Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Certification
1. Certification of IT Security solutions
for compliance with Russian security
standards
Valentin Tsirlov
Ph.D., CISSP, AMBCI
2. Certification of software in Russia
Testing for compliance with Russian
security standards
May be guided by FSTEC, Ministry of
Defense, FSB, etc.
In most cases we mean FSTEC – Federal
Service for Technical and Export Control
2
3. Why is it necessary?
Certification is mandatory
• For personal data protection systems (Federal law
#152)
• For systems containing state-owned information
Or it is generally recommended
• In major corporations
• In financial structures
• …
3
4. In FSTEC: what exactly is
required?
• Black box testing to ensure
that it works as it shouldCertification of the
functionality
• Testing of source code for
the absence of software
vulnerabilities
Certification for the
absence of non-
declared functions
(NDF)
4
In most cases, both types are necessary!
5. Some legal issues
Certification may only be initiated (or
claimed for) by a Russian legal entity
• So you need a local representative or you may
use one of your local partners
Claimer for certification needs a
special FSTEC license
5
6. NDF testing: it’s not that difficult!
Access to source code is necessary
• And yes, this is what everybody is worried about. But:
All tests may be provided at developers premises
• And under full control of your security specialists.
Code is never transferred anywhere
All reports may be reviewed by your security specialists before they are
taken away.
6
7. Who takes part in the certification
process?
Developer Claimer
Certification
laboratory
Certification
authority
FSTEC
7
8. OK, what should we do?
Choose a
claimer
Choose a
certification
laboratory
Provide access
to source code
Help in
functional
testing
Translate
documentation
into Russian
8
Laboratory will do the rest!
9. So, certification laboratory is an
entry point
It will actually provide all tests
• So choose a reliable one
It should help you to organize the whole process
It should be able to help you with finding a
claimer, obtaining corresponding licenses, etc.
9
10. How to choose a laboratory?
It must have all necessary licenses and accreditations
It should have enough experts to provide all tests in parallel
It will help a lot if it has experience in certification of
foreign products
And the best laboratories are always those that are
accredited to act as certification authorities as well
10
11. So why should you probably
choose Echelon?
The biggest and most experienced laboratory in
Russia: 300 successful projects
Lots of satisfied international customers:
Symantec, McAfee, IBM, SAP AG, Trend Micro,
ESET, Huawei, Siemens, OpenText
And not least – our experts speak English!
11
13. Valentin Tsirlov
Executive director of Echelon, JSC
Phone.: +7(495) 645-38-09
v.tsirlov@npo-echelon.ru
www.npo-echelon.com
Your questions are always
welcome