The institutions of the central public administration will have to satisfy minimum cyber security requirements that were approved by a Government decision, IPN reports.
The requirements were divided into two categories. The first category refers to the use of information technology. Under these requirements, separate accounts should be created for the administrator and user. Each user account will be associated with a particular person. Users’ passwords will represent a combination of digits (0-9). It is not allowed to store electronically and transport users’ passwords from the system in non-cryptic form. The procedures for making and keeping reserve information copies (databases) are also regulated.
The advanced, second-level cyber security requirements are intended for institutions that provide services based on information and communication technology. Within these, access to the system’s equipment will be allowed only to authorized persons, while the institution will be obliged to keep the registration of the person in the system for a period of at least six months.
Both of the levels contain physical security standards. Among these are the clear delimiting of the are intended for IT equipment, working out of plans of server rooms and networks, ensuring of conditions for heating, ventilation and of energy security.
The public institutions will have to perform internal cyber security audits, to train personnel, to draw up the email user guide and to carry out other activities that will contribute to the safe processing and use of data.
The minimum cyber security requirements will also be taken into account when purchasing new information systems and when updating the existing ones. These are to be fully fulfilled by the central public administration institutions by this yearend.
