432/2011 Coll.
DECREE


Dated December 16, 2011

On securing cryptographic protection of classified information

Change: 417/2013 Coll.

National Security Authority, pursuant to § 44 and § 53 point. j) of the Act no.
412/2005 Coll., on protection of classified information and security
eligibility, as amended by Act no. 255/2011 Coll., (hereinafter the "Act")

§ 1
Subject Matter


This Decree provides details of the professional examination of ways and means
handling of cryptographic material, the details of how
marking requirements on classified information in the field of cryptographic protection
and administrative aids of the cryptographic protection and other details
to ensure cryptographic protection of classified information.

§ 2


Definitions
For the purposes of this Decree

A) cryptographic consignment cryptographic material featured on
transportation, transported or delivered to the addressee at its destination within
termination of its transport and its opening

B) transport cryptographic consignment's arrival outside the building ^ 1)
State body, corporation or individual for the purpose
its delivery to the addressee,

C) transferring cryptographic material outside the building carrying his
State body, corporation or individuals whose goal is not
its delivery

D) cryptographic document, deed or other information carrier
containing classified information cryptographic protection

E) cryptographic device hardware or software product
designed to protect cryptographic or a combination thereof

F) cryptographic secret key variable parameter
necessary to uniquely encrypt and decrypt data

G) the key cryptographic key material on the carrier,

H) heslovým material secret character string on a carrier, from which is derived
or cryptographic key that is used for authentication,

I) the material to ensure the functionality of the cryptographic device key A password
material and material for cryptographic operations or other
necessary means and materials to ensure the function and safe operation
cryptographic device.
Details
provide specialized testing

§ 3

Requirements of the application for the professional examination

(K § 39 par. 2 of the Act)

Application for the professional examination includes

A) identification of the applicant

First business name or name, registered office and identification number
if assigned, if the applicant is a legal entity

Second trade name, or the name or names, surname,
possibly differentiating addendum, place of residence or place of foreigners
similar residence and place of business, if different from the place
permanent or similar residence, date of birth and identification number
if assigned, if the applicant is a natural person who is an entrepreneur
or

Third name, registration number and name or names and surname
responsible person, if it is a state body,

B) the name or names, surname and date of birth of the worker
logged on to the professional examination

C) a copy of a valid personnel,

D) the scope of the activities, for which it has a certificate of special professional competence
worker cryptographic protection issued and

E) the place, date stamp of the applicant, the name or names
name and signature of the responsible person of the State body, or her authorized person
or a corporation or an individual.

§ 4

The organization, content and method of implementation of professional exams

(K § 39 par. 1 and 2 of the Act)

(1) The board has three members and is composed of representatives
National Security Office (hereinafter "the Act") or the delegated authority of the state, which
special professional competence verified.

(2) The exam board may be appointed only worker
cryptographic protection, who possesses a valid certificate of physical
person, at least for the classification level for which the professional examination
exercised with the times in practice field of cryptographic protection
least 3 years. At least one member of the examination committee must be authorized to carry out the preparation worker
cryptographic protection.

(3) The Examination Board decides by majority vote. Outcome professional exams

To evaluate the grade "pass" or "fail". In the event that the worker
logged for professional test failed, introduces President of the Examination Committee
applicant of the reasons for this assessment.

(4) The training course and passing the professional examination is conducted
protocol. Protocol on the implementation of professional exams
signed by all members of the examination committee. The deadline for the destruction begins on the expiry of the validity period
certificate of special professional competence or the date on which
applicant was an unsuccessful familiar with the reasons for this assessment.

(5) If a part of the professional examination carried out under contract by
ensure action under § 39 par. 3 point. b) of the Act gives the operator
written proof of the result.

§ 5

Particulars of the certificate of special professional competence

(K § 39 par. 1 of the Act)

Certificate of special qualification of cryptographic protection includes


A) the registration number of the certificate

B) the name or names, surname and date of birth of the holder
certificate

C) identification of the certifying body called the State body
seat and identification number

D) define the scope of professional competence to perform cryptographic
protection

E) the date of issue and validity period of the certificate and

F) the stamp, the name or names, surname and signature of authorized representative
body issuing the certificate.

§ 6

Request for a contract to conduct professional examination or a part

(K § 39 par. 3 and § 52 of the Act)

Request for a contract to conduct professional examinations and issuing
certificate of special qualification of cryptographic protection
or contracts for the implementation of the professional exam includes

A) the name of the applicant, the name or names and surname of the person responsible,

B) address of the applicant

C) the applicant's identification number, if assigned,

D) the name or names and surname of applicant and employee contact
contact address on it,

E) the definition of the required scope of the implementation of professional exams,

F) evidence of organizational, personnel, technical and material
security implementation professional exams or professional exams and part

G) the name or names, surname and signature of the responsible person of the applicant.

