REPUBLIC OF ALBANIA COUNCIL OF MINISTERS DECISION No. 478, Date 19.07.2001

aurorabellyΔίκτυα και Επικοινωνίες

21 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

96 εμφανίσεις



1


REPUBLIC OF ALBANIA

COUNCIL OF MINISTERS



DECISION


No. 478, Date 19.07.2001


ON

SECURITY OF INFORMATION CLASSIFIED “ STATE SECRET”

IN NETWORKS AND TRANSMITTING DEVICES




Based on the article 100 of the Constitution and articles 24, 31 of the law 8457,
date 11.02.1999 „On information classified „STATE SECRET““, with the proposal of
the Prime Minister, the Council of Ministers,


DECIDED:



I. NETWORKS AND TRANSMITTING DEVICES REQUIREMENTS


1.

The state institutions, which, for the needs of their work, have
to produce, protect,
process, deliver or transmit information classified “state secret”, through networks
and transmitting devices, must use the designated rules in this decision.

2.

The networks and devices storing, processing or transmitting information cla
ssified
“state secret”, must provide:

a. protection from unauthorised disclosures;

b. unauthorised unchanging;

c. elicit non
-
destruction.

3.

The ministry or state institution, must require to the Classified Information Security
Directorate (CISD), the release

of the “network security clearance” or “ device
security clearance”, before they use the network and transmitting devices.

The request is associated with the “security declaration” and other documents
certifying and supporting the network and transmitting

devices security.

The model and content of the security clearance and security declaration are
designated by CISD.

4.

The “network security clearance” is the document certifying that whole devices of
the network storing, processing or transmitting informa
tion classified “state secret”,
provide the security requirements.

5.

The “ device security clearance” is the document, certifying that transmitting devices
provide the classified information security requirements.

6.

The “security declaration” consist of the d
etailed description of the


network and transmitting devices security, during their use and


installation. It is released to the ministry or state institution and is signed



2


by the juridical and physical person, foreign or albanian, who
has


produced, traded or provided in an other way.

7.

CISD, within a month, assesses the presented request. When the network and
transmitting devices provide the classified information security requirements, CISD
releases the “security clearance”.

If t
he request is not approved, the requiring subject, within 10 days, has the right to
complain to the Prime Minister, whose decision is final.

8.

The personnel of the institution or not, who install, maintain or repair the network and
transmitting devices, must

be cleared.


When the installation is carried out by the personnel who aren’t


employees of the ministry or institution, they have to be under constant


supervision of technically qualified personnel who are cleared for access


to class
ified information.

9.

When the classified information is exchanged between Albania and other nations or
international organisations, in the agreement can be designated and other standards or
requirements to the networks and transmitting devices security.


I.

NET
WORKS AND TRANSMITTING DEVICES SECURITY MEASURES


A.

NETWORKS PHYSICAL SECURITY


1.

The physical security measures to the information classified “state secret”,
designated in other normative acts, are applicable to the networks.

2.

The networks are designed accord
ing to the institution organisation structure and
processing classified information level.

3.

The physical link with the local networks is made only by optic fibre or checked
devices, using more then one obstacle type, which support each other.

4.

The use of dif
ferent modems, which create unchecked connection to the network, is
prohibited.

5.

The physical security of the local network server is made according to the highest
classified information security measures.


B.

REQUIREMENTS TO THE PERSONNEL WHO WORK IN NETWORKS


1.

The network personnel must be cleared in accordance with normative acts, which are
in force. The personnel security clearance level must be in the same level of
classified information.

2.

The network personnel must be trained in the network operation and ex
ploitation
field and especially on the activities that threat the network security.

3.

The network administrators are responsible on the implementation of security
measures. They are cleared to the highest classification of the information stored,
processe
d or transmitted within the system, and are selected among the best
specialists of the network operation and exploitation systems.

4.

The individuals, who enter in the network zones, must be under the rules of classified
information protection, designated by
the ministry or institution official.




3

C. CLASSIFIED INFORMATION SECURITY IN NETWORKS


1. The classified information security in networks must be provided along whole phases
of its full cycle.

The classified information transmitting system must have the a
bility and capacity that
through nonphysical contacts or software special elements, to block up the access to the
end station.


2. The storing of classified information in computers, which are linked to internet, is
prohibited. In this case, the storing i
s made in server only.


When computers with fixed hard disc, work out of network and process classified
information, must provide the maximum protection level, in accordance with information
classification.


3. The security measures and the right for acce
ss to the classified information are
designated according to its classification level.

The security measures must predict the protection from the damages causing different
viruses, control of entering in network and prevention of ill purposely intervent
ion.


4. The users are organized in groups, in accordance with the organization structure. They
have in their disposal the appropriate accounts, which are opened only after they use the
passwords that are belt in accordance with professional procedures an
d are changed
periodically.


5. The network users are not allowed:

a.

to attempt entering in network under an other identity;

b.

to attempt illegally accessing and administration of classified information;

c.

to import and export

classified

information, applicatio
ns, games, etc;

d.

to install or change, in any way, the hardwere, softwere or applications;

e.

to transfer or get out classified information and tapes, without authorisation of
their institution official.


6.

The network is under periodically checking, by respons
ible personnel, to look
changes in network, the security measures of classified information and their fit with
actual changes.


7.

The activity of network users and
administrators

must be audited to prevent events
damaging

the security of classified informat
ion.


8.

To protect the classified information and network configuration processing the
classified information, their reservation must be made in different media, as magnetic
tape, CD and backup server.
For their protection, must be created special conditions
.


9.

The authorised destruction of classified information stored in different media, must be
made by
professional

methods or physically destruction. The destruction must be


4

made when it is necessary only and when classified information is printed and
recorde
d.

The print and administration of classified documents must be made according to the
appropriate rules.


10.

The classified information processing in personal laptops and their entering in
environments processing and transmitting classified information, is p
rohibited.


D. COMMUNICATION SECURITY


1.

For classified information transmitting, must be used specialized cryptographic
systems and devices, which stronghold is in accordance with classified information
level.

2.

The Classified Information Ciphering and Transm
itting Directorate, that actually, is
under the National Intelligence Service, is specialized directorate, that is responsible
for classified information protection in whole state structures, when this information
is transmitted by massive and public commu
nication devices. It is responsible for
composition, production and use of the
cipher

in whole ministries and state
institutions.

3.

The enciphering systems and transmitting devices of classified information, must be
used after the approval and certificatio
n by the Classified Information Security
Directorate.



III. SPECIAL REGULATIONS


1.

Ministries and state institutions are responsible for the protection and security of the
information classified “state secret” stored, processed and transmitted in networks
a
nd transmitting devices.

2.

Ministries and other state institutions are ordered in the execution of this decision.

The officials of these institutions, within 30 days from the day this decision is in
force, are obliged to issue the regulation in the execution

of this decision.

3.

CSID is ordered for the control of this decision execution.


This decision enters in force after the publication in the “Official note
-
book”.











Prime Minister









ILIR META