Information security tools. Information security in cash registers and automated cash register systems. Classification of cash registers, automated cash register systems and information security requirements. Guidance document.
1. GENERAL PROVISIONS
1.1 This guidance document establishes a classification by security classes of special security signs intended to control access to protected objects, as well as to protect documents from forgery.
1.2. The main objects of protection for which special protective signs may be used are:
-
documented information on a tangible medium;
-
special postal items;
- special products, technical means and devices (including adjustable and critical to installation), consumer goods subject to sealing and control;
-
special-purpose products, containers, wagons, tanks during their transportation and storage;
-
rooms, safes, emergency exits, emergency devices.
1.3. Documents protected by special security signs are identity documents, passes of employees of organizations and institutions, licenses, patents, credit cards, securities, etc.
1.4. Special security signs are implemented in the form of a drawing, mark, material, substance, cover, laminate, self-adhesive tape, individual stickers, self-adhesive seals or other product created on the basis of physical and chemical technologies to control access to protected objects, as well as to protect documents from counterfeiting.
1.5. This document defines the requirements for special security marks during their certification in the Certification System for Information Security Tools according to Information Security Requirements (ROOS RU 0001.01BI00).
1.6. This document is a guideline document for customers of special security marks and testing laboratories conducting certification tests in the Certification System for Information Security Tools according to Information Security Requirements.
2. TERMS AND DEFINITIONS
Special protective mark (SPM) — a product certified and registered in accordance with the established procedure, designed to control unauthorized access to protected objects by determining the authenticity and integrity of the SPM by comparing the mark itself or the composition «SPM — substrate» according to the criteria of compliance with characteristic features by visual, instrumental and other methods.
Unauthorized access (UA)— violation of regulated access to the protected object.
Method of manufacturing the SPZ — technological processes (methods and operations characterized mainly by technological features — the sequence of actions and methods, their nature, the modes used, parameters, tools, etc.) and materials (compositions and compositions, pastes, plastics, varnishes, paints, etc., including those obtained chemically), used for the manufacture and production of the SPZ.
KNOW-HOW technology — a set of various technical, commercial and other information, drawn up in the form of technical documentation, as well as the skills and production experience necessary for mastering the technologies and methods for creating SPZs used in the activities of an enterprise or in professional activities, available to a certain circle of people. Dissemination of information on KNOW-HOW technologies for the production of SPZs should be limited by compliance with the relevant security measures.
SPZ Identification— determination of the authenticity and integrity of the SPZ by its characteristic features, as well as the absence of changes in the location of the SPZ on the protected object or document by visual inspection or using general-purpose technical means, specialized technical means with or without the use of special methods.
Durability of the protective properties of the SPZ— the ability to form a set of stable features that signal the facts of impact on the SPZ or an attempt to access the protected object, as well as the ability to preserve the entire set of characteristic features of authenticity and integrity of the SPZ during its regulated use.
Authenticity of the SPZ — compliance with the appearance and the presence in the SPZ of a set of characteristic features provided for by the technical conditions.
Integrity of the SPZ — the immutability of the external appearance of the SPZ and the set of characteristic features provided for by the technical conditions.
3. CLASSIFICATION OF SPECIAL PROTECTIVE SIGNS AND GENERAL REQUIREMENTS
3.1. All SPZ are divided into 18 classes. The classification of SPZ is based on an assessment of their main parameters: the possibility of counterfeiting, identifiability and durability of protective properties.
|
Characteristics Safety protection class security |
Possibility |
Identifiability |
Durability |
|
1 |
A1 |
B1 |
С1 |
|
2 |
A1 |
B2 |
C1 |
|
3 |
A1 |
В3 |
С1 |
|
4 |
A1 |
B1 |
C2 |
|
5 |
A1 |
B2 |
C2 |
|
6 |
A1 |
B3 |
C2 |
|
7 |
A2 |
B1 |
C1 |
|
8 |
A2 |
B2 |
C1 |
|
9 |
A2 |
B3 |
С1 |
|
10 |
A2 |
B1 |
C2 |
|
11 |
A2 |
B2 |
C2 |
|
12 |
A2 |
B3 |
C2 |
|
13 |
A3 |
B1 |
C1 |
|
14 |
A3 |
B2 |
C1 |
|
15 |
A3 |
B3 |
С1 |
|
16 |
A3 |
B1 |
C2 |
|
17 |
A3 |
B2 |
C2 |
|
18 |
A3 |
B3 |
C2 |
3.2. The possibility of counterfeiting is determined by the manufacturing technology of the SPZ:
A1 — the SPZ is manufactured using domestic KNOW-HOW technologies;
A2 — the SPZ is manufactured using foreign KNOW-HOW technologies;
A3 — the SPZ is manufactured without the use of KNOW-HOW technologies.
3.3. Identifiability is determined by the complexity level of the signal information in the sign:
B1 — the integrity and authenticity of the SPZ can be unambiguously determined using special technical control means or with the help of devices or instruments with additional (optical, computer, etc.) signal processing using a special method based on the SPZ manufacturing technology;
B2 — the integrity and authenticity of the SPZ can be unambiguously determined on the basis of special control methods without the use of technical control means or using commercially available technical means;
B3 — the integrity and authenticity of the SPZ can be unambiguously determined visually without the use of technical means and special control methods.
3.4. According to the durability of protective properties, SPZ are divided into two groups:
C1 — the technical conditions for the SPZ specify a change in its appearance and at least one characteristic feature in the event of unauthorized impacts on the SPZ or violation of its operating conditions;
C2 — the technical conditions for the SPZ specify a change only in its appearance in the event of unauthorized impacts on the SPZ or violation of its operating conditions.
3.5. To protect information classified as a state secret and to protect technical equipment of categorized objects, only SPZs certified to class 6 or higher shall be used:
Classes 1 and 2 — to protect Category 1 objects and information of the corresponding secrecy level;
Classes 3 and 4 — to protect Category 2 objects and information of the corresponding secrecy level;
Classes 5 and 6 — to protect Category 3 objects and information of the corresponding secrecy level.
Use of SPZs certified to Class 7 — 12, is permitted only for the protection of category 3 objects and information of the corresponding secrecy level, while ensuring additional organizational and technical protection measures agreed with the State Technical Commission of Russia.
3.6. If the information storage regime on the applied KNOW-HOW technology is violated, production conditions change, etc., the use of the SPZ is prohibited, the previously issued certificate is cancelled.