Description

Last update: August 21 2024

Product Description Certified Data Center Segment

Attested Data Center Segment (A-DC) — IT infrastructure to accommodate an information system with enhanced data protection requirements. The requirements are fulfilled in accordance with the distinction areas of responsibility.

Only dedicated servers of any configuration and network equipment provided by Selectel.

A-DC is used for:

• certification of the information system in accordance with the requirements of FSTEC Orders No. 17 and No. 21;
• processing of personal data up to the first (maximum) level of security in accordance with the requirements of the 152-FZ;
• maximizing security control at the infrastructure level;
• increasing the loyalty of service users by meeting the requirements of Russian laws and international standards.

In terms of functioning and meeting security requirements, the A-DC consists of a set of certified information systems, and these are used in the delivery of services:

• IS Infrastructure;
• IS "Managed Security Services";
• IS Administration;
• IS "Information Security Monitoring".

When hosting IT infrastructure in an A data center, only infrastructure level services can be selected — Placement of equipment in A data centersor connect additional information security services:

• provision of data protection equipment;
• managed security services and administration.

A-DC Services

Equipment placement in A-DC

Ensures fulfillment of requirements to the territorial site according to PCI DSS, 152-FZ (FSTEC Orders #17 and #21), GDPR, SOC-2 implements security measures related to physical access to equipment, maintains continuous functioning of the infrastructure.

If you select an infrastructure level service, infrastructure level services are provided:

• dedicated servers of any configuration;
• hardware firewall (Fortinet, UserGate, Cisco, Continent, CheckPoint);
• optional: Selectel network equipment.

All equipment is placed in racks belonging to the IS "Infrastructure".

When connecting servers in the A data center, the following is used typical connection diagram.

Dedicated servers are switched behind a dedicated firewall and have no direct connection to Selectel's internal networks or to other clients' networks. Because of this, Selectel's internal systems do not have access to server information, and the server cannot be managed through the Selectel Control Panel. The Selectel Control Panel displays the message "No power information" for such servers. All connections to external networks go through the firewall.

You can only connect to servers in the A data center through IPMI interfaces that are firewalled together.

When conducting performance evaluation (attestation) of the information system hosted by the A-DC, the following shall be provided:

• extract from the IS Infrastructure threat model;
• Confirmation of infrastructure placement;
• serial numbers and special firewall security marks;
• if additional information security services, serial numbers and special security marks are used.

Providing information security features

Provides protection from current threats, fulfillment of the requirements of FSTEC Orders No. 17 and No. 21, as well as the requirements of international standards for information systems in the client's area of responsibility.

Upon activation of the service, access to the selected specialized software or hardware-software information protection tool is provided:

• Secret Net LSP;
• Secret Net Studio;
• Dallas Lock SDZ;
• Kaspersky Endpoint Security;
• Maxpatrol SIEM.

Managed security services and administration

Allows for both one-time installation and configuration of information protection tools and full system support, including response to security incidents.

The service is provided using IS "Administration", IS "Managed Security Services" and IS "Information Security Monitoring", which allows the certified systems to be transferred to Selectel for administration without violating legal requirements.

Data protection requirements to be met

Compliance within Selectel's area of responsibility is regularly reviewed and confirmed by external auditors.

	Information protection requirement	Confirmation of Selectel compliance with the requirement
Processes personal data up to KM-1	FSTEC Order No. 21	Information Protection Certificate of Conformity No. 3479.00001.2022 dated March 10, 2022 IS Infrastructure Selektel Ltd.
Is a state information system up to K1	FSTEC Order No. 17	Information Protection Certificate of Conformity No. 3479.00001.2022 dated March 10, 2022 IS Infrastructure Selektel Ltd.
Process payment card data	PCI DSS	PCI DSS
Process personal data of EU citizens or people in the EU	GDPR	DPA and SCC can be arranged
Used to operate commercial companies with high demands on service providers	AICPA SOC 2®	SOC 2® Compliance Report
Used for handling confidential information and trade secrets	GOST R ISO/MEQ 27001-2021	Certificate GOST R ISO/IEC 27001-2021

Areas of responsibility

Selectel is responsible for security related to physical access to the IT infrastructure and implements a portion of the physical security measuresthat are in his area of responsibility.

Selectel is not responsible for the operation of the system and application software of the servers, firewall administration and security related to logical access to the information system. Selectel's internal systems do not have access to the servers hosted in the A-DDC.

Cost

Depending on the type of balances in the account, the following is used for payment single balance or basic balance. Before ordering a service top up.

The cost depends on the amount of equipment to be placed and additional services ordered. It includes:

• cost of a dedicated server of arbitrary configuration;
• firewall cost;
• cost of the service "Placement of 1U equipment in the Attested Data Center Segment". The service must be ordered for each unit;
• cost of additional information security services.