en.Wedoany.com Reported - The Federal Service for Technical and Export Control of Russia (FSTEC of Russia) has updated the organization and implementation procedure for certification of information facilities processing restricted information (excluding state secrets). The adjustment involves Order No. 77 dated April 29, 2021, and impacts multiple stages of security testing.

New Order No. 60 dated February 27, 2026, has been officially published on the legal information portal, and the document will take effect on September 1, 2026. The regulatory body explained that the update aims to align the current procedure with new requirements for protecting state information systems and other information systems of state authorities. These requirements were approved by Order No. 117 of the Federal Service for Technical and Export Control of Russia (FSTEC) dated April 11, 2025, and have been in effect since March 1, 2026.

The new version refines requirements for certification tests, which are designed to confirm whether information facilities meet established security requirements. The amendments also involve periodic control of already certified facilities; the Federal Service for Technical and Export Control of Russia (FSTEC) has clarified measures to be taken after obtaining a certification certificate and methods for checking the level of information protection. Another change relates to the registration of inspection results, updating requirements for the content of reports and protocols prepared based on protection control results.

The document does not change the basic concept of certification but makes the procedure more standardized and aligns the current procedure with the updated regulatory framework of the Federal Service for Technical and Export Control of Russia (FSTEC). Order No. 77 applies to state and municipal information systems, production management information systems of organizations in the defense industrial complex (OPK), protected facilities, as well as critical information infrastructure (CII) important facilities, personal data information systems (ISPDn), and automated process control systems (APCS) (where certification requirements have been established for them).

For organizations, this means that when preparing for certification and subsequent control, they must adhere to the updated requirements. Owners of state information systems, critical information infrastructure (CII) facilities, organizations in the defense industrial complex (OPK), and companies processing restricted information should pay particular attention to these changes.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com