Minimum requirements for ensuring the safety management of cryptographic protection


§ 7

(1) The management of cryptographic security protection for the purposes of this Decree
considers the implementation of measures in the areas of personnel, administrative
and physical security, security of information and communication systems
in providing cryptographic protection.

(2) Safety management of cryptographic protection under paragraph 1
designate a responsible person or a person authorized by the state authorities for legal
or self-employed individuals out there where prison
cryptographic protection.

(3) Safety Administration performs cryptographic protection

A) the security administrator cryptographic protection, which is responsible for ensuring
comprehensive, secure the implementation and control
cryptographic protection and it processes the safety documentation
cryptographic protection

B) cryptographic material manager, who is responsible for the safe storage and registration
cryptographic material, administrative
equipment, records of employees, cryptographic protection of workers
operational practices of cryptographic devices and cryptographic couriers
material and

C) the senior employee's supervisor
cryptographic protection, and which follows from his job title.

(4) The tasks administrators pursuant to paragraph 3. a) and b) establishes safety standards
[§ 2. j) of the Act]. Individual activities arising from their role
manager cryptographic material can be divided among multiple authorized personnel
cryptographic protection.

Details operation assurance cryptographic device

§ 8

Installation and operation of the cryptographic device

(1) Install the cryptographic device and operating and servicing
cryptographic device, activities and tasks associated with setting
materials to ensure that the cryptographic device functions, and implementing security measures
Administration operated cryptographic

Resource worker performs a special service
cryptographic device. Requirements to ensure special handling cryptographic
resource are listed in the certification report
cryptographic device (§ 46 para. 13 of the Act).

(2) The scope of authority and activities of special service worker
cryptographic device and of the operational service
cryptographic device and its training down the operating
documentation cryptographic device.

(3) cryptographic device built into mobile and rozmístitelného
system ensures the physical security measures in accordance with
certification report cryptographic device (§ 46 para. 13
Act).

(4) For the purpose of implementing the records on the use of the cryptographic device
material and to ensure its operational function is used daily
cryptographic device, which is a book or workbook.

(5) For the issue of a logbook cryptographic device and its
treatment before being taken into use, the provisions of § 17 para. 2 and 5
analogy.

(6) Logbook cryptographic device must be suitable
spot marked with its classification and registration number. Additional indications
logbook cryptographic device with the word "KRYPTO"
is carried out in accordance with the certification report cryptographic device (§
46 paragraph. 13 of the Act).

§ 9

Production and application material to provide cryptographic functionality means


(1) The method and conditions of production, labeling, handling, setting
use and destruction of material to provide cryptographic functions
device provides operational documentation cryptographic device and
safety standards [§ 2. j) of the Act].

(2) Production of materials to ensure the functionality of the cryptographic device
must carry worker authorized special service
cryptographic means for the cryptographic work intended for the manufacture of the material to ensure
features cryptographic device. This activity must be
cryptographic protection officer holds a valid certificate of
special qualification of cryptographic protection in
stating authorization for production materials to ensure that the function
cryptographic device.

(3) Other necessary means and materials to ensure the function and
safe operation of the cryptographic device and the requirements for its use
certification report provides the cryptographic device.

Method of training and the form of endorsements employee operating the operator
cryptographic device and courier of cryptographic material

§ 10

Operational staff cryptographic device

(1) cryptographic device in which the operating personnel
required, provide worker training, operational practices
cryptographic device security administrator
cryptographic protection. After completing training, a body that carried out the training,
trained person on staff training certificate operational practices
cryptographic device.

(2) The model certificate of training staff operational practices
cryptographic device is specified in Annex no. 1 hereto.

(3) cryptographic device, which is in the certification report
cryptographic device simultaneously
end device communication or information system and for which the performance of his functions included user
service terminal device carried by the user
communication or an information system may not be operating staff
required. If there are requirements for cryptographic operations such
agent incorporated into operational documentation
communication or information systems must be user guide cryptographic
agent trained in this communication or information
system.

§ 11

Courier cryptographic material

(1) Training courier of cryptographic material provides the security administrator
cryptographic protection. After completing training, a body that
training carried out by trained personnel certificate of training courier
cryptographic material. Training content
courier of cryptographic material provides a safety standard [§ 2. j) of the Act].

(2) The model certificate of training courier of cryptographic material is
stipulated in Annex no. 2 hereto.


Details manner in which the particulars on classified information from the area of ​​cryptographic protection


§ 12

Labelling cryptographic device and materials to ensure the function
cryptographic device "

(1) The labeling of the cryptographic device adjusts its certification
report.

