SlideShare una empresa de Scribd logo

Certification

Descargar como PPTX, PDF
C
cnpo
TecnologíaEmpresariales
1 de 13
Certification of IT Security solutions for compliance with Russian security standards Valentin Tsirlov Ph.D., CISSP, AMBCI
Certification of software in Russia Testing for compliance with Russian security standards May be guided by FSTEC, Ministry of Defense, FSB, etc. In most cases we mean FSTEC – Federal Service for Technical and Export Control 2
Why is it necessary? Certification is mandatory • For personal data protection systems (Federal law #152) • For systems containing state-owned information Or it is generally recommended • In major corporations • In financial structures • … 3
In FSTEC: what exactly is required? • Black box testing to ensure that it works as it shouldCertification of the functionality • Testing of source code for the absence of software vulnerabilities Certification for the absence of non- declared functions (NDF) 4 In most cases, both types are necessary!
Some legal issues Certification may only be initiated (or claimed for) by a Russian legal entity • So you need a local representative or you may use one of your local partners Claimer for certification needs a special FSTEC license 5
NDF testing: it’s not that difficult! Access to source code is necessary • And yes, this is what everybody is worried about. But: All tests may be provided at developers premises • And under full control of your security specialists. Code is never transferred anywhere All reports may be reviewed by your security specialists before they are taken away. 6
Who takes part in the certification process? Developer Claimer Certification laboratory Certification authority FSTEC 7
OK, what should we do? Choose a claimer Choose a certification laboratory Provide access to source code Help in functional testing Translate documentation into Russian 8 Laboratory will do the rest!
So, certification laboratory is an entry point It will actually provide all tests • So choose a reliable one It should help you to organize the whole process It should be able to help you with finding a claimer, obtaining corresponding licenses, etc. 9
How to choose a laboratory? It must have all necessary licenses and accreditations It should have enough experts to provide all tests in parallel It will help a lot if it has experience in certification of foreign products And the best laboratories are always those that are accredited to act as certification authorities as well 10
So why should you probably choose Echelon? The biggest and most experienced laboratory in Russia: 300 successful projects Lots of satisfied international customers: Symantec, McAfee, IBM, SAP AG, Trend Micro, ESET, Huawei, Siemens, OpenText And not least – our experts speak English! 11
12 Meet or customers - worldwide
Valentin Tsirlov Executive director of Echelon, JSC Phone.: +7(495) 645-38-09 v.tsirlov@npo-echelon.ru www.npo-echelon.com Your questions are always welcome

Recomendados

Russian information security market
Russian information security marketRussian information security market
Russian information security marketcnpo
 
Computer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouComputer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouCentriqMarketing
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer RiskSecurity Innovation
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer RisksKevo Meehan
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 

Recomendados

Russian information security market
Russian information security marketRussian information security market
Russian information security marketcnpo
 
Computer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouComputer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouCentriqMarketing
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer RiskSecurity Innovation
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer RisksKevo Meehan
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateJeff Thomas
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Software testing overview subbu
Software testing overview subbuSoftware testing overview subbu
Software testing overview subbuSubramanya Mudukutore
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Ken Belva
 
Mobile Medical Apps - From Start to CE-Mark
Mobile Medical Apps - From Start to CE-MarkMobile Medical Apps - From Start to CE-Mark
Mobile Medical Apps - From Start to CE-MarkChristian Johner
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?Rapid7
 
10 Tips for Starting Test Automation from 0
10 Tips for Starting Test Automation from 010 Tips for Starting Test Automation from 0
10 Tips for Starting Test Automation from 0Hong Zhang, PMP
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2俠客科技
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentalsAbdul Basit
 
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016Martin Thompson
 
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Codenomicon
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee PresentationTony DeGonia (LION)
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCigital
 
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)CodeScience
 
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...Iosif Itkin
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 
защита виртуальных сред с помощью сдз Rev01 (short)
защита виртуальных сред с помощью сдз Rev01 (short)защита виртуальных сред с помощью сдз Rev01 (short)
защита виртуальных сред с помощью сдз Rev01 (short)cnpo
 
титов российские Siem системы миф или реальность v03
титов российские Siem системы миф или реальность v03титов российские Siem системы миф или реальность v03
титов российские Siem системы миф или реальность v03cnpo
 

