The Order approves a new Procedure for Conducting State Expertise of Comprehensive Information Protection Systems (CIPS) in Information Systems of the Ministry of Defense of Ukraine. The document defines procedures for verifying the compliance of information protection systems with established requirements through expert testing and declaration analysis. The Procedure consists of 5 sections and 11 annexes. The main sections regulate: general provisions, the procedure for expertise through declaration analysis, the procedure for CIPS expertise using security profiles, the procedure for expert testing, and procedures for cancellation/suspension of compliance documents.
Key innovations of the procedure:
– Introduced a new mechanism of expertise through declaration analysis for simple systems
– Enabled the use of security profiles when creating CIPS
– Established clear validity periods for compliance certificates (up to 5 years for complex systems)
– Defined the procedure for interaction with State Special Communications Service when registering examination results
Most important practical aspects:
– Clearly defined subjects of expertise and their powers (Organizer, Customer, Expert)
– Established requirements for documentation submitted for expertise
– Regulated procedures for conducting expert work and documenting results
– Identified grounds for cancellation/suspension of compliance documents
