Cabinet of Ministers approves procedure for identifying vulnerabilities in information systems

The Cabinet of Ministers has approved the procedure for searching for and identifying potential vulnerabilities in information (automated), electronic communications, information and communication systems, and electronic communication networks.

This was reported on the Government's website.

The mechanism for searching for vulnerabilities includes:

1. Entering into an agreement if paid coordinator services are present in accordance with the requirements of public procurement legislation.
2. Searching for potential vulnerabilities based on a public proposal.
3. Publication of a public proposal by the system owner on the official website.
4. Publication of a public proposal by the coordinator on their official website, with a reference to the system owner's website (proposal is provided in Ukrainian, or in the official language of the Council of Europe).

According to the resolution, after verifying the report, the coordinator has 30 working days to inform the researcher about the decision regarding changes in the system. In case of refusal to make changes, the researcher can publish information about the vulnerability and its technical details.

Upon the results of the report verification, the system owner sends a message to the government team CERT UA and, if necessary, to the sectoral team responding to computer emergency events. The operator of critical infrastructure processing state information resources also notifies the National Police and the Security Service of Ukraine.

Background. It was previously reported that the Cabinet of Ministers had introduced the procedure for conducting technical inventory of real estate.