(2) Material for the provision of the cryptographic device is marked
classified; Key material is then marked "KRYPTO".
Registration number of the material to provide cryptographic functions
agent's registration marking material set by the material manufacturer
to ensure functionality of the cryptographic device.

(3) Material to ensure functionality of the cryptographic device, which is
operated under an approved testing or training, are designated
classified according to the certification report cryptographic device,
if required, and complementary word " TRAINING ".

§ 13

Particulars cryptographic document in the paper form

(1) The cryptographic document in the paper form shall contain the name of the authority
state or a legal person or the name, or names and surnames
enterprising individuals, where cryptographic document was created and
date of issuance, the document reference number, grading, marking
word "KRYPTO" copy number, number of pages, number of classified and unclassified
attachments in paper form and number of their leaves.

(2) Item Number, number of sheets, the number of classified and unclassified
attachments and the number of sheets placed on the front side of the first sheet in the upper right
. Marking the word "KRYPTO" shall be marked at the top and bottom
parts on each side of the cryptographic document for classification and issue rules
abbreviation "K" following the year of creation cryptographic
document and separated by a slash. Number of attachments in paper form and number of their leaves
is expressed by a fraction whose numerator is the number of attachments and
denominator the total number of sheets attachments. Leaves or pages
cryptographic document in the paper form must be kept
numbered. Sheets or pages of classified annexes are numbered separately.
Leaves cryptographic document, and leaves the individual
classified annexes in the paper form must be stapled or otherwise fastened together.
Pattern editing front side of the first sheet cryptographic document
stipulated in Annex no. 3 hereto.

(3) Annex becomes the reference number of the cryptographic document so that
on the front side of the first sheet on the top right of states:
"Appendix. - To ref. No. -". Classification of each classified annex to
characterized in the same way as the cryptographic document. On
classified annex classified CONFIDENTIAL and higher shall name
State body or legal person or the name or names, surname
enterprising natural person where the secret annex was.
Classified annex must have its own copy number and indicate the number of sheets
. Handling cryptographic document that contains attachments
various degrees of confidentiality is governed by the highest classification level. With
disconnected Annex handled according to its classification.

(4) Annex which is marking registration number is recorded on
registration card at the register, or in other
administrative aids according to § 17. These documents are recorded and sent as an attachment
under registration data originator.
This fact is stated in the accompanying letter.

§ 14

Number of the cryptographic document

Number of the cryptographic document constitutes

A) abbreviation grading,

B) the serial number of the Rules of the Protocol; in the case of collection
sheet for the serial number of the Rules of protocol indicated hyphen and
serial number from the collection sheet,

C) slash

D) the year in which the serial number assigned

E) slash and the abbreviation "K" and

F) other data or criteria set by the state authority, entity
or a person separated by a hyphen.

§ 15

Particulars cryptographic document issued in registered form

The cryptographic document issued in registered form or to its friendly
tag or other suitable means shall label the authority of the state
legal entity or a natural person, the place where

Cryptographic document was created and the date of issuance, reference number
cryptographic document or attachment to the number negotiating
cryptographic document in paper form, or registration marking,
under which the cryptographic document issued in registered form registered in | || administrative aids according to § 17 para. 1 point. a) grading
and the word "KRYPTO".

Record-keeping method

§ 16

(1) Evidence of cryptographic material, personnel
cryptographic protection of workers operating service of cryptographic devices and
couriers of cryptographic material shall be kept in administrative aids
cryptographic protection.

(2) The records referred to in paragraph 1 worker leads cryptographic protection
assigned to this task by the responsible person or a person authorized
(hereinafter "authorized officer").

Types and elements of administrative aids of the cryptographic protection and
requirements for their leadership

§ 17

Administrative aids of the cryptographic protection

(1) For the purposes of recording, transmitting, receiving and recording the movement
cryptographic material, office equipment, staff
cryptographic protection of workers operating service
cryptographic device and couriers of cryptographic material, the following
administrative aids of the cryptographic protection

A) registration card for recording cryptographic devices, materials
to ensure functionality of the cryptographic device, cryptographic protection
workers, service workers operating
cryptographic means of couriers of cryptographic material and operational documentation,

B) a register of registration cards for the registration of registration cards,

C) the registers for recording cryptographic material
administrative tools, operational documentation and ancillary records,

D) rules for recording cryptographic protocol document;
rules of protocol includes accounting items according to the model set out in Annex
no. 1 decree establishing security and administrative registers
classified information

E) auxiliary rules of protocol for recording the movement of cryptographic
document within the State body, corporation or
individuals; auxiliary rules of protocol contains items modeled
set out in Annex no. 2 of the Decree governing the administrative registers
security and classified information

