454/2011 Coll.
DECREE


Dated 21 December 2011

Amending Decree no. 528/2005 Coll., On physical security and certification
technical resources, as amended by Decree no. 19/2008 Coll.

National Security Authority, pursuant to § 33 and § 53 point. a), c), d)
e), f), j) of the Act no. 412/2005 Coll., on protection of classified information and
security competence, as amended by Act no. 255/2011 Coll .:

Art. I

Decree no. 528/2005 Coll., On physical safety and certification
technical resources, as amended by Decree no. 19/2008 Coll., Is amended as follows
:

First In § 2. a) the words "in which" the word "normally".

Second In § 2 letter f), including footnote no. 4 shall be deleted.

Existing letters g) to m) are renumbered f) to l).

Third In § 2. i) the words "difficult or" be replaced by "impedes",
word "announce" the words "or records" and the word
"disturbance" with the word "security".

Fourth In § 2. j) the words "locker" is deleted and the word
"other" is inserted after the word "lock".

Fifth In § 2 at the end of point k) is replaced by a comma full stop and letter l)
deleted.

6th § 3, including the title and footnote no. 6 reads:

"§ 3

Security of buildings and secure areas

(1) The facility or security area, object classification or
secured area to the appropriate category ^ 6) and the inclusion
secure area in the relevant class provides the responsible person or department responsible
person.

(2) Security facility or security area is provided
combination of physical security measures in accordance with paragraphs 3-10 and § 6
9th

(3) The property is ensured, depending on the item category, with regard to the nature of borders
object and depending on the assessment of the risks these
technical means

A) Restricted category - mechanical barriers,

B) category CONFIDENTIAL and SECRET - mechanical barriers and
electric security signaling device,

C) the category of Top Secret - mechanical barriers,
electric security signaling device and specialty television
systems. Special television systems must not undermine the protection of classified information
.

(4) The secure area is secured, depending on the category
class and a risk assessment of these technical means

A) Restricted category - mechanical barriers,

B) category Confidential - mechanical barriers and equipment
electric burglar

C) category Secret and Top Secret - mechanical barriers,
entry control systems, electric security
alarm systems, CCTV, fire equipment
alarm. Special television systems can replace emergency
systems. When using CCTV must not be disturbed
protection of classified information.

(5) Volumes lowest level of security
secure area are set out in Annex no. 1 hereto.

(6) Buildings and CONFIDENTIAL category security area and above, where the
secured a permanent presence here working people, to ensure
mechanical barriers.

(7) To ensure a secure area under certified or uncertified
technical resources.
Uncertified technical means may be used only under the conditions laid down in Annex no. 1
this decree.

(8) Classified information is stored in a secure area
appropriate category or higher, or in the container, if its point value
applied in the physical security project for the respective
security area.

(9) The property is placed facility for physical destruction of information carriers
according to Annex no. 1 hereto.

(10) In the case of the facility perimeter is the same threshold
secure area, the range of application of the measures of physical security requirements designed to
category of the security area.

6) § 25 par. 1 of Act no. 412/2005 Coll., As amended by Act no. 255/2011 Coll
. ".

7th In § 4 para. 1, "a boundary object" are deleted.

8th In paragraph 4. 1 and § 8 par. 3, "the facility"
replaced by "the responsible person or person authorized by it."


9th In § 4 para. 2, "and the object boundaries" are deleted.

10th In § 4 para. 2, the number "11" is replaced by "8" and the number "10" is
replaced with the number "9".

11th In § 4 para. 3, "according to § 10 paragraph. 3" are deleted.

12th In § 4, at the end of paragraph 5 sentence "Specialty TV
systems may affect the protection of classified information.".

13th In § 4 para. 7, the words "Annex no. 1", the words "
this decree."

14th § 4, paragraph 8 reads:

"(8) The security conference area under certified or uncertified
technical resources.
Uncertified technical means may be used only under the conditions laid down in Annex no. 1
this decree. ".

15th In § 4, paragraphs 9 and 10 are deleted.

Existing paragraph 11 shall become paragraph 9

16th § 5, including the heading reads:

"§ 5

Security technical equipment

(1) Technical equipment is ensured by measures of physical security
under § 3, 6-10 or in accordance with paragraphs 2 to 4

(2) Scope of regime measures and technical resources to ensure
technical equipment provides the responsible person or person authorized by it
depending on risk assessment.

(3) Guarding technical equipment stored contains classified information classified


A) Top Secret provides type 5 of Annex no. 1 hereto,

B) The secret to ensure a minimum type 4 according to Annex no. 1
this decree,

C) Confidential ensures a minimum of 3 type according to Annex no. 1
this decree,

D) Dedicated to ensuring to the extent determined by the responsible person or
her designee.

(4) Scope of physical security measures to protect
technical equipment down in the physical security project.
Contents and form of the physical security project shall apply mutatis mutandis. ".

17th § 6 para. 1 point. d) the word "data" is replaced by "means
particular way of labeling, allocation, custody and registration".

18th In § 6, at the end of paragraph 1 is replaced by a comma and
letter f), which reads:

"F) motion mode of classified information within the facility, security area and
meeting room.".

19th § 7 including the heading reads:

"§ 7

Mode of movement of persons and vehicles

(1) Permission to enter the facility, security area or region
rules issued by the responsible person or person authorized by it.
Permission to entering the security area or meeting area set
category may be issued to a person who is instructed and holds
notification of completion of the conditions for access to classified information or Dedicated
PSC for equivalent or higher level
secrecy. The list of persons authorized to enter the building category
Confidential, Secret or Top Secret, in a secure area and meeting
areas and vehicles authorized to drive into the building
category Confidential, Secret or Top Secret, a secure area
and meeting areas shall be deposited with the responsible person or persons authorized by it.

(2) Persons without authorization to enter into may object category Confidential,
Secret or Top Secret security area or meeting room
enter only if accompanied by a person authorized to enter into the relevant
facility, security area or meeting areas, provided that
input is essential and not compromising the protection of classified information.

(3) At the entrance to the building category Confidential, Secret or Top Secret
performs access control and those without permission to enter the building is
kept records of data and mandatorily the arrangements visits accompaniment.
On entering RESTRICTED category security area, which is located in the building
RESTRICTED category, implementing access control.

(4) The entry of persons without permission to enter the building category Top Secret
they carried out inspection facilities serving the search
dangerous substances or objects. ".

20th In the heading of § 8 of the word "data" is replaced by "agents".

21st In § 8. 1, 3 and 4, the word "data" is replaced by "agents".

22nd In § 8 par. 2, the word "data" is replaced by "agents" and the words
"degree Restricted, which requires special handling regime and
classified information" shall be deleted.


23rd In § 8. 2 and 4 and § 10 paragraph. 1 and 4, the words "operator
object" is replaced by "responsible person".

24th In § 8. 2, 4 and 5 and § 10 paragraph. 1 and 4, the word "him" is replaced
word "her".

25th In § 8 par. 4, the word "secret" is replaced by "classified" for
words "custodial facilities" shall be inserted the word "is", the words "
keys and identification data" shall be deleted and the words " where he secured or
meeting areas are "shall be deleted.

26th In § 8 par. 5, the word "data" is replaced by "resources" and the words
"building operator" is replaced by "responsible person".

27th In § 9, the word "values" the words "various types".

28th In § 11 par. 2 point. c) the words "or a statement of the same composition and design
technical means, which includes a declaration by the manufacturer that
technical means will be produced in the same composition and design
as was specified in the report pursuant to § 46 para. 14 Act "shall be
words" - for a single technical resource is not required. "

29th In § 12, the word "time" is replaced by "time" and "is derived from the time
" is replaced by "determined by the Office, for a maximum period".

