home > Trousers > Cryptopro installation certificate sample. The act of installing an electronic signature tool. Legislative regulations for installing digital signature tools

Cryptopro installation certificate sample. The act of installing an electronic signature tool. Legislative regulations for installing digital signature tools

Appendix No. 22 to the Regulations of the Certification Authority Federal Treasury, approved by Order of the Federal Treasury of December 4, 2013 N 279

I APPROVED Head of _______________________ (Applicant Organization) M.P. ___________________ A.A. Ivanov "__" ____________ 20__ Act of installation of cryptographic information protection means, commissioning and assigning them to responsible persons 1 _________________________________ __________________ (name settlement) (date, month, year) This act was drawn up to the effect that ________________________ employee (date) ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ (name of organization, position, surname, name, patronymic, other information (for example, date, license number)) (hereinafter - Information Security Administrator) the cryptographic information protection tool was installed and configured _______________________________________ (name) hereinafter - CIPF on the PC (Applicant's workstation): Serial N (Inv. N) PC _____________________________________________ Place of installation _______________________________________________________________ ___________________________________________________________________________ (location address, room number) Full name. ABOUT. responsible person of the user of the Applicant's automated workstation _________________ ______________________________________________________________________________ (position, surname, first name, patronymic) (hereinafter referred to as the CIPF user) _________________________________________________ Reg. N CIPF (copy number) ________________________________________ Placement of the Applicant’s automated workstation, storage key media, security of the premises is organized in accordance with the established procedure. Training in the rules of working with CIPF and testing of knowledge of regulatory legal acts and operational and technical documentation for them were carried out. The conditions for using CIPF, established by the operational and technical documentation for CIPF, have been created. The installed and configured CIPF is in working condition. ZHTYAI form. __________________________ is printed on paper, section 11 of the Form is filled out in the established order, the Form is transferred for safekeeping to the user of the Applicant’s automated workstation. The user of the Applicant's automated workstation undertakes: - not to disclose confidential information to which he is authorized, including cryptokeys and information about key information; - comply with the requirements for ensuring the security of CIPF and key documents thereto; - hand over the installation kit of CIPF, operational and technical documentation for them, key documents upon dismissal or removal from duties related to the use of CIPF; - inform the contractor about attempts by unauthorized persons to obtain information about the CIPF used or key documents for them; - immediately notify the contractor about the facts of loss or shortage of CIPF and key documents for them. The act was drawn up in two copies. ______________________________/___________//_____________________________ (position of Information Security Administrator) (signature) (Last Name of the I.O.) ______________________________/_____________/______________________________ (position of the responsible person (signature) (Last Name of the I.O.) of the user of the applicant’s automated workstation)

I APPROVED

________________________________________

(position of the head of the applicant organization)

M.P. ___________________ _______________

"__" ____________ 20__

commissioning and assigning them to responsible persons

_________________________________ __________________

(name of locality) (date, month, year)

IN_________________________________________________________________________________

(where is the name of the organization)

_________________________________________________________________________________

(by whom - position, surname, name, patronymic of the Information Security Administrator ok sti, Further - Information Security Administrator)

cryptographic information protection tools were installed and configured (hereinafter referred to as CIPF:

on PC: ________________________________________________________________________

(Serial or inventory N of the PC system unit)

(Where - PC location address, room number) __________________________________________________________________________________

(position, full name of the person responsible for operating the PC, hereinafter referred to as the user of the cryptographic information protection system)

1. The placement of PCs, storage of key media, and security of premises are organized in accordance with the established procedure.

2. Training in the rules of working with CIPF and testing of knowledge of regulations and operational and technical documentation for them were carried out.

3. The conditions for using CIPF, established by the operational and technical documentation for CIPF, have been created.

4. The installed and configured CIPF is in working condition.

5. Form Crypto-Pro 3.6 ZhTYAI. 00050-02 30 01 is printed on paper, section 11 of the Form is filled out in the established order, the Form is handed over to the cryptographic information security user for safekeeping.

6. The Jinn Client RU.88338853.501430.008 30 form is printed on paper, section 7 of the Form is filled out in the prescribed manner, the Form is handed over to the cryptographic information security user for safekeeping.

7. The Continent_TLS_Client RU.88338853.501430.011 30 form is printed on paper, section 10 of the Form is filled out in the prescribed manner, the Form is transferred for safekeeping to the user of the Applicant’s automated workstation.

