Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7

Translated from Russian to English - www.onlinedoctranslator.
com
APPROVE UTVERFDAY
director of FSUE "RNIIRS" CEO
LLC NTC Vulkan
A.V. Markov
» 2017 " » 2017
PROGRAM AND METHODS OF PRELIMINARY TESTS

prototype "Amezit-V"
(TIiifr "Amezit-V")
VATS.466535.IZ5PM
Sheets 333
AGREED
Head of 474 VP of the Ministry of Defense of the Russian Federation
»2017
2017
CONTENT
1 Test program 3
1.1 Test object............................................................... ...................................................3
1.2 Purpose and objectives of the tests ............................................... ...............................3
1.3 General provisions............................................................... ...................................................3
1.4 Scope of tests............................................................... .................................................5
1.5 Conditions, modes, procedure, venue, types and stages of testing ..25
1.6 Logistics of testing .......................................................30
1.7 Metrological provision of tests .......................................................... .......31
1.8 Ensuring the protection of state secrets ....................................................... ...31
1.9 Reporting.................................................... ................................................. .......31

Annex A 32
Annex B 314
Annex E 320
2
1 Test program
1.1 Test object

1.1.1 The object of preliminary tests is an experimental
sample (hereinafter - OO) of special software (SSS) "Amezit-V"
RU.VATS.00176-01 (hereinafter - SPO "Amezit"), manufactured by STC
"Vulkan" LLC, which is an integral part of the hardware-software complex
(HSC) "Amesite".
1.2 Purpose and objectives of testing
1.2.1 Preliminary tests of the prototype SPO "Amezit-V"
carried out in order to verify its compliance with the requirements of the terms
of reference (TOR) for the Amezit-V R&D center and Supplement No. 1 to it, as
well as to determine the readiness of the prototype SPO Amezit-V for
interdepartmental tests.
1.2.2 The objectives of the tests are:
- checking the completeness of the prototype;
- checking for compliance with the main parameters and characteristics
prototype;
- preliminary assessment of the sufficiency and completeness of
- documentation; determining the possibility of presenting a prototype and
developed RKD for interdepartmental tests.
1.3 General provisions
1.3.1 Preliminary tests are carried out on the basis of
the following documents:
- AgreementNo. 1/16.16 dated September 30, 2016;
- TOR for an integral part of development work (hereinafter - TOR

at the midrange of the ROC) "Amezit-V" (Appendix No. 1 to the contract No. 1 / 16.16 of September 30, 2016);
- AdditionNo. 1 to the terms of reference for the component

development work;
- notification about readiness Artist To holding
preliminary tests of a prototype SPO "Amezit-V";
- order of the director of LLC "NTC" Vulkan "on the appointment of a commission for
conducting preliminary tests of a prototype SPO "Amezit-V";
- "Program and methods of preliminary tests"; set of
- design and software documentation.
1.3.2 A prototype is presented for preliminary tests
SPO "Amezit-V", verified and accepted by the Quality Control Department of LLC "NTC" Vulkan "and 474
3
VP MO RF in the scope of inspections corresponding to the category of acceptance
tests.
1.3.3 Tests are carried out according to the "Program and methods
preliminary tests ... "(hereinafter - PM), developed by LLC "NTC" Vulkan ",
agreed and approved in accordance with the established procedure in
accordance with GOST RV 15.211-2002.
1.3.4 On the readiness for preliminary tests of LLC
"STC" Vulkan "notifies the Customer with a notification agreed with 474 VP of the Ministry of Defense of the Russian
Federation.
1.3.5 The timing of the preliminary tests is determined

by order of the director of LLC "NTC" Vulkan "at the locations of the
prototype.
1.3.6 For preliminary tests, a
commission, which includes representatives of OOO STC Vulkan, Federal State Unitary Enterprise RNIIRS
and 474 Air Defense Ministry of the Russian Federation (as agreed).
1.3.7 In its work, the commission is guided by the requirements
GOST RV 15.210-2001 (in terms of the procedure for conducting preliminary
tests) and the regulatory and technical documents given in Appendix A.
1.3.8 The test results are recorded in the protocols. In progress

tests, the commission has the right to combine tests on several points of
this program in time with the reflection of the test results in a single
protocol. It is allowed to refine the test methods, if these refinements do not
reduce their reliability in comparison with the methods of this program.
1.3.9 The Preliminary Test Panel may

suspend or terminate testing. The basis for such a decision may be:
- non-compliance of the prototype SPO "Amezit-V" with the requirements of the statement of work
on the midrange R&D "Amezit-V" or the requirements of program documentation;

- refusaltested prototype of APK "Amezit",
preventing further testing.
1.3.10 The decision to suspend (break) the tests is made by
testing committee. Suspension of tests is documented by the protocol of the
commission. The protocol establishes the duration of the test break and, if
necessary, the scope of work for re-checking the prototype after eliminating
the reasons for the suspension.
4
1.3.11 Termination of tests is formalized by an act, which must
be signed by all members of the commission and sent for making an appropriate
decision to the Customer and the executor of the Amezit-V R&D Center.
1.3.12 Before resuming testing, the commission checks
materials reflecting the results of eliminating the reasons for the termination
(interruption) of tests, checking the completeness of the modifications of the
prototype carried out at the proposals of the commission that terminated the tests.
1.3.13 Tests are considered completed if their results
issued by an act confirming the implementation of the test program and
containing an assessment of the test results.
1.3.14 The Commission is allowed to correct, if necessary,
program and test methods.
1.4Scope of testing
1.4.1 The product is subject to tests in the scope specified in Table 1.
Table 1 - Scope of tests
Number Prime
No. Name of tests and item TK, methods chanting
p/p checks Add-ons test

No. 1 to TK th
5.1.1–5.1.4,
9.5, 13.2.5–
Examination sufficiency And13.2.6, 13.3,
Methodology
1 completeness of documentation 13.5.1–13.5.8,
No. 1
SPO "Amezit-V" 13.6.1, 13.11–
13.13, 13.17–
13.19
3.1, 5.4.2.2,
Checking the contents Methodology
2 5.4.2.3, 9.14,
SPO "Amezit-V" No. 2
13.14
Examination fulfillment
requirements purpose of STR
3 formation autonomous 3.2.1
data network segment (SPO
PAS)
Examination relaying
traffic And organizations Methodology
3.1 3.2.1.1
connections To wired No. 3
communication lines
Examination relaying Methodology

3.2 3.2.1.2
traffic Withusing No. 4
5
Number Prime

No. 1 to TK th
wireless lines And
organizations connections To
wireless communication networks
Examination management
third party
telecommunications
Methodology
3.3 equipment level 3.2.1.3
No. 5
distribution and kernel level
without authorization and with
physical access to it
Checking the collection, registration Methodology
3.4 3.2.1.4
and display of information No. 6
Examination routing
traffic and transfer it to
Methodology
3.5 technical facilities 3.2.1.5
No. 7
primary analysis
information
Examination automatic
settings With Methodology
3.6
networks
3.2.1.6
using protocols No. 8
DHCP, NTP, DNS
Examination prioritization Methodology
3.7 3.2.1.7
traffic using TOS No. 9
Examination balancing
Methodology
3.8 loads Withdynamic 3.2.1.8
No. 10
resource allocation
Automated Control Test
modules
Methodology
3.9 relaying With 3.2.1.9
No. 11
providing unified
GUI
Checking Network Address Methodology
3.10 3.2.1.10
Translation No. 12
Examination possibilities
sustainable To
Methodology
3.11 unauthorized access to the 3.2.1.11
No. 13
centralized management
And monitoring
6
Number Prime

No. 1 to TK th
controlled equipment using a
single graphical interface
Examination conjugation With

channel-forming equipment of Methodology
3.12 3.2.1.12
various backbone data No. 14
transmission networks
Baud rate test Methodology
3.13 3.2.1.13
No. 15
Checking the monitoring of the status
of the telecommunications
equipment, prompt detection of
attempts to obtain unauthorized
Methodology
3.14 access to them, abnormal 3.2.1.14
No. 16
reboots of the hardware OS and
other facts of violation of the
information security of the PAS
subsystem
4 control messages 3.2.2
autonomous network segment
data transmission (SPO PKS)
Checking the analysis of connections
of an autonomous segment of the
Methodology
4.1 data transmission network and 3.2.2.1
No. 17
collecting information at speeds up to
6 Gb / s
Checking the organization of
intermediate control nodes in
order to analyze connections Methodology
4.2 3.2.2.2
and identify information when No. 18
using protocols such as IPSEC
Examination automatic Methodology

4.3 3.2.2.3
file recognition and selection No. 19
Examination prevention Methodology
4.4 3.2.2.4
use technologies No. 20
7
Number Prime

No. 1 to TK th
user anonymization
Examination blocking And
redirects client
Methodology
4.5 requests (HTTP/HTTPS) on 3.2.2.5
No. 21
legitimate resources of GIS OP
(mirrors)
Checking the possibility of selecting Methodology
4.6 3.2.2.6
a given subscriber No. 22
Examination formations,
display And export
lists subscribers- Methodology
4.7 3.2.2.7
senders And subscribers- No. 23
receivers with topological
connections between them
Checking the maintenance of Methodology
4.8 3.2.2.8
network activity statistics No. 24
Examination registration V
storage device informational
Methodology
4.9 exchange (in full) for the 3.2.2.9
No. 25
subscriber, given
operator
Checking the visualization of traffic and
the analysis of the connections of Methodology
4.10 3.2.2.10
participants in the connections to the No. 26
required level
Examination implementation
distributed computing in Methodology
4.11 3.2.2.11
search purposes key No. 27
information
5 3.2.3
monitoring of the Internet and the
media (SPO PMS)
Checking the collection of
information from social
Methodology
5.1 networks, blogs, microblogs, 3.2.3.1
No. 28
forums, as wellinformation
as news
portals V given
8
Number Prime

No. 1 to TK th
geographic region
Checking the identification of the Methodology
5.2 3.2.3.2
source of information No. 29
Examination analysis
dissemination of information with
Methodology
5.3 the presentation of the results in 3.2.3.3
No. 30
graphical form (in the form of a
distribution graph)
Examination analysis
Methodology
5.4 emotional coloring 3.2.3.4
No. 31
information materials
Examination continuous
targeted search and selection of
heterogeneous information in
digital sources
open access on a given
Methodology
5.5 thematic focus with the 3.2.3.5
No. 32
implementation
geographical
identification, its joint
integrated analysis on a
geospatial basis
Examination visualization
generalized results
thematic selection
information from open
digital sources on Methodology
5.6 3.2.3.6
digital interactive No. 33
models of the globe (GIS) with
the possibility of detailing the
materials of interest and their
selection
Examination formation
templates for processing open
access digital sources, Methodology
5.7 3.2.3.7
indicating regions, No. 34
information V which
must be collected
9
Number Prime

No. 1 to TK th
Validation of search, detection
based on key features and
submission for analysis to the
Methodology
5.8 operator new 3.2.3.8
No. 35
information resources to
determine the need to collect
information
Checking the automated
compilation of analytical
reports on various events,
objects and persons in a given Methodology
5.9 3.2.3.9
interval time By No. 36
temporary address,
regional parameters and
sources of their appearance
Checking that ICP STR
activities are not defined as Methodology
5.10 3.2.3.10
elements infrastructure No. 37
government agencies
automated
Methodology
5.11 interactions With SPO 3.2.3.11
No. 38
linguistic support subsystems
remote use STR PMS
territorially
distributed elements
Methodology
5.12 APK "Amezit" (through 3.2.3.12
No. 39
subsystem PPD) With
demarcation right access
according to the role models
access
6 Examination fulfillment 3.2.4
control information and
technical objects
telecommunications systems
and life support systems
10
Number Prime

No. 1 to TK th
(SPO POT)
Examination testing
telecommunications
equipment level
distribution and kernel level per Methodology
6.1 3.2.4.1
opportunity penetration No. 40
external violator and
opportunity installations
third-party expansion modules
Examination holding
load And
functional testing aimed at Methodology
6.2 3.2.4.2
blocking the operation of No. 41
telecommunications
equipment
Examination creation And
manufacturing control stand
information technology
facilities systems Methodology
6.3 3.2.4.3
life support With No. 42
opportunity visualization
mechanisms holding
impacts
Verification of the development of a
Methodology
6.4 collection of methods for reverse 3.2.4.4
No. 43
engineering of embedded software (HPE)
7 3.2.5
primary analysis
information (SPO PPA)
Analysis verification compounds
technical funds
Methodology
7.1 autonomous segment networks 3.2.5.1
No. 44
data transmission and information
collection
Checking the organization of
Methodology
7.2 intermediate control nodes in 3.2.5.2
No. 45
order to gain access to
eleven
Number Prime

No. 1 to TK th
information transmitted using
protocols such as IPSEC
Examination automatic Methodology

7.3 3.2.5.3
file recognition and selection No. 46
Verification of automated
preparation and deployment in
the autonomous segment of the Methodology
7.4 3.2.5.4
data transmission network of No. 47
"twins" for legitimate GIS OP
resources
Examination blocking And
redirects client
Methodology
7.5 requests (HTTP/HTTPS) on 3.2.5.5
No. 48
legitimate resources of GIS OP
(mirrors)
Checking the possibility of
choosing a given subscriber
autonomous network segment
data transfer by setting the
operator aggregates Methodology
7.6 3.2.5.6
switching address No. 49
features, including IP addresses,
IP masks, MAC addresses,
addresses for protocols
application layer
Checking the identification of data
transmission channels of communication Methodology
7.7 3.2.5.7
and control systems No. 50
opposing side
Malfunction check
communication
Methodology
7.8 equipment using technical 3.2.5.8
No. 51
means of monitoring objects
telecommunication systems
7.9 Checking the Mode Definition 3.2.5.9 Methodology
12
Number Prime

No. 1 to TK th
work And composition
telecommunications No. 52
equipment
Examination channel detection
transmission data is critical Methodology
7.10 3.2.5.10
important information No. 53
objects
Examination identifying
Methodology
7.11 information resources 3.2.5.11
No. 54
opposing side
Examination registration V
storage device informational
Methodology
7.12 exchange (in full) of the 3.2.5.12
No. 55
subscriber, given
operator
Examination ensure
programmatic means
Methodology
7.13 primary analysis 3.2.5.13
No. 56
information fulfillment
appointment requirements
Examination conjugation With
channel-forming equipment of Methodology
7.14 3.2.5.14
various backbone data No. 57
transmission networks
requirements destination SPO
relaying data With
8 3.2.6
using
intermediate servers (SW PRD)
Checking the performance of data

relay functions for implementation
purposes covert exchange
between technical Methodology
8.1 3.2.6.1
means network monitoring No. 58
Internet and Internet GIS
resources by protocols
TCP/IP families
13
Number Prime

No. 1 to TK th
Checking the performance of data
relay functions for implementation
purposes covert exchange
between technical
Methodology
8.2 means training, 3.2.6.2
No. 59
accommodation And "promotion"
special materials and
Internet GIS resources using
TCP/IP family protocols
Examination building
rational in terms of secrecy
and speed of information Methodology
8.3 3.2.6.3
exchange virtual No. 60
transport routes
data relay
Examination connections
automated workers
places of operators of APK Methodology
8.4 3.2.6.4
"Amezit" to the data exchange No. 61
system that does not require
additional settings for users
Examination automatic
Methodology
8.5 building virtual 3.2.6.5
No. 62
routes
Examination concealment
personalizing
information about means Methodology
8.6 3.2.6.6
data transfer from monitoring No. 63
and analysis tools
opposing side
Examination concealment
Methodology
8.7 information O national 3.2.6.7
No. 64
accessories
Checking data masking on
relay nodes under legal
Methodology
8.8 custom 3.2.6.8
No. 65
requests To public
services
14
Number Prime

No. 1 to TK th
Hiding personal information
applied
level must Methodology
8.9 3.2.6.9
controlled SPO, No. 66
installed on workstation
operator
Examination creation
virtual routes along Methodology
8.10 3.2.6.10
customizable No. 67
admin templates
centralized management
Methodology
8.11 Free software for data relaying 3.2.6.11
No. 68
(in manual and automated
mode)
forecast speed transmission
Methodology
8.12 data Withusing 3.2.6.12
No. 69
virtual transport
route
Examination control
Methodology
8.13 performance points 3.2.6.13
No. 70
virtual routes
Checking the execution of add
functions noise
structures V purposes
statistical
camouflage data, Methodology
8.14 3.2.6.14
passing through the technical No. 71
means of data relay, under
legal
custom inquiries to
public services
Verifying the Concealment of the
Methodology
8.15 True Destination of a Grouping 3.2.6.15
No. 72
of Virtual Route Points
Fulfillment of the requirements of the open Methodology
8.16 3.2.6.16
source software for data relaying in terms of No. 73
15
Number Prime

No. 1 to TK th
SPO monitoring networks
Internet and "promotion"

materials must
be carried out various
methods and prevent
disclosure of information
when opening one of them
Check blocking any immediate
interactions technical
Methodology
8.17 means of promoting materials 3.2.6.17
No. 74
and monitoring the Internet,
bypassing the data relay
system
Examination providing
gateway anonymization,
providing mechanisms
Methodology
8.18 conjugation For others 3.2.6.18
No. 75
technical funds APK
"Amesite" (V volume including
geographically remote)
Examination detection And
opposition attempts
launch special Methodology
8.19 3.2.6.19
software ensure V No. 76
virtual And under
environment
control of debuggers
Verification of ensuring control of
the state of the grouping points
virtual routes,
operational identifying
attempts to obtain UA to them,
Methodology
8.20 contingency reboots OS 3.2.6.20
No. 77
hardware ensure And
other facts violations
informational security
(IB) technical funds
relaying
8.21 Examination logging 3.2.6.21 Methodology
16
Number Prime

No. 1 to TK th
actions of technical means of data
retransmission at the No. 78
retransmission control workstation
In case of emergency situations, attempts
to analyze open source software
relaying data, as well as at the
command of the administrator, all
Methodology
8.22 modules SPO, 9.12
No. 79
configuration files,
the input and output data of
the relaying software must be
destroyed
9 training, accommodation and 3.2.7
"promotion" special
materials (SPO PRR)
Examination training
special materials Methodology
9.1 3.2.7.1
(text, graphic, No. 80
video, audio messages)
Verification of ensuring the
hiding and generation of the
legendary personalization Methodology
9.2 3.2.7.2
information in special No. 81
materials cleaning or
filling in metadata
Bypass check restrictions
additional parameters Methodology
9.3 3.2.7.3
privacy in social No. 82
networks
Automated Placement Check

Methodology
9.4 special 3.2.7.4
No. 83
materials
Examination providing funds
uplift ratings Methodology
9.5 3.2.7.5
distributed No. 84
special materials
17
Number Prime

No. 1 to TK th
Checking automated account
registration records
users With
Methodology
9.6 using generated 3.2.7.6
No. 85
(With taking into account technologies
social engineering) personal
data
Examination creation copies
Methodology
9.7 profile really 3.2.7.7
No. 86
existing entity
Checking support for at least
100 social network user Methodology
9.8 3.2.7.8
profiles from one workplace No. 87
Checking automated email

preparation (Yandex, Mail.ru,
Methodology
9.9 Gmail) when registering 3.2.7.9
No. 88
accounts in supported services
Verification of preparation,
storage and presentation operator
profile virtual
user: personal data,
Methodology
9.10 existing accounts in supported 3.2.7.10
No. 89
services,
action history, personal
dialogues in existing accounts
Validation of analysis and

generation of reports on the Methodology
9.11 3.2.7.11
external in relation to the profile No. 90
activity
Examination dissemination
information messages
Methodology
9.12 subscribers GIS OP 3.2.7.12
No. 91
through electronic
mail
9.13 Examination dissemination 3.2.7.13 Methodology
18
Number Prime

No. 1 to TK th
subscribers of GIS OP through
automated distribution of No. 92
personal messages V
supported services
Methodology
9.14 subscribers By telephone 3.2.7.14
No. 93
networks With using
IP telephony technologies
information messages Methodology
9.15 3.2.7.15
subscribers through No. 94
SMS/MMS messages
Examination informational
ensure activities for
Methodology
9.16 dissemination special 3.2.7.16
No. 95
content in supported services
Examination ensure
effect real
Methodology
9.17 user" V process 3.2.7, 3.2.7.17
No. 96
dissemination
information materials
Examination mechanisms
obstacles disclosure Methodology
9.18 3.2.7.18
national and departmental No. 97
affiliation
Checking automated interaction
with open source software Methodology
9.19 3.2.7.19
linguistic support subsystems No. 98
requirements By regime
Methodology
9.20 data processing and rights to 9.3.2, 9.3.3
No. 99
access processed
information
9.21 Checking registration functions 9.17 Methodology
19
Number Prime

No. 1 to TK th
And storage action
No. 100
operators
10 testing 3.2.8
telecommunications
equipment (SPO PTT)
Examination detection
Methodology
10.1 topical critical 3.2.8.1
No. 101
system software vulnerabilities
Methodology
10.2 topical critical 3.2.8.2
No. 102
server software vulnerabilities
topical critical Methodology
10.3 3.2.8.4
vulnerabilities Security software No. 103
information
Examination structural And
Methodology
10.4 static analysis of program 3.2.8.5
No. 104
source texts
Examination dynamic
Methodology
10.5 analysis software 3.2.8.6
No. 105
ensure
Testing automated recognition
used Methodology
10.6 3.2.8.7
standard library No. 106
functions
Signature analysis verification
Methodology
10.7 potentially dangerous 3.2.8.8
No. 107
operations
Examination recovery
protocol functioning logic And
network Methodology
10.8 3.2.8.9
interactions software No. 108
ensure third party
developers
Automated verification of open source Methodology
10.9 3.2.8.10
software of APK "Amezit" SAVZ No. 109
20
Number Prime

No. 1 to TK th
Automated update check
bases viral Methodology
10.10 3.2.8.11
signatures from trusted No. 110
sources
Checking the automated
search for changes made to
the program code of system Methodology
10.11 3.2.8.12
and application software of No. 111
third-party developers when it
modifications
Verification of Information Methodology
10.12 3.2.8.13
Security Threat Modeling No. 112
Examination modeling
elements And segments
computer networks
Methodology
10.13 autonomous segment For 3.2.8.14
No. 113
testing functional
opportunities means of protection
information
eleven requirements purpose of STR 3.2.9
data storage (SPO PCB)
Examination storage
information, collected from Methodology
11.1 3.2.9.1
using subsystems PMS and No. 114
PKS
Checking the storage of processing
Methodology
11.2 templates news 3.2.9.2
No. 115
information portals
Examination storage
analytical references, Methodology
11.3 3.2.9.3
trained V APK No. 116
"Amesite"
Examination structuring Methodology
11.4 3.2.9.4
information No. 117
Checking the search for data in Methodology
11.5 3.2.9.5
arrays of information No. 118
11.6 Examination providing 3.2.9.6 Methodology
21
Number Prime