Más contenido relacionado

Similar a Certification

Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateJeff Thomas
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Ken Belva
 
Mobile Medical Apps - From Start to CE-Mark
Mobile Medical Apps - From Start to CE-MarkMobile Medical Apps - From Start to CE-Mark
Mobile Medical Apps - From Start to CE-MarkChristian Johner
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?Rapid7
 
10 Tips for Starting Test Automation from 0
10 Tips for Starting Test Automation from 010 Tips for Starting Test Automation from 0
10 Tips for Starting Test Automation from 0Hong Zhang, PMP
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2俠客科技
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentalsAbdul Basit
 
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016Martin Thompson
 
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Codenomicon
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee PresentationTony DeGonia (LION)
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCigital
 
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)CodeScience
 
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...Iosif Itkin
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 

Similar a Certification (20)

Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automate
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Software testing overview subbu
Software testing overview subbuSoftware testing overview subbu
Software testing overview subbu
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)
 
Mobile Medical Apps - From Start to CE-Mark
Mobile Medical Apps - From Start to CE-MarkMobile Medical Apps - From Start to CE-Mark
Mobile Medical Apps - From Start to CE-Mark
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
10 Tips for Starting Test Automation from 0
10 Tips for Starting Test Automation from 010 Tips for Starting Test Automation from 0
10 Tips for Starting Test Automation from 0
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton Chuvakin
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentals
 
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
 
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee Presentation
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself Secure
 
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
 
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 

Más de cnpo

защита виртуальных сред с помощью сдз Rev01 (short)
защита виртуальных сред с помощью сдз Rev01 (short)защита виртуальных сред с помощью сдз Rev01 (short)
защита виртуальных сред с помощью сдз Rev01 (short)cnpo
 
титов российские Siem системы миф или реальность v03
титов российские Siem системы миф или реальность v03титов российские Siem системы миф или реальность v03
титов российские Siem системы миф или реальность v03cnpo
 
Net graph
Net graphNet graph
Net graphcnpo
 
Net topology
Net topology Net topology
Net topology cnpo
 
SHA1 weakness
SHA1 weaknessSHA1 weakness
SHA1 weaknesscnpo
 
Politics
PoliticsPolitics
Politicscnpo
 
Siem
SiemSiem
Siemcnpo
 
Licensing
LicensingLicensing
Licensingcnpo
 
Certification
CertificationCertification
Certificationcnpo
 
P dn docs
P dn docsP dn docs
P dn docscnpo
 
Social engineering
Social engineeringSocial engineering
Social engineeringcnpo
 
Audit intro
Audit introAudit intro
Audit introcnpo
 
Rubicon
RubiconRubicon
Rubiconcnpo
 
Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...
Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...
Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...cnpo
 
Фундамент открытого кода: построение защищенных систем и аудит их безопасности
Фундамент открытого кода: построение защищенных систем и аудит их безопасностиФундамент открытого кода: построение защищенных систем и аудит их безопасности
Фундамент открытого кода: построение защищенных систем и аудит их безопасностиcnpo
 
Сканер-ВС. Сертифицированный инструмент для этичного хакера
Сканер-ВС. Сертифицированный инструмент для этичного хакераСканер-ВС. Сертифицированный инструмент для этичного хакера
Сканер-ВС. Сертифицированный инструмент для этичного хакераcnpo
 
МЭ и СОВ Рубикон
МЭ и СОВ РубиконМЭ и СОВ Рубикон
МЭ и СОВ Рубиконcnpo
 
Почему нужна лицензия
Почему нужна лицензияПочему нужна лицензия
Почему нужна лицензияcnpo
 
Политики ИБ
Политики ИБПолитики ИБ
Политики ИБcnpo
 
Особенности сертификации зарубежных продуктов
Особенности сертификации зарубежных продуктовОсобенности сертификации зарубежных продуктов
Особенности сертификации зарубежных продуктовcnpo
 

Más de cnpo (20)

защита виртуальных сред с помощью сдз Rev01 (short)
защита виртуальных сред с помощью сдз Rev01 (short)защита виртуальных сред с помощью сдз Rev01 (short)
защита виртуальных сред с помощью сдз Rev01 (short)
 
титов российские Siem системы миф или реальность v03
титов российские Siem системы миф или реальность v03титов российские Siem системы миф или реальность v03
титов российские Siem системы миф или реальность v03
 