The CIPF user undertakes:

Do not disclose confidential information to which he is authorized, including crypto keys and information about key information;

Comply with the requirements for ensuring the security of CIPF and key documents thereto;

Hand over the CIPF installation kit, operational and technical documentation to them, key documents in case of dismissal or removal from duties related to the use of cryptographic information protection;

Inform the contractor about attempts by unauthorized persons to obtain information about the CIPF used or key documents for them;

Immediately notify the contractor about the facts of loss or shortage of CIPF and key documents for them.

The act was drawn up in two copies.

_______________________________/_____________/_____________________________

(position of IS Administrator) (signature) (O.)

______________________________/_____________/______________________________

(position of CIPF user (signature) (O.)

Electronic digital signature (EDS) is a mandatory requisite for computer document flow. This is not just a sign on a file or message, but software that ensures the authenticity of the document and the impossibility of its distortion. IN official organizations its installation is carried out by authorized specialists, most often representatives of the Certification Center. Evidence of the fact and a guarantee of the correctness of this action is the drawing up of an installation certificate for the electronic signature tool.

FILES

Legislative regulations for installing digital signature tools

Main legislative act, which determines the procedure for using an electronic signature – the federal law“On electronic signature” dated 04/06/2011 No. 63.

Additional regulations, detailing this document:

  • Order of the FSB of the Russian Federation dated December 27, 2011 No. 795 “On approval of the requirements for the form of a qualified electronic signature verification key certificate”;
  • Order of the FSB of the Russian Federation of December 27, 2011 No. 796 “On approval of the Requirements for electronic signature means and the Requirements for the means of a certification center.”

The procedure for obtaining an electronic digital signature and its verification key certificate

We have already written about that. Below are the summary sequence of actions to receive electronic digital signature and key:

  1. Conclusion of an agreement - an agreement on accession to the regulations of the Certification Center.
  2. Providing signed copies of the agreement to Regional center registration of the Federal Treasury Department for a specific area.
  3. Writing an application - a letter about providing an electronic signature.
  4. Providing a blank storage medium with the ability to write to it (disk, flash drive, etc.).
  5. Issuing a power of attorney to an authorized person to receive an electronic signature.
  6. Installation software at the applicant's automated workstation.
  7. Providing access to the Remote Financial Document Management System portal and confirming this by letter to the Regional Registration Center.
  8. Creation electronic key. There are two options for this:
    • by the applicant or his authorized representative at his workplace;
    • by the applicant under the control of an operator on the Federal Treasury computer.

What exactly will the Certification Center specialist do?

The procedure for installing a digital signature on a computer may vary somewhat depending on the type of electronic signature, but most often it consists of the following steps.

  1. Installation special program to install an electronic digital signature (the program can be purchased or taken free of charge from the Certification Center).
  2. Installation of an electronic key certificate.
  3. If necessary, this key is registered in the computer registry.
  4. Upon completion of the work, registration and issuance of an installation certificate for the cryptographic protection means.

Documents required to obtain a certificate

From an individual entrepreneur:

  • identification;
  • Certificate of registration with the tax office.

From an organization – legal entity:

  • identity card of an authorized person acting on behalf of the organization;
  • his SNILS;
  • document establishing the organization;
  • tax registration certificate.

IMPORTANT! If the digital signature is planned to be used automatically, that is, without identification by name, SNILS is not needed.

If the necessary personal data is not provided, the Certification Center will refuse to issue an electronic signature and a certificate for its verification.

Programs for installing digital signatures

Software for the operation of electronic signatures may vary. Today, several popular programs are used for this purpose:

  • “Crypto-Pro” (the most common, can be provided free of charge);
  • "Continent-Up";
  • “Continent TLS-VPN Client”;
  • "Jinn."

Name and number of the electronic signature tool in mandatory are included in the installation act if it is carried out by external specialists.

Structure of the act of installing a cryptographic protection tool

The certificate is issued by contractors - outside, hired to install and configure the software for using electronic digital signatures. Representatives of the installation center that provided the appropriate program can be invited as installers.

The document is drawn up in two copies - one for each party.

One of the copies must be returned to the Certification Center within ten days from the date of installation of the electronic key.

Like any official document, this act contains standard elements and data that are entered there in each specific case.

