Decree No. 524 / 2005 Coll.
Order to ensure cryptographic protection of classified information
Valid
Order
Effective from 01.01.2006
Text versions:
01.01.2006
29.12.2005
Zobrazeno prvních 200 z celkem 303 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
524
DECLARATION
of 14 December 2005
on ensuring cryptographic protection of classified information
According to Articles 44 and 53 (j) of Act No. 412 / 2005 Coll., on the protection of classified information and on security competence, hereinafter referred to as "the Act":
Subject matter
This decree sets out the details of the test of the special competence of a cryptographic protection worker, the methods and means of handling cryptographic material, the details of the way in which the information is classified for cryptographic protection information and the administrative aids for cryptographic protection and other details to ensure cryptographic protection of classified information.
Definition of terms
For the purposes of this decree:
(a) a cryptographic consignment of cryptographic material equipped for transport, transported or delivered to the consignee at the place of destination until the end of its transport and its opening;
(b) by transporting a cryptographic consignment of it outside the objection1) to a State authority, a legal person or an undertaking natural person for the purpose of its delivery to the addressee;
(c) the transfer of cryptographic material to transport it outside the premises of a State authority, a legal person or an undertaking natural person whose purpose is not to deliver it;
(d) by the original of the cryptographic document, a copy of the cryptographic document delivered or a copy of the cryptographic document produced, as indicated in the distribution box,
(e) a copy or a copy of a certain number of copies of the original cryptographic document or of its electronic presentation;
(f) an extract of a written or digital record of the original cryptographic document;
(g) the destruction of cryptographic material by placing cryptographic material in such a physical state as to prevent its reconstruction and the identification of classified information contained therein.
Forms of application for professional examination
(K § 39 (5) of the Act)
The application for the special competence test of a cryptographic protection worker (hereinafter referred to as the "expert test ') shall contain:
(a) identification of the applicant
1. by the trading firm, name, registered office and identification number where the applicant is a legal person,
2. by a trading firm, or by name and surname, or, where appropriate, by a different addition, permanent residence and place of business, if different from permanent residence, date of birth and identification number, if the applicant is a natural person who is an entrepreneur; or
3. the name, registered office, identification number and the name and surname of the responsible person, if applicable,
(b) the name, surname and date of birth of the worker entered for the professional examination;
(c) a copy of the valid certificate of the natural person;
(d) the scope of the cryptographic activities carried out for which a certificate of specific competence of a cryptographic protection worker is to be issued; and
(e) the place, date, stamp, name, surname and signature of the responsible person of the authority of the State, legal person or natural person involved.
Details of the composition and proceedings of the Examination Committee
(Paragraph 39 (4) of the Law)
(1) The examination panel shall be composed of representatives of the National Security Office ("the Office") or an authorised authority of the State which verifies the specific competence.
(2) A member of the Examination Committee is a cryptographic protection worker who is:
(a) holder of a valid certificate of a natural person, at least for the classification level for which the professional examination is carried out;
(b) authorised to prepare a cryptographic protection worker (Section 5);
(c) a worker with experience in cryptographic protection for at least 3 years.
(3) The examination committee shall act by a majority vote.
Method of conducting, organising and evaluating the professional examination
(K § 39 (5) of the Act)
(1) The content of the preparation of the staff member who has applied for the professional examination and the method of carrying out and organising the professional examination shall be approved by the Office.
(2) The result of the professional examination shall be assessed by the degree "benefit 'or" benefit'. In the event that the worker applied for the professional examination has not benefited, the chairman of the examination committee shall inform the applicant of the reasons for the evaluation.
(3) A report shall be kept on the course of training and carrying out the professional examination. The report on the conduct of the expert examination shall be signed by all members of the examination committee.
(4) The shredder period of the protocols for conducting the professional examination shall begin to run with the expiry of the certificate of specific competence.
