otherwise, then the storage time of the information contained in the system databases is determined by the executive body and cannot be less than the storage time of information that are established for storing documents in paper, containing such information.

25. The exploitation of the system from operation cannot be earlier than the deadline for the end of the last event provided for by the legal act on the output of the system from exploitation.


Already tomorrow (July 16, 2015) will begin to operate the Decree of the Government of the Russian Federation of 06.07.2015 N 676 "On the requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases".


The document is short and, in my opinion, is not particularly necessary. I did not find any underwater stones, and the main provisions we could already see in or other documents on the commissioning of AC / IP into operation. In fact, the ruling contains upper-level positions of approximately such a content:

"The procedure for creating the system includes the following sequentially implemented steps:
a) the development of documentation for the system and its part;
b) the development of working documentation for the system and its parts;
c) development or adaptation of software;
d) commissioning work;
e) conducting preliminary tests of the system;
e) conducting experienced operation of the system;
g) holding acceptance tests of the system. "

Another document is a little more important for us - the Decree of the Government of the Russian Federation of 06.07.2015 N 675 "On the procedure for monitoring compliance with the requirements provided for by Part 2.1 of Article 13 and Part 6 of Article 14 of the Federal Law" On Information, Information Technology and Information Protection " (together with the "Rules for the implementation of controlling the placement of technical means of information systems used by government agencies, local governments, state and municipal unitary enterprises, state and municipal institutions, in the territory of the Russian Federation", "the rules for monitoring compliance with the requirements for the creation order development, commissioning, operation and output from the operation of state information systems and further storage contained in their information databases ").

The document establishes the procedure for monitoring for the placement of information systems on the territory of the Russian Federationused by government agencies, local governments, state and municipal unitary enterprises or state and municipal institutions (control objects). And it's already interesting!

The registry contains the following information:
a) the name of the information system;
b) the name of the owner and (or) operator of the information system;
c) taxpayer identification number of the owner and (or) operator of the information system;
d) the address of the location of the owner and (or) of the operator of the information system;
e) a brief description of the nature of the information posted in the information system;
e) the official of the owner and (or) operator of the information system responsible for its operation;
g) the details of the document, according to which the person is appointed by the operator of the information system, - if the operator of the information system is not its owner;
h) network address of the information system in the information and telecommunication network "Internet" (if available);
and) the email address of the information system administrator;
k) information about the territorial placement of the object of control, which includes the address of the actual location of the technical means included in the information system.

And the registry is not just conducted, and also checked:

The Ministry of Communications and Mass Communications of the Russian Federation using the Information and Telecommunications Network "Internet" carries out an automated verification of information contained in the registry of each control object. In case of detection of non-compliance with information about the control object in the registry, an entry on the detected inconsistency is formed, on the basis of which the act on the discovered inconsistencies is drawn up. The act of identified inconsistencies is sent to the Federal Service for Supervision of Communications, Information Technologies and Mass Communications.
Based on the act, the Federal Service for Supervision in Communication, Information Technologies and Mass Communications within its competence carries out the activities provided for by the legislation of the Russian Federation on Administrative Offenses.

Total, I did not see something completely new and unexpected in the rulings, it was simply made another step on transferred and consolidate state IP into the territory of the Russian Federation. And as far as I understand, most and so here ...

"On the requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases"

Government of the Russian Federation

Decision
dated July 6, 2015 N 676

On the requirements for the procedit for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases

from 11/14/2015 N 1235, from 11.05.2017 N 555)

1. To approve the accompanying requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases.

2. To establish that the activities provided for by the requirements approved by this Resolution are carried out by federal executive bodies within the budget allocations provided for by the Federal Law on the federal budget for the relevant fiscal year and the planning period for manual and management in the field of established functions.

3. Recommend other government agencies, in addition to the federal executive bodies and executive bodies of the constituent entities of the Russian Federation, as well as government bodies of state extrabudgetary funds, local governments to be guided in their activities with the requirements approved by this Resolution.

