Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

Home

information circular of the technical and economic cooperation bureau of the russian federation on january 20, 2020 n 240/24/250

Posted by mitry at 2020-03-30
all

From January 14, 2020 Support and upgrade of Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating systems have been stopped, including updates, Errors and vulnerabilities in these operating systems.

At present, in the information system, the federal state power organs, the state power organs of the main body of the Russian Federation, the local autonomous organs and the Organizations continue to use the following certified versions of Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating systems:

Microsoft Windows 7 operating system (SP1) is editing the certificate of compliance for "," company and largest ", October 4, 2011. N 2180/1.

Microsoft Windows Server 2008 R2) (SP1) in standard, enterprise and datacenter versions), October 13, 2011. N 2181/1.

Microsoft Windows Server 2008 standard edition service pack 2 ") certificate of compliance, May 14, 2010. N 1928/1.

Microsoft Windows Server 2008 "Standard Version 32-bit / 64 bit) certified on October 27, 2009. N 1928

Microsoft Windows Server 2008 Enterprise Edition Service Pack 2 ") certificate of compliance, May 14, 2010. N 1929/1.

Microsoft Windows Server 2008 "enterprise 32-bit / 64 bit) qualification certificate on October 27, 2009. N 1929 in office

Microsoft Windows Server 2008 "datacenter version 32-bit / 64 bit") N 1930

This is because, among other things, Microsoft Windows 7 and Microsoft Windows Server 2008 R2 have developed a large number of dedicated applications for execution Organs and organizations of state power.

According to the operation documents, the above certified versions of Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating system must be used under the following conditions: The information system is an upgrade of the certified Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating systems, Developed by Microsoft) and the Russian operating system manufacturer to the applicant.

To terminate the support and upgrade of Microsoft Windows 7 and Microsoft Windows Server 2008 operating systems in accordance with the regulations on information security certificate system, Approved by order of the Trade Technical Commission of the Russian Federation of 3 April 2018. N55, order of the technical and economic cooperation agency of the Russian Federation of 20 January 2020. 9 certificate of compliance terminated on 4 October 2011. N 2180 / 1 editor of Microsoft Windows 7 (SP1), company and largest, and October 13, 2011. Standard, enterprise and datacenter versions of Microsoft Windows Server 2008 R2 (SP1) for n 2181 / 1.

In addition, the Russian Federation Trade and Technology Commission adopted the delisting decision of June 1, 2020. Certificate No. n2180 / 12181 / 11928 / 19281929 / 19291930 obtained from the national register of certified remedial measures.

In view of the above, national authorities and organizations, It is recommended to use the version of Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating system certified by the technical cooperation agency of the Russian Federation to protect information:

1. Planning translation activities before June 1, 2020 The information system in the security certified operating system is supported by its manufacturer.

2. Before using the security certified operating system, considering the information security threat mode, the following supplementary measures shall be taken: Protect information designed to minimize threats to information security:

Install all the latest Microsoft Windows 7 and Microsoft Windows Server 2008 R2 certified operating systems that must be updated, (as published by the Russian manufacturer);

It is prohibited to automatically update the operating system version certified by Microsoft Windows 7 and Microsoft Windows Server 2008 R2;

Security settings and regular monitoring of operating system versions certified according to Microsoft Windows 7 and Microsoft Windows Server 2008 R2 Configure and control the certified version of Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating system safely;

Exclude connections to the Internet and departments where possible( Microsoft Windows 7 and Windows Server 2008 R2 operating systems;

When the network cannot be disconnected and( Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating system Compulsory implementation of measures for information system segmentation and protection of peripheral and designated parts of information system Certified firewalls, anti-virus devices, intrusion detection systems, prevention of unauthorized transmission) DLP system 2. Information management tools;

Ensure regular backups of information, software, and information security devices, Software package in computer part or information system part managed by Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating system Information;

Manage and supervise the use of mobile machine information carriers, (a) Do not use the untested anti-virus tools that are not registered in the information system;

The vulnerability of information system under Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating system is analyzed regularly, Use certified control tools(

By using the additional authentication information security tools, the(

Develop and implement rules and procedures for staff to take action in case of vulnerability or accident in Microsoft Windows 7 and Microsoft Windows Server 2008 R2 operating systems (a) Security in the use of information and communication technologies.

Deputy Manager

Economic and Technical Commission of the Russian Federation

Luti Kopf