Model certificate of specific competence
(K § 39 (6) of the Act)
The model certificate of specific competence of a cryptographic protection worker is set out in Annex 1 to this Decree.
Minimum requirements for ensuring the security management of cryptographic protection
[Paragraph 38 (1) (a) of the Law]
(1) The security management of cryptographic protection are organisational measures in the field of personnel, administrative and physical security, the security of information or communication systems and cryptographic protection, in the implementation of cryptographic protection in a State body, in the case of a legal person or an undertaking natural person.
(2) The implementation of the security management of cryptographic protection ensures compliance with minimum safety requirements setting the lowest possible level of safe operation of cryptographic devices.
(3) The security management of cryptographic protection shall:
(a) a cryptographic protection security administrator who is responsible for the comprehensive provision and safe implementation of cryptographic protection and for this process the relevant cryptographic protection security documentation;
(b) an administrator of cryptographic material responsible for the safe storage and registration of cryptographic material; and
(c) a cryptographic protection worker handling cryptographic protection documents.
(4) The minimum safety requirements referred to in paragraph 2 and the tasks of administrators referred to in paragraph 3 (a) and (b) are set out in the safety standards [Paragraph 2 (j) of the Act].
Details of the operation of the cryptographic device
(K § 40 of the Act)
Installation and operation of cryptographic equipment
(1) The installation of a cryptographic device, the setting and use of cryptographic keys and the provision of the operation and service of a cryptographic device is carried out by a cryptographic protection worker.
(2) The scope of the authorisation and activities of a cryptographic protection worker and persons providing operational service in the operation of the cryptographic device and the way in which it is trained shall be laid down in the operational documentation of the cryptographic device; the content of the operational documentation is modified in the safety standard.
Production and use of key materials
(1) The methods and conditions of production, distribution, handling, use and destruction of key materials are laid down in the safety standards and operational documentation of the cryptographic device.
(2) The production of key materials must be carried out by a cryptographic protection worker at a cryptographic site for the production of key material. In order to do this, a cryptographic protection worker must hold a valid certificate of specific competence of a cryptographic protection worker, indicating an authorisation to manufacture key materials.
Method of training the operation of the cryptographic device and the courier of the cryptographic material and the model of the certificate of training the operation of the cryptographic device and the courier of the cryptographic material
(K § 40 and 42 of the Act)
Operation of cryptographic device
(1) Training for operating the cryptographic device is provided by the cryptographic security administrator. Upon completion of the training, the training body shall issue a written evidence of the training carried out to the trained person.
(2) The model of the certificate of professional training for the operation of the cryptographic device is set out in Annex 2 to this Decree.
Cryptographic material courier
(1) The security administrator of cryptographic protection provides training for the courier of cryptographic material. Upon completion of the training, the training body shall issue a written evidence of the training carried out to the trained person.
(2) A model certificate of professional training of the cryptographic material courier is given in Annex 3 to this decree.
Details of the method of marking the particulars of classified information in the field of cryptographic protection, in particular by type of cryptographic material
(K § 41 of the Act)
Labelling of cryptographic material
(1) Cryptographic material is referred to as "KRYPTO," the registration number and, where applicable, the number of the proceedings and the classification, unless otherwise specified (Sections 13 and 15).
(2) In the case of a cryptographic device, the designation "KRYPTO" and the registration number shall be indicated on the descriptive label of the cryptographic device or directly on the cryptographic device. Other information shall not be provided on the descriptive label.
(3) The key material shall be marked with the word "KRYPTO" and the classification level. The registration number of the key material shall be the registration mark of the material established by the manufacturer of the key material.
(4) The cryptographic document in paper form shall be marked with the word "KRYPTO 'at the top and bottom of each side of the document, in addition to the classification level and the registration number and, where appropriate, the reference number. In the case of a cryptographic document in non-paper form, the designation" KRYPTO', the classification level and the registration number shall be indicated on the descriptive label or directly on the cryptographic document.
