Information security. Special security signs. Classification and general requirements. Guidance document.
1. GENERAL PROVISIONS
1.1 This guidance document establishes a classification by security classes of special security signs intended to control access to protected objects, as well as to protect documents from forgery.
1.2. The main objects of protection for which special protective signs can be used are:
-
documented information on a tangible medium;
-
special postal items;
-
special products, technical means and devices (including adjustable and critical to installation), consumer goods subject to sealing and control;
-
special-purpose products, containers, wagons, tanks during their transportation and storage;
-
rooms, safes, emergency exits, emergency devices.
1.3. Documents protected by special security marks are identity documents, employee passes of organizations and institutions, licenses, patents, credit cards, securities, etc.
1.4. Special security marks are implemented in the form of a drawing, mark, material, substance, cover, laminate, self-adhesive tape, individual stickers, self-adhesive seals or other product created on the basis of physical and chemical technologies for access control to protected objects, as well as for protecting documents from counterfeiting.
1.5. This document defines the requirements for special security marks during their certification in the Certification System of Information Security Tools for Information Security Requirements (ROOS RU 0001.01BI00).
1.6. This document is a guideline document for customers of special security marks and testing laboratories conducting certification tests in the Certification System for Information Security Tools according to information security requirements.
2. TERMS AND DEFINITIONS
Special Security Mark (SSM)— a product certified and registered in accordance with the established procedure, designed to control unauthorized access to protected objects by determining the authenticity and integrity of the SPZ by comparing the sign itself or the composition «SPZ — substrate» according to the criteria of compliance with characteristic features by visual, instrumental and other methods.
Unauthorized access (UA) — violation of regulated access to a protected object.
SPZ manufacturing method— technological processes (techniques and operations characterized mainly by technological features — the sequence of actions and techniques, their nature, the modes used, parameters, tools, etc.) and materials (compositions and compounds, pastes, plastics, varnishes, paints, etc., including those obtained chemically) used for the manufacture and production of sanitary protection systems.
KNOW-HOW technology— a set of various technical, commercial and other information, drawn up in the form of technical documentation, as well as skills and production experience necessary for mastering technologies and methods for creating SPZs, used in the activities of an enterprise or in professional activities, available to a certain circle of people. Dissemination of information on KNOW-HOW technologies for the production of SPZs should be limited by compliance with the relevant security measures.
SPZ Identification— determination of the authenticity and integrity of the SPZ based on its characteristic features, as well as the absence of changes in the location of the SPZ on the protected object or document by visual inspection or using general-purpose technical means, specialized technical means with or without the use of special methods.
Durability of the protective properties of the SPZ— the ability to form a set of stable features that signal the facts of impact on the SPZ or an attempt to access the protected object, as well as the ability to preserve the entire set of characteristic features of authenticity and integrity of the SPZ during its regulated use.
Authenticity of the SPZ — conformity of the appearance and the presence in the SPZ of a set of characteristic features provided for by the technical conditions.
Integrity of the SPZ — immutability of the appearance of the SPZ and a set of characteristic features provided for by the technical conditions.
3. CLASSIFICATION OF SPECIAL PROTECTIVE MARKS AND GENERAL REQUIREMENTS
3.1. All SPZ are divided into 18 classes. The classification of SPZ is based on the assessment of their main parameters: the possibility of counterfeiting, identifiability and durability of protective properties.
Characteristics SPZ class Security |
Possibility of |
Identifiability |
Durability |
1 |
A1 |
B1 |
C1 |
2 |
A1 |
B2 |
C1 |
3 |
A1 |
B3 |
С1 |
4 |
A1 |
B1 |
C2 |
5 |
A1 |
В2 |
С2 |
6 |
A1 |
B3 |
C2 |
7 |
A2 |
B1 |
C1 |
8 |
A2 |
B2 |
C1 |
9 |
A2 |
B3 |
C1 |
10 |
A2 |
B1 |
C2 |
11 |
A2 |
B2 |
C2 |
12 |
A2 |
B3 |
C2 |
13 |
A3 |
B1 |
С1 |
14 |
A3 |
B2 |
C1 |
15 |
A3 |
B3 |
C1 |
16 |
A3 |
B1 |
C2 |
17 |
A3 |
B2 |
C2 |
18 |
A3 |
B3 |
C2 |
3.2. The possibility of counterfeiting is determined by the manufacturing technology of the SPZ:
A1 — the SPZ is manufactured using domestic know-how technologies;
A2 — the SPZ is manufactured using foreign KNOW-HOW technologies;
A3 — the SPZ is manufactured without the use of KNOW-HOW technologies.
3.3. Identifiability is determined by the level of complexity of the signal information in the sign:
B1 — the integrity and authenticity of the SPZ can be unambiguously determined using special technical control means or with the help of devices or instruments with additional (optical, computer, etc.) signal processing using a special technique based on the SPZ manufacturing technology;
B2 — the integrity and authenticity of the SPZ can be unambiguously determined based on special control methods without the use of technical control means or using commercially available technical means;
B3 — the integrity and authenticity of the SPZ can be clearly determined visually without the use of technical means and special control methods.
3.4. According to the durability of the protective properties, SPZs are divided into two groups:
C1 — the technical conditions for the SPZ specify a change in its appearance and at least one characteristic feature in the event of unauthorized impacts on the SPZ or violation of the conditions of its operation;
C2 — the technical conditions for the SPZ specify a change only in its appearance in the event of unauthorized impacts on the SPZ or violation of the conditions of its operation.
3.5. To protect information classified as a state secret and to protect technical equipment of categorized objects, only SPZs certified to class no lower than 6 are used:
for classes 1 and 2 — for the protection of category 1 objects and information of the corresponding level of secrecy;
for classes 3 and 4 — for the protection of category 2 objects and information of the corresponding level of secrecy;
for classes 5 and 6 — for the protection of category 3 objects and information of the corresponding level of secrecy.
Use of sanitary protection zones certified for classes 7 — 12, is permitted only for the protection of category 3 objects and information of the corresponding secrecy level, while ensuring additional organizational and technical protection measures agreed with the State Technical Commission of Russia.
3.6. If the information storage regime on the applied know-how technology is violated, production conditions change, etc., the use of the SPZ is prohibited, the previously issued certificate is cancelled.