No. 1 to TK th
operator information V
No. 119
graphical form
Examination reserve Methodology
11.7 3.2.9.7
data copying No. 120
Examination storage video-, Methodology
11.8 3.2.9.8
audio archives No. 121
Examination simultaneous
viewing archives (up to 3 Methodology
11.9 3.2.9, 3.2.9.9
connections) without stopping No. 122
recording
11.10 3.2.9.14
12 processing of results and their 3.2.10
visualization on an interactive
screen (SPO POR)
Examination demarcations Methodology
12.1 3.2.9.13
access No. 124
Examination display on
electronic area map
closed segment of the POR
subsystem integrated
environment V Methodology
12.2 3.2.10.1
geoinformation system With No. 125
opportunity output
digital form of the object with
graphic and text documents
Examination display And

editing (if you have access
rights) on the electronic map
Methodology
12.3 terrain 3.2.10.2
No. 126
geoinformation systems
closed segment of the ERP
subsystem of the form (name,
22
Number Prime

No. 1 to TK th
location,
additional description, etc.)
when the symbol of the object
is activated
Examination drawing
integrated situation on an Methodology
12.4 3.2.10.3
electronic map of the area in a No. 127
geographic information system
Examination accumulation
information manually by
creating electronic Methodology
12.5 3.2.10.4
forms objects on No. 128
electronic area map
closed POR segment
Examination drawing
operator graphic
information on electronic
area map closed Methodology
12.6 3.2.10.5
segment of the POR subsystem into No. 129
the selected layer With
using libraries
conventional signs
Examination export V
Methodology
12.7 electronic documentation And 3.2.10.6
No. 130
import files
Examination visual
display demonstrated
Methodology
12.8 information V multi-window 3.2.10.7
No. 131
mode on means
information display
Examination planning And
control fulfillment
events By Methodology
12.9 3.2.10.8
informational No. 132
restriction local
district
Examination integrated Methodology
12.10 3.2.10.9
representations of various kinds No. 133
23
Number Prime

No. 1 to TK th
information (text,
graphics, audio and video)
Examination informational
Methodology
12.11 exchange superiors and 3.2.10.11
No. 134
subordinate bodies
12.12 3.2.10.12
Examination detection And

prevention
Methodology
12.13 unauthorized 9.6
No. 136
activity in near real time
Examination inventory
Methodology
12.14 resources And monitoring 9.8, 9.9
No. 137
infrastructure changes
Checking the collection and analysis
of events informational Methodology
12.15 9.10
security, coming from No. 138
controlled subsystems
received data and
Methodology
12.16 alerts administrator 9.11
No. 139
security about incidents
information security
Examination survivability And
3.4, 3.4.1– Methodology
13 resilience to external
3.4.2 No. 140
influences
Reliability check Methodology
14 3.5
No. 141
Examination ergonomics,
3.6, 3.6.1– Methodology
15 habitability Andtechnical
3.6.2 No. 142
aesthetics
Examination operation,
storage, facilities Methodology
16 3.7, 3.7.1
technical service and No. 143
repair
24
Number Prime

No. 1 to TK th
security check Methodology
17 3.9, 3.9.1
No. 144
Verification of secrecy,
protection against ITR, degree
of secrecy and protection class 3.10, 3.11,
Methodology
18 information, 9.3.1, 9.3.4,
No. 145
technical means of information 9.3.5, 10
processing and requirements for
the protection of state secrets
Examination standardization, 3.12, 3.12.1– Methodology
19
unification and cataloging 3.12.4 No. 146
Examination constructive
requirements requirements To 3.14, 3.14.1, Methodology
20
conservation, packaging And 7, 7.1–7.2 No. 147
labeling
Examination technical Methodology
21 4.1–4.3
economic demands No. 148
Examination requirements To 5.3, 5.3.1– Methodology
22
diagnostic support 5.3.4 No. 149
Examination requirements To
5.4, 5.4.1–
mathematical,
5.4.2.1, Methodology
23 programmatic And
5.4.2.4- No. 150
information and
5.4.3.3
linguistic support
Verification of requirements for Methodology
24 8, 8.1–8.7
educational and training facilities No. 151
Checking for patent purity and Methodology
25 9, 9.2
patentability of the product No. 152
Grade check compliance
security resources
Methodology
26 (scan on Availability 9, 9.7
No. 153
vulnerabilities) And eliminate
discovered vulnerabilities
Examination inventory Methodology
27 9, 9.8
resources No. 154
Examination monitoring Methodology
28 9, 9.9
infrastructure changes No. 155
29 Verification of collection and analysis 9, 9.10 Methodology
25
Number Prime

No. 1 to TK th
events informational
security, coming from No. 156
controlled subsystems
received data and
Methodology
thirty alerts administrator 9, 9.11
No. 157
security about incidents
information security
Examination absence
comments in scripts and
configuration files,
Methodology
31 examination hiding 9, 9.13
No. 158
nationality, information about
the developer and the
Customer
Checking the transmission of data about
the current able With
Methodology
32 using robust detection and To 9, 9.15
No. 159
compromise protocols
Checking protection against MiTM attacks

Methodology
33 when organizations 9, 9.16
No. 160
information exchange
Checking the registration and Methodology
34 9, 9.17
recording of operator actions No. 161
Examination exceptions
use
Methodology
35 functionality of the complex by 9, 9.18
No. 162
the operator for personal
purposes
Examination fulfillment And13.1–13.5.1,
Methodology
36 acceptance of the stages of the SC R&D 13.7–13.10,
No. 163
13.14–13.16
1.4.2 The product is considered to have passed the tests according to these paragraphs
TK, if the results of all checks performed in accordance with the above list
are positive.
26
1.4.3 By decision of the commission, additional
tests, the results of which are reflected in the test report. Additional tests
should be carried out on the basis of the requirements of the ToR for the SC
R&D.
1.5 Conditions, modes, procedure, venue, types and stages
tests
1.5.1 The procedure for conducting preliminary tests is determined
this document. Tests are carried out in one stage on the territory of the
Contractor.
1.5.2 Before testing, it is necessary to familiarize yourself with
documents:
-RU.VATS.00176-01 "Special software security
"Amezit-V". Specification";
-RU.VATS.00176-01 91 01 "Special software
"Amezit-V". Instructions for protecting information from unauthorized
access”;
"Amezit-V". Network Administrator's Guide";
"Amezit-V". Security Administrator Guide";
"Amezit-V". Security Administrator Instructions";
"Amezit-V". Control example (method) of setting up the information security system during the
operation of the product”;
subsystems for the formation of an autonomous segment of the data transmission
network. System Programmer's Guide";
subsystems for the formation of an autonomous segment of the data transmission network.
Operator's Manual";
Test program and methodology”;
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
27
subsystems for monitoring messages of an autonomous segment of the data
transmission network. System Programmer's Guide";
transmission network. Operator's Manual";
subsystems for monitoring messages of an autonomous segment of the data transmission
network. Test program and methodology”;
transmission network. User guide".
subsystems for monitoring the Internet and the media. System
Programmer's Guide";
subsystems for monitoring the Internet and the media. Operator's Manual";
subsystems for monitoring the Internet and the media. Test program and
methodology”;
subsystems for monitoring the Internet and the media. User guide".
subsystems for the analysis of information and technical objects of
telecommunication systems. System Programmer's Guide";
telecommunication systems. Operator's Manual";
telecommunication systems. Test program and methodology”;
telecommunication systems. User guide";
subsystems of primary information analysis. System Programmer's Guide";
28
subsystems of primary information analysis. Operator's Manual";
subsystems of primary information analysis. Test program and
methodology”;
subsystems of primary information analysis. User guide";
data relay subsystems using intermediate servers. System Programmer's
Guide";
data relay subsystems using intermediate servers. Operator's Manual";

data relay subsystems using intermediate servers. Test program and
methodology”;
data relay subsystems using intermediate servers. User guide";

subsystems for the preparation, placement and "promotion" of special
materials. System Programmer's Guide";
-RU.BATC.00183-01 34 01 Special software
subsystems for the preparation, placement and "promotion" of special materials.
Operator's Manual";
Test program and methodology”;
materials. User guide;
-RU.BATC.00184-01 32 01 "Special software
subsystems for testing telecommunication equipment. System
subsystems for testing telecommunication equipment. Operator's
Manual";
29
subsystems for testing telecommunication equipment. Test program and
methodology”;
subsystems for testing telecommunication equipment. User guide".

storage subsystems. System Programmer's Guide";
storage subsystems. Operator's Manual";
storage subsystems. Test program and methodology”;
storage subsystems. User guide";
subsystems for processing results and visualizing them on an interactive
screen. System Programmer's Guide";
screen. Operator's Manual";
screen. Test program and methodology”;
screen. User guide".
1.5.3 Testing of the Product is carried out in the following order:
- checking the sufficiency and completeness of documentation;
- checking the completeness of the Product;
- checking the functionality of the Product.
1.5.4 Checking the functionality of the Product is carried out
according to the following algorithm:
- connection hardware and software funds To

telecommunication network and power supply network;
- pre-setting (if necessary) software
funds;
thirty
- carrying out the test in accordance with the chosen method
tests;
- completion of tests with recording the results in the Protocols
preliminary tests.
1.5.5 Tests are carried out under normal climatic conditions:
- temperature (20 ± 5) ºC;
- relative humidity - (60 ± 15) % at atmospheric pressure
(84 - 107) kPa (630 - 800) mmHg Art.
1.6 Logistics of testing
1.6.1 For testing, the Customer provides hardware and
software from the hardware-software complex (HSC) "Amezit".
1.6.2 The procedure for setting up the SSW included in the SSW "Amezit-V"
given in the following documents:
"Amezit-V". Instructions for protecting information from unauthorized
access”;
"Amezit-V". Network Administrator's Guide";
"Amezit-V". Security Administrator Guide";
"Amezit-V". Security Administrator Instructions";
"Amezit-V". Control example (method) of setting up the information security system during the
operation of the product”;
31

Guide";
screen. System Programmer's Guide.
1.6.3 Connecting the hardware of the Product must
be carried out in accordance with the connection diagrams (Appendix B).
1.7 Metrological provision of tests
1.7.1 Metrological assurance of tests is carried out
Customer.
1.8 Ensuring the protection of state secrets
1.8.1 Ensuring the protection of state secrets is carried out in
in accordance with the document "Instruction on the RFP from the ITR for the stage of
manufacturing a prototype."
1.9Reporting
1.9.1 Upon completion of the tests, an act of preliminary
tests and protocols on points of PM.
1.9.2 Test reports are signed by members of the working group
and members of the commission responsible for conducting tests on these points of the
program. The minutes are approved by the chairman of the commission.
1.9.3 Based on the results of preliminary tests, an act is drawn up, on
on the basis of which they draw up a decision, where they provide for the
implementation of measures to ensure the implementation of conclusions and proposals,
32
specified in the act. If the results of the tests do not require adjustment of the design
documentation and refinement of the prototype, the decision on the act is not drawn up,
which should be reflected in the act, in this case, the act is approved by the General
Director of STC Vulkan LLC.
1.9.4 The preliminary test certificate is issued in two
copies with mailing to LLC STC Vulkan and FSUE RNIIRS.
33
Annex A
Test Methods
A.1 Method #1
A.1.1 This method is used to check the documentation of open source software
"Amezit-V" for compliance with the requirements of paragraphs 5.1.1–5.1.4, 9.5, 13.2.5–13.2.6,
13.3, 13.5.1–13.5.8, 13.6.1, 13.11–13.13, 13.17–13.19 of the ToR for MF ROC "Amezit-V". A.1.2
During the audit, the sufficiency and completeness of the documentation of the
Amezit-V software is assessed.
A.1.3 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
A.1.3.1 Compare submitted

composition documentation With
approved list of software documentation and document RU.VATS.00176-01
“Amezit-V Special Software”. Specification". Make sure that the presented
composition of the documentation complies with RU.VATS.00176-01 “Special
software “Amezit-V”. Specification".
A.1.3.2 Analyze the content and execution of the submitted documents

for compliance with the requirements of GOST RV 15.110-2003, GOST RV
15.203-2001, GOST RV 2.902-2005, GOST RV 15.211-2002, GOST RV series
20.39.301-98–20.39.305-98, GOST RV 20.57.304-98, OTT 7.1.203-90, GOST 2.601-2006
and ESPD.
A.1.3.3 Perform an analysis of operational documentation in terms of
Open source software for technical means for analyzing objects of
telecommunication systems and life support systems, technical means for
primary analysis and technical means for forming an autonomous segment
of a data transmission network. Make sure that the operational
documentation is developed in a legend form and does not contain signs of
departmental affiliation.
A.1.4 SPO "Amezit-V" is considered to have passed the tests according to
clauses A.1.3.1–A.1.3.3 of the test program and procedure and fulfill clauses 5.1.1–
5.1.4, 9.5, 13.2.5–13.2.6 , 13.3, 13.5.1–13.5.8, 13.6.1, 13.11–13.13, 13.17–
13.19 TK for midrange R&D, if:
- submitted documentation of SPO "Amezit-V" on the nomenclature and
quantity corresponds to the approved list of RKD documentation and
document RU.VATS.00176-01 “Amezit-V Special Software”. Specification";
34
- the submitted documentation of SPO "Amezit-V" corresponds to
content and design requirements of GOST RV 15.110-2003, GOST RV
15.203-2001, GOST RV 2.902-2005, GOST RV 15.211-2002, GOST RV series
20.39.301-98–20.39.305-98, GOST RV 20.57.304-98, OTT 7.1.203-90, GOST
2.601-2006 and ESPD;
- developed and agreed with the lead contractor the following
documents on the protection of information from unauthorized access:
- suggestions to the network administrator's guide

(description the process of processing information, the
composition of hardware and software, maintenance
(installation, configuration, operation) of general and
special software);
- offers V Act installations, settings And
functioning of general software, special software and
information security tools with a protocol for calculating
the checksums of the main executable files and dynamic
libraries according to selected criteria;
- the following documents have been developed:
- a methodology for updating interfaces for interfacing with external

systems;
- technique receiving access To third party
telecommunications equipment bypassing authorization if
there is physical access to it;
- methodology for deploying an autonomous segment of data
transmission networks;
- list of reporting documents and forms of their
- construction; screen forms of the graphical control
- interface; list of design, operational and program
documentation;
- operational documentation in terms of SPO technical means
analysis of objects of telecommunication systems and life support systems,
technical means of primary analysis and technical means of forming an
autonomous segment of the data transmission network is developed in a
legendary form and does not contain signs of departmental affiliation.
35
A.2 Method #2
A.2.1 In this technique, the composition of the SPO "Amezit-
B" for compliance with the requirements of clauses 3.1, 5.4.2.2, 5.4.2.3, 9.14 of the TOR for the Amezit-V R&D
center.
A.2.2 During the check, the completeness of the Amezit-V software is assessed.
A.2.3 Verification is performed by comparing the actual composition
a set of components of the SPO "Amezit-V" with the document
RU.VATS.00176-01 "Special software" Amezit-V ". Specification".
A.2.4 SPO "Amezit-V" is considered to have passed the tests according to clause A.2.3
of the test program and methodology and fulfill clauses 3.1, 5.4.2.2, 9.14 of the TOR for the
R&D MF, if:
- composition of software packages, operational and
program documentation on the nomenclature corresponds to the
document RU.VATS.00176-01 “Special software “Amezit-V”. Specification";
- The OPO includes:

- operating systems (OS);
- database management systems (DBMS);
- drivers that ensure the operation of peripheral devices and
the correct processing of various types of information data;
- information security tools (IPS), including anti-virus tools

(such as DrWeb or Kaspersky Anti-Virus);
- means used anti-virus protection (SAVZ)

certified in the system of certification of information security tools of the
Ministry of Defense of Russia, tested for the possibility of use in the
product (including compatibility with software and hardware and meet the
specified requirements for anti-virus protection) and included in the
software of the product in the prescribed manner;
- OPO of a product functions and provides the organization
computing process on the computing facilities of the system;
- HIFs contain software integrity controls.
A.3 Method #3
A.3.1 In this technique, the SPO PAS is checked for
compliance with the requirements of clauses 3.2.1, 3.2.1.1 of the TOR for the Amezit-V R&D center.
36
A.3.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.1 of the TOR for the MF
R&D "Amezit-V" SPO PAS should provide traffic retransmission and

organization of connection to the following wired communication lines:
- Ethernet;
- GPON;
- DOCSIS;
ADSL (DSLAM).
-
А.3.3 In order to check the SPO PAS for compliance with the
requirements, it is necessary to perform the actions described below.
A.3.3.1 Assemble the test bench according to the diagram on

Figure 3.
A.3.3.2 Connect the traffic generator (APK SCAT) in turn to the test
bench using different types of wired communication lines: Ethernet, GPON,
DOCSIS, ADSL (DSLAM). The procedure for connecting the traffic generator
(APK SCAT) is given in the document RU.VATS.00177-01 32 01 “Special
software for the subsystem for forming an autonomous segment of the
data transmission network. System Programmer's Guide.
A.3.3.3 Start the traffic generator (HSC SCAT) to ensure stable traffic
(the file testdata15m 15 Mb in size is transmitted) passing through the test
bench. The procedure for launching and configuring the traffic generator
(APK SCAT) is given in the document RU.VATS.00177-01 32 01 “Special
data transmission network. System Programmer's Guide.
A.3.3.4 Start the management software for the D-link DGS-1100-24

router from the operator's workstation (log in to the management console).
Instructions for working with the router are given in the document
RU.VATS.00177-01 32 01 “Special software for the subsystem for forming an
autonomous data network segment. System Programmer's Guide.
A.3.3.5 View D-link DGS-1100-24 router connection statistics. Make

sure that the number of bytes received on the router port (port 2) (from the
traffic generator (APK SCAT)) is equal to the number of bytes of traffic
transmitted through the output port of the D-link DGS-1100-24 router (port
22). The procedure for viewing statistics is given in the document
RU.VATS.00177-01 32 01 “Special software for the subsystem
37
formation of an autonomous segment of the data transmission network.
System Programmer's Guide.
A.3.4 SPO PAS is considered to have passed the tests according to clauses
A.3.3.1-A.3.3.5 of the test program and methodology and fulfill clauses 3.2.1,
3.2.1.1 on the R&D MF, if the test bench provides traffic retransmission
(number of bytes received at the input port is equal to the number of bytes of
traffic transmitted to the output port of the D-link DGS-1100-24 router (15 Mb))
for all options for connecting the traffic generator using the listed types of
wired communication lines: Ethernet, GPON, DOCSIS , ADSL (DSLAM).
A.4 Method No. 4

A.4.2 In accordance with the requirements of clauses 3.2.1, 3.2.1.2 of the ToR for
the Amezit-V R&D MF, the SPO PAS must provide:
- retransmission of traffic using wireless communication lines:
- GSM;
- GPRS;
- EDGE;
- organization of connection to the following wireless communication networks:
- GSM;
- GPRS;
- LTE;
- CDMA;
- WiFi;
- WiMAX.
A.4.3 To check SPO PAS for compliance
requirements, follow the steps below.

Figure 3.
А.4.3.2 Connect the traffic generator (APK SCAT) in turn to the test
bench using different types of wireless communication lines: GSM, GPRS,
LTE, CDMA, Wi-Fi, WiMAX. From the bench side, wireless device modems
should be connected to port 3 of the D-link DGS-1100-24 router.
38
A.4.3.3 Launch the traffic generator (APK SCAT) for
ensuring stable traffic (the testdata25M file of 25 Mb in size is transferred). The
procedure for launching and configuring the traffic generator (APK SCAT) is
given in the document RU.VATS.00177-01 32 01 “Special software for the
subsystem for forming an autonomous segment of the data transmission
network. System Programmer's Guide.
A.4.3.5 View D-link DGS-1100-24 router statistics. Make sure that the
number of bytes received on port 3 of the router is equal to the number of
bytes of traffic transmitted through the output port 22 of the Dlink
DGS-1100-24 router (25 Mb).
A.4.3.6 Simulate traffic from the side of a mobile device by launching a
virtual base station simulator (a 35 Mb testdata35M file is transmitted). The
base station simulator must be connected to port 4 of the D-link
DGS-1100-24 router. Instructions for connecting the VBS simulator and
creating traffic are given in the documents RU.VATS.00177-01 32 01 “Special
data transmission network. System programmer's guide” and
autonomous segment of the data transmission network. Base station
management software. System Programmer's Guide.

number of bytes received on port 4 of the router is equal to the number of
bytes of traffic transmitted through the output port 22 of the Dlink
DGS-1100-24 router (35 Mb).
39
A.4.4 SPO PAS is considered to have passed the tests according to clause A.4.3.1-
A.4.3.8 of the test program and methodology and performing paragraphs 3.2.1, 3.2.1.2 on
the R&D MF, if:
-the test bench provides traffic relaying from
using different types of wireless communication lines: GSM, GPRS, LTE,
CDMA, Wi-Fi, WiMAX (input traffic volume for each connection option is
equal to 25 Mb output traffic volume);
- test bench provides traffic relay from the side
virtual base station simulator (the volume of input traffic is equal to the volume of
output traffic of 35 Mb).
A.5 Method #5
A.5.2 In accordance with the requirements of clauses 3.2.1, 3.2.1.3 of the
ToR for the Amezit-V R&D SC, the SPO PAS must ensure the management of
third-party telecommunications equipment at the distribution level and core
level without authorization and with physical access to it for the following
equipment models :
- Huawei S5XXX series;
- Juniper MX40, MX80, MX10, MX104 series;
- Cisco 2000, 2500, 3000, 680x0-Based 4000, 7000 series;
- Extreme Networks Summit x430, x440, x450, x460 series;
D-Link DGS-3627, DGS-3620-28, DES-3200-10, DES-3200-24 series.
-
A.5.3 In order to check the SPO PAS for compliance with the

Figure 3.
A.5.3.2 Connect the operator's workstation for access to the D-link
DGS-1100-24 switch via the RS-232 interface. Connection instructions are
A.5.3.3 Run the Terminal command line utility on the PAS operator
workstation. During loading, when the following message appears in the
console: Please wait, loading V6.20.B18 Runtime image ............ 100%, required
40
repeatedly press shift+6+3 until you get a message in the console: Factory Default
Enable.................................. ...............
A.5.3.4 After the D-link DGS-1100-24 boots up, run the reset config
command and save the settings with the save command.
A.5.3.5 After rebooting the router, connect to the D-link DGS-1100-24
router from the operator's AWS (run the Terminal utility). Make sure you are
logging into the router's command line ">". Perform the installation of a
new password "12345".
A.5.3.6 On the PAS operator's workstation, configure the access acquisition
software (according to the factory settings) for the D-link DGS-1100-24 model.
A.5.3.7 To check the software method for gaining access to the
equipment on the PAS operator workstation, run the access gaining
software, specifying the IP address 10.10.10.113 of the D-link DGS-1100-24
router as a parameter. The procedure for gaining access is given in the
document RU.VATS.00177-01 92 02 “Special software for the subsystem for
forming an autonomous segment of the data transmission network. Access
Software. User guide".
A.5.3.8 View the results of the access software. Make sure that entries
containing password information have been generated to access the
management console of the D-link DGS-1100-24 router, the password is
found - "12345". The procedure for viewing the results is given in the
forming an autonomous segment of the data transmission network. Access
Software. User guide".
A.5.3.9 On the AWS operator's workstation, perform one-by-one configuration
of the access acquisition software (according to the factory settings) for the following
equipment models:
- Huawei S5XXX series;
- Juniper MX40, MX80, MX10, MX104 series;
- Cisco 2000, 2500, 3000, 680x0-Based 4000, 7000 series;
- Extreme Networks Summit x430, x440, x450, x460 series;
-D-Link DGS-3627, DGS-3620-28, DES-3200-10, DES-3200-24 series.
A.5.3.10 On the PAS operator's workstation, start sequentially
launching the software for obtaining access for the listed equipment
models. Instructions for launching and setting up are given in the document
autonomous data network segment. Access Software. User guide".
41
A.5.3.10 of the test programs and methods and performing paragraphs 3.2.1,
3.2.1.3 on the R&D MF, if the user, having completed the physical connection
procedure via the RS-232 interface, was able to set a new password on the
device, as well as using the access acquisition software was able to obtain
password information (password "12345") that provides access to the network
device management software at 10.10.10.113 (D-link DGS-1100-24 router).
A.6 Method No. 6

compliance with the requirements of paragraphs 3.2.1, 3.2.1.4 of the TOR for the Amezit-V R&D center.
A.6.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.4 of the ToR
for the Amezit-V R&D center, the SPO PAS must ensure the collection, registration and
display of the following information:
A.6.2.1 With regard to the operation of controlled equipment that has
the ability to collect and provide its diagnostic information:
- state (working / not working);
- OS version;
event log entries;
-
- equipment load indicators.
N o t e . Hereinafter, controlled equipment refers to the hardware of
the PAS subsystem and telecommunications equipment of third parties
connected to the Amezit HSC (when gaining access to it).
A.6.2.2In terms of traffic passing through controlled

equipment that has the ability to collect and provide information on traffic
using the NetFlow protocol:
- date and time of connection start;
- date and time when the connection ended;
customer information (IP address, domain name (if any), port);
-
- server information (IP address, domain name (if any), port);
- protocol code according toRFC1700.
A.6.2.3 Controlled equipment routing tables. A.6.3 To check the
compliance with the requirements of the SPO PAS, it is necessary to
perform the actions described below.

