19/2008 Sb.
DECREE
of 25 June 2002. January 2008,
amending Decree No 528/2005 Coll. on physical security and
certified technical resources
The National Security Office shall, pursuant to section 33 and section 53 (a). and), c), (d)),
(f)), and (j)) of law No 412/2005 Coll., on the protection of classified information and on the
Security:
Article. (I)
Decree No. 528/2005 Coll. on physical safety and certification
technical means, is amended as follows:
1. In section 2, at the end of the letter l) dot is replaced by a comma and the following
the letter m) is added:
"m) attacker is a natural person, which develops actions to overcome
the technical means and other obstacles used to secure protection
of classified information. ".
2. in article 3, after paragraph 6, the following paragraph 7 is added:
"(7) in order to protect secure areas Dedicated to categories
use certified or non-certified technical resources. ".
Paragraphs 7 to 11 are renumbered as paragraphs 8 to 12.
3. In article 3, paragraph 3. 8, after the words "secure areas", the words
"Confidential categories and higher".
4. in article 3, paragraph 9 is added:
"(9) Classified information is stored in a secure area, where appropriate, in
úschovném object, if its point value applied in the project
physical security for the secure area. ".
5. section 5, including the title reads as follows:
"§ 5
The security of technical equipment
(1) the technical equipment containing classified information classification
Confidential and higher is stored in a secure area. The border of this
secure area and its inclusion into the appropriate category and class
by operator on the object. The border object by operator
object.
(2) the security of the secure area and the boundaries of an object referred to in paragraph 1
is provided by a combination of physical security measures referred to in paragraphs 3
up to 10 or under section 3 (1). 2.
(3) the extent and manner of use of the technical means and other barriers to
security protection of classified information in technical plants
sets the operator object, so as to ensure security of information
the breach of security on the part of the attacker and slowed him on the way to
classified information in a technical plant.
(4) to protect the secure area and the object referred to in paragraph 1
You may use the certified and non-certified technical resources.
Close as possible to the technical devices generally places the most durable
the technical means.
(5) the technical surveillance equipment containing classified information
classification of Confidential security type is fixed 4 or higher according to the
Annex No. 1 of this order. For surveillance of technical equipment
containing classified information classification Secret is established
surveillance of the type 4 with regular walks in the interval of not more than 4
hours or higher according to the surveillance Annex No 1 of this order. For surveillance
technical equipment containing classified information classification
Top secret surveillance of the type 5 is fixed according to annex No 1 to this
the Decree.
(6) the operator of an object establishes time limits for surveillance that
must be observed in action against the attacker on the basis of the number and type of
the various technical means and other barriers, which must
an attacker to overcome on the way to EU classified information in the technical plant.
(7) the intervention of security against an attacker is executing at least two
natural persons in any place of the object or the secure area,
where there has been a violation of the protection of classified information in a technical plant
or to alarm or emergency signal without
weakened the protection of classified information in another place.
(8) the Surveillance carried out action against an attacker in a timely manner, which
established by the operator of an object referred to in paragraph 9, that made it impossible to obtain
an attacker to classified information, which is located in the technical
device. STA-ments set out the time limits shall be regularly inspected and
adjusted on the basis of new facts.
(9) the time limits for the operator object lists in the project physical
safety. Table scatter evaluation measures of physical security in
secure area provided for in section 14.3.1 Annex No. 1 to this
in this case, the Decree does not handle.
(10) the physical security of the secure area of the Project, in which the
store technical installations, the responsible person shall approve or
Safety Director.
(11) in cases where the technical device secured pursuant to § 3
paragraph. 2, are the point values of the technical equipment laid down in annex
No. 1 of this Ordinance. ".
6. In section 8 paragraph 1. 2 the words "secure areas, meeting areas and
úschovnému object ' is replaced by ' the rules area, and further to the
the secure area and the úschovnému object that stores a classified
information classification of reserved, which requires special arrangements
loading, and classified information confidential or of a higher classification level, ".
7. In article 8, paragraph 2, the following paragraph 3 is added:
"(3) the scheme for handling keys and identification data to a secure
area, and to úschovnému, where the object is stored classified information
classification of reserved, by operator object. ".
