Certification of IT Security solutionsfor compliance with Russian securitystandardsValentin TsirlovPh.D., CISSP, AMBCI
Certification of software in RussiaTesting for compliance with Russiansecurity standardsMay be guided by FSTEC, Ministry o...
Why is it necessary?Certification is mandatory• For personal data protection systems (Federal law#152)• For systems contai...
In FSTEC: what exactly isrequired?• Black box testing to ensurethat it works as it shouldCertification of thefunctionality...
Some legal issuesCertification may only be initiated (orclaimed for) by a Russian legal entity• So you need a local repres...
NDF testing: it’s not that difficult!Access to source code is necessary• And yes, this is what everybody is worried about....
Who takes part in the certificationprocess?Developer ClaimerCertificationlaboratoryCertificationauthorityFSTEC7
OK, what should we do?Choose aclaimerChoose acertificationlaboratoryProvide accessto source codeHelp infunctionaltestingTr...
So, certification laboratory is anentry pointIt will actually provide all tests• So choose a reliable oneIt should help yo...
How to choose a laboratory?It must have all necessary licenses and accreditationsIt should have enough experts to provide ...
So why should you probablychoose Echelon?The biggest and most experienced laboratory inRussia: 300 successful projectsLots...
12Meet or customers - worldwide
Valentin TsirlovExecutive director of Echelon, JSCPhone.: +7(495) 645-38-09v.tsirlov@npo-echelon.ruwww.npo-echelon.comYour...
Upcoming SlideShare
Loading in …5
×

Certification

482 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
482
On SlideShare
0
From Embeds
0
Number of Embeds
83
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Certification

  1. 1. Certification of IT Security solutionsfor compliance with Russian securitystandardsValentin TsirlovPh.D., CISSP, AMBCI
  2. 2. Certification of software in RussiaTesting for compliance with Russiansecurity standardsMay be guided by FSTEC, Ministry ofDefense, FSB, etc.In most cases we mean FSTEC – FederalService for Technical and Export Control2
  3. 3. Why is it necessary?Certification is mandatory• For personal data protection systems (Federal law#152)• For systems containing state-owned informationOr it is generally recommended• In major corporations• In financial structures• …3
  4. 4. In FSTEC: what exactly isrequired?• Black box testing to ensurethat it works as it shouldCertification of thefunctionality• Testing of source code forthe absence of softwarevulnerabilitiesCertification for theabsence of non-declared functions(NDF)4In most cases, both types are necessary!
  5. 5. Some legal issuesCertification may only be initiated (orclaimed for) by a Russian legal entity• So you need a local representative or you mayuse one of your local partnersClaimer for certification needs aspecial FSTEC license5
  6. 6. NDF testing: it’s not that difficult!Access to source code is necessary• And yes, this is what everybody is worried about. But:All tests may be provided at developers premises• And under full control of your security specialists.Code is never transferred anywhereAll reports may be reviewed by your security specialists before they aretaken away.6
  7. 7. Who takes part in the certificationprocess?Developer ClaimerCertificationlaboratoryCertificationauthorityFSTEC7
  8. 8. OK, what should we do?Choose aclaimerChoose acertificationlaboratoryProvide accessto source codeHelp infunctionaltestingTranslatedocumentationinto Russian8Laboratory will do the rest!
  9. 9. So, certification laboratory is anentry pointIt will actually provide all tests• So choose a reliable oneIt should help you to organize the whole processIt should be able to help you with finding aclaimer, obtaining corresponding licenses, etc.9
  10. 10. How to choose a laboratory?It must have all necessary licenses and accreditationsIt should have enough experts to provide all tests in parallelIt will help a lot if it has experience in certification offoreign productsAnd the best laboratories are always those that areaccredited to act as certification authorities as well10
  11. 11. So why should you probablychoose Echelon?The biggest and most experienced laboratory inRussia: 300 successful projectsLots of satisfied international customers:Symantec, McAfee, IBM, SAP AG, Trend Micro,ESET, Huawei, Siemens, OpenTextAnd not least – our experts speak English!11
  12. 12. 12Meet or customers - worldwide
  13. 13. Valentin TsirlovExecutive director of Echelon, JSCPhone.: +7(495) 645-38-09v.tsirlov@npo-echelon.ruwww.npo-echelon.comYour questions are alwayswelcome

×