N
N
Next2014-10-17 18:22:16
Data protection
Next, 2014-10-17 18:22:16

Is it possible to store an encrypted dump of a database with personal data on an insecure storage on the Internet?

Those. there is a database dump with personal data.
Let's say it is encrypted according to GOST by a FSB-certified means (it doesn't matter which one).
Will it be a violation of the law 152-FZ to store it (dump) in any cloud storage? And exaggerating, generally in the public domain?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
E
Eugene, 2014-10-20
@Next

It is possible, but to protect against regulators, you need to carefully write documents and transfer an already encrypted container to the cloud so that data does not go over the network without protection.
The main document for you will be the Threat Model and the Intruder Model, where you consider your dump as a separate ISPD.
1. In the Intruder Model, you exclude any special intelligence, etc., and recognize only class H1 intruders as relevant (according to the FSB classification, this is an external intruder acting without help from the inside).
2. When determining actual threats according to Government Decree 1119, you consider threats of the 1st and 2nd type (threats of undeclared capabilities to system and application software) to be irrelevant.
3. In the Threat Model, indicate that you are using certified CIPF class KS1 to ensure confidentiality. According to our regulators, GOST is the only unbreakable means of ensuring confidentiality, so the transfer of such a container is secure.
Well, at the same time, you fulfill the requirements of the orders of the FSTEC No. 21 and the FSB No. 378.
Of course, you need to look more closely at your system, the option is quite real.

P
Puma Thailand, 2014-10-18
@opium

of course not

F
fdsc, 2014-10-26
@fdsc

It is correctly written that it is possible, but there is one caveat. You must have an FSB license for the relevant types of activities, otherwise you are doing it illegally (or an agreement with the FSB licensee for encryption).
You do not have the right to encrypt yourself, even with certified means.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question