what has changed in cybersecurity legislation in December 2021

My name is Katya, at Solar Integration I am responsible for compliance and closely monitor all changes in cybersecurity legislation. In the latest issue of our compliance digest, I have collected a brief extract from the news for December 2021 and traditionally divided them into thematic blocks: the functioning of the State SOPKA, the security of CII facilities, biometric personal data, documents for official use, inspections of regulators, plans of the FSTEC of Russia for 2022 year, standardization news, industry changes. If it is important for you to keep abreast of changes in the requirements of regulators, welcome to the cat!

Functioning of GosSOPKA

1. The FSB has expanded the list of officials authorized to draw up protocols on administrative offenses for violations related to the functioning of the GosSOPKA. The innovation also concerns the consideration of cases of administrative offenses provided for in parts 2 and 3 of article 13.12.1 and part 2 of article 19.7.15 of the Code of Administrative Offenses. The corresponding order to this effect is published on the official Internet portal of legal information (order of the FSB of Russia dated November 29, 2021 No. 472).

Security of CII facilities

2. Government to its own resolution made changes to the rules for categorizing critical information infrastructure objects. Key innovations of the document:

  • The CII subject must inform the FSTEC of Russia about changes in information about significant CII objects no later than 20 business days from the date of their change.

  • State bodies and Russian legal entities should monitor the provision of relevant and reliable information by CII subjects.

  • If a violation of the deadlines for categorization work is detected and cases of submission of irrelevant or inaccurate information, information about this is sent to the FSTEC of Russia.

Biometric personal data

3. The unified biometric system (UBS) received the status of the state information system. The relevant federal law (441-FZ) entered into force on December 30, 2021. Now Russians can place their biometric data in the EBS using the mobile application of the same name. At the same time, according to the law, citizens must have a verified account in the ESIA and a valid foreign passport with biometric data.

Documents for official use

4. The Ministry of Digital Development submitted for public discussion a draft resolution of the Government of the Russian Federation “On approval of the Regulations on the procedure for handling documents for official use.” The project was developed to replace the current document, which was adopted back in 1994 (Decree of the Government of the Russian Federation No. 1233 of 03.11.1994).

The new regulation includes the following changes:

  • It is distributed in federal government bodies and state corporations, as well as in enterprises, institutions and organizations subordinate to them.

  • To prevent unauthorized access to documents in electronic form containing service information of limited distribution, during their transfer, it is possible to use the transport bus of interdepartmental electronic document management. At the same time, the sender and recipient must have electronic document management systems or other software (software and hardware) solutions.

  • It establishes the need for certification of electronic document management systems or other software solutions, as well as electronic document storage systems for compliance with the requirements of the Federal Security Service of Russia and the FSTEC of Russia.

Regulator Checks

5. Roskomnadzor has developed new forms of checklists (lists of checklists) used by the department when conducting on-site inspections. We are talking about scheduled inspections to comply with mandatory requirements in the field of personal data processing in relation to legal entities and individuals, individual entrepreneurs, as well as operators that are state or municipal authorities. Related project order of Roskomnadzor submitted for public comment.

6. The FSTEC of Russia submitted for public discussion draft departmental orders aimed at establishing the forms of evaluation sheets, in accordance with which the regulator plans to assess the compliance of a license applicant or licensee with license requirements when implementing:

7. The FSB of Russia submitted for public discussion draft order, approving the forms of documents that the service uses in the licensing process in accordance with the Federal Law of May 4, 2011 No. 99-ФЗ “On Licensing Certain Types of Activities”.

The project includes forms of documents, as well as lists of questions reflecting the fulfillment of license requirements in the following activities:

  • development, production, distribution of encryption (cryptographic) means, information systems and telecommunication systems protected using encryption (cryptographic) means, performance of work, provision of services in the field of information encryption, maintenance of encryption (cryptographic) means, information systems and telecommunication systems, protected using encryption (cryptographic) means (except for the case when the maintenance of encryption (cryptographic) means, information systems and telecommunication systems protected using encryption (cryptographic) means is carried out to meet the own needs of a legal entity or an individual entrepreneur);

  • development, production, sale and acquisition for the purpose of sale of special technical means intended for secretly obtaining information;

  • identification of electronic devices intended for secretly obtaining information;

  • development and production of means of protecting confidential information.

Plans of FSTEC of Russia for 2022

8. This year FSTEC of Russia plans to develop a number of normative legal acts:

  • draft order of the FSTEC of Russia “On Amendments to the Administrative Regulations of the Federal Service for Technical and Export Control on the provision of public services for licensing activities for the development and production of means of protecting confidential information, approved by order of the FSTEC of Russia dated July 17, 2017 No. 133”;

  • Draft Order of the FSTEC of Russia “On Amendments to the Administrative Regulations of the Federal Service for Technical and Export Control for the Provision of a State Service for Licensing Activities for the Technical Protection of Confidential Information, approved by Order of the FSTEC of Russia dated July 17, 2017 No. 134”;

  • Draft order of the FSTEC of Russia “On approval of the form of the assessment sheet, in accordance with which the assessment of the compliance of the license applicant or licensee with license requirements in the implementation of activities for the technical protection of confidential information”;

  • Draft order of the FSTEC of Russia “On approval of the form of the evaluation sheet, in accordance with which the assessment of the compliance of the license applicant or licensee with license requirements in the development and production of confidential information protection tools is carried out”;

  • Draft Order of the FSTEC of Russia “On Amendments to the Administrative Regulations of the Federal Service for Technical and Export Control on the Performance of the State Function of Control over Compliance with Licensing Requirements in the Implementation of Technical Protection of Confidential Information, approved by Order of the FSTEC of Russia dated July 20, 2012 No. 89” ;

  • Draft Order of the FSTEC of Russia “On Amendments to the Administrative Regulations of the Federal Service for Technical and Export Control on the execution of the state function of monitoring compliance with license requirements in the development and production of means of protecting confidential information, approved by order of the FSTEC of Russia dated July 20, 2012. No. 90”;

  • Draft Order of the FSTEC of Russia “On Amendments to the Requirements for the Protection of Information Not Constituting State Secrets Contained in State Information Systems, approved by Order of the FSTEC of Russia dated February 11, 2013 No. 17”.

9. FSTEC of Russia by order approved a program for the prevention of violations of mandatory licensing requirements in the course of activities for the technical protection of confidential information and activities for the development and production of means of protecting confidential information for 2022.

News in the field of standardization

10. Effective January 1, 2022 GOST R ISO/IEC 27001-2021 “Information technology. Methods and means of ensuring security. Information security management systems. Requirements”. This GOST is identical to the international standard ISO/IEC 27001:2013 and is accepted instead of GOST R ISO/IEC 27001-2006.

11. The Federal Agency for Technical Regulation and Metrology has published new GOSTs on its website:

The documents will come into force on April 30, 2022.

Industry changes

12. The Bank of Russia has developed requirements for financial market participants to ensure the protection of information in order to counter illegal financial transactions. Corresponding draft regulation published on the official Internet portal of legal information.

13. The National Guard submitted for public discussion draft order, approving the list of information of the department to be classified as an official secret in the field of defense.

Similar Posts

Leave a Reply Cancel reply