Login Format
Diagnostics are needed to understand the applicable requirements, system boundaries, risks, and a realistic plan to bring the loop to a controlled state.
What's included
environment
Systems, data, owners, integrations and processes.
Requirements
Federal Law No. 152-FZ, ISPDn, CII, GIS and related documents, if applicable.
Information security measures
Threat model, protection measures, information security/information protection system, logs and access rights.
Roadmap
Priorities, quick wins, documents, implementation and acceptance.
Artifacts at the output
| Artifact | Why is it needed? |
|---|---|
| Systems Map | Systems and data map. |
| Notes on correspondence breaks | Breaks according to requirements. |
| Draft threat model outline | Rough outline of threats and measures. |
| Roadmap to Elimination | Work plan. |
If technical measures are required based on the diagnostic results, the roadmap is contacted HLD/LLD, supply of information and information protection equipment And implementation of information security.
For regulated loops, the end device layer is checked separately: workstations, servers, protection agents, local rights, logs and readiness Endpoint Security.
Team composition
When is a pentest needed after diagnosis?
If the CII/Federal Law No. 152-FZ diagnostic shows public personal accounts, APIs, VPNs, web services or controversial integrations, the next step may be a pentest. It confirms which risks are actually exploitable and helps link requirements to a technical remediation plan.
Frequently asked questions
Does diagnostics replace a full-fledged project?
No. It helps to correctly determine the boundaries and the next stage.
Can I start without ready-made documents?
Yes. The presence or absence of documents is recorded as part of the current state.
Need a trip?
Depends on the environment. Part of the examination can be carried out remotely.
Public contours in the diagnosis of CII and Federal Law No. 152-FZ
For CII, ISPD and public services with personal data, it is important to separately check what is visible from the Internet: personal accounts, API, VPN, domains, certificates, integrations and test environments. Therefore, the CII/Federal Law No. 152-FZ diagnostics can be linked with an audit of the external perimeter and a more accurate roadmap of technical measures can be obtained.
After diagnosis: laboratory verification of measures
The CII/Federal Law No. 152-FZ diagnostic determines the applicable requirements and gaps. The information security laboratory helps check how selected information security/cryptographic information protection, logs, access roles, endpoint protection, SIEM/SOAR or data masking will work before industrial implementation.
Email us
Write to us at info@restart.re or click the button below. For the first letter, it is sufficient to briefly describe the outline, the role of the organization, current systems, limitations and the desired outcome.
Email usLet's discuss your environment
Describe the task, current systems, constraints, and expected results. We will offer a practical first step: diagnostics, pilot, audit, roadmap or project team.