F) handling the book for recording cryptographic document when
taking and passing the person who creates such a document or
such a document forwarded for processing; Paper handling includes
items according to the model set out in Annex no. 3 of the Decree governing
administrative security and registry of classified information

G) delivery book for recording the transfer of cryptographic
document outside the State body, legal entity or natural person
; delivery book contains items according to the model set out in Annex
no. 4 of the decree regulating the administrative security and registry
classified information

H) lending a book for recording loans stored cryptographic
document; lending book contains items according to the model set out in Annex
no. 5 of the decree establishing security and administrative registers
classified information

I) collecting sheet for the extension of an accounting record in the rules of the protocol in case
registration of a large number of cryptographic documents with one
things; collecting sheet contains items according to the model set out in Annex.
7 of the Decree governing the administrative security and registry of classified information and


J) the checklist cryptographic document from classified CONFIDENTIAL
including for keeping a list of persons containing cryptographic
document acquainted; checklist includes items modeled
set out in Annex no. 6 of the Decree governing the administrative registers
security and classified information.

(2) Office equipment specified in paragraph 1. a) to c) issue
Office. In justified cases it is possible to place instruments referred to in paragraph 1
point. a) to c) use additional administrative tool that
must include all items of equipment it replaces.
Way of aids referred to in this paragraph establishes safety standards
[§ 2. j) of the Act].


(3) the administrative aid according to paragraph 1. a) before being taken into use
specify the name of the State body, corporation or
individuals or imprint their stamp, registration number, date
registration and signature of the responsible person or a person authorized or security
director or authorized person. A person who is entrusted with the leadership
administrative utilities can not be the same person
authorized to sign.

(4) Administrative aids under paragraph 1. b) to h) must be
before being taken into use modified so that their blades continually
numbered and sieved. On the inner side panels to be covered with the end of the stitching,
stamped with the name of the State body, corporation or
individuals, beyond the edge of the covering sheet, indicating the number of sheets clause and
signature of the responsible person or a person authorized or
safety director or a person authorized and the date of award to use. A person
which is entrusted with the leadership of administrative aids, can not be identical with
person authorized to sign.

(5) Classified administrative tool cryptographic protection must be
a suitable place designated classification, the word "KRYPTO" and
registration number.

(6) The non-confidential administrative aids of the cryptographic protection must be
a suitable place identified by the words "crypto" and
registration number. The content of this administrative tools can only introduce
worker cryptographic protection; Worker operational practices
cryptographic device or a courier of cryptographic material with
its contents can learn only if it was necessarily
he needs to conduct its business.

§ 18

Administrative tools kept in electronic form

Administrative Tools can lead in electronic form;
way of using and keeping requirements of these administrative tools
sets safety standards [§ 2. j) of the Act].

Further details of the method and means of handling cryptographic material


§ 19

Evidence cryptographic device and material to ensure its function


Cryptographic means and material to ensure its function
records on registration cards or records. Method of recording
sets safety standards [§ 2. j) of the Act].

§ 20

Evidence cryptographic document

(1) Delivered or emerging cryptographic document in paper form
shall be recorded in the protocol negotiated with the guidelines set out in Annex no. 1
decrees regulating administrative security and registry
classified information, unless this Decree stipulates otherwise . For purposes of further
handling cryptographic document, it is possible to přeevidovat
administrative aids of the cryptographic protection intended for his
records.

(2) delivery or emerging cryptographic document issued in registered form
marked with a serial number is recorded on the registration card,
in the register or in other administrative aids
intended for his records. Method of making inventories down
safety standards [§ 2. j) of the Act].

(3), which the cryptographic document is also cryptographic
document, which was taken over by the consignee outside the building authority of the State
corporation or individual for an official act or
carrying out their inspections. For the transfer of this document cryptographic
must be met conditions set for transferring
cryptographic material (§ 29) after its transfer must be immediately handed over to the registration
authorized employee.

(4) The cryptographic document delivered in written form is marked

A) the name of the recipient

B) the date of registration,

C) the number of the cryptographic document recipient

D) the number of leaves and the

E) the number of attachments or attachments number of volumes and the number of sheets; u
attachments issued in registered form their number and type.

This information may be marked with the stamp.

(5) For the purposes of recording the movement of the cryptographic document in
organizational component that does not meeting protocol, an organ of the State
legal entity or a natural person to introduce auxiliary meeting
protocol. Rules to assist the cryptographic protocol document
recorded and assigned a serial number from the Rules of protocol.