30th Annex no. 1 reads:

"Annex no. 1 to Decree no. 528/2005.

First

CONTAINERS AND LOCKS

01.01 CONTAINERS
---------------------------------------------
------------------ 1.1.1. CONTAINERS Type 4:
SS1 = 4 points -------------------------------------------
--------------------

A Type 4 is certified by the National Security Authority
(hereinafter the "Office") and meets the requirements of protection class II or higher
according to EN 1143-1 + A1 Secure storage units - Requirements,
classification and methods of test for resistance to burglary - Part 1:
safes, strongroom doors and strongrooms.

In accordance with EN 1143-1 + A1 must be the Type 4
lock fitted at least Class A according to DIN EN 1300 + A1 Secure storage
objects - Classification of high security locks due to their || | resistance to unauthorized opening (type 2 lock, paragraph 1.2.3.
Annex).

If that is the Type 4
stored cryptographic material must be this container equipped with a mechanical lock combination
least three-position.
-----------------------------------------------
---------------- 1.1.2. Depository Type 3:
SS1 = 3 points -------------------------------------------
--------------------

A Type 3 is certified by the Authority and meets the requirements
security Class I according to EN 1143-1 + A1. In accordance with EN 1143-1
+ A1 must be the Type 3 equipped with a minimum lock
Class A according to DIN EN 1300 + A1 (Type 2 lock, point 1.2.3. Of the Annex).

If it is in the Type 3
stored cryptographic material must be this container equipped with a mechanical lock combination
least three-position.
-----------------------------------------------
---------------- 1.1.3. Depository Type 2:
SS1 = 2 points -------------------------------------------
--------------------

A Type 2 is certified by the Authority and meets the requirements of Class 0
safety according to EN 1143-1 + A1.

In accordance with EN 1143-1 + A1 must be a depository of type 2
lock fitted at least Class A according to DIN EN 1300 + A1 (Type 2 lock, paragraph 1.2.3.
Annex).
----------------------------------------------- ----------------
1.1.4. Type 1:
SS1 = 1 point -------------------------------------------
--------------------

A Type 1 is undemountable
steel box of solid construction, its door locking device is provided with a three-sided
bolt mechanism and locked. Door closure is self-locking in the closed state.

A Type 1 is not certified by the Authority.
Compliance of properties of these containers with the above requirements will be assessed
responsible person or person authorized by it. Record of compliance assessment becomes part
physical security project.
-----------------------------------------------
---------------- 1.1.5. Type 1A:
SS1 = 1 point -------------------------------------------
--------------------


Type 1A container shall be certified by the Authority and satisfy, including
locking system, requirements for security Class Z1 according to CSN 91 6012
Secure storage units - Requirements, classification and methods
test for resistance to burglary - Safes of basic security.
-----------------------------------------------
---------------- 1.1.6. Depository object type 1B:
SS1 = 2 points -------------------------------------------
--------------------

A Type 1B is certified by the Authority and meets, including
locking system, requirements for security Class Z2 according to CSN 91 6012.
------------------ ---------------------------------------------
01.01 7th Type 1C:
SS1 = 3 points -------------------------------------------
--------------------

Type 1C is certified by the Authority and meets, including
locking system, requirements for security Class Z3 according to CSN 91 6012.
------------------ ---------------------------------------------
01.01 8th Depository object type 0:
SS1 = rated (N)
----------------------------------------- ----------------------

A Type 0 is a fixed structure (eg. Deposit box, office furniture
) and is fitted with a lock, which is locked at.
Not exhibit such signs of damage or wear that would prevent identification
attempted access. A Type 0 is not certified
Office.

Compliance of properties of these containers with the above requirements
responsible person or a person authorized in the physical security project.

02.01 LOCKS OF
-------------------------------------------- -------------------
1.2.1. Lock Type 4:
SS2 = 4 points -------------------------------------------
--------------------

Type 4 lock is certified by the Authority in the conduct of container certification
building and meet requirements for security Class C according to DIN EN 1300 + A1.
-----------------------------------------------
---------------- 1.2.2. Lock Type 3:
SS2 = 3 points -------------------------------------------
--------------------

Type 3 lock is certified by the Authority in the conduct of container certification
object and meets the requirements for security Class B according to DIN EN 1300 + A1.
-----------------------------------------------
---------------- 1.2.3. Lock Type 2:
SS2 = 2 points -------------------------------------------
--------------------

Lock Type 2 is certified by the Authority in the conduct of container certification
object and meets the requirements of safety class according to DIN EN 1300 + A1.

Note to Item 1 .:

Conversion Table score of the container
-------------------------------------- -------------------------
The classification of a type for which Dot Dot
was approved by the storage capability
value value of the building is listed words SS1 SS2
to December 31, 1999 -------------------------------------------
--------------------
Type 4 TOP SECRET 4 points 2 points
Type 3 SECRET 3 points 2 points
Type 2 CONFIDENTIAL 2 points 2 points
---------------------------------------- -----------------------

Second

SECURITY AREAS AND LOCKING SYSTEMS

Mechanical barriers in this chapter refers mainly
locks, doors, grates, foil, glass and other safety design and construction elements
except custodial facilities (point 1 of the Appendix).

Mechanical barriers to secure manholes,
which allows the passage of the template on the following dimensions:
-----------------------------------------------
Manholes size
-----------------------------------------------
400 mm x 250 mm rectangle
ellipse 400 mm x 300 mm
circle diameter of 350 mm
-----------------------------------------------


If manholes protected by mechanical barriers
with one or more openings (e.g. grating), these openings may allow passage
ellipse template measuring 250 mm x 150 mm and a thickness of 20 mm.

02.01 SECURITY AREAS

Determining the type of protected areas balanced by the least resistance element
its borders.
-----------------------------------------------
---------------- 2.1.1. Type 4 security area:
SS3 = 4 points

----------------------------------------------- ----------------


Walls, floors and ceilings shall be constructed as follows:

A) masonry (brick or lime-cement blocks, porous concrete blocks)
thickness greater than 300 mm, or

B) of reinforced concrete thickness greater than 150 mm.

Marks score of other mechanical barriers must
equal to SS3 = 4. Mechanical
barriers shall not exhibit such signs of damage or wear that would prevent
identification of attempted entry.

Windows, doors and other barriers must meet the requirements of safety class
RC RC 4 or Class 5 according to DIN EN 1627 Windows, doors, shutters - Resistance
Burglar - Requirements and classification.
-----------------------------------------------
---------------- 2.1.2. Type 3 security area:
SS3 = 3 points -------------------------------------------
--------------------

Walls, floors and ceilings shall be constructed as follows:

A) masonry (brick or lime-cement blocks, porous concrete blocks)
thickness greater than 150 mm, or

B) reinforced concrete thicknesses greater than 100 mm.

Marks score of other mechanical barriers must meet the minimum value
SS3 = 3
mechanical barriers shall not exhibit such signs of damage or wear that
impossible to identify the attempted access.

Windows, doors and shutters must meet the requirements of security class RC 3
according to EN 1627. ------------------------
---------------------------------------
2.1.3. Type 2 security area:
SS3 = 2 points -------------------------------------------
--------------------

Walls, floors and ceilings shall be constructed as follows:

A) masonry (brick or lime-cement blocks, porous concrete blocks)
thickness of 100 to 150 mm, or

B) of reinforced concrete thickness to 100 mm.

Floors may be from a different material thicknesses greater than 150 mm
(eg. Sandwich wooden beam structure).

Marks score of other mechanical barriers must meet the minimum value
SS3 = 2nd

Windows, doors and shutters must meet the requirements of safety class RC 2
according to EN 1627.