Figure 3.
42
A.6.3.2 Log in to the PAS management software interface by going to
section for viewing the parameters of controlled equipment. Instructions for
viewing the parameters of the controlled equipment are given in the
forming an autonomous segment of the data transmission network.
Diagnostic and control software. User guide".
A.6.3.3 View server settings ServWin1.
A.6.3.4 SPO PAS is considered to have passed the tests according to clause A.6.3.1-
A.6.3.3 of the test programs and methods and performing paragraphs 3.2.1, 3.2.1.4 on
the R&D MF, if the user in the interface of the diagnostics and control software in the
section for viewing the parameters of the monitored equipment observes diagnostic
information about the operation of the equipment:
- state (Activated);
- OS version (Windows 10);
- load on the subsystem in the form of a graphCPU Load, Traffic on Eth1;
- the event log (Auth, Syslog, Messages, Application, Security,
System). A.6.3.5 Start the browser from the PAS operator workstation
and log in to the operator interface of the network traffic monitoring
software by going to the section for viewing connection statistics.
Instructions for working with software for monitoring network traffic are
given in documents RU.VATS.00177-01 92 07 “Special software for the
subsystem for forming an autonomous segment of a data transmission
network. Network traffic monitoring software. User guide"
A.6.3.6 View the connection log.
A.6.3.6 of the test programs and methods and performing clauses 3.2.1, 3.2.1.4
on the R&D MF, if the user in the interface of the traffic monitoring software in
the connection statistics viewing section can see the connection log entries:
- date and time the connection was started, of the form:05/11/2018 14:31;
- date and time when the connection ended, of the form:05/11/2018 14:41;
- view client information:31.132.105.110: 21;
- view server information:87.242.79.110: 1358;
- protocol code or port number forTCP/UDP, type: FTP:
- the size of the transferred data, of the form:10084.
A.6.4.1 Start the browser from the PAS operator's workstation and enter the
operator interface of the network traffic monitoring software by going to the
route information viewing section. Instructions for working with the software
43
monitoring of network traffic is given in the documents RU.VATS.00177-01
92 07 “Special software for the subsystem for forming an autonomous
segment of the data transmission network. Network traffic monitoring
software. User guide".
A.6.4.2 From the PAS operator's workstation, launch the browser,
enter the D-link DGS-1100-24 router management software and view
information about routes on the router. Make sure that diagnostic
information is collected for the monitored equipment on the routes of
passing traffic and the routing information is displayed in the form of
routing tables. The procedure for viewing statistics is given in the document
autonomous data network segment. Network traffic monitoring software.
User guide".
A.6.4.1-A.6.4.2 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.4 on
the R&D MF, if the user in the interface of the diagnostics and control software in the
section viewing the parameters of the controlled equipment observes the contents of
the routing table, of the form:
Destination Gateway Genmask Flags Metric Ref Use face
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.10.1 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
A.7 Method No. 7

A.7.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.5 of
the TOR for the MF R&D "Amezit-V" SPO PAS should provide traffic routing and its
transmission to the technical means of primary information analysis.
A.7.3.1 Connect the traffic generator (APK SCAT) to

test stand. The procedure for setting up the test bench is given in the
forming an autonomous segment of the data transmission network. System
Programmer's Guide.
A.7.3.2 Launch the traffic generator (HSC SCAT), which provides stable
traffic (the testdata25M file is transmitted with a size of 25 MB at a speed of
100 Mbps). How to start and set up the generator
44
traffic is given in the document RU.VATS.00177-01 32 01 “Special software
for the subsystem for forming an autonomous segment of the data
transmission network. System Programmer's Guide.
А.7.3.3 Log in to the management console of the D-link DGS-1100-24
router from the PAS operator workstation. Instructions for working with the
D-link DGS-1100-24 router are given in the document RU.VATS.00177-01 32
01 “Special software for the subsystem for forming an autonomous data
network segment. System Programmer's Guide.
A.7.3.4 View statistics of the D-link DGS-1100-24 router on port 19 (to

which the PPA server is connected). Make sure that traffic is routed (traffic
packets reach port 19 of the D-link DGS-1100-24 router).
traffic is being transmitted to the technical means of the primary
information analysis (server "SCAT for retrieval and analysis of traffic"), the
amount of traffic passing through port 19 is 25 Mb, the traffic speed is 100
Mbps.
3.2.1.5 on the R&D MF, if routing and traffic transmission are provided (number of
byte of the transferred file is equal to the number of bytes of traffic received by
the PPA equipment (25 MB)) at a speed of 100 Mbps.
A.8 Method No. 8
compliance with the requirements of paragraphs 3.2.1, 3.2.1.6 of the TOR for the Amezit-V R&D center.

the ToR for the Amezit-V MF R&D, the SPO PAS should provide automatic network
configuration using DHCP, NTP, DNS protocols.

Figure 3.
A.8.3.2 Turn on the PAS operator's workstation. View the network
A.8.3.3 connection parameters of the operator's workstation.
Make sure, What completed automatic setting IP addresses With
45
using the DHCP protocol. The procedure for viewing the parameters of the
AWS network connection is given in the document RU.VATS.00177-01 32 01
“Special software for the subsystem for forming an autonomous segment of
the data transmission network. System Programmer's Guide.
A.8.3.1-A.8.3.3 of the test program and methodology and fulfill clauses 3.2.1, 3.2.1.6
on the R&D center, if, when the AWS of the PAS operator is included in the
autonomous segment, automatic IP address setting:
C:\Users>ipconfig /all
IP protocol setting for Windows Ethernet
adapter Ethernet:
Connection DNS suffix . . . . . : domainpc.ru
Description. . . . . . . . . . . . . : Intel(R) Ethernet Connection I219-V Physical address. . . . . . . . . :
40-8D-5C-C9-41-17
DHCP enabled. . . . . . . . . . . : Yes Auto tuning is
enabled. . . . . . : Yes
IPv4 address. . . . . . . . . . . . : 10.0.6.146(Main) Subnet mask . . . . . . . . . . :
255.255.255.0
A.8.4.1 View ARM time service settings

PAS operator. Make sure that the automatic setting of the time synchronization of
the AWP operator's AWS using the NTP protocol is performed. The procedure for
viewing the parameters of the ARM exact time service is given in the document

autonomous segment of the data transmission network. System
Programmer's Guide.
A.8.5 SPO PAS is considered to have passed the tests according to clause A.8.4.1
of the program and test procedure and fulfill clauses 3.2.1, 3.2.1.6 on the R&D center,
if automatic time synchronization is performed when the AWP operator's workstation
is turned on:
C:\Users>w32tm/query/peers
#Knots: 1
Partner Host: dc03.domenpc.ru Status:
Active
Time left: 18125.1491263s Mode: 3 (Client)
Stratum: 4 (secondary link - synchronized with (S)NTP) Peer Poll Interval: 15 (32768s)
NodePolling Interval: 15 (32768s)
A.8.5.1Execute DNS Query Using APM Command Line

PAS operator and view the results. Ensure that resource domain names are
automatically translated to IP addresses using the DNS protocol. The
procedure for performing a DNS query is given in
46
forming an autonomous segment of the data transmission network. System
Programmer's Guide.
A.8.6 SPO PAS is considered to have passed the tests according to clause A.8.5.1
of the program and test methodology and fulfill clauses 3.2.1, 3.2.1.6 on the R&D
center if, when the operator's workstation is turned on, automatic translation of
domain names of resources into IP addresses is performed using the DNS protocol:
C:\Users>nslookup mail.ru
dc03.domenpc.ru
Address: 10.0.0.20
A.9 Method number 9

the ToR on the MF R&D "Amezit-V", the SPO PAS should provide traffic
prioritization using TOS.

Figure 2.
A.9.3.2 Connect the traffic generator (APK SCAT) to the test stand. The
procedure for connecting the traffic generator (APK SCAT) and setting up
the test bench is given in the document RU.VATS.00177-01 32 01 “Special
software for the subsystem for forming an autonomous data network
segment. System Programmer's Guide.
A.9.3.3 Log in to the operator interface of the traffic generator

management software (HSC SCAT) and configure the traffic generator in
accordance with the following conditions: the generated traffic consists of
two protocols (http and ftp), the ratio of protocols in traffic: 50% http on 50%
ftp to the volume of generated traffic, the traffic generated consumes the
bandwidth of the D-link DGS-1100-24 test bench router (100 Mbps). The
procedure for launching and configuring the traffic generator (APK SCAT) is
47
A.9.3.4 Start traffic generation.
A.9.3.5 From the PAS operator's workstation, log in to the management console
router D-link DGS-1100-24. Instructions By work With
router are given in the document RU.VATS.00177-01 32 01 “Special software
for the subsystem for forming an autonomous data network segment.
A.9.3.6 View D-link DGS-1100-24 router statistics.

Ensure that traffic is delivered with a protocol ratio of 50% http to 50% ftp
traffic.
A.9.3.7 From the PAS operator's workstation, log in to the management
console of the D-link DGS-1100-24 router, go to the traffic prioritization section
and set the priority for traffic via the http protocol to 80%, and for the ftp
protocol to 20% from the bandwidth.
http protocol traffic passes without restrictions, the ftp protocol traffic
speed has dropped in accordance with the allocated bandwidth to 20 Mbps.
3.2.1.7 on the R&D MF, if traffic prioritization control is provided: for the http
protocol, the speed changed from 50 Mbps to 80 Mbps, and for the ftp protocol,
the speed changed from 50 Mbps to 20 Mbps.
A.10 Practice No. 10
A.10.1 In this methodology, the SPO PAS is checked for compliance with the
requirements of paragraphs 3.2.1, 3.2.1.8 of the TOR for the Amezit-V R&D SC.
ToR for the Amezit-V R&D SC, the SPO PAS should provide load balancing with
dynamic resource allocation.
A.10.3 In order to check the PAS SSS for compliance with the
A.10.3.1 Assemble the test stand in accordance with the diagram in

Figure 3.
A.10.3.2 From the AWP operator's workstation, enter the control
console of the D-link DGS-1100-24 router, through which the test bench is
connected to the Internet. Router Instructions
48
are given in the document RU.VATS.00177-01 32 01 “Special software for the
A.10.3.3 Set up the connection of the test bench to the Internet, in
which the test bench is connected to the Internet using two communication
channels.
A.10.3.4 Launch the traffic generator (HSC SCAT), which provides
stable traffic to resources located on the Internet. The procedure for
launching and configuring the traffic generator is given in the document
A.10.3.5 Log in to the SPO PAS operator interface by going to the

section for viewing statistics of traffic passing through the interfaces of the
D-link DGS-1100-24 router (port 2 and port 3).
A.10.3.6 View statistics. Verify that both channels connecting the test
bench to the Internet are used. The procedure for viewing statistics is given
in the document RU.VATS.00177-01 34 07 “Special software for the
subsystem for forming an autonomous data network segment. Network
traffic monitoring software. User guide".
A.10.3.7 Simulate the situation of unavailability of one of the communication

channels (by physically disconnecting the communication channel or by logically
disabling the network interface in the management console of the D-link DGS-1100-24
router (port 3)).
A.10.3.8 Log in to the network traffic monitoring open source software by
going to the section for viewing statistics of traffic passing through the
interfaces of the D-link DGS-1100-24 router.
A.10.3.9 View statistics on ports 2 and 3. Make sure that automatic
load balancing is performed, if one of the communication channels is
unavailable, the remaining communication channel is used to transfer all
traffic. The procedure for viewing statistics is given in the document
User guide".
A.10.4 SPO PAS is considered to have passed the tests according to
clauses A.10.3.1-A.10.3.9 of the test program and methodology and fulfill
clauses 3.2.1, 3.2.1.8 on the R&D MF, if: network traffic distribution statistics by
49
network links changed from 50 Mbps for the first network link (port 2) and
50 Mbps for the second network link (port 3) to 100 Mbps for the first
network link (port 2) and 0 Mbps for the second network channel (port 3)
(automatic redirection of all traffic to a working communication channel).

A.11.2 In accordance with the requirements of paragraphs 3.2.1,
3.2.1.9 of the ToR for the Amezit-V R&D MF, the SPO PAS should provide
automated control of relay modules with a single graphical interface.
A.11.3To check SPO PAS for compliance


Figure 3.
A.11.3.2 Log in to the unified graphical user interface of the SPO PAS
by going to the section of automated control of network devices (relay
modules). Instructions for working with diagnostic and control software are
given in the documents RU.VATS.00177-01 34 05 “Special software for the
subsystem for forming an autonomous data network segment. Diagnostic
and control software. System programmer's guide” and RU.VATS.00177-01
92 05 “Special software for the subsystem for forming an autonomous
segment of the data transmission network. Diagnostic and control software.
User guide".
A.11.3.3 Select a telecommunications device (D-link DGS-1100-24

router), make sure that the PAS SSW shows a list of control scripts and go to
the new script configuration form.
A.11.3.4 In the form of creating a new script, specify the name of the script
and the file containing the network device configuration commands (changing the
IP address of the ServWin1 server).
A.11.3.5 Save the new script.
A.11.3.6 Return to the form for viewing the list of network devices.
50
A.11.3.7 Reselect the server ServWin1 and give the command to show
the list of available control scripts.
A.11.3.8 View control scripts. Make sure that the list of available
management scripts contains the IP address change script that was created
in the previous step.
A.11.3.9 Select the script for changing the IP address and give a command to
execute it.
A.11.3.10 Wait for the message that the script has been executed. А.11.3.11 Log in
to the management console of the server ServWin1 from the AWS of the PAS
operator.
A.11.3.12 Start the command line of the ServWin1 server, execute the ipconfig
command to view the network settings. Make sure that the management script was
successfully executed (IP address changed to 10.10.10.23).
A.11.3.1-A.11.3.12 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.9
on the R&D MF, if:
- in a single graphical interface, the user sees a list
controlled devices:
- server ServWin1;
- server ServDeb1;
- Operator workstation;
- D-link DGS-1100-24.
- in a single graphical interface, the user sees a list
scripts available for the selected network device (for example, for the
ServWin1 server):
- show OS version;
- show Application log;
- show Security log;
- show System log;
- change IP address.

requirements of clauses 3.2.1, 3.2.1.10 of the TOR for the Amezit-V R&D SC.
A.12.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.10 of the
ToR for the MF R&D "Amezit-V" SPO PAS must provide network address translation.
51
A.12.3 In order to check the SSS PAS for compliance with the

Figure 3.
A.12.3.2 Connect the AWP operator to the test stand. The procedure
for connecting an automated workplace is given in the document
autonomous segment of a data transmission network. System
Programmer's Guide.
A.12.3.3 Execute commands that display the parameters of the network
connection of the AWP operator of the PAS; make sure that the DHCP and DNS
services are configured and working in the test bench, and that the IP address
10.10.10.12 is assigned to the network interface of the PAS operator's workstation.
The procedure for setting up and viewing the network parameters of the
workstation is given in the document RU.VATS.00177-01 32 01 “Special software
for the subsystem for forming an autonomous data network segment. System
Programmer's Guide.
A.12.3.4 Enter the management console of the D-link DGS-1100-24
router from the PAS operator's workstation and configure the translation
rules (IP address pool and set of allowed ports: 192.168.1.1 to 192.168.1.8
and 40200-42200). Instructions for working with the router are given in the
forming an autonomous data network segment. System Programmer's
Guide.
A.12.3.5 Download the browser to the operator's AWP and make a
request to the information resource located outside the test bench
(www.yandex.ru).
A.12.3.6 Log in to the operator interface of the network traffic
monitoring software by going to the section for viewing connection
statistics. The procedure for viewing statistics is given in the document
User guide".
A.12.3.7 Find the connection received from the PAS operator's workstation (by IP address
10.10.10.12, which was issued by the workstation).
A.12.3.8 View connection data. Make sure that when a network packet
passes through the D-link DGS-1100-24 router, the test
52
stand, the network IP address was translated (the sender's IP address
changed to 192.168.1.1 in outgoing packets).
A.12.3.1-A.12.3.8 of the test program and procedure and fulfill clauses 3.2.1,
3.2.1.10 on the R&D MF, if network address translation is provided: sender
network address 10.10 .10.12 was changed to 192.168.1.1 when the packet passed
through the D-link DGS-1100-24 router.
3.2.1.11 of the ToR for the Amezit-V R&D SC, the SPO PAS should provide the
possibility of centralized control and monitoring of controlled equipment
resistant to unauthorized access using a single graphical interface that has
the ability to:
- viewing and editing the list of controlled equipment
(device, set of controlled parameters);
- definition of controlled parameters, input for controlled
parameters ranges of standard values;
- displaying the current parameters of the equipment in real time (with
set refresh rate);
- definition of events that require notification of the operator;
- remote firmware update;
- view diagnostic information.
N o t e . The monitored parameters can be any of the standard
parameters for controlled telecommunications equipment at the core level
and distribution level.

Figure 3.
A.13.3.2 Log in to the SSS PAS by going to the section for viewing the
list of controlled equipment (the list of technical means included in the PAS).
Instructions for working with SPO PAS are given in the documents
autonomous segment of the data transmission network.
53
Diagnostic and control software. System programmer's guide” and
autonomous segment of the data transmission network. Diagnostic and
control software. User guide".
A.13.3.3 View records containing the parameters of controlled

equipment (hardware). Make sure that the user has the ability to centrally
monitor the technical means that are part of the test bench: the controlled
equipment of the autonomous network segment is displayed in the form of
a list (device, set of controlled parameters).
A.13.3.4 Add a new device (server ServWin1) to the list of controlled

devices, make sure that the user has the ability to edit the list of controlled
equipment.
A.13.3.5 Configure the monitored parameters of the ServWin1 server,
as well as set the limit values for CPU Load to 50%.
A.13.3.6 Identify events requiring operator notification (CPU Load
greater than 50%).
A.13.3.7 Make sure that the user of the SSS PAS has the ability to
timely inform and manage the controlled equipment (technical means) of
the test bench: to do this, add the “Update firmware version” script for the
D-link DGS-1100-24 router.
3.2.1.11 on the R&D MF, if:
- a server appeared in the list of controlled hostsservwin1;
- a graph appeared in the list of graphs of controlled parametersCPU
Load for server ServWin1;
-in the list of scripts forD-link DGS-1100-24 the script "Update
firmware version".
TOR for the MF R&D "Amezit-V" SPO PAS should provide interfacing with the channel-
forming equipment of various backbone data transmission networks.
54

Figure 3.
A.14.3.2 Check the presence of optical patch cords with connector types FC,
SC, ST, LC in the PAS; make sure that the open source software for forming an
autonomous segment of the data transmission network provides physical
interfacing with the channel-forming equipment of various backbone data
transmission networks.
A.14.3.3 Check the presence of a device for precise splicing of optical
fibers of the HU125 type in the PAS, make sure that the software for forming
an autonomous data transmission network segment provides physical
interfacing with the channel-forming equipment of various backbone data
transmission networks.
A.14.3.4 Check the availability of Ethernet and SFP interfaces in the SAM,
make sure that the SSS for forming an autonomous data transmission network
segment provides physical interfacing with the channel-forming equipment of
various backbone data transmission networks.
A.14.4 SSS PAS is considered to have passed the tests according to clauses
on the R&D MF, if as part of the SWS the formation of an autonomous segment of the
data transmission network there are optical patch cords with connector types FC, SC,
ST, LC; and also as part of the open source software for forming an autonomous
segment of the data transmission network, there are: a device for precise splicing of
optical fibers of the HU125 type, interfaces of the Ethernet and SFP types, which
provide physical interfacing of the PAM with the channel-forming equipment of
various backbone data transmission networks.

the TOR on the Amezit-V SC ROC, the data transfer rate supported by the SPO PAS
should be:
- at the core level (between the switches of the distribution layer and the
cores): at least 10 Gb/s when the condition of "normal" traffic is met, at least
6 Gb/s otherwise;
55
- at the distribution level (between access level switches and
distribution level): not less than 1 Gbit/s when the condition of "normal"
traffic is met, not less than 600 Mbit/s otherwise;
- at the access level (between the user and the level switch
access): for wired communication networks - at least 100 Mbps, for wireless
networks - at least 80 Kbps.
N o t e . Hereinafter, “normal” traffic is understood as traffic in which
the share of short packets (up to 64 bytes long) does not exceed 20%.

