What contours
ISPDn and Federal Law No. 152-FZ, CII and Federal Law No. 187-FZ, state information systems, digital ruble projects and Bank of Russia Regulation N 833-P, internal information security policies, requirements of FSTEC, FSB, Roskomnadzor and industry regulators.
What we do
We conduct a survey, determine the boundaries of the system, prepare threat models, protection requirements, a set of organizational and administrative documentation, a road map, an information security implementation plan and recommendations for support.
Important principle
Compliance should not be a separate document folder. It should be related to architecture, access, data, operations, DevSecOps, SIEM/SOAR, IDM/PAM and system owner processes.
What does the client get?
Understanding the current level of compliance, gap map, remediation priorities, design artifacts, documents, implementation requirements and a clear plan to prepare for audits.
Important Limitations
Legal and regulatory conclusions are formed only after examining a specific environment and verifying applicable requirements. Public site materials do not replace a compliance audit.
Risks and limitations
Before launch, the boundaries of the environment, data sources, information security requirements, access roles, integrations, process owners and operational restrictions are fixed. This reduces the risk of a formal implementation that does not work in the customer's actual architecture.
Result Artifacts
- description of the business problem and success criteria;
- target architecture or process design;
- integration and data requirements plan;
- list of risks, restrictions and control points;
- roadmap of implementation, pilot or development.
Frequently asked questions
When should the solution be launched?
When a task is repetitive, impacts risk or money, and requires linking multiple systems, data, or teams.
Is it possible to start with the pilot?
Yes. The pilot helps test the hypothesis, data, integrations and constraints before production implementation.
What restrictions are fixed in advance?
Access, data, regulation, timing, integration, operation, process owners and acceptance criteria.
Technological pillar of compliance
Compliance under Federal Law No. 152-FZ, Federal Law No. 187-FZ, GIS, CII and industry requirements cannot be covered only with documents. In RESTART projects, the technological basis can be the regulatory information security code Security Code and Confident, CIPF and VPN InfoTEX, NGFW UserGate, process and reporting management R-Vision and Security Vision, data protection DAMASCUS and Garda.
Security code
regulatory information security, NGFW, VPN, endpoint, virtualization
Confidential
NSD, trusted download, VI, WAF, regulatory projects
InfoTEX
CIPF, VPN, crypto gateways, HSM, PKI, CII
UserGate
NGFW, SUMMA, SIEM, LogAn, Client, SecaaS
R-Vision
SOAR, SGRC, VM, TIP, UEBA, SIEM
Security Vision
SOAR, NG SOAR, SGRC, SIEM, VM, TIP, UEBA
DAMASCUS
masking, tokenization, dynamic data protection
Garda
DLP, DBF, Data Masking, NDR, WAF, Anti-DDoS
Partners are listed as the technology backbone of the solution class. The specific composition of products, versions, licenses, certificates and delivery conditions are confirmed before the project.
Let's discuss your environment
Describe the task, current systems, constraints, and expected results. We will offer a practical first step: diagnostics, pilot, audit, roadmap or project team.