An act of destruction of an electronic signature means is drawn up in an organization in cases where there is no longer a need to use this type of signature, operating conditions change, or the electronic signature certificate itself expires, etc.

FILES

Where to register

When a key is received, its number and date of receipt are necessarily entered into the key certificate registry. This is reflected in the fifth paragraph of Article 14 of Law No. 63-FZ of April 6, 2011.

When destroyed, an appropriate note is made in this document with the signatures of the responsible persons. In this case, the number and date of the act of destruction of the electronic signature device may be mentioned.

Deadlines

Certification centers issue electronic digital seals to organizations and individuals, and they determine their validity periods. In most cases this is a calendar year. Practice has shown that this is the optimal period of use during which the organization will have time to complete all required actions with an electronic signature.

In addition, the accounting department makes a summary report at least once every year, checking the validity period of the electronic signature. If the work in the institution is properly organized, the seal will be replaced with a new one in time. The previous version, if outdated, is destroyed.

Types of electronic signature means

In 2011, the law defined exactly what electronic signatures can be valid in Russian Federation. There are only two varieties: regular and enhanced electronic printing. The latter, in turn, is divided into qualified and unqualified specimens.

A typical electronic signature may be a password.

A strengthened one differs from a regular one in that cryptographic methods are used in its formation. The qualification of the seal is acquired by issuing a special qualified certificate.

Legal entities are allowed to use only qualified reinforced seal. And the act of destruction of an electronic signature can only be issued regarding the destruction of this type of electronic signature.

Who draws up the act

In order for a document to have legal force, at least three people must be listed as drafters. According to generally accepted requirements, the act must contain information about:

  • Full name of the organization ( legal entity), which owns the electronic printing facility.
  • Full name and position of the members of the commission that drew up the act.
  • Date and city of document signing. This data is located at the top, immediately after the name of the act of destruction of the electronic signature tool.
  • Full name of the electronic signature tool.
  • Method of destruction.
  • The location where the EDS license registration card will be transferred.

Moreover, the last two points are already formulated in the form. All that remains is to enter the name of the local treasury and the name of the accounting unit being destroyed at the enterprise.

When an electronic signature is no longer valid

Article 14, paragraph 6 of Law 63-FZ provides for such basic cases in which the further use of electronic digital printing is inappropriate, since the certificate for its use becomes invalid. This happens if:

  • Its validity period has expired and an extension is required. Typically, CAs that issue electronic signatures and certificates for them limit the validity period to one year.
  • The one who owns the right to sign writes a special statement stating that he destroys it and is no longer going to use it.
  • The institution that used the digital signature is closed. In this case, it is necessary to have documents confirming this fact.
  • The certification center that issued the digital signature closed and did not transfer its rights to another institution. Moreover, the responsibility for informing the owners electronic stamps lies at the certification center itself.
  • If in order for the certificate to continue to be valid, it is necessary to make any changes to it (for example, to extend the term).
  • If the physical digital signature media (for example, a flash drive) fails and no copies have been saved.

Moreover, if the certificate has expired, then its owner is obliged to write a statement maximum 5 days in advance stating that he needs an extension. If the owner of such a statement has not written, then all documents signed with this electronic digital seal lose their validity, and activities in processes certified with the help of such an electronic digital signature are considered illegal.

Most certification centers strictly monitor the terms of use of their seals and in such cases terminate their validity remotely.

Who can destroy

Electronic signature means are no less controlled than physical seals. They can be destroyed either by the owners who wrote the application for receipt and used them in their work activities, or by the authorized representatives of these employees.

Important! The right to act on behalf of the certificate owner must be officially confirmed by a notarized power of attorney.

Who needs to be informed

All digital signatures and certificates for them are entered into the general Register of Certificates from the very beginning. When destruction of an electronic signature facility occurs, this information must be removed from this registry within 1 business day.

Despite the fact that the validity of the certificate can be terminated both by telephone and in person orally, it would be more legally competent to formalize everything in writing. So, when going to court, for example, an official document remains in hand, which can serve as strong evidence in favor of one of the parties.

Also, information about the destruction of the electronic signature and cancellation of the certificate is sent to CAS, which issues an official notice of cancellation. Thus, the initiator of destruction and deletion from the register of valid electronic signatures can be either the owner or the certification center that issued it. And in this process, the act of destroying the electronic signature means, the form and sample of which are posted on our website, is very helpful.


We also recommend