Figure 3.
A.15.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.VATS.00177-01 32 01 “Special
software for the subsystem for forming an autonomous data network
segment. System Programmer's Guide.
A.15.3.3 Log in to the traffic generator configuration interface, set the

parameters for generating traffic at a speed of 10 Gbps. The procedure for
A.15.3.4 Log in to the SPO PAS operator interface by going to the

statistics viewing section. The procedure for viewing statistics is given in the
forming an autonomous data network segment. Network traffic monitoring
A.15.3.5 View traffic statistics incoming to the SSS PAS. Make sure that
the data transfer rate supported by the SSW at the core level (between the
switches of the distribution level and the core level) meets the requirements
of paragraph 3.2.5.13 of the TOR (for the 10GBASE-LR physical interface) (if
the condition of "normal" traffic is met (the share of short packets ( up to 64
bytes) does not exceed 20%).
56
statistics is given in the document RU.VATS.00177-01 34 07 “Special software
for the subsystem for forming an autonomous segment of the data
transmission network. Network traffic monitoring software. User guide".
A.15.4 The SSS PAS is considered to have passed the tests in accordance
with clauses A.15.3.1-A.15.3.5 of the test program and procedure and fulfills
clauses 3.2.1, 3.2.1.13 on the R&D MF, if the SSS PAS ensures the fulfillment of the
requirements for the assignment in terms of transmission rate data when the
condition of "normal" traffic is met (the share of short packets (up to 64 bytes
long) does not exceed 20%), supported by open source software at the core level
(between the switches of the distribution level and the core level): the data
transfer rate must be at least 10 Gbps (for a 10GBASE-LR physical interface) (when
the condition of “normal” traffic is met (the share of short packets (up to 64 bytes
long) does not exceed 20%).
A.15.4.1 Enter the traffic generator configuration interface, set the
parameters for generating traffic at a rate of 6 Gbps (the proportion of short
packets (up to 64 bytes long) exceeds 20%).
A.15.4.2 View traffic statistics incoming to the SSS PAS. Make sure that
the data transfer rate supported by the OS at the core level (between the
switches of the distribution level and the core level) meets the requirements
of paragraph 3.2.5.13 of the TOR (for the 10GBASE-LR physical interface) for
traffic that does not satisfy the “normality” condition.
A.15.5 The SSS PAS is considered to have passed the tests according to
clauses A.15.4.1-A.15.4.2 of the test program and procedure and fulfill clauses
3.2.1, 3.2.1.13 on the MF R&D, if the SSS PAS ensures the fulfillment of the
requirements for the assignment in terms of transmission rate data supported by
open source software at the distribution level (between the access level and
distribution level switches, if the traffic “normality” condition is not met (the share
of short packets (up to 64 bytes long) exceeds 20%), the data transfer rate should
be at least 6 Gbps.
parameters for generating traffic at a rate of 1 Gbit/s (for physical interfaces
1000DFSE-T, 1000BASE-SX).
A.15.5.2 View the statistics of the traffic entering the PAS traffic
analysis SSW. Make sure that the data transfer rate supported by the SS at
the distribution level (between the switches of the access level and the
distribution level) meets the requirements of clause 3.2.5.13
57
The TOR for 1000DFSE-T or 1000BASE-SX physical interfaces must be at least
1 Gbps.
parameters for generating traffic that does not meet the “normal” condition
at a rate of 600 Mbps (for physical interfaces 1000DFSE-T, 1000BASE-SX).
A.15.6 The PAS SSW is considered to have passed the tests in accordance
clauses 3.2.1, 3.2.1.13 on the R&D MF, if the PAS SSW ensures the fulfillment of the
assignment requirements for the transfer rate data supported by open source
software at the distribution level (between the switches of the access level and the
distribution level, if the condition of “normal” traffic is not met (the share of short
packets up to 64 bytes in length exceeds 20%), the data transfer rate is at least 600
Mbps.
traffic generation parameters at a rate of 100 Mbps for the 100BASE-FX
physical interface.
A.15.6.2 View traffic statistics incoming to the PAS SS. Make sure that
the data transfer rate supported by the SSW at the access level (between the
user and the access level switch) for wired communication networks
complies with the requirements of clause 3.2.5.13 of the TOR (for a
100BASE-FX physical interface).
A.15.7 The PAS SSW is considered to have passed the tests in accordance
clauses 3.2.1, 3.2.1.13 on the R&D MF, if the PAS SSW ensures the fulfillment of
the assignment requirements for the transfer rate data when the condition of
“normal” traffic is met (the share of short packets (up to 64 bytes long) does not
exceed 20%), at the access level the data transfer rate is at least 100 Mbps.

parameters for generating traffic at a rate of 80 Kbps (for modeling traffic
coming over wireless communication lines).
A.15.7.2 View traffic statistics incoming to the PAS SS. Make sure that the
data transfer rate for the wireless network meets the requirements of
paragraph 3.2.5.13 of the TOR.
А.15.7.3 The PAS SSS is considered to have passed the tests according to
clauses A.15.7.1-A.15.7.3 of the test program and procedure and fulfills clauses 3.2.1,
3.2.1.13 on the R&D MF, if the PAS SWS ensures the fulfillment of the requirements
58
destinations for data transfer rates of wireless networks of at least 80 Kbps.

A.16.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.14
of the ToR for the Amezit-V R&D center, the SPO PAS must ensure monitoring
of the state of telecommunications equipment, prompt detection of attempts
to obtain UA to them, abnormal reboots of the OS hardware and other facts of
violation IS of the PAS subsystem, including:
- unauthorized access with superuser rights;
- installation of additional (malicious) software;
- implementation of denial-of-service attacks.
The list of actions related to the violation of IS of controlled equipment
also includes the following events:
- unsuccessful authentication attempts on the device;
- the emergence of non-regular accounts;
- signing in to the device at an unusual time;
- logging in to the device from a non-standard network node;
- device reboot;
- changing the device configuration;
- changing checksums of configuration and system files;
- events indicating software failures;
- decrease in device performance below standard values;
- Growth of network traffic volume on the equipment ports above the standard ones
values;
- operation of the built-in protective mechanisms of the link layer (in
including port security, dynamic ARP inspection, IP source guard);
- increased device response time;
- loss of communication with the device.
N o t e . Control states telecommunications

equipment should be carried out using a single graphical interface that displays
messages about the detection of information security violations and supports notification
of the administrator of the agro-industrial complex.
A.16.3 To check the SPO PAS for compliance
59
Figure 3.
A.16.3.2 From the PAS operator's workstation, attempt to log in on behalf of
the administrator to the D-link DGS-1100-24 router.
A.16.3.3 SPO PAS is considered to have passed the tests according to
3.2.1, 3.2.1.14 on the R&D MF, if the user can see messages about the input
event type:
14:59:46 Warning 15:00:15 ServWin1 perfect
login
A.16.3.4 On the ServWin1 server, log in to the management console as
the "Administrator" user and create the User10 account.
A.16.3.5 SPO PAS is considered to have passed the tests according to clause
A.16.3.4 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.14 on the
R&D center if the user can see a message about creating accounts of the form:
14:59:46 Warning 15:00:15 ServWin1 Created

account for User10
A.16.3.6 From the operator's workstation, enter the SPO PAS and for the server
ServWin1 set the default working time from 16-00 to 23-00.
A.16.3.7 From the PAS operator's workstation, attempt to log in to the ServWin1
server under administrator rights at abnormal times (14-59).
A.16.3.8 SPO PAS is considered to have passed the tests in accordance with
clauses A.16.3.6-A.16.3.7 of the test program and procedure and fulfill clauses 3.2.1,
3.2.1.14 on the R&D MF, if the user can see a message about a login attempt during
non-routine times:
14:59:46 Warning 15:00:15 login at ServWin1 perfect

abnormal times
A.16.3.9 From the operator's workstation, enter the SPO PAS and for the server
ServWin1 set the regular IP address to enter 10.10.01.32.
A.16.3.10 From the AWS of the PAS operator execute try
administrative login to the server ServWin1 from the operator's workstation with the address
10.10.01.10.
A.16.3.11 The SPO PAS is considered to have passed the tests according to
60
3.2.1.14 on the ROC MF, if the user can see a message about an attempt to log in
from an abnormal network node:
14:59:46 Warning 15:00:15 login from ServWin1 perfect

non-standard host
А.16.3.12 Reboot the ServWin1 server from the PAS operator
workstation.
clause A.16.3.12 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.14
on the R&D MF, if the user can see a message about the reboot:
4:56:10 Warning 14:56:40 ServWin1 has just

been restarted
A.16.3.14 Enter the D-link DGS-1100-24 management software from the FAS operator
workstation (enter the management console) and change the configuration: disable port 14.

clause A.16.3.14 of the test program and procedure and fulfill clauses 3.2.1,
3.2.1.14 on the R&D MF, if the user can see a message about the configuration
change:
15:49:46 Warning 15:50:15 D-link DGS-1100-24 Changed
network device configuration
A.16.3.16 From the operator's workstation, enter the SPO PAS and for the
server ServWin1 set checksum verification for the file c:/system.
A.16.3.17 Log in to the ServWin1 server from the PAS operator workstation and
modify the file from:/system.
3.2.1, 3.2.1.14 on the R&D MF, if the user can see a message about changing the
control sums of files:
10:16:10 Warning 10:20:40 ServWin1 Has changed
checksum c:/system
A.16.3.19 Log in to the ServWin1 server from the AWP operator's workstation and run
the fault.exe program (software failure event is simulated).
A.16.3.20 The SSS PAS is considered to have passed the tests according to
clause A.16.3.19 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.14
on the R&D MF, if the user can see a software failure message:
61
14:59:46 Warning 15:00:15 ServWin1 Software failure
A.16.3.21 Log in to the ServWin1 server from the AWP operator's workstation and
run the burnn.exe program (high load is simulated).
A.16.3.22 SPO PAS is considered to have passed the tests in accordance
with clause A.16.3.21 of the test program and procedure and fulfill clauses
3.2.1, 3.2.1.14 on the R&D MF, if the user can see a message about high
processor load:
14:59:46 Warning 15:00:15 ServWin1 CPULoad is too
high
A.16.3.23 Simulate network traffic growth on D-link DGS-1100-24 ports.

3.2.1.14 on the R&D MF, if the user can see the message:
14:59:46 Warning 15:00:15 D-link DGS-1100-24 Traffic is too high
A.16.3.25 Simulate actuation embedded protective

link-level mechanisms (port security, dynamic ARP inspection, IP source guard)
Dlink DGS-3120, by connecting to the switch port 10 of the operator's
workstation PAS.
3.2.1.14 on the R&D center if the user can see messages about creating accounts
of the form:
14:59:46 Warning 15:00:15 D-link DGS-1100-24
port security 10 event
А.16.3.27 Log in to the console of the Dlink DGS-1100-24 router from the PAS
operator's workstation and give the shutdown command.
3.2.1.14 on the R&D MF, if the user can see a message about the unavailability of
the router:
62
14:59:46 Warning 15:00:15 D-link DGS-1100-
24 Response time is too high on D-link DGS-1100-24 29s No
A.17.1 This method is used to check the SSS of the PKS for compliance with the
A.17.2 In accordance with the requirements of paragraphs 3.2.2, 3.2.2.1 of the TOR for
the MF R&D "Amezit-V" SSS PKS should provide analysis of connections of an autonomous
segment of the data transmission network and collection of information at speeds up to 6
Gbps.
Note: Analysis and collection of information should be performed at the
application layer of the OS1 model.
А.17.3 To check the SSW of the PMS for compliance
A.17.3.1 Assemble the test bench in accordance with the diagram (see
Figure 4).
А.17.3.2 Connect the traffic generator (APK SKAT) to the test stand. The
procedure for connecting a traffic generator (APK SCAT) and setting up a
test bench is given in the document RU.BATC.00178-01 32 01 “Special
software for the message control subsystem of an autonomous segment of
a data transmission network. System Programmer's Guide.
A.17.3.3 Start the traffic generator, which provides stable traffic under
the application layer protocol of the OSI model at a speed of 6 Gbps, passing
through the SDN network traffic monitoring software (the mail010 file is
transmitted in the traffic). The procedure for launching and configuring the
traffic generator is given in the document RU.BATC.00178-01 34 01 “Special
software for the message control subsystem of an autonomous data
transmission network segment. Operator's Manual".
A.17.3.4 Log in to the operator interface of the SDN network traffic
monitoring software, go to the section for viewing connection statistics.
Description of the interface of the SDN network traffic monitoring software is
presented in the document RU.BATC.00178-01 34 01 “Special software for the
message control subsystem of an autonomous segment of the data transmission
network. Operator's Manual".
A.17.3.5 Log in to the SDN management console. Operating
instructions are given in document RU.BATC.00178-01 32-01 “Special
63
the data transmission network. System Programmer's Guide.
A.17.3.6 View traffic statistics passing through the SDN. Make sure that
the connections of the data network segment are analyzed and information
about them is collected. The procedure for viewing statistics is given in
RU.BATC.00178-01 32 01 “Special software for the subsystem for monitoring
messages of an autonomous segment of a data transmission network. System
Programmer's Guide.
A.17.4 SPO PKS is considered to have passed the tests according to clauses
A.17.3.1-A.17.3.6 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.1 of
the TOR for the R&D MF, if:
- information is collected at speeds up to6 Gbps;
- analysis of the collected information is carried out (disassembly of protocols and
saving transmitted messages) (the file mail010 appeared in the output
directory).
ToR for the Amezit-V R&D SC, the PKS SSW must provide for the organization of
intermediate control nodes in order to analyze connections and identify
information when using IPSEC-type protocols.
A.18.3 In order to check the SSW of the PMS for compliance with the
A.18.3.1 Assemble the test bench according to the diagram (see Figure
4).
The procedure for connecting a traffic generator (APK SCAT) and setting up
a test bench is given in the document RU.BATC.00178-01 32 01 “Special
A.18.3.3 Connect the intermediate control node (SDN traffic storage

server), on which the SDN network traffic monitoring software is installed, to
the test bench.
64
A.18.3.4 Configure the SDN network traffic monitoring software to
extract and save password and address information (extraction is
performed by performing a MITM attack). The procedure for setting up the
SDN network traffic monitoring software is presented in the document
RU.BATC.00178-01 32 01 “Special software for the message control
subsystem of an autonomous segment of the data transmission network.
A.18.3.5 Launch the traffic generator (HSC SCAT) that provides stable
traffic (traffic simulates an input to a resource with password and address
information: “user100” and “password100”) using the IPSEC protocol,
passing through the SDN network traffic monitoring software. Instructions
for working with the traffic generator are presented in the document
subsystem of an autonomous data transmission network segment.
Operator's Manual".
A.18.3.6 Log in to the network traffic monitoring software running on
the intermediate host and navigate to the directory containing the extracted
address and password information. Instructions for working with network
traffic monitoring software are presented in the document
subsystem of an autonomous segment of a data transmission network.
Operator's Manual".
A.18.3.7 View files containing password and address information.
Make sure that traffic is routed through the intermediate control node,
which provides access to information transmitted using protocols such as
IPSEC.
A.18.4 SSS PKS is considered to have passed the tests according to clauses
3.2.2.2 of the TOR for the R&D MF, if the operator, by organizing an intermediate
control unit (server SDN traffic storage) extracts password and address
information: "user100" and "password100".
ToR for the Amezit-V R&D MF, the PKS SSW should provide automatic
recognition and selection of files.
65
Notes:
1. List of file types to be recognized and selected:
HTML, GIF, JPEG, PNG, PDF, AVI, MPEG, DOC (DOCX), XLS (XLSX), PPT (PPTX),
PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3, WAV, BMP, CDR, RTF , CSV, MPP, PST,
XHTML, MHT, SXW, SXC, SXI, SXD, SXM, ODS, ODP, ODG, ODF, MDF, DBF, DB,
MYD, DBQUERY, VSD
2. List of protocols to be recognized and analyzed: FTP,
HTTP, POP/POP3, IMAP, SMTP, TELNET.
3. Measures must be taken to prevent
use of cryptographically protected versions of the specified protocols.
4. When processing mail messages, it must be extracted and
the following information is registered:
- date and time of transmission of the mail message;
- mail sender;
- list of recipients of the mail message;
- list of recipients of a copy of the mail message;
- the content of the mail message.
4).
A.19.3.2 Connect the traffic generator (HSC SCAT) to the test bench.

monitoring software by going to the section for setting the formats of recognized
files and enter the rules for recognizing and saving extracted files. Description of
the interface of the SDN network traffic monitoring software is presented in the
document RU.BATC.00178-01 34 01 “Special software for the message control
Operator's Manual".
A.19.3.4 Enter file recognition rules. The list of types of recognized files
is given in the document RU.BATC.00178-01 32 01 “Special software for the
message control subsystem
66
autonomous segment of the data network. System Programmer's Guide.
A.19.3.5 Run a traffic generator that provides file transfer (list of file
types to be recognized and selected: HTML, GIF, JPEG, PNG, PDF, AVI, MPEG,
DOC (DOCX), XLS (XLSX), PPT (PPTX) ), PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3,
WAV, BMP, CDR, RTF, CSV, MPP, PST, XHTML, MHT, SXW, SXC, SXI, SXD, SXM,
ODS, ODP, ODG, ODF, MDF, DBF, DB, MYD, DBQUERY, VSD, by using the
protocols: FTP, HTTP, POP/POP3, IMAP, SMTP, TELNET Instructions for
working with the traffic generator are presented in the document
RU.BATC.00178-01 32 01 "Special software for the message control
System programmer's guide".
A.19.3.6 Go to the directory where the results of extracting files from

traffic are placed. The description of the SSS PKS is presented in the document
RU.BATC.00178-01 34 01 “Special software for the message control subsystem
of an autonomous segment of the data transmission network. Operator's
Manual".
A.19.3.7 View and compare sizes, checksums of source files in the
traffic generator directory and files in the directory where the results of
extracting files from traffic are placed. Make sure that, in accordance with
the list of recognized protocols: FTP, HTTP, POP/POP3, IMAP, SMTP, SNMP,
SPDY, TELNET, files are extracted and saved from the traffic. The list of file
formats is given in the document RU.BATC.00178-01 32 01 “Special software
for the message control subsystem of the autonomous segment of the data
transmission network. System Programmer's Guide.

monitoring software by going to the settings section for saving mail message
statistics. Description of the interface of the SDN network traffic monitoring
software is presented in the document RU.BATC.00178-01 34 01 “Special
software for the message control subsystem of an autonomous segment of the
data transmission network. Operator's Manual".
A.19.3.9 Enter parameters for saving mail message statistics.
Description of the interface of the SDN network traffic monitoring software
is presented in the document RU.BATC.00178-01 34 01 “Special software for
the message control subsystem of an autonomous segment of the data
transmission network. Operator's Manual".
67
A.19.3.10 Run a traffic generator that simulates mail traffic (file
mail010). Instructions for working with the traffic generator are presented
in the document RU.BATC.00178-01 32 01 “Special software for the message
control subsystem of an autonomous segment of a data transmission
A.19.3.11 Go to the directory containing the extracted mail messages

and check for the presence of the file with the extracted mail messages. The
description of the SSS PKS is presented in the document RU.BATC.00178- 01
34 01 “Special software for the message control subsystem of the
autonomous segment of the data transmission network. Operator's
Manual".
A.19.3.12 Verify that, in accordance with the settings for storing mail
message statistics, the following information is automatically retrieved and
recorded: the date and time of transmission of the mail message, the
sender of the mail message, the list of recipients of the mail message,
including recipients of the copy of the mail message, while the contents of
the mail message saved to disk. A description of the statistics of mail
messages is provided in the document RU.BATC.00178-01 34 01 “Special
a data transmission network. Operator's Manual".
- it is possible to customize the list of recognized formats
files and protocols (HTML, GIF, JPEG, PNG, PDF, AVI, MPEG, DOC (DOCX), XLS
(XLSX), PPT (PPTX), PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3, WAV, BMP , CDR, RTF,
CSV, MPP, PST, XHTML, MHT, SXW, SXC, SXI, SXD, SXM, ODS, ODP, ODG, ODF,
MDF, DBF, DB, MYD, DBQUERY, VSD)(protocols: FTP, HTTP, POP/POP3, IMAP,
SMTP, TELNET);
- when intercepting traffic, automatic recognition is performed and
extraction of files in accordance with the specified list of file formats and
protocols;
- mail statistics are logged and
automatic extraction of the contents of mail messages that are saved to the
hard drive as a file mail010.
68
A.20.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.4 of
the ToR for the Amezit-V R&D SC, the PKS SSW must ensure the prevention
of the use of user anonymization technologies, including:
- blocking network connections to anonymizing services on
based on URL filtering;
- blocking network connections to proxy servers based on
network address filtering;
- blockingnetwork connections to host IP addresses,
associated with Tor and I2P anonymization networks, identified based on
network address filtering;
- blocking connections on transport ports associated with
common HTTP proxy servers;
- blocking access toVPN services by lists of IP addresses/URLs;
- blocking connections on transport ports associated with
VPN services;
- blocking of widely advertised (basic) resources, with
which are distributing tools for organizing anonymous sessions (such as the
Tor Browser).
N o t e . The head contractor should form the initial filtering lists and
develop software tools to keep them up to date.
A.20.3 To check the SSW of the PMS for compliance

A.20.3.1 Assemble the test bench in accordance with the diagram (see
Figure 4).

