State examination in the field of technical protection of information

State examination in the field of technical protection of information (hereinafter - examination) is conducted to confirm the compliance of the object of examination with the requirements of regulatory documents on technical protection of information and the possibility of using the object of examination to ensure technical protection of information.

The objects of examination are:

• complex systems of information protection (hereinafter - KSZI), which are an integral component of information, telecommunications or information and telecommunications systems (hereinafter - ITS);
• hardware, hardware and software, and software tools that implement the functions of technical information protection and/or assessment of the state of information protection (hereinafter - TZI);
• an organizational and technical solution for the implementation of a typical component of КSZI in ITS (hereinafter - OTR КSZI).

OTR KSZI - a documented unified solution for multiple deployment of components of KSZI in ITS, self-sufficient to solve a certain task, which includes project solutions of the software and technical complex, organizational and technical solutions regarding the regulation of the functioning of a typical component of ITS and a description (algorithm) of the procedure for implementing (deployment) components KSZI in ITS.

For use in state authorities and in the creation of complex information protection systems, the requirement for the protection of which is established by law, means of information protection (hardware, hardware and software, and software) are used, which have a certificate of conformity or a positive expert opinion based on the results of state expertise in the field technical and/or cryptographic protection of information. 

Confirmation of compliance and state examination of these means are carried out in accordance with the procedure and determined by the Regulation on state examination in the field of technical information protection, approved by the order of the State Service of Special Communications and Information Protection of Ukraine No. 93 dated May 16, 2007 (as amended).

State expertise:

• KSZI is carried out by means of expert tests or by analysis of the declaration;
• TZI and OTR of KSZI is carried out by means of expert tests;
• KSZI by analyzing the declaration can be carried out in cases, if:

1) KSZI was created as part of ITS:

• which is a single-machine, single-user complex that processes information of one or more degrees of access restriction;
• at each moment of time, only one user can work with it, although in the general case there may be several persons who have access to the complex;
• in which means are used to protect information from unauthorized access, which have a positive expert opinion valid at the time of submission of the declaration based on the results of the state examination in the field of TZI;
• in which means for antivirus protection are used, which have a positive expert opinion valid at the time of submission of the declaration based on the results of the state examination in the field of technical equipment;
• in which the implementation of measures to protect information from leakage through technical channels (if necessary, the creation of a TZI complex) is certified by an act of attestation of the TZI complex registered in the prescribed manner.

2) KSZI in ITS was created on the basis of OTR KSZI, which at the time of declaration has a valid positive expert opinion based on the results of the state examination in the field of TZI and has, as part of the documentation, a declaration form for this KSZI, which has been approved by the AState Service of Special Communications and Information Protection of Ukraine.
In all other cases, the examination of KSZI in ITS is carried out by means of expert tests. 

Stages of state examination work of KSZI ITS:

Stages of work performed "on a turnkey basis" by our specialists in the process of expert tests of KSZI ITS:

• Development of "Programs and methods of expert tests of KSZI ITS";
• Conducting a state examination of KSZI ITS;
• Development of the "Protocol of conducting expert tests of KSZI ITS";
• Development and registration of the "Expert opinion of KSZI ITS" with the regulator;
• Obtaining the "Certificate of Conformity of KSZI ITS" from the regulator.

Stages of work on the state examination of technical equipment:

 Stages of work performed by our experts on a turnkey basis in the process of expert testing of ITS, hardware, hardware and software, and software:

• Obtaining from the customer of the examination a set of technical documentation for the object of examination, as well as receiving samples of the object of examination;
• Development and approval of Technical Requirements according to the criteria of technical information protection;
• Development of the "Program for conducting expert tests according to the criteria of technical protection of information for the object of examination";
• Development of "Methodology for conducting expert tests according to the criteria of technical protection of information for the object of expertise";
• Conducting expert tests and drawing up the "Protocol of conducting expert tests according to the criteria of technical protection of information for the object of examination";
• Development and registration of "Expert opinion" with the regulator. 

In the process of state examination, the experts of LLC "SMART SOLUTIONS" LLC use modern approaches, "best practices", and also perform work within the limits of the legal field and contractual relations with the Customer.

It should be noted that LLC "SMART SOLUTIONS" has all the necessary permits for carrying out work in the field of state expertise in the field of technical information protection, which in turn allows to provide a full range of certification services in the field of technical information protection to enterprises, institutions, organizations independently from their form of ownership.