Security of the critical information infrastructure

STEP LOGIC helps organizations operating critical information infrastructure bring their equipment and information systems into alignment with legal requirements.


On law No. 187-FZ

The Law “On the Security of Critical Information Infrastructure of the Russian Federation” was put into effect on January 1, 2018, and defines the concepts of objects and subjects of critical information infrastructure (CII) and responsibilities for ensuring the security of CII elements. The law applies to state and private organizations operating in 13 sectors of the economy that are regarded as making up the foundation of the functioning of the state. These include transport, communications, finance, fuel and energy, health-care, science, nuclear power, defense, mining, metal production petrochemical, aerospace industries.

STEP LOGIC has the requisite expertise and experience and can offer help in certifying critical information infrastructure elements for compliance with the requirements of 187-FZ, such help can include:   

  • Help with the categorization of critical information infrastructure elements

  • Design and deployment of a security system

  • Organization of interaction with GosSOPKA

  • Setting up a GosSOPKA center


  • We've been developing information security for over 16 years.
  • We've got experience in implementing projects in all industries, including machine engineering, health care, and finance.
  • We've got more than 400 certificates from international nonprofit organizations and major cybersecurity suppliers.
  • We maintain partnerships with more than 80 leading foreign and Russian cybersecurity vendors.
  • Our company has all the necessary licenses from the Federal Service for Technology and Export Oversight, the Federal Security Service, and the Ministry of Defense of Russia.
  • The company is a member of the Association of Users of Information Security Standards and the British Standards Institution and also participates in the expert groups under the Digital Economy of the Russian Federation program.
  • All our projects are certified for conformance with ISO 9001 standards (international quality management) and ISO 27001 standards (cybersecurity management).
  • We've developed a universal method for categorizing critical information infrastructure with the support of the Federal Service for Technology and Export Oversight.

How can you categorize your critical information infrastructure on your own? 

One of the requirements of law No. 187 is that all critical information infrastructure elements (such as information systems, communications systems, automation systems) get categorized, and the categorization results are reported to the Federal Service for Technology and Export Oversight.

STEP LOGIC has developed a categorization methodology. The document is offered free of charge and contains a detailed action plan, practical examples, a series of questions and answer as well as document templates that will help organizations:

  • Meet some of the legal requirements on their own without getting outside help, thus saving money

  • Deliberately assume responsibility for critical information infrastructure as is required by law

  • More precisely estimate the budget and time frame for subsequent stages, understanding the list and categories of assets to be protected

  • Meet the categorization requirements on time without entering into any additional contracts or having audits and inspections conducted by outside organizations, etc.

Download the critical information infrastructure categorization methodology

     The document is regularly updated. You can also sign up to get updates of the document at the bottom of the page.