monitoring software by going to the protocol blocking rules settings
section. Enter protocol blocking rules. Description
69
interface of the SDN network traffic monitoring software, as well as the
steps for setting it up, are given in the documents: RU.BATC.00178-01 32 01
“Special software for the message control subsystem of an autonomous
segment of the data transmission network. System programmer's manual”,
RU.BATC.00178-01 34 01 “Special software for message control subsystem
of autonomous segment of data transmission network. Operator's Manual".
A.20.3.4 Configure automatic update of the list of blocking rules. A

description of setting up automatic updating of the list of rules is given in
the document RU.BATC.00178-01 32 01 “Special software for the message
A.20.3.5 Launch the traffic generator (HSC SCAT), which provides traffic
containing:
- network connections to anonymizing services;
- network connections to proxy servers (10.10.10.21);
- network connections toHost IP addresses associated with networks
Tor and I2P anonymization (on the example of www.torproject.org);
-connectionsto transport ports associated with
common HTTP proxies (2775, 32142).
Instructions for working with the traffic generator are given in the
document RU.BATC.00178-01 32 01 “Special software for the message
monitoring software by going to the connection statistics viewing section.
Description of the SDN network traffic monitoring software interface is given in
control subsystem of the autonomous segment of the data transmission
A.20.3.7 View connection statistics. Make sure that the traffic of the
protocols listed above, used by anonymization technologies, is blocked
(there are no connections in the statistics for the protocols listed above).
A.20.3.8 Log in to the traffic generator interface to view the traffic

generator operation log. Instructions for working with the traffic generator
are given in the document RU.BATC.00178-01 32 01 “Special software for the
message control subsystem
70
autonomous segment of the data network. System Programmer's Guide.
A.20.3.9 View the log of the traffic generator. Make sure that all
attempts to organize connections using anonymization protocols have been
unsuccessful.
A.20.4 SSS SSS is considered to have passed the tests according to clauses
of the TOR on the R&D MF, if the SDN network traffic monitoring software performs
automatic blocking connections:
- to the proxy server (in this case, the blocked resources are specified in the form
list of IP addresses);
- to resourcewww.torproject.org (with blocked resources listed in
as a list of URLs);
- to transport ports2775, 32142 (at the same time, transport numbers
ports are listed).
3.2.2.5 of the TOR for the SC R&D "Amezit-V", the SSS SSS should block and
redirect client requests (HTTP/HTTPS) to legitimate GIS OP resources
(mirrors).
Notes:
1. Blocked resources are specified as a list of URLs (containing
hostname or IP).
2. For each of the blocked resources must be implemented
the ability to specify the IP address of the web server to which the incoming request
should be redirected.
3. The possibility of organizing several
mirrors (with different content) on the same IP.
A.21.3 To check the STRs of the PMS for compliance
A.21.3.1 Assemble the test bench in accordance with the diagram (see.
Figure 4).
A.21.3.2 Before starting the check, prepare duplicate sites of one
legitimate resource news000.ru (at least two different copies: news100.ru and
news200.ru). The preparation of a duplicate site is given in the documents:
71
subsystem of the autonomous segment of the data transmission network.
System programmer's manual”, RU.BATC.00178-01 34 01 “Special software
for message control subsystem of autonomous segment of data
monitoring software by going to the section for configuring IP addresses -
“twins” of the resources of the global public information system (GIS OP).
Description of the software interface for monitoring SDN network traffic is
given in the document RU.BATC.00178-01 34 01 01 “Special software for the
message control subsystem of an autonomous segment of the data
transmission network. Operator's Manual". Set up redirect rules from
news000.ru to news100.ru.
A.21.3.4 In the operator interface of the SDN network traffic monitoring
software, specify a list of IP addresses or host names that define the list of
resources, requests to which (via HTTP\HTTPS protocols) should be redirected.
Specify the IP address of the first duplicate site as a "double" resource.
Description of the SDN network traffic monitoring software interface is given in
A.21.3.5 Connect the operator's workstation to the segment's network.
Description of the connection is given in the document RU.BATC.00178-01 32 01
“Special software for the message control subsystem of the autonomous segment
of the data transmission network. System Programmer's Guide.
A.21.3.6 On the operator's workstation, view the web page of a
legitimate resource. Make sure that the request was redirected to the first
duplicate site.
monitoring software by going to the section for configuring IP addresses –
“twins” of resources. Set up the switching of a legitimate resource to the
second duplicate site. Description of the software interface for monitoring
SDN network traffic is given in the document RU.BATC.00178-01 34 01 01
segment of the data transmission network. User guide".
A.21.3.8 On the operator's workstation, view the web page of a
legitimate resource. Make sure that the request was redirected to the
second duplicate site.
72
A.21.4 SPO PKS is considered to have passed the tests in accordance with clauses
A.21.3.1-A.21.3.8 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.5 of the
TOR for the R&D MF, if:
- redirection of client requests to legitimate
GIS EP resources (from the site news000.ru to the site news100.ru);
-the interface has the ability to configure a list of legitimate
GIS resources of the OP (news000.ru), the request to which should be
redirected to a duplicate site, while the PCS network traffic monitoring
software provides the ability to store several duplicate sites of a legitimate
resource (news100.ru, news200.ru).
TOR for the MF R&D "Amezit-V", the SSS of the PKS should provide the ability to select
a given subscriber by setting the operator of a set of switching and address
characteristics, including IP addresses, IP masks, MAC addresses, addresses of
application layer protocols.
Figure 4).
A.22.3.2 Log in to the operator interface of the monitoring software
SDN network traffic, go to the section for entering the rules for selecting
subscriber information exchange materials. Description of the SDN network traffic
monitoring software interface is given in the document RU.BATC.00178-01 34 01
“Special software for the message control subsystem of the autonomous segment
of the data transmission network. Operator's Manual".
A.22.3.3 View the data entry form on the operator interface. Make sure
that the operator has the ability to select a subscriber by setting a set of
switching and address characteristics, including IP addresses (10.10.10.15),
IP masks (255.255.255.0), application layer protocols (ftp).
A.22.4 SSS PKS is considered to have passed the tests in accordance with clauses
TOR on the MF R&D, if the operator in the interface has the opportunity to choose
73
subscriber by specifying a set of switching address features, including IP
address (10.10.10.15), IP mask (255.255.255.0), protocol (ftp).
the ToR for the MF R&D "Amezit-V", the SSS of the PKS should ensure the
formation, display and export of lists of sender subscribers and recipient
subscribers with topological links between them.
Note:
1. When forming the list, it should be possible to
setting the time period for which data will be selected for building a link
table, as well as the ability to set the maximum depth of calculated links.
2. List of topological connections between subscribers-senders and

recipient subscribers must contain information:
- IP address of the sender's subscriber;
- IP address of the recipient's subscriber;
- connection depth (number of connecting nodes);
- communication composition (The IP addresses of the hosts that define the connection).
Figure 4).
A.23.3.2 Log in to the network monitoring software interface
SDN traffic, go to the section for generating and displaying lists of sender
subscribers and recipient subscribers with topological links between them.
Description of the SDN network traffic monitoring software interface is
given in the document RU.BATC.00178-01 34 01 “Special software for the
message control subsystem of the autonomous segment of the data
A.23.3.3 View the data entry form in the SDN operator interface. Make
sure that the operator has the ability to set the time period for selecting
data on which to build a table of topological relationships.
A.23.3.4 View the data entry form in the SDN operator interface. Make
sure the operator is able to set the value
74
depth of links, which is used to build a table of topological links.
A.23.3.5 In the operator interface of the SDN, execute the command to

generate and display lists of sender-subscribers and recipient-subscribers
with topological links between them. The description of the command for
the formation and display of lists of subscribers-senders and subscribers-
recipients is given in the document RU.BATC.00178-01 92 01 “Special
software for the subsystem for monitoring messages of an autonomous
segment of a data transmission network. User guide".
A.23.3.6 View the generated report. Make sure that the lists of
subscribers-senders and subscribers-recipients contain information about
the IP address of the subscriber-sender (10.10.10.15), IP-address of the
recipient subscriber (192.168.1.10), connection depth (3), connection
composition (10.10.10.144 ). Report generation is given in the document
subsystem of the autonomous segment of the data transmission network.
User guide".
-in the user interface it is possible to set the time period
to select the data on which to build a link table from 04/01/2018 to
08/01/2018;
- in the user interface it is possible to set the maximum
the depth of calculated links (3);
- in the user interface it is possible to perform the formation
lists of subscribers-senders and subscribers-recipients with topological connections
between them, the connection is shown through 10.10.10.144;
- list of topological links between subscribers-senders and
recipient subscribers contains information about the IP address of the sender subscriber
(10.10.10.15), the IP address of the recipient subscriber (192.168.1.10).

A.24.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.8 of the ToR for the
Amezit-V R&D MF, the SSS of the PKS should ensure the maintenance of network activity
statistics with the registration of summary data on the time of contacts (indicating
75
initiator of the contact), switching-address signs of contactors and the volume of
transmitted information of the subscriber, specified by the operator.
Note:
1. Network activity statistics should contain information:
- date and time of connection start;
- date and time when the connection ended;
- customer information (IP, port, domain name (if any);
- server information (IP, port, domain name (if any);
- protocol code according toRFC1700 or port number for
TCP/UDP;
- traffic volume.
2. The possibility of filtering, sorting and
export of network statistics.
A.24.3 To check the SSW of the PMS for compliance
4).
A.24.3.2 Log in to the interface of the SDN network traffic monitoring
software, go to the network activity display section. Description of the SDN
network traffic monitoring software interface is given in the document
RU.BATC.00178-01 34 01 “Special software for the message control subsystem
of the autonomous segment of the data transmission network. Operator's
Manual".
A.24.3.3 Run the command to generate a report on network statistics and,
by viewing the report, make sure that the registration of summary data on the
time of contacts (indicating the initiator of the contact), switching and address
characteristics of contactors and the volume of transmitted information of the
subscriber is being performed. The description of the command to generate a
report on network statistics is given in the document RU.BATC.00178-01 92 01
“Special software for the message control subsystem of an autonomous segment
of a data transmission network. User guide".
A.24.3.4 View the generated report. Make sure that the network
activity statistics contain information about the connection start date and
time, connection end date and time, client information (IP, port), server
information (IP, port), protocol code in accordance with RFC1700, or port
number for TCP/UDP, traffic volume. Description of report generation is
given in document RU.BATC.00178-01 92
76
01 “Special software for the message control subsystem of an autonomous
A.24.3.5 Filter, sort and export the generated report. The description
of the filtering, sorting and export of the generated report is given in the
document RU.BATC.00178-01 92 01 “Special software for the message
network. User guide".
A.24.3.6 View the generated report. Make sure that the commands are
used to filter, sort the report and export the report to a file. Description of
the report generation is given in the document RU.BATC.00178-01 92 01
“Special software for the message control subsystem of the autonomous
- contact time is logged in the user interface
(14:56:10), switching-address signs of contactors (10.10.10.15 and 192.168.1.10)
and volumes of transmitted information of the subscriber (105300 bytes);
- the user interface has the ability to filter, sort
and export of the generated report;
- the user interface has the ability to view statistics
network connections, which contains information about the connection start
time (14:56:10), connection end time (15:06:02), client (10.10.10.15:21),
server information (192.168.1.10), code protocol (ftp) traffic volume (105300
bytes).
TOR for the MF R&D "Amezit-V", the PKS SSS must ensure registration in the
information exchange drive (in full) for the subscriber specified by the
operator.
A.25.3 To check the SPO PKS for compliance
77
4).
A.25.3.2 Connect the traffic generator (HSC SKAT) to the test bench.
A.25.3.3 Start the traffic generator, which provides a stable

information exchange on behalf of the selected subscriber, passing through
the SDN network traffic monitoring software. Instructions for working with
the traffic generator are given in the document RU.BATC.00178-01 32 01
“Special software for the message control subsystem of the autonomous
segment of the data transmission network. System Programmer's Guide.

monitoring software, go to the section for setting the rules for selecting
information exchange materials. Description of the SDN network traffic
monitoring software interface is given in the document RU.BATC.00178-01 34
01 “Special software for the message control subsystem of the autonomous
segment of the data transmission network. Operator's Manual".
A.25.3.5 In the operator interface, enter the rules for selecting
information exchange materials for the selected subscriber. Specify IP
address 10.10.10.15 and ftp protocol.
А.25.3.6 In the operator interface, go to the section of viewing saved
traffic.
A.25.3.7 View files containing saved traffic. Make sure that the
information exchange materials of the subscriber specified by the operator
are saved as separate files (file2036).
A.25.3.8 In the operator interface, go to the section for viewing
connection statistics.
A.25.3.9 View the connection statistics of the subscriber selected by
the operator and compare the sizes of files containing the saved traffic with
the amount of transmitted traffic from the connection statistics. Make sure
that the information exchange of the subscriber specified by the operator is
registered in the information exchange drive in full. Viewing subscriber
connection statistics is given in the document RU.BATC.00178-01 92 01
“Special software for the subsystem
78
control of messages of an autonomous segment of the data transmission network.
User guide".
A.25.4 SPO PKS is considered to have passed the tests according to paragraphs
A.25.3.1-A.25.3.9 of the test program and procedure and fulfill paragraphs 3.2.2, 3.2.2.9 of the
- pickup rules are configured in the user interface
traffic to the specified subscriber (IP address 10.10.10.15 and FTP protocol);
- during the subscriber's work session, pickup and storage was performed
information exchange of the subscriber (a file with saved traffic file2036_pcap
appeared).
the Amezit-V R&D SC, the PKS SSS should provide visualization of traffic and analysis of
the connections of the participants in the connections to the required level (building
communication graphs by MAC addresses, IP addresses , e-mail addresses (if there are
statistics of mail connections)).
Notes:
1. When building graphs for traffic visualization, there should be
the ability to set a time period for selecting data on which to build a graph.
2. The image of the graph of connections of subscribers by MAC addresses should

contain:
- nodes shown asMAC addresses
- links built on the basis of connection statistics.
3. The image of the graph of connections of subscribers by IP addresses should
contain:
- nodes shown asIP addresses;
- links built on the basis of connection statistics.
4. The graph of connections by e-mail should be built on the basis of
mail message statistics, which is formed from the intercepted mail traffic
from the fields: mail message sender, list of mail message recipients, list of
recipients of the mail message copy.
5. The image of the graph of communications of subscribers by e-mail should contain:

- nodes shown asemail addresses;
- links built on the basis of mail message statistics.
79
6. It should be possible to export received
graph images.
7. When constructing a subscriber connection graph, it should be provided
the ability to asynchronously obtain a domain name by IP address (if
available).
А.26.3 To check the SSW of the PMS for compliance
4).
A.26.3.2 Log in to the interface of the SDN network traffic monitoring
software, go to the section for building a communication graph by MAC
addresses. The description of the section interface is given in the document
RU.BATC.00178-01 34 01 “Special software for the message control subsystem of
the autonomous segment of the data transmission network. Operator's Manual".
A.26.3.3 Set the time period for selecting the data for which the graph should be
built in the interface of the section for building the communication graph by MAC
addresses.
A.26.3.4 Execute a command to build a communication graph by MAC
addresses. View the generated report. Make sure that links are visualized by
MAC addresses as a graph, in which nodes are shown as MAC addresses
(address in the form e0:db:55:d5:a9:0c), and links are built based on
connection statistics.
A.26.3.5 In the operator interface, go to the section for constructing a communication
graph by MAC addresses.
A.26.3.6 Execute the command to build a subscriber connection graph
by IP addresses (1.100.158.180). View the generated report. Verify that you
are visualizing links by IP addresses as a graph in which nodes are shown as
IP addresses (1.100.158.180 and 1.10.30.90) and links are built based on
connection statistics. Verify that selecting the IP address 1.100.158.180
shows the domain name: uhtainkebbv.com.
A.26.3.7 In the operator interface, go to the section for constructing a connection
graph by e-mail addresses.
A.26.3.8 Run a command to build a connection graph by email
addresses. View the generated report. Make sure that links are visualized by
e-mail addresses in the form of a graph, in which nodes are shown as e-mail
addresses, and links are built based on mail connection statistics from the
fields: mail message sender,
80
Translated from Russian to English - www.onlinedoctranslator.com
mail message recipient list, mail copy recipient list (btvjtqnb.edu and
uhtainkebbv.com).
A.26.4 SSS PKS is considered to have passed the tests according to clauses
3.2.2.10 of the TOR on the R&D MF, if the user interface has the ability to:
- set the time period for selecting the data on which to
build a graph;
- perform visualization of links by MAC addresses (address in the form
e0:db:55:d5:a9:0c) as a graph showing nodes as MAC addresses;
- visualize the connectionsIP addresses in the form of a graph in which
nodes are shown as IP addresses (1.100.158.180 and 1.10.30.90);
- visualize the connectionse-mail addresses in the form of a graph, in
in which nodes are shown as e-mail addresses (btvjtqnb.edu and uhtainkebbv.com);
- export graph images to filespng;
- getting a domain nameIP address (if available)
(1.100.158.180 - uhtainkebbv.com).

A.27.1 In this methodology, the SSS of the PKS is checked for compliance with the
the ToR for the Amezit-V R&D SC, the PKS SSW must ensure the
implementation of distributed computing in order to search for key
information for the following types of files:
- to technically closed files: formatsDOC, DOCX, XLS, XLSX,
PPT, PPTX, PDF, ZIP, RAR;
- technically closed files closed using algorithmsDES,
TripleDES, AES 128, AES256; to the md5 and sha-1 hash functions.
Note:
1. As a technology for building processing node No. 1,
used FPGA (with the possibility of supplementing with GPU technology).
2. As a technology for building processing unit No. 2,
used by the GPU.
3. It must be possible to implement
distributed computing based on the technical means included in the
complex (including those that are geographically remote from each other
using the PPD subsystem), using software such as Elcomsoft Password
Recovery Bundle.
4. It should be possible to scale nodes
processing by increasing technical means.
81
A.27.3 In order to check the SSW of the SMS for compliance with the
4).
A.27.3.2 Log in to the operator interface of the key information search
software of the SDN processing node No. 1. Set the source directory, the location
for saving the processing results and the parameters of the processing task. The
description of the interface of the SDN key information search software is given in
the document RU.BATC.00178-01 34 01 “Special software for the message control
Operator's Manual".
A.27.3.3 Place in the source directory of the SDN key information
search software of processing node No. 1 (built on the basis of FPGA) a set
of test data (testdatafpga) representing a set of files (DOC, DOCX, XLS, XLSX,
PPT, PPTX, PDF, ZIP, RAR), each of which is closed using DES, TripleDES, AES
128, AES 256 algorithms, md5, sha-1 hash functions. Wait until the search
for key information is completed. Instructions for configuring the source
directories and operation parameters of the open source software for
searching for key information are given in the document RU.BATC.00178-01
32 01 “Special software for the message control subsystem of an
autonomous segment of a data transmission network. System
Programmer's Guide.
A.27.3.4 View the records of the processing logs of the key information
search software of the SCS of processing node No. 1. Make sure that for the
files included in the test data array testdatafpga, key information was found
(file fpga001 (DOC, DOCX, XLS, XLSX, PPT formats , PPTX, PDF, ZIP, RAR)). The
search for key information is described in the document RU.BATC.00178-01
92 01 “Special software for the message control subsystem of an
autonomous data transmission network segment. User guide".
A.27.3.5 Log in to the operator interface of the key information search software
of the SDN processing node No. 2, set the source directory, the location for saving the
processing results and the parameters of the processing task.
A.27.3.6 Place in the source directory of the SCS key information
search software of processing node No. 2 (built on the basis of GPU) a set of
test data (testdatagpu) representing a set of files (DOC, DOCX, XLS, XLSX,
PPT, PPTX, PDF, ZIP, RAR), each of which
82
closed using DES, TripleDES, AES 128, AES 256 algorithms, md5, sha-1 hash
functions. Wait until the search for key information is completed. The search
for key information is described in the document RU.BATC.00178-01 92 01
data transmission network segment. User guide".
A.27.3.7 Review the records of the processing logs of the SSS for the
search for key information of the SDN of the processing node No. 2; make sure
that for the files included in the test data array testdatagpu, key information
was found (file gpu001 (DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, ZIP, RAR
formats)). Viewing records of processing logs of SSS for searching for key
information of the SDN is described in the document RU.BATC.00178-01 92 01
segment of a data transmission network. User guide".
of the TOR for the R&D MF, if:
- implementation of distributed computing is provided;
- user with the help of open source software for searching for key information of the PCS
processing node No. 1 (built on the basis of FPGA) and the SSC key
information search software of the processing node no. XLSX, PPT, PPTX,
PDF, ZIP, RAR) and gpu001 (DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, ZIP, RAR
formats).

A.28.1 In this methodology, the SPO of the IMS is checked for compliance with the
of the TOR for the SC R&D "Amezit-V" SPO PMS should ensure the collection of
information from the following social networks, blogs, microblogs, forums, as
well as news information portals in a given geographical region :
- In contact with;
- Facebook;
- My world@mail.ru;
- Classmates;
- livejournal;
83
- Twitter;
- Google+;
- YouTube;
- Diary.ru;
- Liveinternet.ru;
- blog spot;
- Tumblr
- Renren Network;
- Web pages of the Internet and mass media.
A.28.2.1 Collection of information from the social network VKontakte should
include the following data:
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
- geographic location (if technically possible)

post authors;
- texts of reposts (if technically possible) of posts;
- Post repost URLs;
- the number of reposts;
- texts of comments (if technically possible) of posts;
- the number of comments;
- date of publication of posts;
- media (photo, video, audio attached to the post, if available
technical capability).
A.28.2.2 The collection of information from the social network Facebook should
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
84
A.28.2.3 Collection of information from the social network Moi Mir@mail.ru
should include the following data:
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
A.28.2.4 Collection of information from the Odnoklassniki social network should
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
85
A.28.2.5 Collection of information from the social network LiveJournal should
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
A.28.2.6 The collection of information from the social network Twitter should include
the following data:
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
- post hashtags - a short title that identifies the topic of the post;
86
The collection of information from the Google+ social network should include
the following data:
- post titles;
- post texts;
- Post URLs
-geographic location (if technically possible)

post authors;
- Post repost URLs;
-media (photo, video, audio attached to the post, if available
A.28.2.7 The collection of information from the social network Youtube shall
- video;
- video name;
- video URL;
- the names of the authors of the video;
- URL of the profile of the video authors;

post authors;
- texts of comments (if technically possible) to the video;
- the number of comments.
A.28.2.8 Collection of information from the Diary.ru social network should
- post titles;
- post texts;
- Post URLs
geographic location (if technically possible)

-
post authors;
87
- Post repost URLs;
A.28.2.9 Collection of information from the social network Liveinternet.ru
should include the following data:
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
A.28.2.10 Collection of information from the social network BlogSpot shall
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
88
A.28.2.11 Collection of information from the social network Tumblr shall include
the following data:
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
A.28.2.12 The collection of information from the Renren Network shall
- post titles;
- post texts;
- Post URLs

post authors;
- Post repost URLs;
89
A.28.2.13 The collection of information from the Internet and the media should include
the following data:
- article titles;
- texts of articles;
- article URLs;
- geographic data (if technically possible)
articles;
- IP address (if technically possible) of the articles;
- the name of the authors (if technically possible) of the articles;
- URL of the profile of the authors of the articles;

post authors;
- Article repost URLs;
- the number of reposts of articles;
- texts of comments (if technically possible) of articles;
- the number of comments on articles;
- article hashtags - a short title that identifies the topic
articles;
- date of publication of articles;
-media (photo, video, audio attached to the post, if available
A.28.3 In order to check the ICP SSW for compliance with the
A.28.3.1 Launch the browser on the operator's workstation desktop. In the

A.28.3.2 address bar, enter the address of the application server and click
on the "Enter" key. The address of the application server is specified after
installing and configuring the SPO PMS in accordance with the document
RU.VATS.00179-01 32 01 “Special software for the Internet and media
monitoring subsystem. System Programmer's Guide. The login page will
open.
A.28.3.3 On the authorization page, enter authentication data (login:
admin, password: password) and click on the "Login" button. The start page
with the topics being tracked will open. The description of the SPO PMS
interface is given in the document RU.VATS.00179-01 92 01 “Special software
for the Internet and media monitoring subsystem. User guide".
90
A.28.3.4 At the top of the page, click on the search bar. The filter panel
will open.
A.28.3.5 On the filter panel, in the "Source" field, select the source of the
publication "vk.com".
A.28.3.6 On the filter panel, in the "Country" field, select the country of
publications "Russia" as the region of publication.
A.28.3.7 Close the filter panel by clicking on the "Close" button.
Displays publications from the social network VKontakte in Russia.
A.28.4 SPO PMS is considered to have passed the tests according to clauses
of the TOR on the Amezit-V R&D SC if:
- publications are displayed in the list of publications;
- next to each publication in the "Locations" field, only
selected region "Russia";
- next to each publication in the "Source" field, only
selected source "vk.com" (VKontakte);
- information about each publication contains the data specified in
clause 3.2.3.1 of the TOR for the MF R&D "Amezit-V" for the selected source of
publications.
A.29.1 This method is used to check the SPO PMS for compliance with the
A.29.2 In accordance with the requirements of clauses 3.2.3, 3.2.3.2 of the ToR
for the Amezit-V R&D MF, the IMS SSS should ensure the identification of the source
of information.
A.29.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). In the list of
A.29.3.2 publications, click on the "Distribution Graph" icon
publications". A page will open that shows the distribution graph of
publications.
A.29.3.3 On the graph of distribution of publications, click on the leftmost
vertex of the graph. The page with the graph and data of the publication, which is
the primary source, will open.
91
A.29.4 SPO PMS is considered to have passed the tests in accordance with clauses
- the distribution graph of publications was displayed with a time scale and
the extreme left vertex is the primary source of publications;
- when clicking on the leftmost vertex of the graph, which is
source, a page opens containing the following information about the
publication: author, text, date of publication, link to the source on the Internet.
A.30.2 In accordance with the requirements of paragraphs 3.2.3, 3.2.3.3 of the ToR
for the Amezit-V R&D SC, the ICP SSS should provide an analysis of the information
dissemination with the presentation of the results in a graphical form (in the form of a
distribution graph).
A.30.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). In the list of
A.30.3.2 publications, click on the "Distribution Graph" icon
publications". A window will open showing the distribution graph of
publications. The description of the SPO PMS interface is given in the
document RU.VATS.00179-01 92 01 “Special software for the Internet and
media monitoring subsystem. User guide".
A.30.4 The SPO PMS is considered to have passed the tests according to clauses
- the distribution graph of publications was displayed;
- The vertices of the graph are arranged in chronological order in
according to the time scale, starting from the leftmost vertex of the vertex - the
primary source of information.