Requires cryptographic documents in paper form
(1) The cryptographic document in paper form shall bear the name of the authority of the State or legal person or the name and surname of the natural person in business where the cryptographic document was created, the place and date of the document, the reference number of the document, the classification, the designation "KRYPTO ', the number of copies, the number of sheets, the number of classified and non-classified annexes in paper form and the number of their sheets.
(2) The number of copies, the number of sheets, the number of classified and non-classified annexes and the number of their sheets shall be indicated on the front of the first sheet on the top right. The term "KRYPTO 'shall be indicated at the top and bottom of each side of the cryptographic document, in addition to the classification level and in the" K' number at the end of the reference number and separated by a slash. The number of annexes in paper form and the number of their sheets shall be expressed by a fraction, the numerator of which shall be the number of annexes and the denominator of the total number of sheets of annexes. The sheets or pages of the cryptographic document in paper form shall be numbered continuously. The sheets or pages of the classified annexes in paper form shall be numbered separately. The sheets of the cryptographic document and the sheets of the individual classified annexes in paper form shall be written or otherwise firmly joined. The model for the adaptation of the front of the first sheet of cryptographic documents is set out in Annex 4 to this decree.
(3) The annex shall be marked with the number of the cryptographic document acting by indicating on the front of the first sheet in the upper right-hand side: "Annex No... k.... '. The classification level of each classified annex shall be the same as that of the cryptographic document. The classified annex shall have its own number and number of sheets. The manipulation of cryptographic documents containing annexes to different levels of secrecy shall be carried out according to the highest level of secrecy. The disconnected attachment shall be handled according to its classification level.
(4) The Annex, which has a registration number, is registered on the registration card, in the register book or in other administrative aids as provided for in Article 16. Such documents shall be recorded and sent as an annex under the registration of the originator of the document. This fact shall be indicated on the accompanying letter.
Reference cryptographic document number
The reference cryptographic document number shall consist of:
(a) an abbreviation of the classification level;
(b) the order number of the Protocol; in the case of use of a collection sheet, the coupling and the serial number of the collection sheet shall be marked after the order number of the Protocol,
(c) slash,
(d) the year in which the serial number was assigned; and
(e) slash and abbreviation "K."
Requires cryptographic documents in non-paper form
(1) A cryptographic document in non-paper form shall bear a descriptive label indicating the designation of the authority of the State, of the legal person, or of the natural person in business where the cryptographic document was created, the reference number of the cryptographic document, or an annex to the number of the cryptographic document in which the cryptographic document is registered, the degree of secrecy and the word "KRYPTO." Such data may be entered directly on the cryptographic document.
(2) A cryptographic document in non-paper form is always sent as an annex to a cryptographic document in paper form.
Types and formalities of cryptographic protection administrative equipment and requirements for the management of such equipment
(K § 41 of the Act)
(1) For the purposes of this decree, cryptographic protection shall be regarded as administrative aid.
(a) a registration card, which is a card for the registration of cryptographic devices, key materials, cryptographic protection personnel, operating operations of cryptographic devices, couriers of cryptographic material and administrative aids;
(b) a register of registration cards, which is a book or a notebook for the registration of registration cards;
(c) the operating journal of the cryptographic device, which is the book or notebook for the record of the use of cryptographic equipment and key materials;
(d) a register which is a book or a notebook for keeping records of cryptographic material, administrative aids and auxiliary records;
(e) the Protocol of Procedure, which is a book or notebook for the registration of cryptographic documents; The Protocol contains the entries in the form set out in Annex 1 to the Specific Legislation (2),
(f) an auxiliary protocol of procedure which is a book or a notebook for recording the movement of cryptographic documents within a State authority, a legal person or an undertaking; the auxiliary protocol contains items in accordance with the model set out in Annex 2 to the Specific Legislation (2),
(g) a handbook which is a book or a notebook for the receipt and transmission of a cryptographic document by the person making such a document or which has been transmitted for processing; The Manipulative Book shall contain items in accordance with the model set out in Annex 3 to the Specific Legislation (2),
(h) a delivery book which is a book or a notebook for recording the transmission of a cryptographic document outside the authority of the State, a legal person, or an operating natural person; the delivery book contains items in accordance with the model set out in Annex 4 to the Specific Legislation (2),
(i) a loan book which is a book or a notebook for recording loans deposited with a cryptographic document; the loan book contains items in accordance with the model set out in Annex 5 to the Specific Legislation (2).