Man-openings need not be protected by certified mechanical
barriers if the lower edge of the man-opening satisfies the following requirements
:

A) shall be at least 5.5m above ground,

B) not be easily accessible from a roof or with the aid
conductors, gutters, window sills, other building components, field
inequalities, trees or other structures.

Mechanical barriers shall not exhibit such signs of damage or wear
that would prevent identification of attempted
input.
-----------------------------------------------
---------------- 2.1.4. The secure area of ​​type 1:
SS3 = 1 point -------------------------------------------
--------------------

Walls, floors and ceilings are of lightweight construction materials, such as, for example
:

- Poly

- Lightweight masonry structures,

- Wood, chipboard,

- Plastic hardened materials,

- Profiled or corrugated iron

- Glass.

Man-openings shall be protected by mechanical barriers
resources that provide the same degree of resistance as remaining parts of the perimeter
Type 1 security area or which are protected
certified electric security system (ESS)
installation of which corresponds to the minimum value SS92 = 3 as

Man-openings need not be protected by these mechanical barriers
means if the lower edge of the man-opening satisfies the following requirements
:

A) shall be at least 5.5m above ground,

B) not be easily accessible from a roof or with the aid
conductors, gutters, window sills, other building components, field
inequalities, trees or other structures.

Mechanical barriers must be of solid construction and
not exhibit such signs of damage or wear that would prevent
identification of attempted access and compliance with these requirements
assesses the responsible person or person authorized by it.


Record of compliance assessment becomes part of the physical security project.
-----------------------------------------------
---------------- 2.1.5. The secure area type 0:
SS3 = rated (N)
----------------------------------------- ----------------------

Security man-openings must allow control the movement of people and vehicles
.

Mechanical barriers shall not exhibit such signs of damage or wear
that would prevent identification of attempted
input.

Compliance with the above requirements confirmed by the responsible person or person authorized by it
in the physical security project.

02.02 LOCKING SYSTEMS INTENDED FOR LOCKING OF SECURITY AREAS
----------------------------------------
----------------------- 2.2.1. Type 4 locking system:
SS4 = 4 points -------------------------------------------
--------------------


Type 4 locking system is certified by the Authority.

Locking system and its components must meet safety
RC class 5 according to DIN EN 1627. ------------------------
---------------------------------------
2.2.2. Type 3 locking system:
SS4 = 3 points -------------------------------------------
--------------------

Type 3 locking system is certified by the Authority.

Locking system and its components must meet the requirements of safety class
RC 4 according to EN 1627. ------------------------
---------------------------------------
2.2.3. Type 2 locking system:
SS4 = 2 points -------------------------------------------
--------------------

Type 2 locking system is certified by the Authority.

Locking system and its components must meet safety
Class RC 3 according to EN 1627. ------------------------
---------------------------------------
2.2.4. Type 1 locking system:
SS4 = 1 point -------------------------------------------
--------------------

Type 1 locking system is certified by the Authority.

Locking system and its components must meet safety
RC class 2 according to EN 1627. ------------------------
---------------------------------------
2.2.5. The locking system type 0:
SS4 = rated (N)
----------------------------------------- ----------------------

Type 0 locking system is certified by the Authority.

Note to Item 2 .:

If a secured area consists strongrooms not be
entry to the strong room in that part of the security area, which is currently
perimeter of the facility. Score S2 in this case equal
0th

Third


FACILITY PERIMETER
When specifying the type of object that is a crucial part of the boundary object that
least resistance. In the event that the boundaries of the object in its entire length
consistent with the security area perimeter, only the security
area and the facility score (S3 = 0); visitors regime will
in this case does not evaluate (SS7 = N).

Special case of the facility's perimeter (fence, etc.) whose
all borders and access points the Type 5 guards
In this case the score S3 may be replaced by the product of the scores SS10
(physical barrier type 2 and above) and SS11. Body of items SS10 and SS11,
which were used in the score S3, will no longer count towards the calculation of S6
but stated in Table scoring for information.

Special case is the object boundary demarcation of the border perimeter (fence
etc.). In this case, as the boundary of the object moreover assessed mantle
buildings and counted in the value S3.
----------------------------------------------- ----------------
01.03 Type 4:
S3 = 4 points -------------------------------------------
--------------------

Walls, floors and ceilings shall be increased or extra solid construction
structure (eg. Concrete structure). Type 4 has
minimum number of doors, windows and other man-openings, which must
be protected by mechanical barriers and offer the same
degree of resistance to an intruder as the rest of the perimeter of the object
Type 4 || | ------------------------------------------------- --------------
02.03 Type 3:
S3 = 3 points -------------------------------------------
--------------------

Walls, floors and ceilings must be of solid construction building bricks

Or blocks, or is used in construction technology using
precast and prefabricated panels, etc. Man-openings shall be
protected by mechanical barriers, which provide the same
degree of resistance to an intruder as the rest of the perimeter of the building || | type 3

Man-openings need not be protected by these mechanical barriers
means if the lower edge of the man-opening satisfies the following requirements
:

A) shall be at least 5.5m above ground,

B) not be easily accessible from a roof or with the aid
conductors, gutters, window sills, other building components, field
inequalities, trees or other structures.
----------------------------------------------- ----------------
03.03 Type 2:
S3 = 2 points -------------------------------------------
--------------------


The building is of lightweight construction. Manholes
must be protected by mechanical barriers or intrusion
means minimum installation SS92 = 1st This does not apply
if the lower edge of the man-opening satisfies the following requirements:

A) shall be at least 5.5m above ground,

B) not be easily accessible from a roof or with the aid
conductors, gutters, window sills, other building components, field
inequalities, trees or other structures.
----------------------------------------------- ----------------
03.04 Type 1:
S3 = 1 point -------------------------------------------
--------------------

Object is lightweight prefabricated structure that protects people
material and equipment from the weather.
----------------------------------------------- ----------------
03.05 Object Type 0:
S3 = rated (N)
----------------------------------------- ----------------------

The building has clearly defined boundary within which there is a possibility
control of individuals and vehicles. The facility provides
responsible person or a person authorized in the physical security project.

Fourth

CONTROL SYSTEM ACCESS TO THE SECURITY AREA OR FACILITY AND VISITORS REGIME


04.01 CONTROL SYSTEM ACCESS TO THE SECURITY AREA OR FACILITY

Entry control system is evaluated assuming its realization
all access points to the facility or security area.
-----------------------------------------------
---------------- 4.1.1. Entry control system Type 4:
SS6 = 4 points -------------------------------------------
--------------------


The Type 4 entry control must be certified by the Authority and meets the requirements
according to EN 50133-1 Alarm systems - control systems
inputs for use in security applications - Part 1: System requirements for the class
access B and class identification 3

A) identification element and PIN

B) biometrics and PIN, or

C) identification element and biometrics.

Entry control system type 4 must be accompanied by an access barrier, preventing
repeated access and provide the regime "one transaction -
one pass."

Entry control shall be implemented at all entrances to the building or
secure area.

Reports from the access control system type 4 must be connected to the resident guards post
.
-----------------------------------------------
---------------- 4.1.2. Entry control system Type 3:
SS6 = 3 points -------------------------------------------
--------------------

Entry control system type 3 must be certified by the Authority and meets the requirements
according to EN 50133-1. Alarm systems - control systems
inputs for use in security applications - Part 1: System
requirements for class B and class approach identifying 3

A) identification element and PIN

B) biometrics and PIN, or

C) identification element and biometrics.

Entry control shall be implemented at all entrances to the building or
secure area.