ToR for the MF R&D "Amezit-V" SPO PMS should provide an analysis of the emotional
coloring of information materials.
92
A.31.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). SPO ICP is
A.31.4 considered to have passed the tests according to clause A.31.3.1
programs and test methods and fulfilling clauses 3.2.3, 3.2.3.4 of the TOR for the
MF R&D, if:
- an emotional icon was displayed next to each publication,
for which the tonality of the text was assessed;
- hovering the mouse pointer over the emotion icon
a number was displayed indicating the tone of the publication in the range from -1 to
1;
- the emotional coloring icon is color-coded in
depending on the tonality value - from red (-1) to green (1). Neutral
coloration (0) is indicated in black.
of the TOR for the SC R&D "Amezit-V", the SPO PMS should ensure continuous
targeted search and selection of heterogeneous information in digital sources
of open access for a given thematic focus with the implementation of
geographical identification, its joint complex analysis on a geospatial basis.
A.32.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). Click the
A.32.3.2 menu icon at the top right of the page. Select "Themes"
A.32.3.3 from the drop-down menu. Will open
a page with a list of topics on which information is collected.
A.32.3.4 Click the Add button to create a new topic. The theme creation
window will open.
A.32.3.5 In the window that opens, enter:
- in the field "Name" - the name of the topic;
-in the "Keywords" field - a list of words or phrases, according to
which searches for publications;
93
- in the "Excluded words" field - a list of words or phrases, according to
which publications are excluded from the collection.
A.32.3.6Click on the "Save" button.
A.32.3.7Click on the icon at the top left of the page to
go to the start page. The start page will open, containing a list of topics
being monitored.
A.32.3.8 In the list of monitored topics, click on the created topic of
publications. A list of all collected publications on this topic will open.
A.32.3.9 Wait until notification of new collected publications arrives (5

to 30 minutes).
A.32.3.10 At the top of the page, click on the notifications icon to
expand the list of available notifications.
A.32.3.11 In the list of notifications, click on the notification with the text
“Found X new publications on topic Y”, where X is the number of new
publications, Y is the name of the topic.
A.32.3.12 Reload the page by pressing the F5 key on the keyboard. New
publications will appear in the list of publications.
A.32.3.13 On the page with the list of publications, click on the map icon.
A world map will open, where publications on this topic are marked with
markers.
A.32.4 The SPO PMS is considered to have passed the tests according to clauses
- on the start page, a new created topic was displayed;
- received a notification about the appearance of new publications on the created
topics;
- at the beginning of the list of publications, new publications were displayed by
selected topic;
- publications contain data about the region of publication, if
the ability to highlight it in the process of collecting or analyzing the text;
publications that have a publication region defined are displayed on
-
publication map.
94
of the ToR for the SC R&D "Amezit-V", the SPO PMS should provide visualization
of the generalized results of thematic selection of information from open
digital sources on a digital interactive model of the globe (GIS) with the
possibility of detailing materials of interest and their selection.
A.33.3.1 Repeat points A.32.3.1 to A.32.3.8 (Method No. 32). On the

A.33.3.2 page with the list of publications, click on the map icon.
A world map will open, where publications on this topic are marked with
markers.
A.33.3.3 At the top of the page, click on the search bar. The filter panel
will open.
A.33.3.4 On the filter panel, in the "Country" field, select the country of
publications "Russia" as the region of publication.
A.33.3.5 Close the filter panel by clicking on the "Close" button. The map
will display publications from Russia.
A.33.3.6 Click on the publication marker. The publication attributes will
be displayed: author, text, publication date, link to the source on the
Internet.
- publications on the selected topic were displayed on the map of publications
and by the selected filter;
- after clicking on the publication label, the attributes were displayed on the map
publications: author, text, date of publication, link to a source on the Internet.
ToR for the Amezit-V SC R&D, the ICP SSS should ensure the formation of
templates for processing open access digital sources indicating the regions in
which information must be collected.
N o t e . Open access digital source templates should consist of the
following regions:
95
- title of the article;
- the author of the article;
- article text;
- link to the source of the material;
- date of publication of the article;
- geodata for the article;

- article hashtags - a short title that identifies the topic
articles);
- media (photo, video, audio attached to the article);
article comments.
-

A.34.3.2 address bar, enter the address of the news site "Lenta.Ru":
www.lenta.ru The home page of this site will open.
A.34.3.3 On the home page of the Lenta.Ru news site, go to one of the
news articles. The page with the selected article will open.
A.34.3.4 At the top of the browser, click on the "Template Engine"
extension icon. The "Template Engine" extension window for creating or
editing a resource processing template will open.
A.34.3.5 Perform actions to edit the information processing template
in accordance with the document RU.VATS.00179-01 92 01 “Special software
for the Internet and media monitoring subsystem. User guide".
A.34.4 The PMS SPO is considered to have passed the tests according to
3.2.3, 3.2.3.7 of the TOR for the R&D MF, if no errors occurred during the template
editing.
ToR for the Amezit-V R&D SC, the IMS SSS should ensure the search, identification
based on key features and presentation of new information resources for analysis
to the operator to determine the need to collect information.
96

A.35.3.2 address bar, enter the address of the application server and click
on the "Enter" key. The address of the application server is specified after
installing and configuring the SPO PMS in accordance with the document
monitoring subsystem. System Programmer's Guide. The login page will
open.
operator3, password: password) and click on the "Login" button. A page
with a list of sources will open.
A.35.3.4 On the page with a list of sources, click on the "Search" button
sources."
A.35.3.5 In the "Text" field, enter the text for which the
search for new sources.
A.35.3.6 Click on the "Start search" button.
A.35.3.7 Wait until new sources appear in the list of sources (between
1 and 30 minutes). New sources will have no flag in the Active column.
A.35.3.8 At the new source in the Active column, click the radio button
to include it in the collection procedure.
A.35.3.9 Perform the procedure for setting up templates for this
source according to the document RU.VATS.00179-01 34 01 “Special
software for the Internet and media monitoring subsystem. Operator's
Manual".
A.35.3.10 In the address bar, enter the address of the application server
and press the "Enter" key. The address of the application server is specified
after installing and configuring the SPO PMS in accordance with the document
monitoring subsystem. System Programmer's Guide. The login page will open.

admin, password: password) and click on the “Login” button. The start page
with the topics being tracked will open. The description of the SPO PMS
interface is given in the document RU.VATS.00179-01 34 01 “Special
97
software for the Internet and mass media monitoring subsystem.
Operator's Manual".
A.35.3.12 On the filter panel, in the Source field, select a new
publication source.
A.35.3.13 Close the filter panel by clicking on the "Close" button. Posts
from the new source will be displayed.
N o t e . New publications will appear in the next collection cycle, it is
necessary to wait from 5 to 30 minutes to receive publications.
A.35.1 SPO PMS is considered to have passed the tests according to clause A.35.3.1-
A.35.3.13 of the test program and methodology and fulfilling clauses 3.2.3, 3.2.3.8 of
the TOR for MF R&D, if:
- there were no errors during the procedure for setting search parameters;
- a new data source has appeared in the list of sources;
- the Active column of the new source is missing a flag;
- publications from a new source appeared in the list of publications.

3.2.3.9 of the TOR for the SC R&D "Amezit-V" SPO PMS should provide
automated compilation of analytical reports on various events, objects and
persons in a given time interval according to time, address, regional
parameters and their sources.
A.36.2.1 The following reports shall be generated:
- publication report;
- a report with the chronology of the appearance of publications;
- event report;
- person report.
A.36.2.1.1 The publication report shall include the following data:
- topics of a sample of publications;

- the number of publications on the subject;
- sources of publications;
- the number of publications in each source;
- names of events mentioned in publications;
- the number of mentions of events by topic;
- the number of mentions of events in each source;
98
- names of persons mentioned in publications;
- the number of mentions of persons by topic;
- the number of mentions of persons in each source;
- titles of publications;
- texts of publications;
- publication dates;
- sources of publications;
- authors of publications;
tone of the publication;
-
- geographical location of publications.
requirements, it is necessary to perform the steps described below.
A.36.3.1 Repeat points A.28.3.1 to A.28.3.4 (Method No. 28). On

A.36.3.2 the filter panel select:
- in the field "Subject" - the subject of publications;
- in the "Author" field - the authors of publications;
- in the field "Source" - the source of publications;
- in the fields "Country", "Region" or "City" - the region of publications;
- in the field "Date from" - the starting date of selection of publications;
- in the field "Date to" - the end date of the selection of publications.
A.36.3.3 Close the filter panel by clicking on the "Close" button. The
filtered publications will be displayed in the list of publications.
A.36.3.4 At the top of the page, above the list of publications, click on the
print icon. The Export File for Printing window opens.
A.36.3.5 In the window that opens, perform the following actions:
- in the "File type" field, select the output type from the drop-down list
file;
- in the "Report by" field, select the type of report from the drop-down list;
A.36.3.6 Click on the "Export" button.
A.36.3.7 Save the resulting file.
A.36.4 SPO PMS is considered to have passed the tests according to clause A.36.3.1-
A.36.3.7 of the test program and methodology and fulfilling clauses 3.2.3, 3.2.3.9
of the TOR for MF R&D, if:
- the file is generated in the selected output file type;
- the file contains data generated according to the report type and
filtering parameters, as well as those specified in clause 3.2.19.9 of Addendum No. 1 to the TTZ.
99
the Amezit-V R&D center, the actions of the ICP SSS should not be defined as elements of
the infrastructure of state bodies.
A.37.3.1 Perform actions to check the anonymization of the actions of

collectors in accordance with the document RU.VATS.00179-01 32 01
“Special software for the Internet and media monitoring subsystem. System
Programmer's Guide.
A.37.4 SPO PMS is considered to have passed the tests according to clause A.37.3.1 of
the test program and methodology and fulfill clauses 3.2.3, 3.2.3.10 of the TOR for the R&D
MF, if:
- collectors have a connection only with anonymization services;
- anonymization services have different network access addresses.

OKR "Amezit-V" SPO PMS should provide the ability to
automated interaction with open source software of the linguistic support
subsystem.
A.38.3 To check the ICP SSW for compliance with the requirements,
you must perform the steps described below.
A.38.3.1 Repeat points A.28.3.1 to A.28.3.2 (Method No. 28). Click on

A.38.3.2 the search bar at the top of the page. Will open
filter panel.
A.38.3.3 In the filter panel, in the "Sources" field, select a social
the Twitter network.
A.38.3.4 Close the filter panel by clicking "Close". Listed

publications, publications from the social network Twitter will be displayed, the
publication texts of which will be displayed in Russian.
100
A.38.4 SPO ICP is considered to have passed the tests according to clauses
3.2.3.11 of the TOR on the R&D MF, if the texts of articles from the Twitter social
network were displayed in Russian.

ToR, the Amezit-V R&D SC should be equipped with the possibility of remote use of
the PMS SSW by territorially distributed elements of the Amezit HSC (through the
PPD subsystem) with access rights delimitation according to the role-based access
model that includes the following roles:
- administrator;
- operator-analyst;
- information collection operator.
A.39.2.1 The "Administrator" role of the must include the following
capability:
- ICP user management;
- management of all monitoring topics;
- monitoring and analytics of social networks and mass media on the Internet;
- management of information collection templates;
- management of information collection settings.
A.39.2.2 The Analyst Operator role shall include the following
capabilities:
- management of personal monitoring topics;
- monitoring and analytics of social networks and mass media on the Internet;
A.39.2.3 The Information Gathering Operator role shall include the following
capabilities:
- management of information collection templates;
- management of information collection settings.
A.39.3.1 Follow points A.28.3.1 to A.28.3.3 (Method No. 28). Perform

A.39.3.2 steps to create user operator1
(login: operator1, password: password, role: analyst operator), operator2 (login:
operator2, password: password, role: analyst operator) and operator2 (login:
101
operator2, password: password, role: collection operator) according to the
document RU.VATS.00179-01 32 01 “Special software for the Internet and
media monitoring subsystem. System Programmer's Guide.
A.39.3.3 At the top of the page, click on the menu icon. A.39.3.4 In the
menu, select the “Exit” item. The login page will open.

operator1, password: password) and click on the “Login” button. The start
page with the topics being tracked will open.
A.39.3.6 Click on the menu icon at the top of the page. Select
A.39.3.7 "Themes" from the menu. The page opens with
a list of topics on which information is collected.
A.39.3.8 Click the Add button to create a new topic. The theme creation
window will open.
in the "Keywords" field - a list of words or phrases, according to
-
- in the "Excluding words" field, a list of words or phrases, according to
A.39.3.10 Click on the "Save" button.
A.39.3.11 At the top of the page, click on the icon to go to the start
page. The start page with the topics being tracked will open.
A.39.3.12 At the top of the page, click on the menu icon. A.39.3.13 In
the menu, select the “Exit” item. The login page will open.

operator2, password: password) and click on the “Login” button. The start
page with the topics being tracked will open.
the menu, select the item "Themes". A page with a list of topics on
which information is being collected will open.
A.39.3.17 Click the Add button to create a new topic. The theme
creation window will open.
102
in the "Keywords" field - a list of words or phrases, according to
-
- in the "Excluding words" field - a list of words or phrases, according to
A.39.3.20 At the top of the page, click on the icon to go to the start
page. The start page with the topics being tracked will open.

operator3, password: password) and click on the "Login" button. Access will be
denied.
admin, password: password) and click on the "Login" button. The start page
with the topics being tracked opens.
the menu, select the “Exit” item. The authorization page will open
A.39.3.27 In the address bar, enter the address of the server containing
the settings of the collector, located on the information collection server, and
press the "Enter" key. The address of the server containing the collector
settings is specified after installing and configuring the SPO PMS in accordance
with the document RU.VATS.00179-01 32 01 “Special software for the Internet
and media monitoring subsystem. System Programmer's Guide.
operator3, password: password) and click on the "Login" button. A page with a
list of sources will open.

admin, password: password) and click on the "Login" button. A page with a
list of sources will open.
103
operator1, password: password) and click on the “Login” button. Access will be
denied.
list of monitored topics for the useroperator1 is different
-
from the list of monitored topics for user operator2;
- operatoroperator3 does not have access to the tracking interface
topics;
- operator1 and operator2 do not have access to configurators;
- administratoradmin sees the monitored topics operator1 and opera-
tor2;
- administratoradmin has access to collector settings. A.40
Practice No. 40
A.40.1 This method is used to check the SSW for compliance with the
OKR "Amezit-V" SPO POT should provide testing
telecommunications equipment at the distribution level and the core level for the
possibility of penetration by an external intruder and the possibility of installing
third-party expansion modules using the following approaches:
definition in the automated mode of network settings (IP address
-
subnet mask) when connected to a network segment for searching and
scanning telecommunications equipment and life support systems;
-automated search for telecommunications equipment and

life support systems;
- determination in the automated mode of open transport
ports on telecommunications equipment and life support systems;
- determination in the automated mode of data about the manufacturer,
device models and versions of the operating system of telecommunications
equipment and life support systems;
- selection of passwords according to the dictionary in an automated mode for services
administration of telecommunications equipment and life support systems
(with the ability to control the number and timeout of tasks);
104
- automated search for vulnerabilities for identified
software versions of telecommunications equipment and life support systems
according to the built-in database of vulnerabilities (in this case, a procedure for
updating the built-in database of vulnerabilities should be provided);
- installation of expansion modules in the form of command scripts when
having administrative access to manage the device.
Notes:
1. A solution must be provided to counteract
detection of password brute force attempts by information security systems
(including built-in ones).
2. The procedure for updating the vulnerability database should be
automated.
A.40.3 Verification is performed in accordance with paragraphs A.40.4-
A.40.14.1.
A.40.4 To check the determination of network settings in automated
mode (IP address, subnet mask) when connected to a network segment to
search and scan telecommunications equipment and life support systems, it
is necessary to check the possibility of determining network settings in
automated mode when connected to a network segment with DHCP-
enabled by following the steps below.
A.40.4.1 Assemble the stand in accordance with the scheme (see Figure
2). Launch the dhcp server, which is part of the test bench's switching
equipment, or on the DD-WRT node as a service with the address range
10.0.6.10-250 assigned.
A.40.4.2 Run SPO POT on ARM POT: " # pot ".
A.40.4.3 Select the menu item: "File" → "Connection manager".
A.40.4.4 In the Network Connection Methods dialog box, select
item "DHCP client" and click on the "Next" button.
A.40.4.5 In the dialog box that appears, click on the "Start" button and wait
for the value to appear in the "IP found" field.
A.40.4.6 In a separate console window, type the command: "#ifconfig".
A.40.4.7 In a separate console window, execute the command (specifying the IP address
DD-WRT node):
ping -c4 10.0.6.207
A.40.4.8 The check in accordance with paragraphs A.40.4-A.40.4.7 is

considered successful if:
105
values of network interface parameters displayed in the console,
-
match the values in the connection manager interface;
- receivedparameter values in the manager interface
connections correspond to the values of the IP address parameters specified in the scheme
of the stand;
- availability information was displayed in the AWP POT console window
node like this:
PING 10.0.6.207 (10.0.6.207) 56(84) bytes of data. 64 bytes from 10.0.6.207:
icmp_seq=1 ttl=255 time=17.9 ms 64 bytes from 10.0.6.207: icmp_seq=2
ttl=255 time=2.27 ms ms 64 bytes from 10.0.6.207: icmp_seq=4 ttl=255
time=1.19 ms
- - - 10.0.6.207 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/
mdev = 1.137/5.651/17.998/7.142 ms

mode (IP address, subnet mask) when connected to a network segment for
searching and scanning telecommunications equipment and life support
systems, it is necessary to check the possibility of determining network
settings in automated mode when connected to a network segment with
static settings by following the steps below.
A.40.5.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
Disable
A.40.5.2 service DHCP test contour (on
switching equipment or DD-WRT node).
A.40.5.3 On the ARM POT, run the SPO POT by executing in the console window ".
command: " # pot
item "Manually" and click on the "Next" button.
A.40.5.6 Select the value of the network interface "Interface" - "eth0".
A.40.5.7 Specify the values ip= "10.0.6.50", mask= "255.255.255.0",
Leave the MAC address unchanged.
A.40.5.8 Click on the "Connect" button.
A.40.5.9 In the AWP POT console window, type the command (indicating the IP address
DD-WRT host): " ping -c4 10.0.6.207 ".
A.40.5.10 Enable service DHCP test contour (on
switching equipment or DD-WRT node).
106
A.40.5.11 The check in accordance with clauses A.40.5.1-A.40.5.10 is
considered successful if the AWP POT console window displays information about
the availability of the DHCP server of the following form:
time=1.19 ms
- - - 10.0.6.207 ping statistics ---

mdev = 1.137/5.651/17.998/7.142 ms

mode (IP address, subnet mask) when connected to a network segment to
search and scan telecommunications equipment and life support systems, it
is necessary to check the possibility of determining network settings in
automated mode when connected to a network segment, following the
steps below.
2). Launch the dhcp server, which is part of the test bench's switching
equipment, or on the DD-WRT node as a service with the address range
10.0.6.10-250 assigned.
A.40.6.2 Run the SSW POT on the workstation POT by executing the command: “#pot” in the
console window.
"Automatically" and click on the "Next" button.
A.40.6.5 Select the value of the network interface "Interface" - "eth0".
A.40.6.6 Click on the "Search" button.
A.40.6.7 Wait for three values to be found (discovery process
will end automatically).
A.40.6.8 Select one of the found values and click the button
Next.
A.40.6.9 In the window that appears, leave the input fields unchanged and
click on the "Connect" button.
A.40.6.10 In a separate console window, execute the command (indicating the IP address
of the DD-WRT host): "ping -с4 10.0.6.207".
A.40.6.11 Checking in accordance with clauses A.40.6-A.40.6.10 is considered
successful if information about the availability of a node of the following form is
displayed in the console window of AWS POT:
107
time=1.19 ms
- - - 10.0.6.207 ping statistics ---

mdev = 1.137/5.651/17.998/7.142 ms
A.40.7 To test the possibility of automated search for

telecommunications equipment and life support systems, the following
steps should be performed, described below.
A.40.7.1 Assemble the stand in accordance with the diagram (see Figure
2).
A.40.7.2 Run the APCS test traffic generation utility: “#./test/
trafficGenerator” on a separate terminal from the SSW SSW distribution
directory in a separate terminal.
console window.
Press the "Run" button on the control panel.
A.40.7.4
In the dialog box that appears, the "Scan group name" field
A.40.7.5
leave unchanged, set the scanning mode "Scan type" to the "Active" mode.
A.40.7.6 Select the network interface "Network interface" -

A.40.7.7 "eth0". Select "Common".
A.40.7.8 Set "Risk level: Low".
A.40.7.9 Specify the value "Subnet": specify the network IP address in
accordance with the scheme of the stand for the network segment to which the
connection is made.
A.40.7.10 Press the "Start" button and wait for the message about the
completion of the scan.
A.40.7.11 Switch between elements in the formed tree of nodes.
A.40.7.12 A check in accordance with clauses A.40.7-A.40.7.11 is

considered successful if it is possible to switch between elements of the
node tree and view the following information:
- list of node tree elements;
- list of found vulnerabilities;
- operating system version;
- list of discovered services.
108
A.40.8 To check the possibility of determining in an automated mode
open transport ports on telecommunications equipment and life support
systems, the following steps should be performed, described below.
2).
A.40.8.2 Run the APCS test traffic generation utility in a separate terminal
from the SSW SSW distribution directory in a separate terminal by executing
the command: “#./test/trafficGenerator”.
console window.
A.40.8.4Press the "Run" button on the control panel.
A.40.8.5In the dialog box that appears, the "Scan group name" field

A.40.8.8 Set "Risk level: Low".
connection is made.
A.40.8.11 Select "DVL" in the generated list of nodes. A.40.8.12 In the
drop-down list of ports, select several items in sequence.

considered successful if information about the selected ports is displayed in
the interface.
A.40.9 To check the possibility of determining in an automated mode
information about the manufacturer, device model and version of the
operating system of telecommunications equipment and life support systems,
you must perform the following steps, described below.
А.40.9.1 Run the APCS test traffic generation utility in a separate terminal
from the SSW SS distribution directory in a separate terminal by executing the
command: “#./test/trafficGenerator”.
console window.
109
Press the "Run" button on the control panel.
A.40.9.3
In the dialog box that appears, the "Scan group name" field
A.40.9.4

A.40.9.7 Set "Risk level".
connection is made.
A.40.9.10 In the formed tree of nodes, switch between elements. Make
sure that it is possible to view information about the elements of the node
tree. Note: the presence of an icon in the form of a "gear" - the node
belongs to the class of industrial process control systems.
A.40.9.11 Select a number of arbitrary nodes of different types.

considered successful if the interface displays information about the
manufacturer, device model and operating system version when selecting
the found network nodes.
A.40.10 To check the possibility of selecting passwords using a
dictionary in an automated mode for administration services of
telecommunications equipment and life support systems (with the ability to
control the number and timeout of tasks, including by selecting these
parameters from the list of recommended values for certain categories of
devices), you must perform the following actions described below.
A.40.10.1 First open the file ./pot/etc/500-worst-passwords.txt and add

the line "admin" in an arbitrary place. Run a ssh server on port 22 on the
DD-WRT host (sudo service sshd restart) with the root:admin user/password
added.
2).
A.40.10.3 On the workstation POT, launch the PSS POT by executing the command: “#pot” in
the console window.
A.40.10.4 On the control panel, press the "Run" button.
110
A.40.10.5 In the dialog box that opens, leave the "Scan group name"
field unchanged, set the "Scan type" scanning mode to "Active".

