The Cabinet of Ministers of Ukraine approved the Technical Regulation of Cryptographic Information Protection Means (Resolution of the CMU "On Approval of the Technical Regulation of Cryptographic Information Protection Means" dated October 21, 2020 No. 991).
Technical regulation of cryptographic information protection tools (KPI) establishes requirements for each stage of the life cycle of KPI tools designed to protect open and/or confidential information, in accordance with international standards, which will increase the level of confidence in the results of such procedures.
p>The adoption of this act is an important part of the implementation of the Association Agreement between Ukraine and the EU and harmonizes national legislation with international and European regulatory documents, in particular in terms of the implementation of the provisions of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014 on electronic identification and trust services for electronic transactions within the internal market and on the repeal of Directive 1999/93/EC and in accordance with the provisions of the Law of Ukraine "On technical regulations and conformity assessment".
According to the main provisions of the Technical Regulation, the means of KZI will be considered to meet its essential requirements, if they implement the norms of DSTU ISO/IEC 19790 "Information technologies". Protection methods. Security requirements for cryptographic modules". Also, the evaluation of the conformity of KZI means should be performed in accordance with the requirements of DSTU ISO/IEC 24759 "Information technologies". Protection methods. Requirements for testing cryptographic modules» in the manner determined by Clause 50 of the Technical Regulations.
Evaluation of the compliance of KPI tools, which according to the legislation must meet the profile of information protection developed in accordance with DSTU ISO/IEC 15408 "Information technologies". Protection methods. "Evaluation criteria", should be carried out in compliance with the requirements of DSTU ISO/IEC 18045 "Information technologies". Protection methods. IT security assessment methodology.
In order to introduce KPI products into circulation, manufacturers must ensure that their development and manufacturing processes comply with the essential requirements of the regulation.
The Administration of State Special Communications, within the scope of its responsibility, will carry out state market supervision regarding the compliance of KPI tools with the requirements of the Technical Regulations.
The resolution enters into force on January 1, 2022. At the same time, until January 1, 2027, the means of KZI, which were put into circulation before the date of entry into force of the specified resolution and in accordance with the requirements of the legislation in force at that time, can be present on the market and put into operation.