Cryptographic Protection

State authorities, local and regional self-government bodies and legal persons with public authority who connect their information systems through public and unprotected communication channels with other information systems for the purpose of classified information exchange, must apply appropriate cryptographic protection measures. Besides confidentiality, methods of cryptographic protection ensure integrity, authenticity and non-repudiation of classified information.

Information Systems Security Bureau prescribes standards for cryptographic protection of classified information used by bodies and legal persons, owners of information system, for implementation of system for cryptographic protection.

For protection of information classified as RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET in the Republic of Croatia it is allowed to use only those cryptographic solutions or products approved by the Information Systems Security Bureau, as well as those listed in the Registry of products approved for classified information protection. After product’s certification process is finished, or already issued certificate listed in the international organization’s registry is accepted, the Information Systems Security Bureau will include products into the Registry.

With implementation of certification procedure the Information Systems Security Bureau evaluates cryptographic product’s compliance with international standards, in order to establish whether specific product has the ability to ensure desired level of protection in accordance with secrecy level of information protected. Certification procedure is implemented upon request of state authority who intends to use a specific cryptographic solution within its own information system.

Information Systems Security Bureau’s activities includes research, development and evaluation of technologies for cryptographic protection of classified information, as well as handling cryptographic material of other countries and international organizations used within information systems of the state authorities in the Republic of Croatia for the purpose of international classified information protection.