"eth0". A.40.10.7 Select "Common".
A.40.10.8 Set "Risk level: Medium".
A.40.10.9 Specify "Subnet": Specify the network IP address according to the
scheme of the stand for the network segment to which the connection is made.
A.40.10.11 Select the "DD-WRT" node.
A.40.10.12Right-click on the name of this service and select the
"Password brute-force" item in the context menu.
A.40.10.13In the dialog box that opens, set the following parameters:
- "Host": 10.0.6.207; (specify the IP address of the DD-WRT host)

- "Port": 22;
- "service": ssh;
- "Login": root;
- "Password" (choose below From file): specify ./pot/etc/500-worst-pass-
words.txt;
A.40.10.14 Leave the rest of the fields unchanged and click on the “Start”
button.
A.40.10.15 The verification in accordance with clauses A.40.10.1-
A.40.10.14 is considered successful if a window appears containing the alert
"Found a password for service ssh!".
A.40.11 To check the absence of the possibility of detecting password
brute-force attempts by modern information security systems (including built-
in ones), it is necessary to perform the following actions described below.
A.40.11.1 Go to the Bruteforce detector node in accordance with the
bench layout (see Figure 2). Copy the archive of the Brute Force Detection
utility from the "distrib/test" directory to your home directory: "/usr/local/src".
A.40.11.2 Unzip the program "tar -xzvf bfd-*.tar.gz".
A.40.11.3 Go to the directory with the program "cd bfd-*".
A.40.11.4 Install "./install.sh".
A.40.11.5 Install the SSH server: "sudo apt-get install ssh". A.40.11.6
Add the line "PermitRootLogin yes" to the "/etc/ssh/sshd_config" file
and save.
111
A.40.11.7 Set the password for the user "root:toor" by executing the
command: "passwd root".
A.40.11.8 Run the command: "sudo service sshd restart".
A.40.11.9 Run the "bfd -s" command and add the task to cron with a
check interval of 1 minute.
A.40.11.10 On the POT workstation, start the PSS POT by executing the
command: “#pot”. A.40.11.11 Press the "Run" button (gray triangle in the
control panel).
A.40.11.12 In the dialog box that appears, leave the “Scan group
name” field unchanged, set the “Scan type” scanning mode to “Active”.
A.40.11.13 Select the network interface "Network interface" - "eth0".

A.40.11.14 Select the "Common" item (typical scanning mode).
A.40.11.15 Set "Risk level: Medium".
A.40.11.16 Specify "Subnet": 10.0.6.206 (specify the IP address of the DVL node).
А.40.11.18Select node 10.0.6.31 (specify the IP address of the Bruteforce detector
node) and select the ssh/22 service in the list of ports.
A.40.11.19 Right-click on the name of this service and select the
"Password brute-force" item in the context menu.
A.40.11.20In the dialog box that appears, set the following
parameters:
- Host: 10.0.6.31 (specify the IP address of the Bruteforce detector host);
- Port: 22;
- Service: ssh
- login:root;
- Password (choose below From file): specify "./pot/etc/500-worst-pass-
words.txt".
A.40.11.21 Set the "Wait time" parameter to "2". A.40.11.22 Leave the
rest of the fields unchanged and click on the “Start” button.
A.40.11.23 Wait for the alert window “Found a password for service ssh!”
to appear.
A.40.11.24 Go to the Bruteforce detector node.
A.40.11.25 Run the command: "bfd -a".
A.40.11.26 The verification in accordance with paragraphs A.40.11.1-
A.40.11.25 is considered successful if:
112
- the message "Found a password for service ssh!";
- when choosing "Authentication" for the Bruteforce detector node
the value of this password is displayed";
- the command will give the following content (list of attacking nodes
will be empty):
Brute Force Detection v1.5-2 < bfd@r-fx.org > (C)
1999-2014, R-fx Networks < proj@r-fx.org >
(C) 2014, Ryan MacDonald < ryan@r-fx.org >
This program may be freely redistributed under the terms of the GNU GPL [+] Top 25 brute
force attackers today
# TRIGS IP FIRST_SEEN LAST_SEEN RULES [+] Top 25
brute force attackers this week
# TRIGS IP FIRST_SEEN LAST_SEEN RULES
A.40.12 To check the possibility of automated search for vulnerabilities

for the identified version of the software of telecommunications equipment
and life support systems using the built-in database of vulnerabilities (in this
case, the procedure for updating the built-in database of vulnerabilities
should be provided), you must perform the following actions described
below.
A.40.12.1 Assemble the stand in accordance with the diagram (see figure Figure
2).
A.40.12.2 Prepare the vulnerability database update file allitems-
cvrfyear-2018.xml in accordance with the operational documentation for the SSW.
A.40.12.3 Update the database of vulnerabilities from the allitemscvrf-
year-2018.xml file in accordance with the operational documentation for the
SSW.
A.40.12.4 On the workstation POT, launch the PSS POT by executing the command: “#pot” in
the console window.
A.40.12.5 Select the menu item "File" → "Vulnerability database search".
A.40.12.6 Enter the keyword "Windows" and click on the button in the form
of a magnifying glass.
A.40.12.7 The verification in accordance with clauses A.40.12.1-A.40.12.6 is
considered successful if the results of the vulnerability database search are
displayed in the interface.
A.40.13 To check the ability to update the built-in vulnerability
database, follow the steps described below.
2).
A.40.13.2 Prepare the vulnerability database update file allitems-
cvrfyear-2018.xml in accordance with the operational documentation for the SSW.
113
А.40.13.3 Reinstall the database (for the purposes of cleaning) on the workstation
POTS by executing the command: “./install.sh”.
A.40.13.4 On the workstation POT, launch the PSS POT by executing the command: "#pot" in
the console window.
of a magnifying glass. Make sure there are no search results.
A.40.13.7 Select the menu item “File” → “Vulnerability database update”.
A.40.13.8 Select the "From file" item and click on the "Update" button.
A.40.13.9 In the dialog box, select the allitems-cvrf-year-2018.xml file.
A.40.13.10 Wait for the update process to complete.
of a magnifying glass. Make sure you have search results.
- there are no search results for the keyword in point A.40.13.6;
- there are search results for the keyword in the paragraph
A.40.13.12.
A.40.14 To check the installation of add-on modules in the form of
command scripts with administrative access to device management, follow
the steps described below.
A.40.14.1 Execute command scenarios By violation
functioning of network devices manufactured by Cisco, Juniper and Huawei
in accordance with the document RU.VATS.00180 -01 31 01 “Special software
for the analysis subsystem of information and technical objects of
telecommunication systems. Description of the application" Appendix 1.
A.40.14.2 The verification in accordance with clauses A.40.14-A.40.14.1 is

considered successful if the installation of add-on modules occurred during the
execution of command scripts.
A.40.15 SPO POT is considered to have passed the tests according to paragraphs
A.40.4-A.40.14.2 of the test program and methodology and fulfilling paragraphs 3.2.4,
3.2.4.1 of the TOR on the Amezit-V R&D center, if the checks of paragraphs A are
successfully completed. 40.4.8, A.40.5.11, A.40.6.11, A.40.7.12, A.40.8.13, A.40.9.12,
A.40.10.15, A.40.11.26, A.40.12. 7, A.40.13.13, A.40.14.2.
114
3.2.4.2 of the ToR for the Amezit-V SC R&D, the SSW should ensure load and
functional testing aimed at blocking the operation of telecommunications
equipment, with the following requirements:
- generate specific corporate or
operator networks of a combination of traffic at a speed of at least 40 Gbit / s;
- provide connectivity to the network by technologyethernet
and Fiber Optic;
- provide the ability to download sample network traffic for
using it as a test load;
- provide the ability to modify recorded trafficDoS-
attacks to organize the redirection of this traffic to the tested node.
A.41.3 Verification is performed in accordance with paragraphs A.41.4 to
A.41.8.13.
A.41.4 To test the possibility of generating traffic combinations specific
to specific corporate or operator networks at a speed of at least 40 Gbit/s,
the following steps should be performed, described below.
2).
A.41.4.2 Run SPO POT on ARM POT by executing in the console window
command: "#pot".
A.41.4.3 Select the traffic generation control menu item “File” →
“Traffic generator”.
A.41.4.4 In the field "Source: IP range" enter the value: 8.8.8.1 / 8.8.8.255. In
A.41.4.5 the field "Destination: IP range" enter the value: 10.0.6.1 /
10.0.6.255.
A.41.4.6 Press the "Start" button.
A.41.4.7 The verification in accordance with paragraphs A.41.4.1 to
- on the panel "Packets" it is possible to view the packages
generated traffic;
- on the panel "Statistics” displays the statistics of the current session;
115
- packet generation speed in the statistics panel (line "gb/s :")
is at least 39 (taking into account the effective bandwidth of the channel).
A.41.5 To test Ethernet connectivity, perform the following steps as

described below.
2).
A.41.5.2 Connect APK SCAT "Traffic Generator" and
ARM POT to the switch, using an Ethernet cable. Connection of HSC SKAT
"Traffic Generator" should be performed in accordance with the operational
documentation for this HSC.
console window.
A.41.5.5 In accordance with the software documentation for the SCAT
“Traffic Generator” HSC, connect via ssh protocol to the “Traffic Generator”
HSC SCAT from AWS POT.
A.41.5.6 Execute the ping command, specifying the destination address - the IP
address of the DVL node assigned in accordance with the bench configuration.
- in the console of APK SCAT Traffic Generator, information about
availability of the DVL node;
-in the SPO POT, an interface for managing traffic generation was
displayed. A.41.6 To test connectivity to a Fiber Optic network, follow
the steps below.
2).
A.41.6.2Connect APK SCAT "Traffic Generator" and
ARM POT to the switch using an SFP module and a fiber optic cable.
Connection of HSC SKAT "Traffic Generator" should be performed in
accordance with the operational documentation for this HSC. Connect AWP
POT using a media converter.
A.41.6.3 Run the SSW POT on the workstation POT by executing the command: "#pot" in the
console window.
116
A.41.6.5 In accordance with the software documentation for the SCAT
“Traffic Generator” HSC, connect via ssh protocol to the “Traffic Generator”
HSC SCAT from AWS POT.
A.41.6.6 Execute the ping command, specifying the destination address - the IP
address of the DVL node assigned in accordance with the bench configuration.
- in the console of APK SCAT Traffic Generator, information about
availability of the DVL node;
in the SPO POT, an interface for managing traffic generation was
-
displayed. A.41.7 To test the ability to download network traffic
samples for use as a test load, you must perform the following steps,
described below.
2).
command: "#pot". In the program settings, specify the parameters for connecting to
the APK "SKAT. Traffic Generator" in accordance with the stand specification.
A.41.7.3 Select the menu item for uploading network traffic samples “File”
→ “Upload traffic”.
A.41.7.4 In the dialog box, select (by clicking "...") the test pcap file
provided with the SCAT. Traffic Generator.
A.41.7.5 Click on the "Upload" button and wait for the process to complete
downloads.
A.41.7.6 Close dialog box.
A.41.7.7 Select the traffic generation control menu item "File-
> traffic generator.
A.41.7.8 Click on the "Load pcap dump from file" button. Select the
A.41.7.9 pcap file loaded into the device's memory.
- in the panel "Packets” displays the packets of generated traffic;
- in the panel "Statistics" displays statistics for the current session. A.41.8
To check the possibility of modifying the recorded traffic of a DoS attack in
order to organize the redirection of this traffic to the node under test, you must
perform the following steps, described below.
117
2).
command: "#pot". In the program settings, specify the parameters for connecting to
the APK "SKAT. Traffic Generator" in accordance with the stand specification.
A.41.8.3 Select the menu item for uploading network traffic samples “File”
→ “Upload traffic”.
A.41.8.4 In the dialog box, select (by clicking “...”) the test pcap file
provided with the APK “SKAT. Traffic Generator.
A.41.8.5 Click on the "Upload" button and wait for the process to complete
downloads.
A.41.8.6 Close dialog box.
traffic generator.
A.41.8.8 Click on the "Load pcap dump from file" button. Select the
A.41.8.9 pcap file loaded into the device's memory.
A.41.8.10 In the field "Source: IP range" enter: 8.8.8.1 / 8.8.8.255.
A.41.8.11 In the "Destination: IP range" field enter: 10.0.6.1 / 10.0.6.255.
- in the panel "Packets” displays the packets of generated traffic;
- in the panel "Statistics" displays statistics for the current session. A.41.9 SPO
POT is considered to have passed the tests according to clauses A.41.4-A.41.8.13 of
the test program and procedure and fulfill clauses 3.2.4, 3.2.4.2 of the TOR for the R&D
MF, if the checks of clauses A.41.4.7 are successfully completed, A.41.5.7, A.41.6.7,
A.41.7.11, A.41.8.13.

the ToR, a stand for monitoring information and technical objects of life
support systems with the ability to visualize the mechanisms for conducting
impacts, consisting of:
- launch complexNo. 1 - control stand of the railway automated process control system.
- launch complexNo. 2 - stand for control of automated process control systems
life support of the settlement and production.
118
Notes:
1. Stands should provide a visual display on models in
scale not less than 1:70 and 1:87 (stand No. 1 and stand No. 2, respectively)
features of automation in subject areas.
2. The composition of the stands should include typical for the simulated spheres
sensors, actuators, typical technological processes should be modeled.
3. Stands should provide simulation of attacks like ARP-

spoofing, leading to violations of the simulated technological processes.
4. Violation of the simulated technological processes should

be accompanied by visual changes in the operation of mock-ups (activation
of light alarms, collision of objects, emission of smoke, etc.).
A.42.3 Verification is carried out in accordance with paragraphs A.42.4 to
A.42.10.4.
A.42.4 To check the launch complex No. 1 for providing a visual display
on models on a scale of at least 1:70 and 1:87 (stand No. 1 and stand No. 2,
respectively), the features of automation in subject areas, you must perform
the actions described below.
2).
A.42.4.2 Run the ProgS_PLC program on the workstation of the APCS operator in
in accordance with RU.VATS.00180-01 92 02 “Special software for the
analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 1. Control stand of the
railway automated process control system. User guide".
A.42.4.3 In accordance with RU.VATS.00180-01 92 02 “Special software
railway automated process control system. User Guide" in the user interface
to perform process control:
- change the speed of trains on different sections of the railway
roads;
- check the indication of the state of infrastructure facilities;
- lower barriers when approaching trains;
- check the operation of lighting in houses and on the street;
- check CHP operation indication.
119
A.42.4.4 Checking in accordance with paragraphs A.42.4-A.42.4.3 is
considered successful if, as a result of process control in the user interface
of launch complex No. 1, features of automation in subject areas are
displayed on a scale of at least 1:70 and 1:87.
A.42.4.5 To check the start-up complex No. 2 to ensure a visual display

on models on a scale of at least 1:70 and 1:87 (stand No. 1 and stand No. 2,
respectively), the features of automation in subject areas, you must perform
the actions described below.
2).
A.42.4.7 Run the ProgS_PLC program on the workstation of the APCS operator in
in accordance with RU.VATS.00180-01 92 03 “Special software for the
analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement
and production. User guide".
and production. User Guide" in the user interface to perform process
control:
- to simulate the flow of oil products through the pipeline,
by pumping a dark liquid;
- check the indication of the level of liquids in the tanks;
- check the indication of the operation of the pump unit by turning
blades;
- check status indication (on/off).
A.42.4.9 Checking in accordance with paragraphs A.42.4.5-A.42.4.8 is
considered successful if, as a result of process control in the user interface
of launch complex No. 2, automation features in subject areas are displayed
on a scale of at least 1: 70 and 1:87.
A.42.5 To check the composition and operation of the launch complex No. 1, it is
necessary to perform the actions described below.
2).
120
A.42.5.2 Comparison of the composition of the stand with the
composition of the stand declared in RU.VATS.00180-01 92 02 “Special
software for the analysis subsystem of information and technical objects of
considered successful if the composition of the stand corresponds to the
composition of the stand declared in RU.VATS.00180-01 92 02 objects of
railway automated process control system. User guide". The stand includes
sensors and actuators typical for the simulated spheres.
A.42.5.4 Run the ProgS_PLC program on the workstation of the APCS

operator in accordance with RU.VATS.00180-01 92 02 “Special software for
the analysis subsystem of information and technical objects of
telecommunication systems. Launch Complex No. 1. Stand for control of the
to perform process control:
- change the speed of trains on different sections of the railway
roads;
- check the indication of the state of infrastructure facilities;
- lower barriers when approaching trains;
- check the operation of lighting in houses and on the street;
- check CHP operation indication.
A.42.5.5 is considered successful if the simulation of typical technological
processes is performed.
A.42.6 To check the composition and operation of the launch complex No. 2, it is
necessary to perform the actions described below.
2).
A.42.6.2 Perform a comparison of the composition of the stand with the composition of the stand,
declared in RU.VATS.00180-01 92 03 "Special software for the analysis

subsystem of information and technical objects
121
telecommunication systems. Start-up complex No. 2. Stand for control of automated
process control systems for life support systems of a settlement and production. User
guide".
considered successful if the composition of the stand corresponds to the
composition of the stand declared in RU.VATS.00180-01 92 03 “Special
software for the information analysis subsystem technical objects of
and production. User guide". The stand includes sensors and actuators
typical for the simulated spheres.
A.42.6.4 Run the ProgS_PLC program on the workstation of the APCS
operator in accordance with RU.VATS.00180-01 92 03 “Special software for the
analysis subsystem of information and technical objects of telecommunication
systems. Start-up complex No. 2. Stand for control of automated process
control systems for life support systems of a settlement and production. User
guide".
and production. User Guide" in the user interface to perform process
control:
- to simulate the flow of oil products through the pipeline,
by pumping a dark liquid;
- check the indication of the level of liquids in the tanks;
- check the indication of the operation of the pump unit by turning
blades;
- check status indication (on/off).
A.42.6.5 is considered successful if the simulation of typical technological
processes is performed.
A.42.7 In order to check the launch complex No. 1 for the simulation of
ARP-spoofing attacks that lead to violations of the simulated technological
processes, it is necessary to perform the actions described below.
2).
122
A.42.7.2 On the attacker's workstation, from the Scripts-S folder in the
console, run a set of scripts in accordance with RU.VATS.00180-01 92 02
“Special software for the analysis subsystem of information and technical
objects of telecommunication systems. Start-up complex No. 1. Control
stand of the railway automated process control system. User guide".
railway automated process control system. User Guide" to simulate attacks
such as ARP-spoofing, leading to violations of the simulated technological
processes:
- typical malicious information impact on the network
stand infrastructure;
- complex harmful information impact aimed at
to change the parameters of the technological process at the stand using
special software.
A.42.7.4 The verification in accordance with paragraphs A.42.7-A.42.7.3 is
considered successful if, as a result of modeling attacks of the ARPspoofing
type at launch complex No. 1, a violation of the simulation of technological
processes occurred.
A.42.8 To check the launch complex No. 2 for the simulation of ARP-
spoofing attacks that lead to violations of the simulated technological
processes, it is necessary to perform the actions described below.
2).
A.42.8.2 On the attacker's workstation from the Scripts-E folder in the console
run a set of scripts in accordance with RU.VATS.00180-01 92 03 “Special
and production. User guide".
and production. User Guide" to simulate ARP-type attacks
123
spoofing, leading to violations of the simulated technological processes:
- typical malicious information impact on the network

