Communications and Information Systems protection (CIS)

Communication and information systems protection (CIS) is a system of principles and measures for protection of unauthorized access to classified information, created, managed, stored and transported in CIS.

The mandatory general conditions for CIS security are including the computer, communication, cryptographic, physical, documentary and personnel security, security in connection with CIS, countermeasures on TEMPEST, determined with a Regulation by the Council of Ministers.

Before commissioning it to work with classified information, every CIS goes through an accreditation process under the conditions, determined by the Regulation on Article 60, Paragraph 1 of CIPA.

Security accreditation authority on national CIS, designed for working with national classified information, which handles NATO and EU classified information is Special Directorate “Information Security” at State Agency “National Security”.

SCIS, in its position as a national security authority on the implementation and control of international contracts for mutual protection and exchange of classified information, according to Article 9, p.6 of CIPA, carry out a security accreditation on points of presence of CIS of NATO or EU and the mutual connection of national CIS with them.

For special deletion of information up to and including level “Confidential” and coordinating with State Agency “National Security”, it is allowed the use of methods and means, approved by EU and/or NATO for the relevant level or higher.