Net graph
Net graphNet graph
Net graph
 
Net topology
Net topology Net topology
Net topology
 
SHA1 weakness
SHA1 weaknessSHA1 weakness
SHA1 weakness
 
Politics
PoliticsPolitics
Politics
 
Siem
SiemSiem
Siem
 
Licensing
LicensingLicensing
Licensing
 
Certification
CertificationCertification
Certification
 
P dn docs
P dn docsP dn docs
P dn docs
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Audit intro
Audit introAudit intro
Audit intro
 
Rubicon
RubiconRubicon
Rubicon
 
Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...
Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...
Вопросы комплексной защиты информации от программно-аппаратных воздействий в ...
 
Фундамент открытого кода: построение защищенных систем и аудит их безопасности
Фундамент открытого кода: построение защищенных систем и аудит их безопасностиФундамент открытого кода: построение защищенных систем и аудит их безопасности
Фундамент открытого кода: построение защищенных систем и аудит их безопасности
 
Сканер-ВС. Сертифицированный инструмент для этичного хакера
Сканер-ВС. Сертифицированный инструмент для этичного хакераСканер-ВС. Сертифицированный инструмент для этичного хакера
Сканер-ВС. Сертифицированный инструмент для этичного хакера
 
МЭ и СОВ Рубикон
МЭ и СОВ РубиконМЭ и СОВ Рубикон
МЭ и СОВ Рубикон
 
Почему нужна лицензия
Почему нужна лицензияПочему нужна лицензия
Почему нужна лицензия
 
Политики ИБ
Политики ИБПолитики ИБ
Политики ИБ
 
Особенности сертификации зарубежных продуктов
Особенности сертификации зарубежных продуктовОсобенности сертификации зарубежных продуктов
Особенности сертификации зарубежных продуктов
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Certification

  • 1. Certification of IT Security solutions for compliance with Russian security standards Valentin Tsirlov Ph.D., CISSP, AMBCI
  • 2. Certification of software in Russia Testing for compliance with Russian security standards May be guided by FSTEC, Ministry of Defense, FSB, etc. In most cases we mean FSTEC – Federal Service for Technical and Export Control 2
  • 3. Why is it necessary? Certification is mandatory • For personal data protection systems (Federal law #152) • For systems containing state-owned information Or it is generally recommended • In major corporations • In financial structures • … 3
  • 4. In FSTEC: what exactly is required? • Black box testing to ensure that it works as it shouldCertification of the functionality • Testing of source code for the absence of software vulnerabilities Certification for the absence of non- declared functions (NDF) 4 In most cases, both types are necessary!
  • 5. Some legal issues Certification may only be initiated (or claimed for) by a Russian legal entity • So you need a local representative or you may use one of your local partners Claimer for certification needs a special FSTEC license 5
  • 6. NDF testing: it’s not that difficult! Access to source code is necessary • And yes, this is what everybody is worried about. But: All tests may be provided at developers premises • And under full control of your security specialists. Code is never transferred anywhere All reports may be reviewed by your security specialists before they are taken away. 6
  • 7. Who takes part in the certification process? Developer Claimer Certification laboratory Certification authority FSTEC 7
  • 8. OK, what should we do? Choose a claimer Choose a certification laboratory Provide access to source code Help in functional testing Translate documentation into Russian 8 Laboratory will do the rest!
  • 9. So, certification laboratory is an entry point It will actually provide all tests • So choose a reliable one It should help you to organize the whole process It should be able to help you with finding a claimer, obtaining corresponding licenses, etc. 9
  • 10. How to choose a laboratory? It must have all necessary licenses and accreditations It should have enough experts to provide all tests in parallel It will help a lot if it has experience in certification of foreign products And the best laboratories are always those that are accredited to act as certification authorities as well 10
  • 11. So why should you probably choose Echelon? The biggest and most experienced laboratory in Russia: 300 successful projects Lots of satisfied international customers: Symantec, McAfee, IBM, SAP AG, Trend Micro, ESET, Huawei, Siemens, OpenText And not least – our experts speak English! 11
  • 12. 12 Meet or customers - worldwide
  • 13. Valentin Tsirlov Executive director of Echelon, JSC Phone.: +7(495) 645-38-09 v.tsirlov@npo-echelon.ru www.npo-echelon.com Your questions are always welcome