Year
2004
Abstract
In automated systems for nuclear material control and accounting and physical protection, highly sensitive data have stringent confidentiality, integrity and availability requirements. To date information security requirements for automated Material Protection Control and Accounting (MPC&A) systems in Russia were defined by specialized regulatory documents (RDs). The Ministry of Atomic Energy (Minatom) of the Russian Federation developed these RDs in the late 1990s in cooperation with the U.S. Department of Energy (DOE). In 1996, the joint work between Minatom and DOE began with the creation of information security requirements for automated Material Control and Accounting (MC&A) systems. In 1998-1999, these requirements were used to evaluate and certify families of Microsoft and Oracle information technology (IT) products. In 2002-2003, the first IT product for physical protection systems was evaluated and certified under this regulatory scheme. These certification projects were conducted within the framework of an IT information security certification system operated by the Russian State Technical Commission. In October 2000, the Russian State Technical Commission decided to develop new IT information security RDs based on the International Standard ISO/IEC 15408-99, “Evaluation Criteria for Information Technology Security” (hereinafter referred to as Common Criteria). In April 2002, the Russian Federation adopted the Common Criteria as translated into Russian. The translation was produced by a team of Russian information security specialists with the active participation of experts from the Common Criteria International Working Group, and with the assistance of the U.S. DOE. The Russian State Technical Commission and Minatom will replace the information security requirements in current RDs with protection profiles developed within the framework of the Common Criteria. Currently, Minatom and DOE are extending their joint work developing