Reports from the access control system type 3 must be connected to the resident guards post
.
-----------------------------------------------
---------------- 4.1.3. Entry control system type 2:
SS6 = 2 points -------------------------------------------
--------------------

The Type 2 entry control must be certified by the Authority and meets the requirements
according to EN 50133-1 Alarm systems - control systems

Inputs for use in security applications - Part 1: System
requirements for class B and class access identification 2

A) identification element

B) PIN, or

C) biometrics.

Entry control shall be implemented at all entrances to the building or
secure area.

Reports from the access control system type 2 must be connected to the resident guards post
.

Entry control system type 2 can be replaced by entry control, which
continuously carried out by members of the armed forces or
armed corps at all access points to the facility or security
area.
-----------------------------------------------
---------------- 4.1.4. Entry control system type 1:
SS6 = 1 point -------------------------------------------
--------------------

The Type 1 entry control a lockable mechanical barrier to entry
.

Entry control shall be implemented at all entrances to the building or
all access to the secured area.

Note to paragraph 4.1 .:

The Type 1 entry control can only be used for entry into a secure area
CONFIDENTIAL or RESTRICTED category.

When checking the entrance to the facility or security area category
Top secret facilities are used for search
hazardous substances or objects.

Entry control system, according to paragraph 5.2.8 EN 50133-1
Alarm systems - Access control systems for use in security applications
- Part 1: System requirements for class B access must report
unauthorized attempts or actual open access point or
expiry of the authorized period after opening the legitimate access point.
Report must be completed within 10 seconds.

04.02 RANDOM entry and exit examination
------------------------------------------
--------------------- 4.2.1. Random searches
SS12 = 1 point -------------------------------------------
--------------------

Random searches by the State body, legal or natural person
business and are conducted randomly at the entrance, entry, exit and
exit from the building. Random searches are intended as a deterrent
element of the breach of protection of classified information.

04.03 Visitors regime -------------------------------------------
--------------------
4.3.1. Visits accompanied by:
SS7 = 3 points -------------------------------------------
--------------------


Visits must be accompanied throughout their stay in the house.

Register shall be kept on visit data, which contains personal identification data
visits, accompanying persons and time information about
when the visit took place.
-----------------------------------------------
---------------- 4.3.2. Visits unaccompanied:
SS7 = 1 point -------------------------------------------
--------------------

The visits are permitted unescorted entry must be clearly marked
. In this case, they must be clearly marked and all
own employees.

Register shall be kept on visit data, which contains personal identification data
visits and time information about when the visit
done.
-----------------------------------------------
---------------- 4.3.3. Visits without control:
SS7 = rated (N)
----------------------------------------- ----------------------


Visits enter without inspection and escort.

Fifth

GUARDS AND ELECTRIC security system (ESS)

05.01 OSTRAHA
---------------------------------------------- -----------------
5.1.1. Guarding type 5:
SS8 = 5 points -------------------------------------------
--------------------

Surveillance Type 5 only provide for members of the armed forces or armed corps
is pursued in a random patrols.

Guards shall ensure patrolling on random routes and at random intervals
no larger than 2 hours.

While performing surveillance, including the patrol must be present at the
resident guards constant presence of at least one person designated to carry
guards.
-----------------------------------------------
---------------- 5.1.2. Guarding type 4:
SS8 = 4 points -------------------------------------------
--------------------



Surveillance Type 4 provide only members of the armed forces or armed corps
is pursued in a random patrols.

Guarding conducted patrols at intervals of not more than 6 hours.

At night and during non-working hours the frequency of patrols increased.

While performing surveillance, including the patrol must be present at the
resident guards constant presence of at least one person designated to carry
guards.
-----------------------------------------------
---------------- 5.1.3. Guarding Type 3:
SS8 = 3 points -------------------------------------------
--------------------

Surveillance Type 3 provide the employees of the State body, legal person or entrepreneur
individuals whose object goes
members of the armed forces or armed corps or by the security
protective services.

Frequency of patrolling will depend on internal traffic and extent
assumed risk.

While performing surveillance, including the patrol must be present at the
resident guards constant presence of at least one person designated to carry
guards.
-----------------------------------------------
---------------- 5.1.4. Guarding type 2:
SS8 = 2 points -------------------------------------------
--------------------


Type 2 guards provide employees of the State body, legal person or entrepreneur
individuals whose object goes
members of the armed forces or armed corps or by the security
protective services.

For Type 2 guards are required beats.
-----------------------------------------------
---------------- 5.1.5. Guarding Type 1
SS8 = 1 point -------------------------------------------
--------------------

Type 1 guards are commensurate with guarding the building connected to the surveillance and
alarm receiving center enabling rapid intervention.

Note to paragraph 5.1 .:

Rules for the performance of surveillance is necessary if the facility in which
security area of ​​the category Confidential, Secret or Top Secret
or meeting area, laid down in writing.

Protection of security areas, which store classified information
European Union classified CONFIDENTIAL and above shall be ensured
Type 2 guards and above, with the frequency of patrols must be determined
at intervals of not more than 2 hours. Guards shall start patrolling
immediately after normal working hours.

Resident guards is located from a secure area category
Top Secret and Secret far as 500 m or if the distance habitat
constant surveillance of more than 500 m interference must be made to guard
5 minutes from receiving the alarm or an emergency signal from the object
security area or meeting room.

Type 1 guards can only be used for objects category
Confidential or Restricted.

Security must be equipped with means enabling the patrol
conjunction with the resident guards post. Guards' response time to alarms or emergency signals
must be verified by a responsible person or
her designee.

05.02 ELECTRIC SECURITY SIGNALLING -------------------------------------------
--------------------
5.2.1. Electric security signaling device type 4:
SS91 = 4 points -------------------------------------------
--------------------

Electric security signaling device type 4
must be certified by the Authority and meets the requirements of DIN EN 50131 1 ed. 2
Alarm systems - Alarm security and emergency systems - for
security level 4 - high risk. Emergency system shall meet
requirements of EN 50134 -1 Alarm systems - systems
summoning help.
-----------------------------------------------
---------------- 5.2.2. Electric security signaling device Type 3:
SS91 = 3 points -------------------------------------------
--------------------

Electric security signaling device type 3
must be certified by the Authority and meets the requirements of DIN EN 50131 1 ed.
2 to security level 3 - medium to high risk.
Emergency system meets further requirements of EN 50134 - the first
---------------------------------
------------------------------ 5.2.3. Electric security signaling device Type 2
SS91 = 2 points

----------------------------------------------- ----------------

Electric security signaling device type 2
must be certified by the Authority and meets the requirements of DIN EN 50131 1 ed. 2 for
security level 2 - low to medium risk.
Emergency system meets further requirements of EN 50134-1.
-----------------------------------------------
---------------- 5.2.4. Electric security signaling device Type 1
SS91 = 1 point -------------------------------------------
--------------------

Electric security signaling device type 1
not certified by the Office.

Note to paragraph 5.2 .:

The certification of the electric security alarm systems are
:

A) exchanges electric burglar

B) detectors, electric burglar

C) perimeter detection systems,

D) emergency systems.

