SCIENTIFIC PRODUCTION REPUBLICAN UNITARY ENTERPRISE “RESEARCH INSTITUTE FOR TECHNICAL PROTECTION OF INFORMATION”

Audit and protection analysis of the actual state of information security systems, assessment of compliance of the actual state of information security systems with the requirements of legislation on information, informatization and information protection

In order to determine the compliance of the information security system with the requirements of the legislation, including the mandatory requirements of technical normative legal acts in the field of technical and cryptographic protection of information, the company provides services for auditing and analyzing the security of the actual state of information security systems, assessing the compliance of the actual state of information security systems (information protection systems and information systems) with the requirements of the legislation on information, informatization and information protection

The objectives of information security audit are: obtaining objective evidence, analyzing the risks associated with the possibility of security threats to information resources; assessing the current level of information system security; localizing bottlenecks in the protection system; assessing the compliance of information systems with the requirements of legislation in the field of information protection.

A set of measures for technical and cryptographic protection of information at the stage of design and development of information protection systems

 A set of measures for technical and cryptographic protection of information subject to processing (collection, accumulation, input, output, acceptance, transmission, recording, storage, registration, destruction, transformation, display) in the information system includes design and development of the information protection system in accordance with the requirements of the legislation in the field of information protection.

The purpose of creating an information protection system is to develop and implement in the organization a set of legal, organizational and technical measures aimed at maintaining the required level of protection of information transmitted through communication channels and processed in information systems, ensuring confidentiality, integrity, authenticity, availability and safety of information.

Confirmation of compliance of information protection systems (informatization objects) with the requirements of legislation on information, informatization and information protection (state secrets)

Attestation of informatization objects is a set of organizational and technical measures and works carried out prior to the commissioning of the informatization object, as a result of which the compliance of the informatization object with the requirements of normative legal acts on technical protection of state secrets is documented.

The set of organizational and technical measures and works includes:

- inspection to identify possibly installed special technical means of tacit information gathering in the protected premises; 

- special studies of technical means;

- expert-documentary assessment of the operating conditions of the informatization object;

- instrumental control of information protection efficiency; 

- attestation (special) inspection of the informatization object. 

Attestation of information protection systems is a set of organizational and technical measures, as a result of which the compliance of the information protection system with the requirements of the legislation on information, informatization and information protection is documented.

Attestation of information protection systems provides for a comprehensive assessment of the information protection system under actual conditions of information system operation to ensure that the information protection requirements established by law are met.

Product testing as part of the procedure for confirming the compliance of information protection means with information security requirements

Information Security Testing Laboratory meets the criteria of the National Accreditation System of the Republic of Belarus, accredited for compliance with the requirements of GOST ISO/IEC 17025-2019 (accreditation certificate registration number No. BY/112 1.0386 dated May 28, 2001).

The main activities of the Testing Laboratory are:

- preparation of a set of documents and support of the procedure of certification of information protection means;

- development and evaluation of security assignments and protection profiles for compliance with the requirements of technical normative legal acts of the Republic of Belarus;

- development and coordination of test methods with the certification authority;

- organizing and conducting tests of software, hardware-software and hardware means of information protection (including means of cryptographic protection of information) in accordance with the requirements of the technical regulations of the Republic of Belarus “Information 

Technologies. Information Protection Means. Information Security” (TR 2013/027/BY) (Resolution of the Council of Ministers of the Republic of Belarus No. 145 dated March 12, 2020). Information protection means are tested for compliance with the requirements of technical normative legal acts of the Republic of Belarus (Order of the Operational and Analytical Center of the Republic of Belarus No. 207 dated December 28, 2020). 

The scope of accreditation includes the following test objects:

- technical means of transmission of speech information and auxiliary technical means and systems;

- electromagnetic noise generators;

- noise reducing filters;

- linear noise generators;

- restriction filters;

- means of protection of speech information from leakage through acoustic and vibroacoustic channels;

- means of protection of speech information from leakage through high-frequency imposition channels;

- hardware-software complexes measuring SERAI parameters;

- means of controlling the security of speech information;

- means of passive technical protection of digital telephone sets against leakage of speech information through channels of acoustoelectric conversion and high-frequency imposition in a two-wire digital communication line;

- low-frequency noise generators;

- cryptographic protection of information means;

- anti-malware and anti-virus software;

- routers and switches that act as routers;

- site management systems;

- firewalls;

- information security event data collection and processing systems;

- intrusion detection and prevention systems;

- systems for detecting and preventing information leaks from information systems;

- and other information technology products and systems

Conducting case studies of encryption equipment, special engineering analysis of information systems and communication complexes protected using cryptographic means of state secrets protection

The scope includes:

- conducting case studies in terms of cryptographic, cryptographic engineering and specialized studies;

- development of information systems and communication complexes protected with the use of cryptographic means of state secrets protection;

- conducting specialized engineering analysis of information systems and communication complexes protected using cryptographic means of state secrets protection.