(6) The person who creates the cryptographic document or he was assigned to
execution, it recorded in the book attributed handling.
Record is made immediately after the adoption of cryptographic document or assignment
numbers Rules for emerging cryptographic document. In handling
book also records the cryptographic document, which was taken
outside the building of the State body, legal entity or natural person
on official proceedings or for inspection.

(7) At the end of the calendar year closes with the rules of the protocol so that the last entry
whole underline, and thus ends the numbering
meeting this year. Under underlining shall record the number of numbers used
meeting and signed by an authorized employee and his immediate superior
.

(8) The cryptographic document, which was changed grading or canceled
classification and labeling the word "KRYPTO" continues
records in administrative aids of the cryptographic protection under paragraph 1 or 2.
|| |
§ 21

Produce cryptographic document in the paper form

(1) clean copy of the cryptographic document shall be made in the number of copies
specified in the distribution list. Whoever prepares clean copy, immediately destroy
defective copies, copies of which are not included in the distribution, and suggestions
unapproved clean copy.

(2) On the issue of cryptographic document, which is intended to save the
prepare a hyphen and record storage. The distribution pattern and record
storage is provided in Annex no. 4 hereto.

§ 22

Recording notes containing classified information cryptographic protection


Notes containing classified information cryptographic protection
recorded only a carrier of classified information that was before withdrawing
to use modified according to § 17 para. 5 and 6 and § 15. Records
issued media information leads authorized employee.
Carrier of classified information is transmitted and stored similarly as cryptographic document
same classification.

§ 23

Copy, copy, translation and extract

(1) copy, copy, translation or extract from the document cryptographic degree
TOP SECRET or SECRET may be reproduced only upon the written consent of the originator
cryptographic document. Written consent
contains a number of the cryptographic document, the number of prints, copies
reason, the name or names, surname and signature of the person who gave
agreement, and the date when consent was granted. Written consent shall be deposited with
original cryptographic document until his retirement.

(2) copy, copy, translation or extract from the document cryptographic degree
Confidential or Restricted may be reproduced only with the written consent of the head of
under § 7 para. 3 point. c) shown in
herein.

(3) The cryptographic document which was drawn up copy, copy
translation or extract shall be marked date of issuance, the number of prints, copies
reason, the name or names and surname of the person who issued | || agreement, the name or names, surname and signature of the person who is
produced.

(4) In the foregoing description of a cryptographic or a copy of the document in the upper part of the front
first sheet marked "copy" or
word "COPY" and the serial number carried out duplicate or copy the document cryptographic
. If he disagrees with the number of sheets of copy number
pages of the document noted on the copy also the actual number of sheets of copy.

(5) Listing of cryptographic document containing classified information
cryptographic protection shall be taken only in the scratch
workbook or book or other media information according to § 22nd

§ 24

Transmission cryptographic material

(1) cryptographic material is passed against confirmation signature.

(2) Transmission cryptographic device or material to ensure
its function within the State body, legal entity or individual entrepreneur
is recorded on the registration card cryptographic material
possibly in other administrative aids.

(3) Transmission cryptographic document within the authority of the state
legal entity or natural person operating business is performed

A) between organizational components through procedural protocols,

B) within the organizational components through the auxiliary Rules

Protocol, if not introduced, by means of its Rules of protocol or
after the approval of the responsible person or the safety director, and
through manipulation of the book, registration card or the designated
administrative aids according to § 17 . 2, second sentence.

(4) The signatures confirming receipt of the cryptographic document include
in administrative aids or the distribution of cryptographic
document.

§ 25

Sending cryptographic material

(1) The cryptographic device is sent in a package allowing its
locks or other security against tampering with its contents
(hereinafter referred to as "shipping container"). The transport packaging shall
sender, marked 'opens only authorized workers
cryptographic protection "registration marking
cryptographic device, the address of the addressee and the inscription:" In the case of finding open and immediately pass
Police Department Czech Republic or the National security Office
"the transport packaging must be of such quality that
not allow obtaining information about its content.

(2) Material for the provision of the cryptographic device is sent
in 2 packages as follows

A) on the inner cover in the upper left indicate the sender, registration
shipment number in the upper right of grading and key
material also marked "KRYPTO" at the bottom of name and full || | address of the recipient, if the consignment addressed to a natural person shall also be
her name, surname and function. On the packaging
shall sign "opens only authorized personnel of cryptographic protection."
Package ensures that that all his joints along the entire length
be sealed with adhesive tape and affix the stamp of the State body, legal person or entrepreneur
individuals and signature of authorized employee.
Prints stamps and signatures must extend beyond the tape.
When using transparent adhesive tape with the stamp and signature of this tape
be sealed. Packaging must be of such quality that did not allow
obtain information about its content,

B) The outer packaging is a portable box (§ 31) provided
addressee's address and registration number of the consignment.