Table assigning categories to types of technical means ESS
------------------------------------ ---------------------------
The classification of a type for which was approved Spots
technical competence is listed in words or value
resource launched by the acronym
ESS to 31.12 In 1999 from 1.1. 2000
---------------------------------------------- -----------------
Type 4 - "PT" 4 points
Type 3 "TOP SECRET" "T" 3 points
Type 2 "CONFIDENTIAL" "D" 2 points
------------------------------------------ ---------------------

-----------------------------------------------
---------------- 5.2.5. Installation of the electric security signaling
Type 4
SS92 = 4 points -------------------------------------------
--------------------

Type 4 installation is carried out in a secure area within the range:

A) space protection,

B) protection of the shell,

C) emergency system

D) seismic detectors or CCTV sensing
continuously manholes secure area.
-----------------------------------------------
---------------- 5.2.6. Installation of the electric security signaling Type 3

SS92 = 3 points -------------------------------------------
--------------------

Type 3 installation is carried out in a secure area within the range:

A) space protection,

B) protection of the shell,

C) emergency system or CCTV sensing continuously
manholes secure area.
-----------------------------------------------
---------------- 5.2.7. Installation of the electric security signaling type 2

SS92 = 2 points -------------------------------------------
--------------------

Installation Type 2 is implemented in the security area range:

A) space protection,

B) protection of the shell.

Man-holes in the border area protected in case of installation
electric security signaling device type 2 may not be protected by elements
shell protection if their lower edge
meets the following conditions:

A) shall be at least 5.5m above ground,

B) not be easily accessible from a roof or with the aid
conductors, gutters, window sills, other building components, field
inequalities, trees or other structures.
-----------------------------------------------
---------------- 5.2.8. Installation of the electric security signaling type 1

SS92 = 1 point -------------------------------------------
--------------------

Installation Type 1 is realized in a range of spatial protection
secure area.

Note to 5.2.5 to 5.2.8 .:

Installation of the electric security signaling
must meet the requirements according to the standards of EN (CLC / TS) 50131 The alarm
security and emergency systems.

Output signal of the electric security alarm and CCTV
must be connected to the designated
resident guards.

Control electric security signaling device in a secure area
must be independent of the control of the electric
security alarm in other security areas or other areas
.

Installation of the electric security signaling device shall be verified
functional test according to TNI 334591-3. Scope of functional testing

Is determined at least every 12 months in table A1 (level 1).
Functional test shall be recorded in the service book or protocol
test, which is stored by the responsible person or persons authorized by it.

5.2.9. Calculation of SS9 by scoring SS91 and SS92
SS9 = (SS91 SS + 92) / 2 x SS92 / OBL


The SS9 mathematically rounded to integer.

Maximum value of SS9 can be the 4th

OBL point value is specified categories of protected areas:
-------------------------------------
Category Point Value
Secure OBL
area
-----------------------------------
Top Secret 4 points
Secret 3 points
Confidential 2 points
Dedicated 1 point
------------------------------------

If the secure area secured a permanent presence of at least 1
person, it is not necessary to install the electric security alarm
; In this case, the value SS9 = fourth

Resulting point score of the level of the electric security signaling
balanced scoring of technical means
lowest type.

05.03 CCTV

Special television systems used for scanning, distributing and displaying
movement of persons and vehicles. Specialty TV
systems are certified by the Authority.

Installation of CCTV must meet standards
series CSN EN 50132 - Alarm transmission systems and equipment -
CCTV surveillance systems for use in security applications.

6th
PERIMETER PROTECTION


Boundary perimeter is formed around the periphery of the physical barrier.

06.01 PHYSICAL BARRIERS

Physical barriers are required around the perimeter boundary of the facility there
where its character permits it. Construction of access points (access gateways
) must be at the same safety level as construction
physical barrier (fence). At all access points must be secured
same standard of access control.
-----------------------------------------------
---------------- 6.1.1. Type 4 physical barrier:
SS10 = 4 points -------------------------------------------
--------------------


Type 4 physical barrier shall make the surveillance of an adjacent terrain. If
possible must be left around the protected object
25m free space. The minimum height of the vertical part of the barrier is 2.15m.
Must be designed and constructed to provide the greatest impediment
breaching attacks. The upper part of the barrier shall provide resistance to climbing
- sided inclined bars protruding outwards and inwards
45 ° angle with a minimum length of 40 cm, on which the entire length of the fixed
barbed wire. Type 4 physical barrier must be accompanied
perimeter detection system.
-----------------------------------------------
---------------- 6.1.2. Physical barrier type 3:
SS10 = 3 -------------------------------------------
--------------------


Physical barrier type 3 allows surveillance of an adjacent terrain. If
possible must be left around the protected object
25m free space. The minimum height of the vertical part of the barrier is 2.15m.
Must be designed and constructed to provide the greatest impediment
breaching attacks. The upper part of the barrier shall provide resistance to climbing
- sided inclined bars protruding outwards at an angle of 45 °
a minimum length of 40 cm, on which the entire length of fixed
barbed wire.
-----------------------------------------------
---------------- 6.1.3. Type 2 physical barrier:
SS10 = 2 points -------------------------------------------
--------------------

Type 2 physical barrier shall provide a barrier against attempted
climbing or breaching attacks.
Vertical minimum height of the barrier is 2.15m.
-----------------------------------------------
---------------- 6.1.4. Type 1 physical barrier:
SS10 = 1 point -------------------------------------------
--------------------

Type 1 physical barrier fencing matches without special security requirements
. The purpose of this fence is to mark boundaries and to
minimum level of deterrence or resistance. Type 1 physical barrier may

Be constructed of any type of material.
----------------------------------------------- ----------------
6.2.Kontrola at all access points of the perimeter
SS11 = 1 point -------------------------------------------
--------------------

6.3.Perimetrický Detection System (PDS)
------------------------------------
--------------------------- 6.3.1. Perimeter detection system (PDS) - Certified:
SS13 = 2 points -------------------------------------------
--------------------

Perimeter detection system is certified by the Authority and refer to him
requirements specified in 5.2. Annex.
-----------------------------------------------
---------------- 6.3.2. Perimeter detection system (PDS) - uncertified:
SS13 = 1 point -------------------------------------------
--------------------


Perimeter detection system is certified by the Authority and refer to him
requirements specified in 5.2. Annex.
----------------------------------------------- ----------------
04.06 Security lighting of the perimeter:
SS14 = 2 points -------------------------------------------
--------------------

Requirements for installing security lighting for example through
requirements for the CCTV on the perimeter.
----------------------------------------------- ----------------
05.06 CCTV on the perimeter
SS15 = 2 points -------------------------------------------
--------------------

Specialty TV system is certified by the Authority.

Installing CCTV must meet standards
series CSN EN 50132 - Alarm transmission systems and equipment -
CCTV surveillance systems for use in security applications.

7th

Fire alarm equipment

Fire detectors must be connected to the fire alarm
, or PBX electronic security system.
In both cases, the alarm signal must be wired to the designated habitat
resident guards.

Fire alarm equipment must meet standards
series EN 54 - Fire Alarm Systems.

Fire alarm equipment are certified by the Office.

8th Devices for search of dangerous substances or objects

Equipment for search of dangerous substances or objects are
used to enter the building or to a secured area category
Top Secret or meeting room, which is regularly discussed
information classified Top Secret.

Equipment for search of dangerous substances or objects are not certified
Office. It shall be set in the range:

First Walk-through detector metal objects, possibly supplemented by hand
detector metal objects.

Second X-ray equipment for checking luggage, as evidenced by the positive
decision of the State Office for Nuclear Safety on type approval
ionizing radiation sources under Act no. 18/1997 Coll., On peaceful
use of nuclear energy and ionizing radiation and on amendments and
supplementing certain acts, as amended.

