19/2008 Sb.



DECREE



of 25 June 2002. January 2008,



amending Decree No 528/2005 Coll. on physical security and

certified technical resources



The National Security Office shall, pursuant to section 33 and section 53 (a). and), c), (d)),

(f)), and (j)) of law No 412/2005 Coll., on the protection of classified information and on the

Security:



Article. (I)



Decree No. 528/2005 Coll. on physical safety and certification

technical means, is amended as follows:



1. In section 2, at the end of the letter l) dot is replaced by a comma and the following

the letter m) is added:



"m) attacker is a natural person, which develops actions to overcome

the technical means and other obstacles used to secure protection

of classified information. ".



2. in article 3, after paragraph 6, the following paragraph 7 is added:



"(7) in order to protect secure areas Dedicated to categories

use certified or non-certified technical resources. ".



Paragraphs 7 to 11 are renumbered as paragraphs 8 to 12.



3. In article 3, paragraph 3. 8, after the words "secure areas", the words

"Confidential categories and higher".



4. in article 3, paragraph 9 is added:



"(9) Classified information is stored in a secure area, where appropriate, in

úschovném object, if its point value applied in the project

physical security for the secure area. ".



5. section 5, including the title reads as follows:



"§ 5



The security of technical equipment



(1) the technical equipment containing classified information classification

Confidential and higher is stored in a secure area. The border of this

secure area and its inclusion into the appropriate category and class

by operator on the object. The border object by operator

object.



(2) the security of the secure area and the boundaries of an object referred to in paragraph 1

is provided by a combination of physical security measures referred to in paragraphs 3

up to 10 or under section 3 (1). 2.



(3) the extent and manner of use of the technical means and other barriers to

security protection of classified information in technical plants

sets the operator object, so as to ensure security of information

the breach of security on the part of the attacker and slowed him on the way to

classified information in a technical plant.



(4) to protect the secure area and the object referred to in paragraph 1

You may use the certified and non-certified technical resources.

Close as possible to the technical devices generally places the most durable

the technical means.



(5) the technical surveillance equipment containing classified information

classification of Confidential security type is fixed 4 or higher according to the

Annex No. 1 of this order. For surveillance of technical equipment

containing classified information classification Secret is established

surveillance of the type 4 with regular walks in the interval of not more than 4

hours or higher according to the surveillance Annex No 1 of this order. For surveillance

technical equipment containing classified information classification

Top secret surveillance of the type 5 is fixed according to annex No 1 to this

the Decree.



(6) the operator of an object establishes time limits for surveillance that

must be observed in action against the attacker on the basis of the number and type of

the various technical means and other barriers, which must

an attacker to overcome on the way to EU classified information in the technical plant.



(7) the intervention of security against an attacker is executing at least two

natural persons in any place of the object or the secure area,

where there has been a violation of the protection of classified information in a technical plant

or to alarm or emergency signal without

weakened the protection of classified information in another place.



(8) the Surveillance carried out action against an attacker in a timely manner, which

established by the operator of an object referred to in paragraph 9, that made it impossible to obtain

an attacker to classified information, which is located in the technical

device. STA-ments set out the time limits shall be regularly inspected and

adjusted on the basis of new facts.



(9) the time limits for the operator object lists in the project physical

safety. Table scatter evaluation measures of physical security in

secure area provided for in section 14.3.1 Annex No. 1 to this

in this case, the Decree does not handle.



(10) the physical security of the secure area of the Project, in which the

store technical installations, the responsible person shall approve or

Safety Director.



(11) in cases where the technical device secured pursuant to § 3

paragraph. 2, are the point values of the technical equipment laid down in annex

No. 1 of this Ordinance. ".



6. In section 8 paragraph 1. 2 the words "secure areas, meeting areas and

úschovnému object ' is replaced by ' the rules area, and further to the

the secure area and the úschovnému object that stores a classified

information classification of reserved, which requires special arrangements

loading, and classified information confidential or of a higher classification level, ".



7. In article 8, paragraph 2, the following paragraph 3 is added:



"(3) the scheme for handling keys and identification data to a secure

area, and to úschovnému, where the object is stored classified information

classification of reserved, by operator object. ".



