Procedure of Security Accreditation

Body or legal person, who is the owner of information system, will submit a formal request for security accreditation to the Information Systems Security Bureau.

After the formal request is received, initial meeting of representatives of body or legal person and Information Systems Security Bureau will be held. Purpose of this initial meeting is to determine features of information system, as a ground upon which the Information System Security Bureau will build the Strategy for Information System Security Accreditation.

The Strategy determines structured procedure of security accreditation which includes sequence of main activities, persons within the body or legal person responsible for implementation of security accreditation and their duties, necessary security documentation and authorities that will create it, as well as a timeline for each activity’s implementation.  Based upon this Strategy, body or legal person who is the owner of information system will, in coordination with the Information System Security Bureau, implement measures of information security within information system and prepare necessary security documentation.

Information Systems Security Bureau coordinates activities with the body or legal person throughout consultation with the information security advisor within body or legal person, persons who design and manage information system, persons authorized for business procedures of body or legal person, as well as with persons authorized for managing groups of information used within information system, in the areas of:

  • implementation of information system security standards
  • cryptographic security
  • protection from unwanted electromagnetic emanation (TEMPEST)
  • vulnerability scanning of information system
  • other expert activities within the scope of Information Systems Security Bureau’s work.

Based upon the assessment of security documentation and audit of implemented information security measures and standards within the information system, the Information System Security Bureau will issue Certificate of Security Accreditation of Information System or Interim Approval to Operate.