Director of the Technical Department of RTM Group Fedor

tanjimajuha20 · Post by **tanjimajuha20** » Mon Jan 27, 2025 4:24 am

Bank of Russia Regulation No. 683-P is a key regulatory legal act (RLA) governing information security and information protection in credit institutions. It was adopted back in June 2022, but will only come into full force on January 1, 2023.

The previous version of Regulation No. 683-P completely duplicated a number of provisions from the now invalid Regulation No. 382-P. Also, as Artem Nazaretyan, Head of the Financial Cybersecurity Group at BI.ZONE, noted during the webinar "What's New in Bank of Russia Regulation No. 683-P", a number of inconsistencies with legislation and other regulatory legal acts related to the protection of critical information infrastructure (CII) facilities have been eliminated.

with other documents, bahamas cell phone number list such as 719-P: "In particular, regarding the work on OUD4 - now banks must definitely check not only the remote banking service (RBS) system itself for vulnerabilities, but also evaluate the development process. A relaxation has also been given: banks can do this independently, without resorting to the services of third-party auditors. This cannot but have a negative impact on the quality and rigor of checks. In fact, control over the security of mobile banking has been given to the developers themselves, which is unacceptable."

According to Oleg Simakov, Head of Client Relations at Aktiv.Consulting, this is about timely technical clarifications. The Central Bank also linked response measures to the information security risk management system under Regulation 716-P.

Stanislav Shilov, Director of Product Development at the Center for Digital Business Solutions at BSS, points out that the requirements for banks have become much stricter: "This applies to both processes and technical requirements. It is clear that the new regulations are generally in line with stricter control over banks' compliance with information security requirements, and also address specific current threats - for example, the requirement for banks to control whether a mobile phone belongs to an individual."

One of the key innovations of Regulation No. 683-P, as Artem Nazaretyan recalled, which comes into force on January 1, 2023, is that compliance with GOST R 57580 can only be confirmed by an external auditor who must have a license from FSTEC. Previously, self-checking was sufficient. Oleg Simakov believes that the greatest difficulties are caused by the certification of software for automated systems in the FSTEC of Russia system, since this is a rather lengthy process, which also requires the involvement of highly qualified specialists in development and information security.