(3) The cryptographic document in paper form is sent in two envelopes so


A) the inner envelope in the upper left indicate the sender, integer
rules cryptographic document in the upper right of the grading, marking
word "KRYPTO" and at the bottom the name and full address of the addressee,
if the consignment addressed to a natural person shall also be given her name,
, surname and function. The envelopes shall bear the inscription "OPEN
ONLY authorized personnel of cryptographic protection." Cover ensures
so that all envelope seams along the entire length with adhesive tape and
bear the stamp of the State body, corporation or
individuals and signature of authorized employee.
The stamp and signature must extend beyond the tape. When using transparent adhesive tape
with the stamp and signature of this tape, cover.
Envelope must be of such quality that the data inside the envelopes are not legible,

B) the outer envelope is a portable box (§ 31) provided
addressee's address and registration number of shipments or number consisting of the items referred to in § 14
point. b) to d).

(4) The cryptographic document issued in registered form is always sent as attachment
cryptographic document in paper form, on which shall
number and type of attachments, or even their registration marking.

§ 26
Electronic transmission


Cryptographic document can be transmitted electronically in fulfilling these conditions


A) electronic transmission of cryptographic document is recorded on this
document and the rules of protocol

B) handling of cryptographic document during the electronic transfer
must be demonstrably recorded in administrative aids
cryptographic protection or in the records of messages sent and received
electronic transmission,

C) cryptographic document, a copy of which was sent to the record store
for the line "managed" state "sent electronically,"
date and time of departure, the name or names and surname of the sender. Do
Rules Protocol as a way of settling state "
sent electronically," the name, or names and surnames worker who

Cryptographic document sent. Entries must be made immediately after
transmit the document to the electronic transmission

D) the received cryptographic document whose receipt was recorded in the records
messages sent and received electronic transmission, the
indicating the date and time of receipt, the name or names and surname of the recipient.
Received cryptographic document shall be promptly forwarded to the registration
against the signature of an authorized employee,

E) electronic transmission of cryptographic document will be held
Information System, which is certified by the Office and for such a transfer
intended.

§ 27

Receiving cryptographic consignment

(1) cryptographic consignment receives an authorized employee.
Takeover cryptographic consignment courier of cryptographic material
confirms signing with the name, surname, date of adoption and
stamp of the State body, legal entity or natural person
.

(2) If there is a cryptographic consignment delivered at fault, especially with a clear
damage to the packaging and shipment, authorized employee of this fact
immediately inform the sender and make a record of
damage to the cryptographic consignment. Courier cryptographic material
given on a separate sheet of their observations on the defects. This
statement after signing the courier of cryptographic material
becomes part of the record of damage to the cryptographic consignment.

(3) Record of damage to the cryptographic consignment, a model of which is set out in Annex
no. 5 hereto contains

A) the number of the record

B) identification of the sender and addressee,

C) designation and the date of receipt of the cryptographic consignment

D) identified defects cryptographic consignment

E) the date of entry, name, surname and signature
authorized person and stamp recipients

F) the name or names and surnames courier of cryptographic material and


G) express courier of cryptographic material to diagnose the problem.

(4) Record of damage to the cryptographic consignment is stored together with the accompanying document
cryptographic consignment drawn up according to § 28 paragraph.
Fourth one copy of the record is sent to the sender of the consignment.
Content delivered consignment shall be registered according to the actual procedure stavu.Odalším
handling the consignment security administrator decides cryptographic protection.

§ 28

Transportation cryptographic consignment

(1) cryptographic material is transported as a cryptographic
shipment by courier of cryptographic material.

(2) Cryptographic consignments are excluded from carriage
public means of transport, with the exception of transport by air, sea and inland waterway
.

(3) the cryptographic consignment to the carriage thus ensuring to prevent
tampering with its content. Cryptographic consignment which
because of its size can not be transported in a shipping container or portable
mailbox is required during its transport adequately covered
so as to prevent unauthorized persons familiar with
classified information.

(4) For each cryptographic consignment containing
cryptographic device or material to ensure its function is executed accompanying
sheet cryptographic consignment (hereinafter referred to as the "cover sheet"), a model of which is set out in Annex
No. . 6 hereto. Cover sheet contains

A) the reference number of the accompanying document,

B) identification of the sender,

C) the designation of the addressee

D) identify its contents cryptographic consignment (type, name and designation
material, grading, registration number or the number
rules, the number of pieces of material)

E) date and stamp of the sender, the name or names
and signature of authorized person and

F) the date of receipt of the shipment and the stamp recipient name or
name, surname and signature of authorized person.

