This white paper was edited in collaboration with Siemens to focus on FSTEC, a topic which is very specific and difficult to understand, but at the same time, important to be explored in order to know how this strict Russian regulation affects information security tools’ manufacturers and system integrators.
What is FSTEC and what does it dictate?
FSTEC (Federal Service for Technical and Export Control) is a Russian authority responsible for the cybersecurity of industrial plants.
One of the main goals of FSTEC service is to supervise compliance with requirements of information security for facilities of crucial importance for the Russian economy: banking system, telecommunication system, healthcare, energy production and distribution, nuclear power stations, Oil & Gas production, and so on. All these areas are covered by the definition of “Critical infrastructure facilities” (also called “CIF”) and are recalled in Federal Law no. 187. The aim of the FSTEC service is to govern the information security compliance system of CIFs.
All the considerations are particularly relevant to understand what foreign manufacturers must do to supply information security tools intended to be integrated into Russian plants.
We have highlighted the main facts one shall consider when approaching the FSTEC regulation, and we provide several solutions, that we have jointly designed with Siemens experts:
- The CIF categorization
- CIF’s requirements according to FSTEC
- A comparison between FSTEC and the IEC 62443 international standard
- FSTEC certification system participants
- FSTEC certification system constraints
- Compliance of system integrators with FSTEC requirements
- Solutions for system integrators
Go back to the blog