GOST R 57580 requirements
Note
This feature is at the Preview stage.
GOST R 57580 is the national security standard for banking and financial operations. This standard defines information protection levels and establishes baseline administrative and technical safeguards for each tier.
The standard aligns implemented controls with the active threat landscape and accepted operational risks associated with financial and banking services, including money transfers.
These rules help ensure compliance with GOST R 57580:
|
Security standard requirement |
Check IDs in the CSPM module |
|
7.2.1. Subprocess Managing accounts and permissions of logical access subjects |
|
|
УЗП.10; УЗП.17–УЗП.21 |
|
|
УЗП.22–УЗП.27 |
|
|
УЗП.22–УЗП.25; УЗП.28 |
|
|
УЗП.8–УЗП.13; УЗП.17–УЗП.20 |
|
|
УЗП.10; УЗП.17–УЗП.21 |
|
|
РД.14–РД.15 |
|
|
УЗП.22–УЗП.25 |
|
|
РД.31; УЗП.17–УЗП.20 |
|
|
7.2.2. Subprocess Identification, authentication, and authorization (access control) associated with logical access |
|
|
РД.30-РД.31; РД.39-РД.44 |
|
|
РД.14–РД.15; РД.30–РД.31 |
|
|
РД.17–РД.18 |
cspm.crypto.secrets-lockbox |
|
РЗИ.14 |
|
|
РД.30–РД.31 |
cspm.access.db-console-access |
|
РД.31; УЗП.17–УЗП.20 |
|
|
РД.30–РД.31; ИУ.7–ИУ.8 |
|
|
РД.31 |
|
|
7.2.4. Subprocess Identifying and registering resources and access objects |
|
|
УЗП.10; УЗП.17–УЗП.20 |
cspm.access.sa-privileges-org-roles |
|
УЗП.22–УЗП.25 |
|
|
РД.29; РД.43–РД.44 |
|
|
РД.30–РД.31 |
|
|
СМЭ.16–СМЭ.19; ИУ.7–ИУ.8 |
|
|
ИУ.1–ИУ.4 |
|
|
РД.30–РД.31; ИУ.7–ИУ.8 |
|
|
7.3.1. Subprocess Network segmentation and firewalling |
|
|
СМЭ.3; СМЭ.9; СМЭ.16; СМЭ.21 |
|
|
СМЭ.3; СМЭ.16 |
|
|
СМЭ.16–СМЭ.19; СМЭ.21 |
cspm.access.public-access |
|
СМЭ.16–СМЭ.19 |
cspm.network.db-security-group |
|
СМЭ.1 |
|
|
СМЭ.17 |
|
|
СМЭ.19 |
|
|
СМЭ.16–СМЭ.19; ИУ.7–ИУ.8 |
|
|
7.3.2. Subprocess Detecting intrusions and network attacks |
|
|
ВСА.8; ВСА.9 |
|
|
ВСА.1–ВСА.7; BCA.11–BCA.13 |
|
|
ВСА.1–ВСА.7 |
|
|
7.3.3. Subprocess Protecting information transmitted over computer networks |
|
|
3ВС.1–3ВС.2 |
|
|
3ВС.2 |
cspm.data.storage-https |
|
7.4.2. Subprocess Vulnerability management |
|
|
ЦЗИ.4–ЦЗИ.6 |
|
|
ЦЗИ.1–ЦЗИ.11; ЦЗИ.20–ЦЗИ.26 |
|
|
ЦЗИ.1–ЦЗИ.11; ЦЗИ.20–ЦЗИ.26 |
|
|
7.4.3. Subprocess Software placement, storage, and update governance |
|
|
ЦЗИ.16 |
|
|
ЦЗИ.1–ЦЗИ.11; ЦЗИ.20–ЦЗИ.26 |
|
|
ЦЗИ.1–ЦЗИ.11; ЦЗИ.20–ЦЗИ.26 |
|
|
7.4.4. Subprocess Software inventory management and integrity control across the IT infractructure |
|
|
ЦЗИ.1–ЦЗИ.11; ЦЗИ.20–ЦЗИ.26 |
|
|
7.5. Process 4 Protection against malicious code |
|
|
ЗВК.8–ЗВК.12 |
|
|
ЗВК.11–ЗВК.12 |
|
|
ЗВК.20; ЗВК.12 |
|
|
ЗВК.20; ЗВК.11–ЗВК.12 |
|
|
7.7.1. Subprocess Information security event monitoring and analysis |
|
|
МАС.1–МАС.9 |
|
|
МАС.1–МАС.7 |
|
|
МАС.22 |
|
|
6.12. General provisions for the use of cryptographic information protection tools |
|
|
РЗИ.14 |
cspm.crypto.keys-hsm |
|
РД.17–РД.18 |
|
|
УЗП.28 |
cspm.crypto.keys-rotation |