(5) The accompanying letter referred to in paragraph 4 shall be completed as cryptographic
document at least two copies.
Required number of copies of the cover sheet are transported with the cryptographic consignment.
One certified copy of the cover sheet sent by the consignee
cryptographic consignment immediately back to the sender.

(6) Equipment for the transport of cryptographic material ensures
authorized personnel.

(7) Transportation of cryptographic material classified TOP SECRET,

Secret and Confidential courier performs cryptographic material
accompanied by at least one person who should be responsible for this activity
responsible person or person authorized by it, and that must be a courier of cryptographic material
briefed on ways and means transportation.
Lessons persons accompanying courier of cryptographic material
performed to the extent necessary for the purpose of accompaniment.

(8) If the sender transports cryptographic consignment to the consignee by the administrator
cryptographic material that does not have permission
acquainted with the contents of the cryptographic consignment (hereinafter
"mediator"), the sender

A) tells cryptographic shipment addressee and draw up the accompanying
sheet pursuant to paragraph 4, which enveloped the data sender and addressee
,

B) prepare a waybill mediator, which contains only
identification markings cryptographic consignment for a mediator

C) an envelope with the address of the addressee and waybill mediator puts
together with the cryptographic consignment to a portable box for
intermediary and forwards it to transport.

(9) When receiving the cryptographic consignment mediator

A) opens a portable box for the middle and checks whether
not cryptographic package is damaged,

B) draw up the accompanying sheet for addresses that contain only
identification markings cryptographic consignment to the addressee, who
inserted into an envelope with information mediator and the addressee

C) an envelope with the address of the addressee and waybill address Enter
together with the cryptographic consignment to a portable box, and forward it to
transportation.

§ 29

Carrying cryptographic material

(1) cryptographic material can be carried in a sealed envelope or
confinement, in which the sign of the State body, legal
or self-employed individuals, indicated grading and inscription
"OPEN ONLY AUTHORIZED EMPLOYEE cryptographic protection ".
This does not apply to a closed envelope or wrapper containing material A password, which is not characterized
inscription.

(2) cryptographic material is transferred in compliance with the provisions of § 28 paragraph
. 2 and 3 under these conditions

A) cryptographic material classified TOP SECRET
can be transferred only with the written consent of the responsible person; written consent
does not become part of the cryptographic document, but is saved along with him

B) cryptographic material classified SECRET can be transferred only with the written consent
senior employee under § 7 para. 3 point. C);
Written consent does not become part of the cryptographic document, but
deposited with him,

C) cryptographic material classified CONFIDENTIAL and RESTRICTED
can be transferred only with the consent of the head of the employee under § 7 para. 3
point. C).

(3) Carrying worker performs cryptographic material
cryptographic protection. When transmitting cryptographic material degree
TOP SECRET, SECRET and CONFIDENTIAL is accompanied by at least one person.
Accompanying person must be responsible for this activity
responsible person or a person authorized and properly instructed personnel
cryptographic protection.

(4) The transfer of cryptographic material is considered as transport
cryptographic material to end workplace communication or
information system and its provision to operate.

§ 30
Storing cryptographic material


(1) cryptographic material is stored in the storage facility (§ 31)
in a secure area. If the requirements of the decree stipulating
physical safety and certification of technical means, can store
cryptographic material in a secured area outside of the container.

(2) The cryptographic document after processing returns authorized person for
store. At the cryptographic document before saving the state who
it handles, shredding emblem and the year in which it will be done discarding
management. Settled cryptographic documents are stored separately from other
classified documents by authorized persons.

§ 31

Portable boxes and storage units

(1) A portable box for the purposes of this Decree considers any kind
briefcases, briefcase, suitcase, portable safety deposit box or
messenger bag. Portable box must be when using it to transport

Or transmit cryptographic material
secured against unauthorized manipulation of its contents, for example by locking
mechanical or combination lock, pečetěním, by sealing. Each portable
box must be provided in an appropriate place the name and address of the authority of the state, business
company or name and address of the legal entity or business
company, or the name or names, surname and place of permanent || | residence or place for a foreigner like residence and place of business
if different from the place of residence or similar, business
physical persons and the inscription: "In the case of finding open and pass immediately
department of the Police of the Czech Republic or the NSA "

(2) The storage units for the purposes of this Decree
consider all kinds of safes and locked metal cabinets fulfilling the requirements for storing cryptographic material
according to the decree of the physical
safety and certification of technical means.

§ 32

Lending cryptographic document

(1) can be stored cryptographic document, under the authority of the State
legal entities or natural persons or their
organizational components in which it is registered, rent for the time strictly necessary
worker cryptographic protection.

(2) The cryptographic document can be rented only with the consent of the person responsible
State body, legal entity or natural person pursuing business
or her authorized employee cryptographic protection.