Paragraphs 3 and 4 shall become paragraphs 4 and 5.



8. In annex 1, point 1.1.9. the following new point 1.1.10., which reads as follows:

------------------------------------------------------------------

1.1.10. Secure storage object type 0:

S1 = 0 points

------------------------------------------------------------------



Secure storage object of type 0 is a fixed structure (e.g., Clipboard, desktop

furniture) and is equipped with a lock, that is is guarded at. Should not show such

signs of damage or wear and tear, which would make it impossible to identify

unauthorized entry attempts. Secure storage object of type 0 is not certified

By the authority.



Match the properties of the storage objects with the above requirements

confirms the operator object in the project physical safety. ".



9. In annex 1, point 2.1.4. the following new item 2.1.5 is added:

------------------------------------------------------------------

2.1.5. type 0: secure area

SS3 = 0 points

------------------------------------------------------------------



Walls, manholes, floors and ceilings are lightweight building constructions

from materials such as:



-sádrokartónu,



-light masonry construction design,



-wood, particle board,



-plastic hardened materials,



-profiled or corrugated sheet,



-glass.



Manholes may not be secured by mechanical zábrannými

resources that provide the same degree of resistance as the rest

part of the boundaries of the secure area of the type 0, but must be capable of control

the movement of people and vehicles.



Mechanical barrier devices should not show such signs of damage

or wear and tear, which would make it impossible to identify unauthorized attempts to

input.



Compliance with the above requirements confirms the operator object in the

project physical safety. ".



10. In annex 1, point 2.2.4. the following new paragraph 2.2.5., to read:

------------------------------------------------------------------

2.2.5. Locking system type 0:

Ss4 = 0 points

------------------------------------------------------------------



The locking system of the type 0 is not certified by the authority. ".



11. In annex 1, point 3.4. the following new item 3.5., to read:

------------------------------------------------------------------

3.5. An object of type 0:

S3 = 0 points

------------------------------------------------------------------



The object has a visibly defined the boundary within which there is a possibility

control of individual people and vehicles. ".



12. in annex No. 1 in a footnote to paragraph 5.1. at the end of the third paragraph of

added the sentence "If you are in the secure area of the imposing technical equipment

containing classified information under section 5 of the Ordinance, the intervention

surveillance within the time limit established by the operator object (§ 5

paragraph. 9), regardless of the location of the Habitat of the permanent surveillance. ".



13. In annex 1, point 11. including the title reads as follows:



11. terms of USE of the TECHNICAL RESOURCES AFTER the EXPIRY of the PERIOD

THE VALIDITY OF THEIR CERTIFICATES



After the expiry of the period of validity of the certificate may not be the technical means

for the protection of classified information is acquired and newly deployed.



This technical resource can no longer be deployed just in case

If there is evidence that it was acquired and deployed at the time of

a certificate from the same authority of the State, a legal entity or business

natural persons, that is done by another deployment. His next deployment

It is also conditional upon performing functional tests of the technical means for

the date of the deployment; write about the result of the functional tests shall be deposited with

operator object.



After the expiry of the period of validity of the certificate may be technical resources

used under conditions that are fully functional. This must be verified

functional test. With mechanical barrier devices and equipment

the physical destruction of information shall provide proof of registration signed by the functional test

the operator of an object or his authorised person. For the other


the technical means to unkční the test shall demonstrate by test

or in the service record book. The time intervals are set out in section 10

Ordinance. ".



14. in annex 1, point 12.1. the fourth table:

----------------------------------------------------------------

SECURE AREA CATEGORY

Dedicated

used to store classified information that requires

special treatment (e.g.. KRYPTO)

----------------------------------------------------------------

Required: (S1) + (S2) + (S3) 2

----------------------------------------------------------------

Required: (S4) + (S5) (S6) + 1

----------------------------------------------------------------

The overall result of 3 ".

----------------------------------------------------------------



15. In annex 1, point 12.1. the fourth table table,

to read as follows:

----------------------------------------------------------------

SECURE AREA CATEGORY

Dedicated

----------------------------------------------------------------

S1 = Storage object of type 0

----------------------------------------------------------------

S2 = secure area of 0 and Locking system of the type 0

----------------------------------------------------------------

S3 = object of type 0 ".

