General information about the Certified Security Features service

Last update: May 30 2026

The Certified Security Features service provides software and hardware-software tools designed to protect information on a server. Security tools are installed on or connected to the server.

You should use server security tools if your system is subject to increased information security requirements. Such requirements are set by:

• for protecting government systems (GIS up to K1 inclusive);
• protecting personal data (ISPDN up to UZ-1 inclusive);
• complying with the requirements of FSTEC of Russia Orders No. 17 and No. 21;
• meeting international information system standards.

Depending on your infrastructure specifics and the list of requirements you need to meet, you can order:

• Kaspersky Endpoint Security — a comprehensive solution for threat protection;
• Secret Net LSP — a tool for protection against unauthorized access for Linux OS;
• Secret Net Studio — a tool for protection against unauthorized access for Windows OS;
• Dallas Lock trusted boot tool — a trusted boot tool for dedicated servers in the Certified Data Center Segment (A-COD);
• Sobol hardware-software security module — a trusted boot tool for dedicated servers in the Certified Data Center Segment (A-COD).

You can view the features of each tool and choose the right one using the Brief description of security tools and Implementing security measures using provided server security tools tables.

For additional infrastructure protection, you can configure a cloud firewall, basic firewall, as well as connect a hardware or virtual firewall.

Description of security tools

	Kaspersky Endpoint Security	Secret Net LSP	Secret Net Studio	Dallas Lock SDZ	Sobol PAK
Purpose	Protection of virtual and physical servers against various threats, network and fraudulent attacks, protection of the virtualization environment and system virtual machines	Protection of Linux OS on virtual and physical servers against unauthorized access	Protection of Windows OS on virtual and physical servers against unauthorized access, antivirus	Blocking unauthorized OS boot attempts and OS authenticity verification	Blocking unauthorized OS boot attempts and OS authenticity verification, confidential information protection
Security tool type	Software	Software	Software	Hardware-software module for installation in a dedicated server	Hardware-software module for installation in a dedicated server
Compatible services	All Selectel products	All Selectel products	All Selectel products	Dedicated servers hosted in the A-COD	Dedicated servers hosted in the A-COD

Implementing security measures using provided server security tools

	Information security measure content	Implement within the client's area of responsibility
IAF.1	Identification and authentication of users who are the operator's employees	Dallas Lock SDZ (before OS boot begins), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
IAF.2	Identification and authentication of devices, including stationary, mobile, and portable ones	Secret Net Studio, Secret Net LSP
IAF.3	Identifier management, including creation, assignment, and destruction of identifiers	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
IAF.4	Authentication tool management, including storage, issuance, initialization, locking of authentication tools, and taking measures in case of loss and (or) compromise of authentication tools	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
IAF.5	Protection of feedback when entering authentication information	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
IAF.7	Identification and authentication of file system objects, executable and running modules, database management system objects, objects created by application and special software, and other access objects	Secret Net Studio (in OS)
UPD.1	Management (creation, activation, locking, and destruction) of user accounts, including external users	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
UPD.2	Implementation of required methods (discretionary, mandatory, role-based, or other method), types (read, write, execute, or other type), and access control rules	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
UPD.3	Management (filtering, routing, connection control, unidirectional transmission, and other management methods) of information flows between devices, information system segments, and information systems	Secret Net Studio, Secret Net LSP (local firewall)
UPD.4	Separation of user, administrator, and information system operation personnel roles	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
UPD.6	Limiting unsuccessful login attempts to the information system (access to the information system)	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
UPD.10	Locking an information system access session after a set time of user idleness (inactivity) or upon user request	Secret Net Studio, Secret Net LSP
UPD.11	Permission (prohibition) of user actions allowed before identification and authentication	Secret Net Studio, Secret Net LSP
UPD.17	Ensuring trusted boot of computing equipment	Dallas Lock SDZ, Sobol PAK
OPS.1	Management of starting (requests to) software components, including identifying components to be run, configuring component startup parameters, and monitoring software component startup	Secret Net Studio, Secret Net LSP
ZNI.1	Accounting of machine-readable information carriers	Secret Net Studio, Secret Net LSP
ZNI.5	Control over the use of information input (output) interfaces to machine-readable information carriers	Secret Net Studio, Secret Net LSP
ZNI.8	Destruction (erasure) of information on machine-readable carriers during their transfer between users, to third-party organizations for repair or disposal, and control over destruction (erasure)	Secret Net Studio, Secret Net LSP
RSB.1	Defining security events to be logged and their retention periods	Secret Net Studio, Secret Net LSP
RSB.2	Defining the composition and content of information about security events to be logged	Secret Net Studio, Secret Net LSP
RSB.3	Collection, recording, and storage of information about security events during the set retention time	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS) Kaspersky Endpoint Security
RSB.4	Responding to security event logging failures, including hardware and software errors, failures in collection mechanisms, and reaching memory capacity limits (capacity)	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
RSB.5	Monitoring (viewing, analyzing) security event logging results and responding to them	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
RSB.7	Protection of information about security events	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
AVZ.1	Implementation of antivirus protection	Secret Net Studio (AVZ module) Kaspersky Endpoint Security
AVZ.2	Updating the database of malicious computer program (virus) signatures	Secret Net Studio (AVZ module) Kaspersky Endpoint Security
SOV.1	Intrusion detection	Secret Net Studio (local IDS)
SOV.2	Updating the decision rule database	Secret Net Studio (local IDS)
ANZ.3	Monitoring the performance, settings, and correct functioning of software and security tools	Secret Net Studio, Secret Net LSP
ANZ.4	Monitoring the composition of hardware, software, and security tools	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
ANZ.5	Monitoring password generation and rotation rules, user account creation and deletion, access control implementation, and user permissions in the information system	Secret Net Studio, Secret Net LSP
OTsL.1	Control over software integrity, including security tool software	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
OTsL.6	Limiting user rights for entering information into the information system	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
ZSV.9	Implementation and management of antivirus protection in the virtual infrastructure	Secret Net Studio (AVZ module) Kaspersky Endpoint Security
ZIS.1	Separation of functions within the information system for managing (administering) the information system, managing (administering) the security system, information processing functions, and other information system functions	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
ZIS.15	Protection of archive files, security tool and software settings, and other data not subject to change during information processing	Dallas Lock SDZ (before OS boot), Sobol PAK Secret Net Studio, Secret Net LSP (in OS)
ZIS.17	Dividing the information system into segments (information system segmentation) and ensuring protection for information system segment perimeters	Secret Net Studio, Secret Net LSP (local firewall)
ZIS.21	Excluding user access to information created by the previous user through registries, RAM, external storage devices, and other shared information system resources	Secret Net Studio, Secret Net LSP
ZIS.22	Protecting the information system against information security threats aimed at causing a denial-of-service in the information system	Secret Net Studio (local IDS)
ZIS.24	Termination of network connections upon their completion or after a inactivity time interval set by the operator	Secret Net Studio, Secret Net LSP (local firewall)