(2) The administrative aids referred to in paragraph 1 (a) to (d) shall be issued by the Office; the manner in which they are used is determined by safety standards [§ 2 (j) of the Act]. In justified cases and subject to the agreement of the Office, such aids may also be issued by another State authority.
(3) The administrative aids referred to in points (b) to (i) of paragraph 1 must be adjusted (authenticated) before taking up their use by continuously numbering and stitching their leaves. On the inside of the plates, the ends of the stitching shall be glued, the stamp bearing the name of the authority of the State, of the legal person or of the natural person involved, exceeding the edge of the fold, shall be stamped, a clause indicating the number of sheets and the signature of the Security Director or of the person responsible for signing and the date of secondment to use.
(4) In addition to the administrative assistance referred to in paragraph 1, additional administrative assistance may be used in special and justified cases and on the basis of the written agreement of the Office.
(5) The classified administrative equipment of cryptographic protection shall be classified in an appropriate place, the word "KRYPTO 'and the registration number.
(6) Non-classified cryptographic protection administrative aids shall be marked in an appropriate place with the word "KRYPTO 'and the registration number.
Further requirements on the way and means of handling cryptographic material
(K § 41 of the Act)
Registration of cryptographic material
(1) The records of cryptographic material, cryptographic protection workers and operational operators and couriers in administrative aids shall be carried out by a cryptographic protection worker responsible for such activities (hereinafter referred to as the "authorised person").
(2) Cryptographic protection workers, operating operators and couriers shall be recorded in the records referred to in Article 16 (1) (a).
(3) Cryptographic means and key materials shall be recorded in the records, in the register, or in other administrative aids as provided for in Article 16. The manner in which the records are carried out is defined by safety standards [§ 2 (j) of the Act].
(4) Cryptographic documents received or arising in the institution of a State, a legal person or an undertaking shall be recorded in the Protocol according to the instructions set out in Annex 1 to the Specific Legislation (2), unless otherwise provided for in this Decree.
(5) A cryptographic document served or arising in an authority of a State, a legal person or in the case of an operating natural person, bearing the registration number, shall be recorded in the register, in the register or in other administrative documents provided for in Article 16. The manner in which the records are carried out is defined by safety standards [§ 2 (j) of the Act].
(6) The cryptographic documents delivered shall bear:
(a) the name of the consignee;
(b) the date of registration;
(c) the reference number of the beneficiary's cryptographic document,
(d) the number of sheets; and
(e) the number of annexes and the number of their sheets; for non-paper annexes, their number and species.
These particulars may be stamped.
(7) For the purpose of recording the movement of cryptographic documents to non-performing organisational units, the State authority, the legal person, or the acting natural person may introduce ancillary negotiating protocols on those organisational units. Cryptographic documents shall be entered in the auxiliary negotiating protocols under the assigned serial numbers of the Protocol.
(8) If the cryptographic document is taken over, for example in official negotiations or inspections, it shall be immediately transmitted against signature in the handling book of the person responsible for registration in the Protocol. When transporting such a document, the conditions laid down in Paragraph 25 must be complied with.
(9) Whoever creates or has been assigned a cryptographic document for processing shall record it in the assigned manipulation book. The record shall be made immediately upon receipt of the cryptographic document or the assignment of a number of negotiations for the emerging cryptographic document.