Chairman of the government
Russian Federation
D. Medvedev

Approved
decree of Government
Russian Federation
dated July 6, 2015 N 676

Requirements
To the procedure for creating, development, commissioning, operation and output from the operation of state information systems and further storage contained in their information databases

(as amended by the decrees of the Government of the Russian Federation of 14.11.2015 N 1235, from 11.05.2017 N 555)

I. General provisions

1. This document defines the requirements for the implementation of measures to create, develop, commissioning, operation and conclusion from the operation of state information systems and further storage of information contained in their databases carried out by the federal executive bodies and the executive authorities of the constituent entities of the Russian Federation ( Further, respectively, the system, executive authorities) in order to improve the effectiveness of the implementation of authority of executive authorities as a result of using information and communication technologies.

1.1. In implementing the executive authorities, measures to create, develop, commissioning, operation and conclusion from the operation of systems and further storage of information contained in their databases should be carried out: from 11.05.2017 N 555)

(a) Requirements for the protection of information contained in systems established by the federal authority of the executive authority in the field of security and the federal executive authority authorized in the field of countering technical exploration and technical protection of information, within their powers; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

b) Requirements for the organization and measures to protect the information contained in the system. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

1.2. In order to fulfill the requirements for the protection of information provided for in paragraph 1.1 of this document (hereinafter referred to as the requirements for information protection), the executive authorities define the requirements for the protection of information contained in the system of the executive authority, for which they carry out: (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

a) the definition of information to be protected from illegal access, destruction, modification, blocking, copying, providing, distribution, as well as other unlawful actions for such information; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

b) Analysis of regulatory legal acts, methodological documents and national standards, which must be configured; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

c) classification of the system in accordance with the requirements for information protection; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

d) determining the threats to the security of information, the implementation of which can lead to a violation of the safety of information in the system, and the development based on the security of information security threats; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

e) Determining the requirements for the information system (subsystem) of the protection of information contained in the system. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

II. Requirements for the procedure for creating a system

2. The basis for creating the system is:

a) the obligation of the executive authority to create a system provided for by regulatory legal acts;

b) the decision of the executive body on the creation of the system in order to ensure the implementation of powers assigned to it.

3. The creation of the system is carried out in accordance with the technical task, taking into account the model of the safety of the information provided for by subparagraph "G" of paragraph 1.2 of this document. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

Model of information security threats and (or) The technical task for the creation of the system is consistent with the federal executive authority in the field of security and the federal executive authority authorized in the field of countering technical exploration and technical protection of information, within their powers in terms of the implementation of the established Requirements for information protection. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

The technical task for creating a system should include the requirements for the protection of information contained in the system formed in accordance with subparagraph "A" of paragraph 1.1 of this document. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

4. Technical task for creating a system and a model of information threats to the information is approved by the official of the executive authority, which is entrusted with the appropriate authority. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

5. The procedure for creating the system includes the following sequentially implemented steps:

a) the development of documentation for the system and its part;

b) the development of working documentation for the system and its parts;

c) development or adaptation of software;

d) commissioning work;

e) conducting preliminary tests of the system;

e) conducting experienced operation of the system;

g) carrying out acceptance tests of the system.

6. The stage of development of documentation for the system and its part includes the development, coordination and approval of the documentation in the amount necessary to describe the complete set of design solutions (including the protection of information) and sufficient to further fulfill the work on the creation of the system. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

7. The system of developing working documentation for the system and its part includes the development, coordination and approval of the documentation containing the information necessary to perform the work on the commissioning of the system to operate and its operation, and the procedure for exploiting the system containing the information necessary for maintaining the level of maintenance operational characteristics of the system (including information protection) established in the design decisions specified in paragraph 6 of this document, including: (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

a) a list of employee actions when performing the tasks of system operation, including a list, species, volumes and frequency of work on ensuring the functioning of the system;

b) control of the performance of the system and components providing information protection; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

c) a list of faults that may occur during the operation of the system and recommendations for actions in their occurrence;

d) The list of operating modes of the system and their characteristics, as well as the procedure and rules for the translation of the system from one work mode to another with the indication of the required time.

8. The software development or adaptation step includes the development of the system software, the choice and adaptation of the purchased software, as well as in cases and how to certify the developed software software and information security tools for information security requirements. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

9. The commissioning stage includes an autonomous setup of technical means and software parts of the system, downloading information to its database, comprehensive targeting of technical means and system software, including information protection tools. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

10. The preliminary test phase includes:

(a) The development of a program and methods of preliminary tests, in accordance with which the system is checked for performance and compliance with the technical task for its creation;

b) checking the system for performance and compliance with the technical task for its creation;

c) elimination of malfunctions identified when conducting such tests and making changes to the documentation and working documentation for the system;

d) Registration of the test report and the act of acceptance of the system in trial operation.

