FSTEC will tighten requirements for data protection developers
The FSTEC of Russia proposed extending the requirements for information security for the public sector to commercial companies that organize the protection of government data.
FSTEC of Russia offered extend information security requirements for commercial companies that organize the protection of government data. To do this, the regulator has developed a draft presidential decree, which is posted on the portal of legal acts. It establishes the rules for protecting information in Russian organizations, and also establishes the creation of a state organizational system for protecting information.
According to the plans of the FSTEC, the system will consist of “bodies and organizations that perform the functions of protecting information and the means of protection used by them.” The order also defines six categories of participants in the system, including security agencies such as the FSTEC and the FSB of Russia, organizations that have the authority to certify security equipment, and companies that provide services in the field of protecting government information.
The project expands the range of companies to which the requirements of the FSTEC in the field of information security will apply, and makes them mandatory for contractors that ensure the security of state information systems.
This means that companies that supply products and services for protecting information in the public sector will be required to comply with the requirements of the FSTEC and undergo certification of their security tools.
According to experts, the order will ensure an even level of protection of state information, but at the same time “will increase the burden on responsible deputy heads of companies, as it will entail more reporting and approvals with the regulator.”