(3) Lending cryptographic document records
authorized employee of the lending book.

(4) Borrowed cryptographic documents after the end of every 6
calendar months from the lease submitted authorized person to perform
physical checks.

§ 33

Decommissioning cryptographic device and material to ensure its function


The elimination cryptographic device and material to ensure its
function determines the responsible person or a delegated officer
cryptographic protection. Conditions, methods and procedures for decommissioning and destruction
sets safety standards [§ 2. j) of the Act].
For their destruction is considered to be put into such a physical condition that prevents them
reconstruction and identification of classified information
contained.

§ 34

Protecting cryptographic device and material to ensure its function without saving


(1) Protecting cryptographic device and material to ensure its
function without saving them (§ 41 paragraph. 3 of the Act)
must be determined in the certification report cryptographic device (§ 46 para. 13
Act).

(2) conditions, methods and procedures for protecting cryptographic device and
material to ensure its function without saving them (§ 41 paragraph
. 3 of the Act) provides operational documentation.

The content of the application for authorization to export
certified cryptographic device from the Czech Republic

§ 35

Application for granting permission to export certified cryptographic
agent from the Czech Republic contains

A) business name, if the applicant is an entrepreneur, or the name of the authority
state, if the applicant authority of the State

B) the registered office or place of business or entrepreneur Authority of the State address
requesting approval of export cryptographic device,
identification number, if assigned, the name or names and surname of the person responsible
applicant || |
C) the number of valid certificates and entrepreneurs form of access to which entrepreneurs
certificate entitles

D) the name or names and surname of applicant and employee contact
contact address on it,

E) identification of the cryptographic device, including its name and
type designation, certificate number, and

F) the scope, purpose and method of securing export of cryptographic
resource.

Category cryptographic workplace

§ 36

(1) Category cryptographic workplace means indicate the level of competence
cryptographic work to ensure the protection of classified information from the field
cryptographic protection under the highest level of confidentiality
classified information that it stores and processes, and | || depending on whether access to the cryptographic work there - class I
or not - class II to become acquainted with classified information.


(2) cryptographic workplaces are classified into categories of cryptographic sites


A) Class I Top Secret or Top Secret Class II

B) Secret Class I or Class II Secret,

C) Confidential class I or class II Confidential, or

D) Restricted Class I or Class II Reserved.

(3) designation of categories of cryptographic workplace can use the shortcut
consisting abbreviation highest classification level of classified information
which it stores and processes, slash and abbreviation
class secure area in which the cryptographic
workplace is located, class I, the word "I" and the abbreviation for class II "II".
Final provisions


§ 37

If this ordinance does not provide otherwise, the provision of administrative
safety of cryptographic material
similarly provisions of the ordinance governing the administrative and security
registers of classified information.
Transitional provisions


§ 38

(1) The certificate of special professional competence issued under the existing legislation
after the period of its validity deemed
certificate of special professional competence issued pursuant to this Decree.

(2) The professional examination to which the application was filed before the effective date
force of this regulation and that was not until the effective date of this decree
done, is done according to this decree.

(3) Confirmation of trained worker operating a cryptographic service
agent issued under the existing legislation for a period of validity of his
considered to be confirmation of worker training operational practices
cryptographic device issued pursuant to this Decree.

(4) Confirmation of training courier of cryptographic material
issued under the existing legislation with the period of validity
regarded as confirmation of training courier of cryptographic material
issued pursuant to this Decree.
Repealing provisions


§ 39

Decree no. 524/2005 Coll., On securing cryptographic protection
classified information is deleted.
Efficiency


§ 40

This decree comes into force on 1 January 2012.

Director:

Ing. Navratil vr
Appendix 1


Confirmation of trained worker operating a cryptographic service agent



Appendix 2


Confirmation of training courier of cryptographic material


Appendix 3


Pattern editing front side of the first sheet of the cryptographic document


Appendix 4


Sample Allocation and recording to save the printout cryptographic
document to be saved


Appendix 5


Record pattern of damage to the cryptographic consignment


Annex 6


Pattern waybill cryptographic consignment


Selected provisions of amendments


Art. II Decree no. 417/2013 Coll.


Transitional provisions
Administrative utilities marked by § 17 para. 5 of the Decree no.
432/2011 Coll., As amended effective before the effective date of this decree
, not later than six months from the effective date of this
Decree labeled according to § 17 para. 6 of Decree no. 432/2011 Coll., as amended
effective on the date of entry into force of this Decree.

1) § 24 para. 2 of Act no. 412/2005 Coll., On protection of classified information
and security capacity, as amended by Act no. 255/2011 Coll.