11. The stage of trial operation includes:

a) the development of the program and the technique of trial operation;

b) trial operation of the system in accordance with the program and technique of trial operation;

c) refinement of system software and additional adjustment of technical means in case of detection of deficiencies identified during the operating operation of the system;

d) Registration of the Act on the completion of the experienced operation, which includes a list of shortcomings that need to be eliminated before the operation of the system.

12. The stage of acceptance test includes:

a) testing the system for compliance with the technical task for its creation in accordance with the program and methodology of acceptance tests;

b) analysis of the results of eliminating the shortcomings specified in the act on the completion of the pilot operation;

c) Registration of an act of acceptance of the system commissioning.

III. Requirements for commissioning system

13. The basis for commissioning the system is the legal act of the executive authority of the commissioning system, which determines the list of measures to ensure the commissioning system and establishing the start of operation.

14. Legal act of the executive authority on commissioning commission includes: (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

(a) Events on the development and approval of organizational and administrative documents that define information on the protection of information during the operation of the system, the development of which is provided for by regulatory legal acts and methodological documents of the federal executive authority in the field of security and federal executive authority authorized in the field of countering technical intelligence and technical protection of information, as well as national standards in the field of information security; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

b) measures for certification of the system according to the requirements of information protection, as a result of which in the cases established by the legislation, cases are confirmed by the compliance of the protection of information contained in the system, the requirements stipulated by the legislation of the Russian Federation on information, information technologies and the protection of information; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

c) measures to prepare the executive authority to operate the system; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

d) measures to prepare officials of the executive authority to operate the system, including those responsible for providing information protection. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

15. Entering the system is not allowed in the following cases: (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

a) failure to comply with the laws of information protection established by the legislation of the Russian Federation, including the lack of a valid certificate compliance with the requirements of the safety of information; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

b) the absence in the register of territorial placement of control facilities provided for by the rules for the implementation of the placement of technical means of information systems used by government agencies, local governments, state and municipal unitary enterprises, state and municipal institutions, in the territory of the Russian Federation, approved by the Government Decree of the Russian Federation From July 6, 2015 N 675 "On the procedure for monitoring compliance with the requirements provided for by part 2.1 of Article 13 and part 6 of article 14 of the Federal Law" On Information, Information Technology and Information Protection ", information on the placement of technical means of information system in the territory Russian Federation; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

c) Failure to comply with the requirements of this section identified during the implementation of controls in accordance with the rules for monitoring compliance with the requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their data databases approved Decree of the Government of the Russian Federation dated July 6, 2015 N 675 "On the procedure for monitoring compliance with the requirements provided for by part 2.1 of Article 13 and part 6 of Article 14 of the Federal Law" On Information, Information Technology and Information Protection ". (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

16. The term of operation of the system cannot be earlier than the deadline for the end of the last event provided for by the legal act of the executive authority on commissioning the system.

IV. Requirements for the procedure for the development of the system

17. The system development activities are carried out in accordance with the requirements established to create a system.

V. Requirements for the procedure for operation of the system

18. The basis for the start of operation of the system is the occurrence of the deadline established by the legal act of the executive authority on the commissioning system specified in paragraph 13 of this document.

19. The executive body operates the system in accordance with the working documentation specified in paragraph 7 of this document.

19.1. The operation of the system is not allowed in cases indicated in paragraph 7 of Article 14 of the Federal Law "On Information, Information Technologies and Information Protection", as well as in paragraph 15 of this document. (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

Vi. Requirements for the procedure for the output of the system from operation and further storage contained in its information databases

20. The basis for the output of the system from operation is:

a) the completion of the life of the system, if such a period has been established by the legal act of the executive authority on commissioning the system;

b) the inexpediency of the operation of the system, including the low efficiency of used technical means and software, a change in legal regulation, making management decisions, as well as the availability of other changes that impede the operation of the system;

c) Financial and economic inefficiency of the system operation.