Paragraphs 3 and 4 shall become paragraphs 4 and 5.
8. In annex 1, point 1.1.9. the following new point 1.1.10., which reads as follows:
------------------------------------------------------------------
1.1.10. Secure storage object type 0:
S1 = 0 points
------------------------------------------------------------------
Secure storage object of type 0 is a fixed structure (e.g., Clipboard, desktop
furniture) and is equipped with a lock, that is is guarded at. Should not show such
signs of damage or wear and tear, which would make it impossible to identify
unauthorized entry attempts. Secure storage object of type 0 is not certified
By the authority.
Match the properties of the storage objects with the above requirements
confirms the operator object in the project physical safety. ".
9. In annex 1, point 2.1.4. the following new item 2.1.5 is added:
------------------------------------------------------------------
2.1.5. type 0: secure area
SS3 = 0 points
------------------------------------------------------------------
Walls, manholes, floors and ceilings are lightweight building constructions
from materials such as:
-sádrokartónu,
-light masonry construction design,
-wood, particle board,
-plastic hardened materials,
-profiled or corrugated sheet,
-glass.
Manholes may not be secured by mechanical zábrannými
resources that provide the same degree of resistance as the rest
part of the boundaries of the secure area of the type 0, but must be capable of control
the movement of people and vehicles.
Mechanical barrier devices should not show such signs of damage
or wear and tear, which would make it impossible to identify unauthorized attempts to
input.
Compliance with the above requirements confirms the operator object in the
project physical safety. ".
10. In annex 1, point 2.2.4. the following new paragraph 2.2.5., to read:
------------------------------------------------------------------
2.2.5. Locking system type 0:
Ss4 = 0 points
------------------------------------------------------------------
The locking system of the type 0 is not certified by the authority. ".
11. In annex 1, point 3.4. the following new item 3.5., to read:
------------------------------------------------------------------
3.5. An object of type 0:
S3 = 0 points
------------------------------------------------------------------
The object has a visibly defined the boundary within which there is a possibility
control of individual people and vehicles. ".
12. in annex No. 1 in a footnote to paragraph 5.1. at the end of the third paragraph of
added the sentence "If you are in the secure area of the imposing technical equipment
containing classified information under section 5 of the Ordinance, the intervention
surveillance within the time limit established by the operator object (§ 5
paragraph. 9), regardless of the location of the Habitat of the permanent surveillance. ".
13. In annex 1, point 11. including the title reads as follows:
11. terms of USE of the TECHNICAL RESOURCES AFTER the EXPIRY of the PERIOD
THE VALIDITY OF THEIR CERTIFICATES
After the expiry of the period of validity of the certificate may not be the technical means
for the protection of classified information is acquired and newly deployed.
This technical resource can no longer be deployed just in case
If there is evidence that it was acquired and deployed at the time of
a certificate from the same authority of the State, a legal entity or business
natural persons, that is done by another deployment. His next deployment
It is also conditional upon performing functional tests of the technical means for
the date of the deployment; write about the result of the functional tests shall be deposited with
operator object.
After the expiry of the period of validity of the certificate may be technical resources
used under conditions that are fully functional. This must be verified
functional test. With mechanical barrier devices and equipment
the physical destruction of information shall provide proof of registration signed by the functional test
the operator of an object or his authorised person. For the other
the technical means to unkční the test shall demonstrate by test
or in the service record book. The time intervals are set out in section 10
Ordinance. ".
14. in annex 1, point 12.1. the fourth table:
----------------------------------------------------------------
SECURE AREA CATEGORY
Dedicated
used to store classified information that requires
special treatment (e.g.. KRYPTO)
----------------------------------------------------------------
Required: (S1) + (S2) + (S3) 2
----------------------------------------------------------------
Required: (S4) + (S5) (S6) + 1
----------------------------------------------------------------
The overall result of 3 ".
----------------------------------------------------------------
15. In annex 1, point 12.1. the fourth table table,
to read as follows:
----------------------------------------------------------------
SECURE AREA CATEGORY
Dedicated
----------------------------------------------------------------
S1 = Storage object of type 0
----------------------------------------------------------------
S2 = secure area of 0 and Locking system of the type 0
----------------------------------------------------------------
S3 = object of type 0 ".