(10) At the end of the calendar year, the Protocol shall be concluded by underlining the whole of the minutes and thus terminating the allocation of the numbers negotiating that year. A record of the number of negotiating numbers used, signed by the authorised person and his direct superior, shall be entered under the emphasis.
Copy of the cryptographic document in paper form
(1) A copy of the cryptographic document shall be drawn up in the number of copies shown in the distribution form. Those who produce a paper shall immediately destroy defective copies, copies which are not shown in the box and drafts of non-approved copies.
(2) The copy of the cryptographic document, which is intended for storage, shall be drawn up in accordance with Annex 4.
Recording of notes containing classified cryptographic protection information
(1) Notes containing classified cryptographic protection information shall only be recorded in a notebook or book which has been modified in accordance with Article 16 (3) before being taken into use or on a removable carrier medium marked with the appropriate classification level and the word "KRYPTO '. The records of notebooks, books or removable supporting media issued shall be kept by the authorised person.
(2) Notebooks or books for recording the notes referred to in paragraph 1 shall be transmitted and stored mutatis mutandis as cryptographic documents of the same level of secrecy.
Copy, copy, translation and extract
(1) A copy, copy, translation or extract of a cryptographic document of a classified level of Top Secret, Secret or Confidential may be drawn up only on the basis of the written consent of the person responsible to the authority of the State, legal person, or the natural person in business where the cryptographic document was created. The written consent shall include the reference number of the cryptographic document, the number of copies, the reason for the copy, the name, the surname and the signature of the person who granted the consent and the date on which the consent was granted. Written consent shall be deposited with the original cryptographic document pending its elimination.
(2) A copy, copy, translation or extract of the cryptographic document of the level of classification Excluded may be drawn up only with the written consent of the direct superior mentioned in that document.
(3) A copy, copy, translation or extract of the cryptographic document shall bear the date of the copy, the number of copies, the reason for the copy, the name and surname of the person who gave the consent, the name and the surname and the signature of the person who made them.
(4) A copy or a copy of the cryptographic document shall be marked on the upper part of the front of the first sheet with the word "OPIS 'or the word" COPY' and shall bear the serial number of the copy or a copy of the cryptographic document drawn up. If the number of copy sheets does not agree with the number of original sheets, the actual number of copy sheets shall also be indicated on the copy.
(5) The extract from the cryptographic document shall be made only in the notebook or book or removable carrier medium referred to in Article 19 (1).
Transmission of cryptographic material
(1) Cryptographic material shall be transmitted against signature.
(2) The transmission of a cryptographic device or key material within the authority of a State, a legal person or a commercial natural person shall be recorded on the cryptographic material record card or, where appropriate, in other administrative documents referred to in Section 16.
(3) The transmission of cryptographic documents within the authority of a State, a legal person or an undertaking shall take place:
(a) between the organisational services through the negotiating protocols;
(b) within the framework of an organisational unit, by means of an auxiliary protocol, if it is not, by means of a protocol, or, after approval by the responsible person or the Security Director, by means of a handling book.
(4) Signatures confirming receipt of the cryptographic document shall be indicated in the administrative documents referred to in Article 16.
Transmission of cryptographic material
(1) The cryptographic device is sent in a package enabling its locking or other securing against unauthorised handling of its contents ("transport packaging"). The transport package shall be marked "KRYPTO 'and marked by the cryptographic device. The transport packaging must be of such quality as to avoid obtaining information on its contents.
(2) The key material is sent in 2 packages as follows:
(a) the consignor, the registration number of the consignment, the classification level on the upper right, the "KRYPTO" marking and the name and full address of the addressee in the lower left, if the consignment is addressed to a natural person, shall also indicate its name, surname and function. The packaging shall be so ensured that all its connections along the whole length are glued with adhesive tape and stamped by the authority of the State, the legal person or the natural person involved and signed by the authorised person. The stamps and signatures shall be in excess of the adhesive tape. When a transparent adhesive tape is used, the stamps and signatures shall be glued to the tape. The packaging must be of such quality as not to allow information on its contents to be obtained,
(b) the outer packaging is a portable container (Section 28).