21. In the presence of one or more grounds for the output of the system from the operation specified in paragraph 20 of this document, the executive authority approves the legal act on the output of the system.

22. Legal act on the output of the system from operation includes:

a) the basis for the output of the system from operation;

b) a list and deadlines for the implementation of the system with exploitation;

c) order, deadlines, storage mode and future use of information resources, including the procedure for providing access to information resources from the operation of the system and ensure the protection of information contained in the system derived from operation; (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

d) order, deadlines and ways to inform users about the output of the system from operation.

23. The list of measures to derive the system from operation includes:

a) the preparation of legal acts related to the output of the system from exploitation;

b) work on the decommissioning system, including work on uninstalling system software, to implement the rights to system software, dismantling and write-off system technical means, ensuring the storage and further use of the system information resources.

c) ensuring information security in accordance with the documentation for the system and organizational and administrative documents on the protection of information, including the archiving of information contained in the system, the destruction (erasing) of data and residual information from the machine carriers and (or) the destruction of machine media . (as amended by the Decree of the Government of the Russian Federation of 11.05.2017 N 555)

24. If the regulatory legal acts of the Russian Federation has not been established otherwise, then the storage time of the information contained in the system databases is determined by the executive body and cannot be less than the storage time of information that are established for storing documents in paper, containing such information.

25. The exploitation of the system from operation cannot be earlier than the deadline for the end of the last event provided for by the legal act on the output of the system from exploitation.

Decree of the Government of the Russian Federation of July 6, 2015 N 676
"On the requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases"

In accordance with Part 6 of Article 14 of the Federal Law "On Information, Information Technology and Information Protection", the Government of the Russian Federation decides:

1. To approve the accompanying requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their information databases.

2. To establish that the activities provided for by the requirements approved by this Resolution are carried out by federal executive bodies within the budget allocations provided for by the Federal Law on the federal budget for the relevant fiscal year and the planning period for manual and management in the field of established functions.

3. Recommend other government agencies, in addition to the federal executive bodies and executive bodies of the constituent entities of the Russian Federation, as well as government bodies of state extrabudgetary funds, local governments to be guided in their activities with the requirements approved by this Resolution.

Requirements
to the procedure for creating, development, commissioning, operation and output from the operation of state information systems and further storage contained in their information databases
(appliance. Decree of the Government of the Russian Federation of July 6, 2015 N 676)

With changes and additions from:

I. General provisions

1. This document determines the requirements for the procedure for the implementation of activities to create, develop, commissioning, operation and conclusion from the operation of state information systems (hereinafter - the system) and the further storage of information contained in their databases carried out by the federal executive bodies and the executive bodies The authorities of the constituent entities of the Russian Federation (hereinafter referred to as the executive authorities) in order to improve the effectiveness of the authority of the executive authorities as a result of the use of information and communication technologies or executive authorities, acting as public partners, and private partners in accordance with public-private partnership agreements (hereinafter - a private partner) in order to implement these agreements.

1.1. In implementing the executive authorities by either private partners of measures to create, develop, commissioning, operation and conclusion from the operation of systems and the further storage of information contained in their databases should be carried out:

(a) Requirements for the protection of information contained in systems established by the federal authority of the executive authority in the field of security and the federal executive authority authorized in the field of countering technical exploration and technical protection of information, within their powers;

b) requirements for the organization and measures to protect the information contained in the system;

Change information:

Paragraph 1.1 is supplemented by subparagraph "B" from April 27, 2019 - Resolution

c) Requirements for the protection of personal data provided for by Part 3 of Article 19 of the Federal Law "On Personal Data" (in the case of the system of personal data).

Change information:

Decree of the Government of the Russian Federation of May 11, 2017 N 555 Requirements are supplemented with paragraph 1.2

1.2. In order to fulfill the requirements for the protection of information provided for in paragraph 1.1 of this document (hereinafter referred to as the requirements for information protection), the executive authorities define the requirements for the protection of information contained in the system of the executive authority, for which they carry out:

a) the definition of information to be protected from illegal access, destruction, modification, blocking, copying, providing, distribution, as well as other unlawful actions for such information;

b) Analysis of regulatory legal acts, methodological documents and national standards, which must be configured;

c) classification of the system in accordance with the requirements for information protection;

d) determining the threats to the security of information, the implementation of which can lead to a violation of the safety of information in the system, and the development based on the security of information security threats;

e) Determining the requirements for the information system (subsystem) of the protection of information contained in the system.