----------------------------------------------------------------
16. in annex No. 1 is in the note to paragraph 12.1. After the text "Fixed
object, it can use the secure area for activities related to the
the protection of classified information, only one authority of the State, legal or
individual entrepreneur. "is inserted on a separate line in the new text" on
a secure area Dedicated category – only one of the specified
conditions (S1) (S2) or (S3) may not realize. In the case that it is
the boundaries of the secure area and the object is the same, the measures being implemented
established for the secure area; in this case, it is no longer permissible,
not implemented measures to úschovném the object. ".
17. in annex No. 1 is in the note to paragraph 12.1. the sentence "the Only one of the
values (S1) (S2) or (S3) can be equal to 0. "is replaced by the phrase" in the
the secure area of the category Reserved to store the classified
information that requires special treatment, and secure
the category area confidential and higher — only one of the values (S1) (S2)
or (S3) can be equal to 0 ".
18. in annex No. 1 title section 13.2.3. added: "13.2.3. Media shredding
the data ".
19. in annex No. 1 in section 13.2.3. the words "requirements for the destruction of floppy disks
and compact discs: – requirements for devices intended exclusively for
the physical destruction of floppy disks and compact disks, for all grades
confidentiality: "shall be replaced by
Requirements applicable to equipment intended solely to the physical destruction of floppy disks
and compact disks for all classifications:
----------------------------------------------------------------
13.2.4. Shredding of data media type of PC: without scoring. "
----------------------------------------------------------------
20. in annex No. 1 in section 13.2.3. the words "destruction requirements
magnetic tapes, memory chips and hard drives: "shall be replaced by
The requirements of the destruction of magnetic tapes, memory chips and hard drives:
----------------------------------------------------------------
chip breaking. Shredding of data media type PC1: without scoring. "
----------------------------------------------------------------
21. in annex No. 1, in the heading of section 14. After the word "security"
vkldádají the words "in cases where the OBJECT is LOCATED in a SECURE
THE CATEGORY AREA CONFIDENTIAL AND HIGHER ".
22. in annex 1, part 14. Note to point 14. repealed.
23. In annex 1, part 14. the following section 15, including
Title:
Part 15. THE STRUCTURE OF THE PROJECT, PHYSICAL SAFETY OR IN CASES WHERE THE
OBJECT IS A SECURE AREA OF THE CATEGORY RESERVED
15.1. the determination of OBJECTS, INCLUDING SECURE AREAS BORDERS and classes
SECURE AREAS
-Determination of the boundaries of the object (in the area of location/building, inputs, height
Windows, permanent surveillance unit).
-The boundary of the object to the drawing parts of the technical documentation
physical security (section 15.2 of the annex).
-The establishment of the secure area, which is at an object and
of their class. It is necessary to distinguish whether the storage of classified
information site with an information system, an area with a permanent
the presence of working people, or a combination of these types.
-Determination of the boundaries of the secure areas (location in an object, the strength of the walls,
the inputs, the height of the bottom edge průlezných holes above the surrounding terrain) and
draw in the drawing parts of the Technical documentation of the physical security
(point 9.4. annexes).
15.2. the technical documentation the PHYSICAL SAFETY
This documentation is divided into the following parts:
-Drawing documentation, which contains in particular the designation of boundaries
object, boundary of each secure area and layout
technical means intended for the protection of classified information in
object and secure areas.
-Documentation of technical devices, which contains in particular
enumeration (title, number, and in the case of multiple types of one kind of technical
even the location of the resource) and basic data:
and certified technical resources)-copy of the certificate and the annex of the
installation time (if there is no attachment, list the type and rate of technical
Resource),
(b)) non-certified technical resources-write about the conformity of the
installation time (to be given specifications and how to use).
-Checking the functionality of technical means under conditions which
provided by the operator object.
Note to paragraph 15:
The secure area where the stores participating in information classification
Reserved, which requires special treatment, with further processes
in accordance with section 14.3.1. table scatter evaluation measures of physical
the safety of the secure area. ".
Article. (II)
The effectiveness of the
This Decree shall take effect on the date of 15. February 2008.
Director:
Ing. He returned in r.