9th

DEVICES FOR PHYSICAL DESTRUCTION OF DATA CARRIERS OR DATA -------------------------------------
-----------------------------
01.09 Devices for physical destruction of data carriers or data type 4:
without scoring
-------------------------------------------- ----------------------

Devices for physical destruction of information carriers or data type 4 are designed
for the destruction of information classified Top Secret or
lower. Devices for physical destruction of data carriers or data
certified by the Authority.
-------------------------------------------------- ---------------------
Information or data carrier Size of particles
-------------------------------------------------- ---------------------
paper, polyester film, depositing particles width = <0.8 mm
Information in original size
metal, plastic, identification
cards, magnetic tapes, hard
Floppy disks, compact discs and
a similar media; Particle length = <13.0 mm
-------------------------------------------------- ---------------------

polyester film depositing surface of particles = <0.2 mm2
Information in reduced size as
microfilm, chip cards, memory
chips and similar media;
-------------------------------------------------- ---------------------


Devices for physical destruction of information carriers or data type 4 are designed
also for destruction of classified information of a foreign power classified TOP
secret or lower.
----------------------------------------------- ----------------
02.09 Devices for physical destruction of data carriers or data type 3:
without scoring
-------------------------------------------- -------------------

Devices for physical destruction of information carriers or data type 3 are intended
for the destruction of information classified SECRET or lower.
Devices for physical destruction of data carriers or data is certified
Office.
-------------------------------------------------- -----------------
Information or data carrier Size of particles
-------------------------------------------------- -----------------
paper, polyester film, particle width = <2.0 mm
storing information
in original size, metal,
plastic, identification particle length = <15.0 mm
cards, diskettes, compact
discs and similar media;
-------------------------------------------------- ----------------
polyester film depositing surface of particles = <0.5 mm2
Information in reduced
size as microfilm
smart cards and similar carriers
-------------------------------------------------- -----------------

Devices for physical destruction of information carriers or data type 3 are intended
also for destruction of classified information of a foreign power classified TOP
secret or lower only if the width of the waste particles up to 1.5 mm
.
----------------------------------------------- ----------------
03.09 Devices for physical destruction of data carriers or data type 2:
without scoring
-------------------------------------------- -------------------

Devices for physical destruction of information carriers or data type 2
intended for destruction of information classified Confidential or lower.
Devices for physical destruction of data carriers or data is certified
Office.

Information or data carrier Size of particles
-------------------------------------------------- ---------------------------
paper, film cross-sectional width = particles <4.0 mm
polyester depositing particle length = <80.0 mm
information in the original
size, metal, floppy
compact discs and
a similar media; straight cut band width = <2.0 mm
strip length = <297.0 mm
surface of particles * = <320.0 mm2
-------------------------------------------------- ---------------------------
plastic, for example. width = particles <4.0 mm
identification cards
Particle length = <80.0 mm
-------------------------------------------------- ---------------------------
film surface of particles = <1.0 mm2
polyester with saving
Information in reduced
size as
microfilm, chip cards
and similar carriers
-------------------------------------------------- ---------------------------


Note:

* Applies only for high capacity device with capacity> = 500 kg / h

Devices for physical destruction of information carriers or data type 2
intended also to destruction of classified information of a foreign power classified CONFIDENTIAL
lower and only if the width of the waste particles up to 3 mm and a maximum length
25 mm. The area of ​​particles should not exceed 60 mm2
except media information or data, which is determined by particle surface = <
1.0 mm2.
----------------------------------------------- ----------------
04.09 Devices for physical destruction of data carriers or data type 1:
without scoring
-------------------------------------------- -------------------


Devices for physical destruction of information carriers or data type 1
intended for destruction of classified information classified RESTRICTED. Device

Physical destruction of information carriers or data is certified by the Office.
-------------------------------------------------- ------------------------
Information carrier Size of particles or
data
-------------------------------------------------- ------------------------
paper, film straight cut band width = <6.0 mm
polyester
storing information length bar unlimited
the original
size metal
diskettes, compact surface of particles * = <320.0 mm2
discs and similar
carriers;
-------------------------------------------------- ------------------------

Note:

* Valid only for high capacity device with capacity of 500 kg / h.

09.05 Devices for physical destruction of data carriers or data type 0: without scoring


Devices for physical destruction of information carriers or data type 0
are intended for destruction of information classified Top Secret or
lower. The destruction is used burning or melting, the temperature
that will be exposed, and time of exposure should lead to their complete destruction
. Responsible person or department responsible person who carries out decommissioning
classified information, ensuring that
by incineration or melting, will completely destroy the carriers and the inability to restore
classified information.

10th

PROTECTION AGAINST passive and active eavesdropping CLASSIFIED INFORMATION

Meeting room for discussion of classified information degrees
SECRET and TOP SECRET is secured technical means
against passive and active eavesdropping. This
Office equipment certify.

Requirements to ensure the meeting room against passive and active eavesdropping
:

A) passive eavesdropping rules must be ensured area
sufficiently soundproofed walls, doors, floor and ceiling

B) windows, vents or ducts air must be protected
technical means certified by the Authority. Rules
area must be protected against overlooking from outside the meeting room,

C) in the meeting room can not be placed any furniture or any device
if you do not pass inspection, whether in the meeting room
no illegal use of technical means intended for
obtaining information (hereinafter referred to as "defensive tour "). Furniture and equipment
meeting room must be recorded (including the type, serial and inventory numbers
), including the history of the movement,

D) affixing telephones in the meeting room is not desirable.
If their installation is necessary, must be equipped with isolator
or disconnected before negotiation

E) in the meeting room can not bring cell phones, any
recording equipment, broadcasting equipment, any testing, measuring and
diagnostic devices and other electronic devices (except in the case
it is a device used in the implementation of the defense
tours with knowledge of the responsible person or persons authorized by it)

F) rules for the region must be prepared rules for the registration and movement of people and equipment
.

According to § 26 par. 1 of the Act the responsible person is obliged to request the Office
defensive performance tours. During the tour will be verified defense
deployment of technical means against passive and active eavesdropping
classified information.

Security inspections negotiating areas shall be according to § 10 paragraph
. 1 hereto and shall also be undertaken Security inspection
after unauthorized entry or suspicion of such and entry
workers performing maintenance or adjustments in the meeting room.

Request for the defense tours include:

A) business name, name or name and surname if the applicant
entrepreneur or the authority of the state, including the identification number, if
been assigned

B) the address of the location of the meeting room,

C) floor area and ceiling height,

D) the envisaged period of implementation of the defense tours,

E) the reason for the implementation of defensive examinations (eg., To add furniture
or suspected unauthorized entry)

F) the name and surname of a contact person and contact connections

G) the signature of the responsible person.


Requirements for the implementation of defensive tests:

A) a natural person performing the inspection defense must hold
valid personnel for the level SECRET or higher,

B) on the defensive during inspection report shall be prepared containing:

First information on the State body that carries out inspection defense,

Second the name of the company where the applicant is an entrepreneur or the authority of the state
including identification numbers, if assigned, which uses
mentioned meeting area

Third address of the location of the meeting room,

Fourth date and time of defense tours,

Fifth Description of the meeting room (controlled area)
including photographs,

6th performed acts

7th checking, measuring and test equipment,

8th measurement results,

9th result (evaluation) defense tours.

Report on the defensive during tours must be attached to the project
physical security.

11th

TERMS OF USE OF TECHNICAL MEANS OF CERTIFIED AFTER
TERM OF THEIR CERTIFICATES

The technical means for the protection of classified information must be newly
taken at the time of his certificate.

After the expiry of the certificate may be
technical means for protecting classified information is used or deployed under the condition that
is fully functional. This must be verified by functional test.
Time intervals are defined in § 10 of this Decree.

The mechanical barrier devices and devices for physical destruction of data carriers
information and data to demonstrate the functional test writing signed by the person responsible
or her designee. For other technical means to prove
functional test test protocol (eg. Revisions, record
operating in the book). Result functional tests shall be deposited with the responsible person
or her authorized person.