II. Requirements for the procedure for creating a system

2. The basis for creating the system is:

a) the obligation of the executive authority to create a system provided for by regulatory legal acts;

b) the decision of the executive authority on the creation of the system in order to ensure the implementation of the powers assigned to him;

Change information:

Paragraph 2 is supplemented by subparagraph "in" from April 27, 2019 - Resolution of the Russian Government of April 11, 2019 N 420

c) decision of the Government of the Russian Federation on the implementation of a public-private partnership project;

Change information:

Paragraph 2 is supplemented by subparagraph "G" from April 27, 2019 - Resolution of the Government of Russia of April 11, 2019 N 420

d) the decision of the Supreme Executive Body of the State of the constituent entity of the Russian Federation, if a public partner is the subject of the Russian Federation or a joint competition is planned with the participation of the subject of the Russian Federation (with the exception of cases of a joint competition with the participation of the Russian Federation).

3. Creating a system is carried out in accordance with the technical task, taking into account the model of the safety threats of information provided for by sub-clause "G" of paragraph 1.2 of this document, as well as levels of security of personal data when processing in information systems of personal data, depending on the threats to the security of these data and requirements, This document.

Model of information security threats and (or) The technical task for the creation of the system is consistent with the federal executive authority in the field of security and the federal executive authority authorized in the field of countering technical exploration and technical protection of information, within their powers in terms of the implementation of the established Requirements for information protection.

The technical task to create a system should include formed in accordance with subparagraphs "A" and "C" of paragraph 1.1 of this document. Requirements for the protection of information contained in the system.

4. Technical task for creating a system and a model of information threats to the information is approved by the official of the executive authority, which is entrusted with the appropriate authority.

5. The procedure for creating the system includes the following sequentially implemented steps:

a) the development of documentation for the system and its part;

b) the development of working documentation for the system and its parts;

c) development or adaptation of software;

d) commissioning work;

e) conducting preliminary tests of the system;

e) conducting experienced operation of the system;

g) carrying out acceptance tests of the system.

6. The stage of development of documentation for the system and its part includes the development, coordination and approval of the documentation in the amount necessary to describe the complete set of design solutions (including the protection of information) and sufficient to further fulfill the work on the creation of the system.

7. The system of developing working documentation for the system and its part includes the development, coordination and approval of the documentation containing the information necessary to perform the work on the commissioning of the system to operate and its operation, and the procedure for exploiting the system containing the information necessary for maintaining the level of maintenance operational characteristics of the system (including information protection) established in the design decisions specified in paragraph 6 of this document, including:

a) a list of employee actions when performing the tasks of system operation, including a list, species, volumes and frequency of work on ensuring the functioning of the system;

b) control of the performance of the system and components providing information protection;

c) a list of faults that may occur during the operation of the system and recommendations for actions in their occurrence;

d) The list of operating modes of the system and their characteristics, as well as the procedure and rules for the translation of the system from one work mode to another with the indication of the required time.

8. The software development or adaptation step includes the development of the system software, the choice and adaptation of the purchased software, as well as in cases and how to certify the developed software software and information security tools for information security requirements.

9. The commissioning stage includes an autonomous setup of technical means and software parts of the system, downloading information to its database, comprehensive targeting of technical means and system software, including information protection tools.

10. The preliminary test phase includes:

(a) The development of a program and methods of preliminary tests, in accordance with which the system is checked for performance and compliance with the technical task for its creation;

b) checking the system for performance and compliance with the technical task for its creation;

c) elimination of malfunctions identified when conducting such tests and making changes to the documentation and working documentation for the system;

d) Registration of the test report and the act of acceptance of the system in trial operation.

11. The stage of trial operation includes:

a) the development of the program and the technique of trial operation;

b) trial operation of the system in accordance with the program and technique of trial operation;

c) refinement of system software and additional adjustment of technical means in case of detection of deficiencies identified during the operating operation of the system;

d) Registration of the Act on the completion of the experienced operation, which includes a list of shortcomings that need to be eliminated before the operation of the system.

