The main aspects of conformity assessment of DLP-systems used to ensure the security of significant objects of critical information infrastructure of the Russian Federation

Abstract

The main aspects of conformity assessment of significant objects of critical information infrastructure are considered. Information security tools used to ensure the security of significant objects of critical information infrastructure must necessarily undergo the conformity assessment procedure and its form is defined only for state and municipal information systems, as well as information systems of personal data. In all other cases, the subjects must determine the form, content and criteria of conformity assessment independently. The authors propose an approach to assessing the compliance of information security tools on the example of DLP-systems, allowing it to determine, as well as the analysis and synthesis of the procedure. This approach is harmonized with the international regulatory framework and is based on the latest methodological documents of the Federal Service for Technical and Export Control of Russia on operating systems.