----------------------------------------------------------------



16. in annex No. 1 is in the note to paragraph 12.1. After the text "Fixed

object, it can use the secure area for activities related to the

the protection of classified information, only one authority of the State, legal or

individual entrepreneur. "is inserted on a separate line in the new text" on

a secure area Dedicated category – only one of the specified

conditions (S1) (S2) or (S3) may not realize. In the case that it is

the boundaries of the secure area and the object is the same, the measures being implemented

established for the secure area; in this case, it is no longer permissible,

not implemented measures to úschovném the object. ".



17. in annex No. 1 is in the note to paragraph 12.1. the sentence "the Only one of the

values (S1) (S2) or (S3) can be equal to 0. "is replaced by the phrase" in the

the secure area of the category Reserved to store the classified

information that requires special treatment, and secure

the category area confidential and higher — only one of the values (S1) (S2)

or (S3) can be equal to 0 ".



18. in annex No. 1 title section 13.2.3. added: "13.2.3. Media shredding

the data ".



19. in annex No. 1 in section 13.2.3. the words "requirements for the destruction of floppy disks

and compact discs: – requirements for devices intended exclusively for

the physical destruction of floppy disks and compact disks, for all grades

confidentiality: "shall be replaced by

Requirements applicable to equipment intended solely to the physical destruction of floppy disks

and compact disks for all classifications:

----------------------------------------------------------------

13.2.4. Shredding of data media type of PC: without scoring. "

----------------------------------------------------------------



20. in annex No. 1 in section 13.2.3. the words "destruction requirements

magnetic tapes, memory chips and hard drives: "shall be replaced by

The requirements of the destruction of magnetic tapes, memory chips and hard drives:

----------------------------------------------------------------

chip breaking. Shredding of data media type PC1: without scoring. "

----------------------------------------------------------------



21. in annex No. 1, in the heading of section 14. After the word "security"

vkldádají the words "in cases where the OBJECT is LOCATED in a SECURE

THE CATEGORY AREA CONFIDENTIAL AND HIGHER ".



22. in annex 1, part 14. Note to point 14. repealed.



23. In annex 1, part 14. the following section 15, including

Title:



Part 15. THE STRUCTURE OF THE PROJECT, PHYSICAL SAFETY OR IN CASES WHERE THE

OBJECT IS A SECURE AREA OF THE CATEGORY RESERVED



15.1. the determination of OBJECTS, INCLUDING SECURE AREAS BORDERS and classes

SECURE AREAS



-Determination of the boundaries of the object (in the area of location/building, inputs, height

Windows, permanent surveillance unit).



-The boundary of the object to the drawing parts of the technical documentation

physical security (section 15.2 of the annex).



-The establishment of the secure area, which is at an object and

of their class. It is necessary to distinguish whether the storage of classified

information site with an information system, an area with a permanent

the presence of working people, or a combination of these types.



-Determination of the boundaries of the secure areas (location in an object, the strength of the walls,

the inputs, the height of the bottom edge průlezných holes above the surrounding terrain) and

draw in the drawing parts of the Technical documentation of the physical security

(point 9.4. annexes).



15.2. the technical documentation the PHYSICAL SAFETY



This documentation is divided into the following parts:



-Drawing documentation, which contains in particular the designation of boundaries

object, boundary of each secure area and layout

technical means intended for the protection of classified information in

object and secure areas.



-Documentation of technical devices, which contains in particular

enumeration (title, number, and in the case of multiple types of one kind of technical

even the location of the resource) and basic data:



and certified technical resources)-copy of the certificate and the annex of the

installation time (if there is no attachment, list the type and rate of technical

Resource),



(b)) non-certified technical resources-write about the conformity of the

installation time (to be given specifications and how to use).



-Checking the functionality of technical means under conditions which

provided by the operator object.



Note to paragraph 15:



The secure area where the stores participating in information classification

Reserved, which requires special treatment, with further processes

in accordance with section 14.3.1. table scatter evaluation measures of physical

the safety of the secure area. ".



Article. (II)



The effectiveness of the



This Decree shall take effect on the date of 15. February 2008.



Director:



Ing. He returned in r.