12. The stage of acceptance test includes:

a) testing the system for compliance with the technical task for its creation in accordance with the program and methodology of acceptance tests;

b) analysis of the results of eliminating the shortcomings specified in the act on the completion of the pilot operation;

c) Registration of an act of acceptance of the system commissioning.

III. Requirements for commissioning system

13. The basis for commissioning the system is the legal act of the executive authority of the commissioning system, which determines the list of measures to ensure the commissioning system and establishing the start of operation.

14. Legal act of the executive authority on commissioning commission includes:

(a) Events on the development and approval of organizational and administrative documents that define information on the protection of information during the operation of the system, the development of which is provided for by regulatory legal acts and methodological documents of the federal executive authority in the field of security and federal executive authority authorized in the field of countering technical intelligence and technical protection of information, as well as national standards in the field of information security;

b) measures for certification of the system according to the requirements of information protection, as a result of which in the cases established by the legislation, cases are confirmed by the compliance of the protection of information contained in the system, the requirements stipulated by the legislation of the Russian Federation on information, information technologies and the protection of information;

c) measures to prepare the executive body, as well as a private partner in the event of an agreement on public-private partnership for the operation of the system;

d) Events on the preparation of officials of the executive authority, as well as employees of a private partner in the event of an agreement on public-private partnership for the operation of the system, including those responsible for providing information protection.

15. Entering the system is not allowed in the following cases:

a) failure to comply with the laws of information protection established by the legislation of the Russian Federation, including the lack of a valid certificate compliance with the requirements of the safety of information;

b) the absence in the register of territorial placement of control facilities provided for by the rules for the implementation of the placement of technical means of information systems used by government agencies, local governments, state and municipal unitary enterprises, state and municipal institutions, in the territory of the Russian Federation, approved by the Government Decree of the Russian Federation From July 6, 2015 N 675 "On the procedure for monitoring compliance with the requirements provided for by part 2.1 of Article 13 and part 6 of article 14 of the Federal Law" On Information, Information Technology and Information Protection ", information on the placement of technical means of information system in the territory Russian Federation;

c) Failure to comply with the requirements of this section identified during the implementation of controls in accordance with the rules for monitoring compliance with the requirements for the procedure for the creation, development, commissioning, operation and conclusion from the operation of state information systems and further storage contained in their data databases approved Decree of the Government of the Russian Federation dated July 6, 2015 N 675 "On the procedure for monitoring compliance with the requirements provided for by part 2.1 of Article 13 and part 6 of Article 14 of the Federal Law" On Information, Information Technologies and Information Protection ". of this document.

20. The basis for the output of the system from operation is:

a) the completion of the life of the system, if such a period has been established by the legal act of the executive authority on commissioning the system;

b) the inexpediency of the operation of the system, including the low efficiency of used technical means and software, a change in legal regulation, making management decisions, as well as the availability of other changes that impede the operation of the system;

c) Financial and economic inefficiency of the system operation.

21. In the presence of one or more grounds for the output of the system from the operation specified in paragraph 20 of this document, the executive authority approves the legal act on the output of the system.

b) work on the decommissioning system, including work on uninstalling system software, to realize the rights to system software, dismantle and write off the system of system, ensuring the storage and further use of system information resources;

Change information:

Decree of the Government of the Russian Federation of May 11, 2017 N 555 Paragraph 23 is supplemented by subparagraph "in"

c) ensuring information security in accordance with the documentation for the system and organizational and administrative documents on the protection of information, including the archiving of information contained in the system, the destruction (erasing) of data and residual information from the machine carriers and (or) the destruction of machine media .

24. If the regulatory legal acts of the Russian Federation has not been established otherwise, then the storage time of the information contained in the system databases is determined by the executive body and cannot be less than the storage time of information that are established for storing documents in paper, containing such information.

25. The exploitation of the system from operation cannot be earlier than the deadline for the end of the last event provided for by the legal act on the output of the system from exploitation.

Did not find an answer to your question? Look at here
State Services Personal AccountState Services Personal Account
State Supervisory Cabinet- Entrance on SNILS and TelephoneState Supervisory Cabinet- Entrance on SNILS and Telephone
Single telephone rescue service in the Russian FederationSingle telephone rescue service in the Russian Federation