Russian encryption certificate/encrypted products Russia
Russia-Importing Encrypted Products, FSB notification for Encryption or Notification for encrypted products
Due high amounts of the questions concerning import to the Russia or EAEU (EAC – old name Custom Union) radio product or encrypted products we decided to make this road map, to help better understand importing rules and regulatory documentation for radio or encrypted devices!
While importers no longer need to obtain a license from the FSB, they do need to submit a notification to the FSB’s Center for Licensing, Certification and State Information Protection. This change came into force with the creation of the Eurasian Economic Union (EEU) ( old name ) Customs Union between the Russian Federation, Belarus ,Kirgizia ,Armenia and Kazakhstan. These rules cover the most popular groups of products: FSB notification for Laptops, FSB notification for Software, FSB notification for Access points, FSB notification for cellphones, FSB notification for Routers , FSB notification for smart devices, FSB notification for for Mobile phones and match more
Let’s start with FSB abbreviation or FSB notificationFSB stands for Russian Security Burea (transcription name ) in English it will be Federal Security services which in short way will sounds like
So FSS notification is English version of FSB transcription name
FSS notification =FSB notification -equal name of the same document
Same Belongs to Russian FCA certification ( Federal Communication Agency ) or Russian FAC certification ( Federal agency of Communication)
LLC Mintest can provide services of FAC certification or FAC declaration depending on the requirements
Ok let’s go back to FSB /FSS notification requirements and rules
For What product you need to get FSB notification? list of a product for FSB notificationBelow is the list of products which belong to encryption (cryptographic) means or include encryption (cryptographic) means, technical and cryptographic characteristics of which are subject to notification: 1. Products, which include encryption (cryptographic) means, which have any of the following components:
Symmetric cryptographic algorithm, which uses the cryptographic key, the length of which does not exceed 56 bits; or asymmetric cryptographic algorithm, based on any of the following methods:
a) Factorization into prime numbers, the size of which does not exceed 512 bits;
b) Calculation of discrete logarithms, in the multiplicative group of the finite field, the size of which does not exceed 512 bits; or
c) Discrete logarithm in the group, the size of which is different from that named in the above item “b”, and does not exceed 112 bits. Note: Parity bits are not included in the key length. 2. Products, which include encryption (cryptographic) means, and have limited functions: а) Authentication, which includes all aspects of access control, where there is no file or text encryption, except for encryption, which is directly related to protection of passwords, personal identification numbers or similar data for protection from unauthorized access; b) Digital signature. Note: Functions of authentication and digital signature include the function of keys distribution which is related to them.
3. Components of software operation systems, cryptographic possibilities of which cannot be changed by users, which are developed for
installation by users without further substantial support by supplier and which have technical documents available (description of cryptographic transformation algorithms, interaction protocols, description of interfaces, etc.) 4. Personal smart-cards (intelligent cards):
а) Cryptographic capabilities of them are limited to usage on equipment or in systems, which are specified in items 5 – 8 of this list; or
b) For wide public usage, cryptographic capabilities of which are not available to users and due to a special design they have limited capabilities
of protection of personal information, which is stored on the card. Note: If an intelligent card can perform several functions, then the reference status of each function shall be specified individually. 5. Receiving equipment for radio broadcasting, commercial TV or similar commercial equipment for broadcasting on a limited territory without
encryption of a digital channel, except for cases when encryption is used solely for control of video or audio channels and sending of reports or return of the information, which is related to the program, to broadcast providers. 6. Equipment, cryptographic capabilities of which are not available to users, which is custom developed and limited for use by any of the following:
а) The software is made in the copy protected form;
b) By access to any of the following: - copy protected content, stored only on a readable information carrier; - information, which is stored in encrypted form on carriers, when such information carriers are offered for sale to people in identical sets;
c) Copy check of video and audio information, which is copyright protected.
7. Encryption (cryptographic) equipment, which is specifically developed and limited for use to banking and financial transactions. Note:
Financial transactions include fees and payments for transportation services and credit financing. 8. Portative or mobile radio electronic devices of civil purpose (for example, for use in commercial civil systems of cellular radio communication), which are not capable of end-to-end encryption (i.e. subscriber-to-subscriber) So called Poin-to Point
9. Wireless radio electronic equipment, which encrypts information only in the radio channel with the maximum wireless range without amplification and bridging less than 400 m in accordance with technical specifications of manufacturer.
10. Encryption (cryptographic) means used for protection of technological channels in information and telecommunication systems and communication networks.
11. Products, the cryptographic function of which is blocked by manufacturer
12.Other product which has encryption functions and which is not mentioned in first 11 paragraph’s he Eurasian Economic Commission (EEC), as the regulating body of the Customs Union, defines the list of products that are subject to non-tariff barriers. The EEC decree №134, dated August 16, 2012, creates the grounds for obtaining the notification. Chapter 2.19 of the decree reflects the full list of products that are subject to notification
To import electrical devices which is subject t the restrictions (radio devices restriction Russia) Customer must obtain MIT license , it is necessary to obtain a MinPromtorg License (Ministry of Industry and Trade of the Russian Federation - MIT). MIT’s website contains the list of documents that should be submitted to obtain the license. The Ministry launched an online service for license applications: http://www.non-tariff.gov.ru/ (which works only under Internet Explorer) Radio devices restriction Russia Chapter from 2.16 to 2.19 of The EEC decree №134, dated August 16, 2012 reflects the full list of products that are subject to notification and MIT if Notification could not be granted due restrictions
Submitting FSB Notification
Bellow I the steps for FSB submission
Step 1: Fill in the Notification Form, following instructions provided on the FSB website: http://clsz.fsb.ru/docs/fn.htm