what has changed in cybersecurity legislation in January 2023

FSTEC of Russia announced the approval of the Information Security Requirements for virtualization tools and published an extract from them.

The document is intended for organizations that develop virtualization tools, applicants for certification, as well as for testing laboratories and certification bodies that certify information security tools for compliance with mandatory information security requirements.

The document includes the minimum required information security requirements for the level of trust of the virtualization tool, the host operating system in which the virtualization tool operates, and the composition of the security functions of the virtualization tool.

To differentiate information security requirements for virtualization tools, 6 protection classes are established. The lowest class is the sixth, the highest is the first.

As part of the activities of the technical committee for standardization “Information Protection” (TK 362) it is planned to develop the following national standardsrelated to information security:

· Information technology. Methodology for the development of trusted systems. Constructive information security. General provisions.

· Information technology. Methodology for the development of trusted systems. Constructive information security. Design patterns.

· Information technology. Methodology for the development of trusted systems. Constructive information security. Development methodology.

· Data protection. Information security organization and management system. General provisions.

· Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 2: Security functional components.

· Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 1. Introduction and general model.

· Data protection. Formal access control model. Development recommendations.

· Data protection. Identification and authentication. Typical threats and vulnerabilities of identification and authentication processes.

· Data protection. Formal access control model. Recommendations for Verification of Formal Descriptions of Security Tool Modules Implementing Access Control Policies.

· Data protection. Identification and authentication. Guidelines for managing identity and authentication.

· Data protection. Information security technology. Nomenclature of quality indicators.

· Data protection. Automated account and access rights management system. General requirements.

· Data protection. Basic terms and definitions.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *