Critical Information Infrastructure

CII Security Control

On January 1, 2018, Federal Law No. 187-FZ of July 26, 2017 "On the Security of the Critical Information Infrastructure of the Russian Federation" came into force.

The law defines 12 spheres of activity where critical information infrastructure (CII) objects function. One of them is the transport sector.

CII subjects owning significant CII objects must comply with security requirements established by the authorized federal executive body — FSTEC of Russia.

Security requirements for significant CII objects are defined in the following FSTEC Russia Orders:

No. 235 dated 21.12.2017 "On approval of Requirements for the creation of security systems for significant CII objects..."
No. 239 dated 25.12.2017 "On approval of Requirements for ensuring the security of significant CII objects..."

Significant CII objects must have a security system. The CII subject must carry out annual monitoring of the security state of significant objects.

In the case of an external assessment (external audit) of the security state, internal control may be omitted. Organizations holding licenses for information protection activities are engaged to conduct external assessments.

IBTrans LLC Services

IBTrans LLC holds the necessary FSTEC Russia licenses for these works and possesses the required experience and qualifications. Within the framework of ensuring the security of significant CII objects, we provide:

External security assessments of significant critical information infrastructure objects (security control);
Conformity assessments of software according to information security requirements in the SZI certification system.

Critical Information Infrastructure

Services & Competencies

Critical Information Infrastructure

IBTrans LLC Services