12th

SPOT minimum baseline security measures PHYSICAL SECURITY

1.12 TABLE point minimum baseline security measures SECURITY AREAS

-------------------------------------------------- -------
SECURITY AREA rate risk
CATEGORY
Strictly Confidential ----------------------------
Small Medium Large
-------------------------------------------------- -------
Mandatory: (S1) + (S2) + (S3) 10 11 13
Mandatory: (S4) + (S5) * 6 7 7
Optional: (S6) 4 5 5
-------------------------------------------------- -------
The overall result of 20 23 25
-------------------------------------------------- -------

-------------------------------------------------- -------
SECURITY AREA rate risk
CATEGORY
secret
-------------------------------------------------- -------
Small Medium Large
-------------------------------------------------- -------
Mandatory: (S1) + (S2) + (S3) 8 9 10
Mandatory: (S4) + (S5) ** 4 5 5
Optional: (S6) 4 5 5
-------------------------------------------------- -------
Total result 16 19 20

-------------------------------------------------- -------
SECURITY AREA rate risk
CATEGORY
confidential
Small Medium Large
-------------------------------------------------- -------
Mandatory: (S1) + (S2) + (S3) 6 8 9
Required: (S4) + (S5) 2 3 3
Optional: (S6) 3 3 4
-------------------------------------------------- -------
The overall result of 11 14 16
-------------------------------------------------- -------

-------------------------------------------------- -------
CATEGORY SECURITY AREA
dedicated
for storing classified information in
components of an information system or
Cryptographic tools or requiring
special handling regime
-------------------------------------------------- -------
Mandatory: (S1) + (S2) + (S3) 2

Optional: (S4) + (S5) + (S6) 1
-------------------------------------------------- -------
The overall result of 3
-------------------------------------------------- -------



Note:

* - (S5) shall score at least 5 points.

** - (S5) shall score at least 4 points.

Only one of (S1), (S2) or (S3) may be equal to 0.

Specified facility, security area can use the business
relating to the protection of classified information, only one State body,
legal or natural person.

Table scores of RESTRICTED category security area,
not used for storing classified information in the components of the information system
or cryptographic device or requiring special handling regime
not be processed. In this case, only one of
values ​​(S1) (S2) or (S3) may be realized.

U RESTRICTED category security area, used to store
classified information in the components of the information system, the point value
lowest level of security defined as a minimum. Spot
rating can be increased on the basis of the certification report information
system located in the secured area.

2.12 TABLE point values ​​LOWEST RATE OF SECURITY RULES OF THE AREA
-------------------------------------------------- ------------------------
MEETING AREA rate risk
for discussion
information classified
Strictly Confidential
-------------------------------------------------- ------------------------
Small střednívelká
-------------------------------------------------- ------------------------
Mandatory: (S2) + (S3) 6 6 7
Mandatory: (S4) + (S5) * 6 7 7
Optional: (S6) 4 5 5
-------------------------------------------------- ------------------------
Total result 16 18 19
-------------------------------------------------- ------------------------
MEETING AREA rate risk
for discussion
information classified
secret
-------------------------------------------------- ------------------------
Small střednívelká
-------------------------------------------------- ------------------------
Mandatory: (S2) + (S3) 5 5 6
Mandatory: (S4) + (S5) ** 4 5 5
Optional: (S6) 4 5 5
-------------------------------------------------- ------------------------
Total result 13 15 16
-------------------------------------------------- ------------------------

Note:

* - (S5) shall score at least 5 points.

** - (S5) shall score at least 4 points.

(S2) must be equal to 0.

The given meeting area can be used for activities related to the protection of classified information
Only one State body, legal or natural person
business.

13th

PHYSICAL SECURITY Information Systems (IS)

If the secured area or facility that portion
information system, which can contain classified information,
looks at this part of the information system as the security equivalent of a container
(SS1). The identification together with the authentication of the user
constitutes the security equivalent of a lock object (SS2).
Values ​​SS1 and SS2 can use the table of point values ​​
lowest level of security and a secure meeting (point 12 of the Annex).
In justified cases, when you can not achieve the required minimum sum
values ​​S1, S2 and S3 must be components of an information system
protected by certified electric security alarm
installation of which corresponds to the type 4 in accordance with point 5.2.5.

Information systems used only for displaying, processing or
transmission of classified information up to SECRET level may be located inside the building
outside the security area or inside the building without
secure or meeting room.

14th

STRUCTURE OF THE PHYSICAL SECURITY PROJECT CATEGORY FACILITY CONFIDENTIAL AND HIGHER


The content of the physical security project is determined depending on the category
object or area within the range of built in § 32 of the Act in
paragraph. 1, 3 or 4.

14.1. RISK ASSESSMENT

Risk Assessment includes:


A) the specification of assets - anticipated amount of classified information
according to classification levels,

B) determination of individual threats and vulnerabilities and their evaluation

C) determining the total risk level as "low", "medium" or "large".

14.2. DETERMINATION object category, SECURITY AREAS AND MEETING
BORDER AREAS INCLUDING THEIR DESTINATION AND CLASSES OF SECURITY AREAS

First General introduction (address), description of the premises / building (perimeter description, number
buildings / floors, entrances or security), environment (especially
objects that could affect safety), foreign entities | || area / building (number, or the name and focus of activities), schema.

Second Determination of the object and its type.

Third Determining the boundaries of the object (the location of the premises / building, strength of walls,
access, height of windows, resident guards).

Fourth Description of the security.

Fifth The facility drawn in the drawing part of the Technical Documentation
physical security (point 14.3.2. Of the Annex).

6th Determining security areas within the facility,
their type, category and class. It is necessary to distinguish whether it is a
repositories of classified information, sites with information system,
areas with a permanent presence here working people, meeting room or
combination of these types.

7th Determining the perimeter of security and meeting areas (
location in the building, strength of walls, floors and ceilings, entrances, the height of the lower edge
man-openings above surrounding ground) and their depiction in the drawing
part of the Technical documentation of the physical security (point 14.3.2. attachments).

8th For each security and meeting area handle table
spot assessment of physical security measures.

14.3. APPLICATION OF PHYSICAL SECURITY MEASURES

14.3.1. TABLE scoring PHYSICAL SECURITY MEASURES IN THE SECURITY AND RULES

AREA
The table header contains the following information:

A) the name of the secure (meeting) area

B) category and class of protected areas

C) the nature of the meeting room based on classified information that
in it regularly discussed,

D) the purpose for which a secure area to serve.
--------------------------------------------- - ------------------------ ----------------------
SAFETY RATING TYPBODOVÉ

---------------------------------------- ----- -------------------------- ------------------- ---
Storage objects * T. 4-4 points SS1 =
* T. 3-3 points
* T. 2 - 2 points
---------------------------------------- ----- -------------------------- ------------------- ---
LOCKS * T. 4-4 points SS2 =
* T. 3-3 points
* T. 2 - 2 points
---------------------------------------- ----- -------------------------- ------------------- ---
storage units including the locking system, * T. 1 - 1 point S1 =
* T. 1A - 1 point
* T. 1B - 2 points
* T. 1C - 3 points
---------------------------------------- ----- -------------------------- ------------------- ---
Overall rating of the container and its S1 = SS1 x SS2 S1 =

lock ------------------------ --------------------- -------------------------- --- -------------------
secure area * T. 4-4 points SS3 =
* T. 3-3 points
* T. 2 - 2 points
* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
locking system secured area * T. 4-4 points SS4 =
* T. 3-3 points
* T. 2 - 2 points
* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
overall assessment of the security area S2 = SS3 and SS4 x S2 =
its locking system
----------------------- ---------------------- -------------------------- - -------------------- *
object T. 4-4 points S3 =
* T. 3-3 points
* T. 2 - 2 points
* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
entry control system * T. 4-4 points
* T. 3-3 points SS6 =
* T. 2 - 2 points

* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
visitors regime
a) Visits accompanied * ad a) - 3 point SS7 =
b) Visits unaccompanied ad * b) - 1 point
c) Visits without control * ad c) - rated
------------------------------------ --------- -------------------------- ---------------
------- Total score entry control S4 = SS6 + SS7 S4 =
-------------------------- ------------------- -------------------------- ----- ----------------- *
Guarding T. 5 - 5bodů SS8 =
* T. 4-4 points
* T. 3-3 points
* T. 2 - 2 points
* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
electric security signaling device * T. 4-4 points
* T. 3-3 points
* T. 2 - 2 points SS91 =
* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
installation of the electric security * T. 4-4 points SS92 =
signaling * T. 3-3 points
* T. 2 - 2 points
* T. 1 - 1 point
---------------------------------------- ----- -------------------------- ------------------- ---
PartResult (SS 9) SS9 = ----------------------------------
----------- -------------------------- -------------
--------- Total score guards S5 = SS8 + SS9 S5 =
and
intrusion system ------------------- -------------------------- ------------------------ - ----------------------
Physical barriers * T. 4-4 points SS10 =
* T. 3-3 points
* T. 2 - 2 points
* T 1 -1 points
---------------------------------------- ----- -------------------------- ------------------- ---
access control at access points
perimeter SS11 =
a) A check is performed ad * a) - 1 point
b) Control is implemented * ad b) - 0 points
----------------------------------- ---------- -------------------------- -------------- --------
Random entry and exit inspection
a) The tours are conducted SS12 =
b) Inspections are conducted ad * a) - 1 point
* Ad b) - 0 points
---------------------------------------- ----- -------------------------- ------------------- ---
Perimeter detection system (PDS) SS13 =
- certified by two points
- uncertified by 1 point
----------------- ---------------------- ---------------------------- ---- ----------------------
Security lighting of the perimeter SS14 =
2 points
--------------------------------------------- -------------------------- ---------------------- || | CCTV on the perimeter 2 points
SS15 =
--------------------------------------------- -------------------------- ---------------------- || | Overall assessment perimeter protection S6 = (SS10 x SS11) + SS12 +
SS13 + SS14 + SS15 S6 =
---------------------------------------- ----- -------------------------- ------------------- ---

Variable values ​​S1 to S6 obtained by completing the table
spot assessment of physical security measures in the security area is necessary
compared with the table point values ​​for the lowest level of security
secure and meeting area according to item 12 of Annex

Based on this comparison, it is necessary to determine whether the measures taken
physical security are given risk level and category of the security area
sufficient.

Based on this comparison, it is necessary to determine whether the measures taken
physical security are a given risk level and on the level
classified information regularly discussed in the meeting room
sufficient.

Verifying whether a particular physical security measures applied and
risk evaluation correspond to the physical security project and legal
regulations for the protection of classified information shall be liable
person or her authorized person.

Functional tests of electric security systems is carried out by TNI
3345 91-3. The extent and timing of operational tests is defined in
Table A1 (level 1). Conditions of operational tests of other technical devices
down the responsible person or person authorized by it.


Records of operational testing of technical means outlined in
§ 30 paragraph. 1 of the Act shall be deposited with the responsible entity or its authorized
person.

14.3.2 TECHNICAL DOCUMENTATION OF THE PHYSICAL SECURITY

This documentation is divided into the following sections:

A) Drawing documentation, which identifies in particular the boundary
object perimeters of security and meeting areas and
deployment of technical means for the protection of classified information within the facility
and security and meeting areas

B) Technical means documentation, which contains in particular

First specification (the name, number, and if more types of one class of technical means well
location)

Second a copy of the certificate and annexes from the installation period,

Third Listings for conformity assessment from the installation period (state
specification and method of use).

14.4. OPERATING RULES

Operating rules include:

First rules governing the movement of persons (including visitors) and traffic
within the area / building

Second rules governing the movement of persons (including visitors) and traffic
resources in building and security areas,

Third rules governing the movement of classified information within the facility,

Fourth rules for dealing with the operational documentation for technical
means containing instructions for use of technical means,
date of installation and determining periodic inspections
functionality of technical means (eg. operational books, instruction manuals, intrusion detection, special television
system, EKV, EPS and equipment against passive and active eavesdropping
etc.)

Fifth rules for handling keys and identification of resources
entrances to the building and secured areas as key to a custodial
objects. These rules shall address the system and method of labeling
and handing over of the keys and identification means,
safekeeping and accounting procedure for loss, storage of duplicates and
rules for their use. In the event that the responsible person or person authorized by it
decided to impose keys or identification means
outside the object of this fact must keep records and must ensure
monitoring of compliance with rules governing handling of keys or identification means
outside the building. Similar rules should be established for
handling of characters combinations used as passwords enabling
access to facilities, security areas or objects

6th description of regime measures for the protection of meeting areas

7th Rules for the performance of surveillance on the number of guards, the way they carry out surveillance
particular method of checking people and vehicles
entry and exit, way of carrying out patrols and guard
way of responding to an alarm from technical means; in case
security is performed under contract, it is necessary to attach a copy of the contract
.

14.5. PLAN ZEBEZPEČENÍ OBJECT SECURITY AREAS AND RULES OF THE AREA IN CRISIS SITUATIONS


Description of measures to reduce threats and vulnerabilities described in chapter
risk assessment.

Guidelines for protecting classified information in the event of an emergency situation
.

15th

STRUCTURE OF THE PHYSICAL SECURITY PROJECT CATEGORY FACILITY DEDICATED

The content of the physical security project is set within the range
referred to in § 32 par. 2 and 4 of the Act.

15.1. DETERMINING FACILITIES, SECURITY AREAS INCLUDING THEIR BORDERS AND CLASSES OF SECURITY AREAS


First Determining the boundaries of the object (the location of the premises / building entrances,
height of windows, resident guards).

Second The facility drawn in the drawing part of the Technical Documentation
physical security (point 15.2.1. Of the Annex).

Third Determining security areas within the facility and
their class. It is necessary to distinguish whether it is a
repositories of classified information, sites with information system, an area with a permanent presence here
persons employed or a combination of these.

Fourth Determining the perimeter of security areas (location within the facility, strength
walls, floors and ceilings, entrances, height of the lower edge of man
openings above surrounding ground) and their depiction in the drawing part
Technical documentation of the physical security (point 15.2 1 of appendix).

2.15 APPLICATION OF PHYSICAL SECURITY MEASURES

How to use physical security measures described:

A) the way they carry out surveillance,


B) taken regimen of physical security measures (especially motion mode
persons regime of movement of classified information and rules for handling
keys).

15.2.1 TECHNICAL DOCUMENTATION OF THE PHYSICAL SECURITY

This documentation is divided into the following sections:

A) Drawing documentation, which identifies in particular the boundary
object perimeters of security areas and deployment
technical means for the protection of classified information in
object, and security areas.

B) Technical means documentation, which contains in particular

First specification (the name, number, and if more types of one class of technical means well
location)

Second a copy of the certificate and annexes from the installation period,

Third Listings for conformity assessment from the installation period (state
specification and method of use)
.

In the security area, where the stored information classified
Dedicated components in a computer system or cryptographic
agent or requiring special handling regime, further
processed in accordance with point 14.3.1. Table scoring
physical security measures secured area. ".

Art. II



Effectiveness This Decree shall take effect on 1 January 2012.
| || Director:

Ing. Navratil vr