(3) The cryptographic document is sent in 2 envelopes as follows:
(a) the consignor, the full number of the procedural cryptographic document, the classification level, the "KRYPTO" marking on the inside, and the name and full address of the addressee at the bottom, if the consignment is addressed to a natural person, shall also be indicated on the upper right. The envelope shall be secured in such a way that all the connections of the envelope over the whole length are glued with adhesive tape and stamped by the authority of the State, legal person or business natural person and signed by the authorised person. The stamps and signatures shall be in excess of the adhesive tape. When a transparent adhesive tape is used, the stamps and signatures shall be glued to the tape. The envelope shall be of such quality that the data inside the envelope are not legible,
b) the outer envelope is a portable box (§ 28).
(4) Cryptographic material shall be transported as a cryptographic consignment in accordance with Section 25 exclusively through a courier of cryptographic material.
Electronic transmission of cryptographic documents
(1) The electronic transmission of cryptographic documents (hereinafter referred to as "electronic transmission") is by electronic transmission of cryptographic documents by telecommunications networks.
(2) A cryptographic document shall be transmitted to the sender of the electronic transmission against signature in an auxiliary protocol, a handling book or a delivery book. The cryptographic document taken over shall be recorded by the sender in the handling book, in the auxiliary protocol, or in other administrative aids as provided for in Article 16 (4).
(3) The manner in which the electronic transmission of the cryptographic document is carried out and carried out shall be recorded in that document and in the Protocol. A classified document which is intended for storage shall be entered in the entry for storage in the row "Published '," sent electronically', the date of dispatch, the name and surname of the consignor. The "sent electronically ', the name and surname of the consignor shall be entered in the Protocol as a procedure. The records shall be made immediately after transmission of the document for electronic transmission.
(4) The acceptance of a cryptographic document transmitted electronically shall be recorded by the recipient in the handling book or in the auxiliary protocol or administrative aids referred to in Article 16 (4) and shall immediately be forwarded against the signature of the authorised person for registration.
(5) A cryptographic document sent or received by electronic transmission shall be drawn up, registered and stored in paper form.
Receipt of cryptographic consignment
(1) Cryptographic consignment shall be accepted by the authorised person. The receipt of the cryptographic consignment shall be endorsed by signature, stating the name and surname, the date of receipt and the stamp of the authority of the State, the legal person or the natural person involved.
(2) If a defect occurs in the case of a delivered cryptographic consignment (in particular in the case of obvious damage to the packaging of the consignment), the authorised person shall immediately inform the consignor thereof and record the damage to the cryptographic consignment, which shall also be signed by the person who delivered the cryptographic consignment. The record of damage to the cryptographic consignment, the model of which is set out in Annex 5 to this Decree, shall contain:
(a) the reference number;
(b) the indication of the consignor and the consignee,
(c) the designation and date of delivery of the cryptographic consignment;
(d) detected defects in the cryptographic consignment,
(e) the date of entry, the name, surname and signature of the authorised person and the stamp of the consignee;
(f) the name, surname and signature of the person who delivered the consignment (courier).
(3) A record of the damage to the cryptographic consignment shall be kept together with the accompanying sheet of the cryptographic consignment drawn up in accordance with Section 25 (3). A copy of the alert shall be sent to the consignor of the consignment. The contents of the delivered consignment shall be recorded according to the actual condition. The security administrator of cryptographic protection shall decide on the next procedure for handling the consignment.
Transport of cryptographic consignments
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 524 / 2005 Coll., on ensuring cryptographic protection of classified information |
|---|---|
| Regulation Type | Order |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 29.12.2005 |
|---|---|
| Effective from | 01.01.2006 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0