stand infrastructure;
- complex harmful information impact aimed at
to change the parameters of the technological process at the stand using
special software.
A.42.8.4 The check in accordance with paragraphs A.42.8-A.42.8.3 is
considered successful if, as a result of modeling attacks of the ARPspoofing
type, a violation of the simulation of technological processes occurred at the
launch complex No. 2.
A.42.9 To check the implementation of emergency situations at the launch
complex No. 1, it is necessary to perform the actions described below.
2).
A.42.9.2 On the attacker's workstation, run the program "Check
implementation of the program" in accordance with RU.VATS.00180-01 92
02 "Special software for the analysis subsystem of information and technical
objects of telecommunication systems. Start-up complex No. 1. Control
stand of the railway automated process control system. User guide".
to simulate emergency situations:
- unauthorized transfer of arrows;
- collision of trains;
- accidents at the entrance to the depot and on the marshalling yard;
- loss of control over train speed;
- failure of the CHPP and, as a result, de-energization of all facilities at
stand;
- barrier malfunctions.
considered successful if, as a result of their implementation, the violation of
the simulated technological processes is accompanied by visual changes in
the operation of the mock-up (activation of a light alarm, collision of objects,
smoke emission, etc.). .P.).
124
A.42.10 To check the implementation of emergency situations at the launch
complex No. 2, it is necessary to perform the actions described below.
A.42.10.1 Assemble the test bench in accordance with the diagram in Figure
2. A.42.10.2 On the attacker’s workstation, launch the program “Checking
the implementation of the program” in accordance with RU.VATS.00180-01 92 03
“Special software for the information analysis subsystem - technical objects of
automated process control systems for life support systems of a settlement and
production. User guide".
A.42.10.3 In accordance with RU.VATS.00180-01 92 03 “Special
and production. User Guide" in the user interface to simulate emergency
situations:
- unauthorized closing of valves;
- unauthorized stop of the pump unit;
- overflow of tanks;
- spills of raw materials on the surface of the layout;
- cavitation on the pump unit, accompanied by vibration of the pump
unit;
- overheating of the pump unit, accompanied by smoke of the unit;
- smoke from the oil heating station in case of exceeding the operating
temperatures.
considered successful if, as a result of their implementation, the violation of
the simulated technological processes is accompanied by visual changes in
the operation of the mock-up (activation of a light alarm, collision of objects,
smoke emission, etc.). .P.).
A.42.11 The SPO POT is considered to have passed the tests according to clauses
A.42.4-A.42.10.4 of the test program and procedure and fulfill clauses 3.2.4, 3.2.4.3 of the
- a stand for monitoring information and technical objects of systems was created
life support with the ability to visualize the mechanisms of impacts in the
composition of:
- launch complexNo. 1 - control stand of the railway automated control system
TP;
125
- launch complexNo. 2 - stand for control of automated process control systems
life support of the settlement and production;
- successfully completed checks of points A.42.4.4, A.42.4.9, A.42.5.3,
A.42.5.6, A.42.6.3, A.42.6.6, A.42.7.4, A.42.8.4, A.42.9.4, A.42.10.4.
requirements of clause 3.2.4.4 of the TOR for the Amezit-V R&D center.
A.43.2 In accordance with the requirements of clauses 3.2.4, 3.2.4.4 of the ToR, a
set of methods for reverse engineering of embedded software (HPE) should be
developed at the Amezit-V R&D center, consisting of:
- a technique for restoring the circuitry features of key
nodes;
- methodology for determining the presence of debugging interfaces;
- method for obtaining an image of control malware through software analysis
updating (if present) and reading the ROM using the programmer;
- methods for restoring the storage structure of malware;
- methodology for determining the basic system of commands, the location of modules
VPO in the address space of the microprocessor;
techniqueconducting research (reverse) of HPE modules
-
(static analysis), determination of key algorithms for the interaction of
components and modules;
- a technique for determining and restoring the algorithms responsible for
network interaction and firmware update;
- methodology for analyzing and describing the possibilities of technological
protocols;
- methodology for analyzing the mechanisms used to protect malware from
unauthorized update
- methodology for modifying malware in order to check the possibility of introducing
changes;
- techniquehighlighting key components (controllers,
processors, memory) using a sample Cisco device as an example;
- algorithm for establishing relationships between key components
on the example of a sample Cisco device;
determination algorithmJTAG interface (on the example of a sample
-
Cisco devices;
- determination algorithmUART interface (on the example of a sample
Cisco devices);
126
- analysis of the control key components of the target system on
the presence of internal memory;
algorithm for extracting malware from internal memory (if any) on
-
sample Cisco device;
- description of the features of obtaining an image of a control malware from a ROM with
with the help of a programmer
- analysis of update software on the example of a sample deviceCisco;
- restoration of the malware storage structure;
- development of a methodology for determining the basic system of commands for
characteristic hardware platforms of the Cisco device;
- analysis of the location of malware modules in the address space
microprocessor and development of an algorithm for identifying malware modules on the
example of a sample Cisco device.
A.43.3 Verification is performed in accordance with paragraphs A.1.1-A.1.3.3 of Methodology No.
Methodology No. 1.
A.43.4 The SPO FOT is considered to have passed the tests in accordance with clause A.43.3
of the program and test procedure and fulfill clause 3.2.4.4 of the TOR for the SC R&D, if a
collection of embedded software reverse engineering techniques (HPE) has been developed,
consisting of:
- a technique for restoring the circuitry features of key
nodes;
- methodology for determining the presence of debugging interfaces;
- method for obtaining an image of control malware through software analysis
updating (if present) and reading the ROM using the programmer;
- methods for restoring the storage structure of malware;
- methodology for determining the basic system of commands, the location of modules
VPO in the address space of the microprocessor;
techniqueconducting research (reverse) of HPE modules
-
(static analysis), determination of key algorithms for the interaction of
components and modules;
- a technique for determining and restoring the algorithms responsible for
network interaction and firmware update;
- methodology for analyzing and describing the possibilities of technological
protocols;
- methodology for analyzing the mechanisms used to protect malware from
unauthorized update
- methodology for modifying malware in order to check the possibility of introducing
changes;
127
- techniquehighlighting key components (controllers,
processors, memory) using a sample Cisco device as an example;
- algorithm for establishing relationships between key components
on the example of a sample Cisco device;
-determination algorithmJTAG interface (on the example of a sample
Cisco devices;
- determination algorithmUART interface (on the example of a sample
Cisco devices);
- analysis of the control key components of the target system on
the presence of internal memory;
algorithm for extracting malware from internal memory (if any) on
-
sample Cisco device;
- description of the features of obtaining an image of a control malware from a ROM with
with the help of a programmer
- analysis of update software on the example of a sample deviceCisco;
- restoration of the malware storage structure;
- development of a methodology for determining the basic command system for
characteristic hardware platforms of the Cisco device;
- analysis of the location of malware modules in the address space
microprocessor and development of an algorithm for identifying malware modules on the
example of a sample Cisco device.

A.44.1 This method is used to check the PPA software for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.1 on the Amezit-V R&D center.
A.44.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.1 of the ToR for the MF
R&D "Amezit-V", the PPA SSW should provide an analysis of the connections of the technical
means of an autonomous segment of the data transmission network and the collection of
information.
A.44.3 To check the PPA SSW for compliance with the requirements,
5).
A.44.3.2 Connect the traffic generator (HSC SCAT) to the test bench.
up the test bench is given in the document
128
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.44.3.3 Run a traffic generator that provides stable traffic passing
through the PPA traffic pickup software from node 10.10.10.15 using the ftp
protocol. The procedure for launching and configuring the traffic generator
subsystem of primary information analysis. System Programmer's Guide.
A.44.3.4 Log in to the operator interface of the PPA traffic acquisition

software and go to the traffic collection rules setting section. The procedure
subsystem of primary information analysis. Operator's Manual".
A.44.3.5 Enter the traffic collection rules in the operator interface of

the PPA traffic collection software (for IP address 10.10.10.15 and ftp
protocol). The procedure is given in the document RU.BATC.00181-01 34 01
“Special software for the subsystem of primary information analysis.
Operator's Manual".
A.44.3.6 Log in to the operator interface of the PPA traffic analysis
software and go to the section for viewing connection statistics. The
procedure is given in the document RU.BATC.00181-01 34 01 “Special
software for the subsystem of primary information analysis. Operator's
Manual".
A.44.3.7 View connection statistics and make sure that traffic is
collected that complies with the rules specified in the PPA traffic pickup SSW
and analyzes connections of technical means of an autonomous data
network segment. The procedure is given in the document
information analysis. Operator's Manual".
A.44.4 The PPA SSS is considered to have passed the tests according to clauses
A.44.3.1-A.44.3.7 of the test program and methodology and fulfills clauses 3.2.5, 3.2.5.1 of
the TOR on the MF R&D, if the user, using the PPA traffic analysis software, can see the
connections of the host with the IP address 10.10.10.15 using the ftp protocol.

A.45.1 This method is used to check the PPA software for compliance with
the requirements of clauses 3.2.5, 3.2.5.2 on the Amezit-V R&D center.
129
the ToR for the Amezit-V R&D SC, the PPA must ensure the organization of
intermediate control nodes in order to gain access to information
transmitted using protocols such as IPSEC.
5).
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.45.3.3 Run a traffic generator that provides stable traffic via the
IPSEC protocol passing through the PPA traffic pickup software (traffic
simulates entering a resource with password and address information:
"user300" and "password300"). The procedure for launching and
configuring the traffic generator is given in the document
A.45.3.4 Connect the PPA traffic pickup software (as an intermediate
control node) to the test stand. The procedure for setting up the test bench
A.45.3.5 Log in to the operator interface of the PPA traffic pickup

software and specify the need to save traffic using the IPSEC protocol. The
Manual".
A.45.3.6 Log in to the PPA traffic pickup SSW running on the
intermediate node, go to the directory containing the extracted password
and address information. Instructions for viewing the extracted password
and address information are given in the document RU.BATC.00181-01 34
01 “Special software for the primary information analysis subsystem.
Operator's Manual".
130
A.45.3.7 Review files, containing password-address
information. Make sure that traffic is routed through the intermediate
control node, which provides access to information transmitted using
protocols such as IPSEC.
software and go to the saved traffic viewing section. The procedure is given
in the document RU.BATC.00181-01 34 01 “Special software for the
A.45.3.9 View the contents of files containing saved traffic. Verify that
traffic containing the IPSEC protocol is collected and saved for analysis as
"pcap" files. The procedure for viewing the contents of files is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. User guide".
A.45.4 SPO PPA is considered to have passed the tests according to clauses
3.2.5.2 of the TOR for the R&D SC, if the operator, by organizing an intermediate
control unit, extracts the password -address information: "user300" and
"password300".
ToR for the Amezit-V R&D MF, the PPA SSW must provide automatic recognition
and selection of files.
Notes:
1. List of file types to be recognized and selected:
HTML, GIF, JPEG, PNG, PDF, AVI, MPEG, DOC (DOCX), XLS (XLSX), PPT (PPTX),
PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3, WAV, BMP, CDR, RTF , CSV, MPP, PST,
XHTML, MHT, SXW, SXC, SXI, SXD, SXM, ODS, ODP, ODG, ODF, MDF, DBF, DB,
MYD, DBQUERY, VSD.
2. List of protocols to be recognized and analyzed: FTP,
HTTP, POP/POP3, IMAP, SMTP, SNMP, TELNET, Web-mail, SIP, H323, SKYPE,
SSH, protocols for transferring electronic messages between users
(including the InstantMessaging protocol), including messages sent via
social networking services.
131
3. Measures must be taken to prevent
use of cryptographically protected versions of the specified protocols.
5).
A.46.3.2 Connect the traffic generator (APK SCAT) to the test bench.
Programmer's Guide.
A.46.3.3 Run a traffic generator that generates traffic that transfers
files. The list of transferred files is given in the appendix of the document
A.46.3.4 Set up file transfer. The procedure for launching and

information analysis. System Programmer's Guide. In the settings, specify
the protocols:
- calls to the information resource of the communication network (protocolhttp);
- postale-mail messages (smtp, pop3, imap,
web-mail);
- transmission of electronic messages between users (protocol
InstantMessaging), including messages sent via social networking services,
voice communication over a data network (SIP, H323, SKYPE protocols);
- file data transfer (protocolftp);

- terminal access to equipment for remote control
(protocols TELNET, SSH).
software and go to the section for setting the formats of recognized files.
The procedure is given in the document RU.BATC.00181-01 34 01 “Special
Manual".
132
A.46.3.6 Enter file recognition rules. The list of formats of recognizable
files is given in the appendix of the document RU.BATC.00181-01 32 01
“Special software for the subsystem of primary information analysis. System
Programmer's Guide. The procedure for setting up recognition rules is given
A.46.3.7 Enter blocking rules for cryptographically protected protocol

versions (FTP, HTTP, POP/POP3, IMAP, SMTP, SNMP, TELNET, Web-mail, SIP,
H323, SKYPE, SSH, protocols for transferring electronic messages between
users (in including the InstantMessaging protocol), including messages sent
via social networking services). The procedure for setting protocol blocking
rules is given in the document RU.BATC.00181-01 34 01 “Special software for
the subsystem of primary information analysis. Operator's Manual".
A.46.3.8 Log in to the operator interface of the PPA traffic analysis SSW
and go to the section for viewing the results of extracting files from traffic.
Manual".
software and go to the section for viewing connection blocking results. The
Manual".
A.46.3.10 Review the results and verify that files have been extracted
and saved from the traffic in accordance with the configured rules. The list
of files, their sizes and checksums correspond to those given in the
appendix of the document RU.BATC.00181-01 32 01 “Special software for the
A.46.3.11 Review the results and verify that cryptographically secure

protocol connections are blocked according to the configured rules.
A.46.4 PPA SSS is considered to have passed the tests according to

clauses 3.2.5, 3.2.5.3 of the TOR for the R&D MF, if the user can configure the
rules using the SSS, providing automatic recognition and extraction of files
133
and in accordance with the list of protocols (FTP, HTTP, POP / POP3, IMAP,
SMTP, SNMP, TELNET, Web-mail, SIP, H323, SKYPE, SSH, protocols for
transferring electronic messages between users (including the
InstantMessaging protocol)) .
A.47.1 In this method, the PPA software is checked for compliance with the
TOR for the SC R&D "Amezit-V", the PPA SSW should provide automated preparation
and deployment of "twins" for legitimate GIS OP resources in the autonomous
segment of the data transmission network.
Note: as a technology for creating "twins" for legitimate resources,
use:
-for static resources - copying information up to a third
degree of nesting;
- for dynamic resources - copying the main page from
the possibility of registering identification information (password address
information).
5).
A.47.3.2 Enter the operator interface of the open source software for
creating "twins" of legitimate GIS resources of the EP and go to the section
for creating "twins" of static resources. The procedure for creating “double”
sites is given in the document RU.BATC.00181-01 34 01 “Special software for
the primary information analysis subsystem. Operator's Manual".
A.47.3.3 Specify the address of the original legitimate resource of the GIS
OP (news1000.ru), for which it is necessary to create a “double” site. The source
resource structure must consist of static web pages.
A.47.3.4 Specify the address where the twin site is to be deployed.
A.47.3.5 Start the procedure for creating a "double" site.

A.47.3.6 At the end of the copying procedure, view the structure
pages of the “double” site located at the deployment address.
134
Make sure that information is copied up to the third degree of nesting of the
original legitimate resource.
A.47.3.7 Enter the operator interface of the open source software for
creating “twins” of legitimate GIS OP resources, go to the section for
creating “twins” of dynamic resources. The procedure is given in the
primary information analysis. Operator's Manual".
A.47.3.8 Specify the address of the original legitimate resource of the GIS OP
for which it is necessary to create a "double" site. The structure of the original
resource should consist of dynamic web pages.
A.47.3.9 Specify the address where the twin site is to be deployed.
A.47.3.10 Start the procedure for creating a "twin" site. A.47.3.11 At the
end of the procedure, view the page structure of the “double” site
located at the deployment address. Make sure that the copy of the main
page is completed with the possibility of registering the identification
information (password address information) of the original resource. The
procedure for viewing a copy of the deployed “double” site is given in the
document RU.BATC.00181-01 34 01 “Special software for the primary
information analysis subsystem. Operator's Manual".
A.47.4 PPA SSS is considered to have passed the tests according to clauses
3.2.5.4 of the TOR for the R&D MF, if the user uses the SSS to create "twins" of
legitimate GIS resources, the OP was able to carry out automated preparation and
deployment of a twin for the news1000.ru resource in an autonomous segment of
the data transmission network.
the TOR for the SC R&D "Amezit-V", the PPA SSW should block and redirect
client requests (HTTP/HTTPS) to legitimate GIS OP resources (mirrors).
Notes:
1. Blocked resources are specified as a list of URLs (containing
hostname or IP).
2. It should be possible for the blocked resource to specify an IP address
the web server to which the incoming request should be redirected.
135
3. The possibility of organizing several
mirrors (with different content) on the same IP address.
A.48.3 To check the PPA SSS for compliance
5).
software and go to the section for setting up “twins” of GIS OP resources.
Manual".
A.48.3.3 In the operator interface of the PPA traffic pickup software,
specify a list of URLs (news1000.ru) that define the list of resources, requests
to which (via HTTP, HTTPS protocols) should be redirected. The procedure
for setting up the list of redirected resources is given in the document
A.48.3.4 In the interface of the PPA traffic pickup SSW operator, specify
a list of URLs (news2000.ru and news3000.ru) that define the prepared sites
- "twins" of the GIS OP. The procedure is given in the document
A.48.3.5 Launch a browser on the operator's workstation connected to
the autonomous segment and execute a client request to the resource
(news1000.ru), which should be redirected to the prepared "double" site.
A.48.3.6 View the web page displayed by the browser and make sure
that the request was redirected to the "double" site (news2000.ru).
A.48.4 The SPO PPA is considered to have passed the tests according to clauses
-SSW PPA provides redirection of client (HTTP, HTTPS)
requests to news1000.ru on prepared sites-"twins" of GIS OP (news2000.ru
and news3000.ru);
- PPA traffic pickup operator has the ability to configure
the list of resources, the request to which should be redirected (news1000.ru);
136
- PPA traffic pickup operator has the ability to configure
a list of "double" sites to which the request should be redirected
(news2000.ru and news3000.ru);
A.49.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.6 of the TOR
for the Amezit-V SC OCR, the PPA SSS should provide the ability to select a given
subscriber of an autonomous segment of the data transmission network by setting by
the operator a set of switching and address characteristics, including IP - addresses,
IP masks, MAC addresses, addresses for application layer protocols.
5).
A.49.3.2 Log in to the operator interface of the SSS traffic pickup software
and go to the section for entering subscriber traffic saving rules. The
procedure for entering the rules for saving subscriber traffic is given in the
A.49.3.3 View the input form and make sure that the operator has the
ability to select a given subscriber by specifying a set of switching address
characteristics, including IP addresses (10.10.10.15), IP masks
(255.255.255.0), MAC addresses, addresses application layer protocols (ftp).
A.49.4 PPA SSS is considered to have passed the tests in accordance with
clauses A.49.3.1-A.49.3.3 of the test program and methodology and fulfills clauses
3.2.5, 3.2.5.6 of the TOR on the PPA MF, if the operator in the SSS interface of the PPA
traffic pickup at entering the rules for selecting and saving subscriber traffic, it has
the ability to select a subscriber by setting (10.10.10.15), IP mask (255.255.255.0), MAC
address, address of application layer protocols (ftp).

137
Amezit-V SC OCD, the PPA SSW must ensure the identification of data transmission channels
of the communication and control systems of the opposing party.
5).
Programmer's Guide.
software and go to the section for setting the rules for detecting data
transmission channels of the communication and control systems of the
opposing side. The procedure is given in the document RU.BATC.00181-01 34
01 “Special software for the subsystem of primary information analysis.
Operator's Manual".
A.50.3.4 Introduce the rules for detecting data transmission channels of the
communication and control systems of the opposing side, setting the criteria for
"suspiciousness" (connections to the IP address 10.10.10.100 and the ftp protocol).
The procedure for setting the criteria is given in the document RU.BATC.00181-01
34 01 “Special software for the subsystem of primary information analysis.
Operator's Manual".
A.50.3.5 Run a traffic generator to create traffic simulating the data
transmission channels of the communication and control systems of the
adversary, passing through the PPA traffic pickup SS. The procedure for
A.50.3.6 Log in to the operator interface of the PPA traffic analysis software and
go to the section for viewing messages about detected data transmission channels of
the communication and control systems of the opposing side.
A.50.3.7 View messages about the detection of data transmission channels
and make sure that data transmission channels of the opposing side's
communication and control systems have been detected from the passing traffic,
and the following information is displayed for each detected channel:
138
- connection time;
- subscriber (IP address, port);
- recipient (IP address, port);
- protocol;
- traffic volume.
- SSW PPA provides identification of data transmission channels of systems
communication and control of the opposing party by identifying connections
that meet the criteria of "suspiciousness" (connections with the IP address
10.10.10.100 and the ftp protocol);
- user in the operator interface of PPA traffic analysis open source software
can see messages about the detection of data transmission channels of the
communication and control systems of the opposing side, containing information:
connection time, subscriber (IP address, port), recipient (IP address, port), protocol,
traffic volume: 14:56:10; 10.10.10.100:21; 192.168.1.10:1329; ftp; 105300 bytes.

3.2.5.8 of the ToR for the Amezit-V R&D SC, the PPA SSW must ensure the
disruption of the normal functioning of communication equipment using
technical means of monitoring objects of telecommunication systems.
5).
software and go to the section for configuring traffic intended to disrupt the
normal operation of the opposing side's communication equipment. The
Manual".
A.51.3.3 Specifying the IP address 10.10.10.200, select the
communication equipment (technical
139
a means of monitoring objects of telecommunication systems), the
operation of which should be disrupted. The procedure is given in the
А.51.3.4 In the PPA traffic pickup SS operator interface, select a file
(attack_pcap) containing saved traffic with specially prepared packet
parameters and intended to disrupt the normal operation of
communication equipment. The procedure is given in the document
A.51.3.5 In the operator interface of the PPA traffic pickup software,

start the cyclic transmission of the stored traffic to the communication
equipment. The procedure is given in the document RU.BATC.00181-01 34
01 “Special software for the subsystem of primary information analysis.
Operator's Manual".
A.51.3.6 Log in to the control console of the technical tool
10.10.10.200 (Extreme Summit X670-48 switch). Make sure that logging into
the management console is difficult (or impossible) due to a malfunction of
the communication equipment. The procedure for entering the control
console of the technical tool is given in the document RU.BATC.00181-01 32
01 “Special software for the primary information analysis subsystem. System
Programmer's Guide.
A.51.4 PPA SSW is considered to have passed the tests in accordance with
clauses A.51.3.1-A.51.3.6 of the test program and methodology and fulfills clauses
3.2.5, 3.2.5.8 of the TOR on the R&D MF, if the PPA SSW provides transmission to
the node at the IP address 10.10.10.200 saved traffic with specially prepared
parameters (attack_pcap file).
Amezit-V R&D SC, the PPA SSS must ensure the determination of the operating mode and
composition of telecommunications equipment.
140
5).
software and go to the section for viewing the operation mode and the
composition of the telecommunications equipment. The procedure is given
A.52.3.3 Start preparing a report containing the operating modes and the
composition of the telecommunications equipment of the node at
10.10.10.200. The procedure for generating a report is given in the document
A.52.3.4 View the generated report and make sure that the operating mode
is defined and displayed for the equipment, as well as the composition of the
telecommunications equipment.
A.52.3.5 View content ensure that formed report And
when displayed operating mode And composition
telecommunications equipment shows the following information:
- equipment status (working / not working);
- used protocols;
- Type of equipment.
A.52.4 PPA SSS is considered to have passed the tests according to clauses
TOR for the R&D midrange, if the PPA SSS ensures the determination of the operating
mode and composition node of telecommunication equipment 10.10.10.200.

for the Amezit-V R&D MF, the PPA SSS must ensure the identification of data
transmission channels of critical information objects.
5).
141
Programmer's Guide.
software and go to the section for setting the rules for detecting data
transmission channels of critical information objects. The procedure for
setting up rules is given in the document RU.BATC.00181-01 34 01 “Special
Manual".
A.53.3.4 Introduce rules for identifying data transmission channels of
critical information objects by specifying a set of criteria (connections to IP
address 10.10.10.11 and SNMP protocol).
A.53.3.5 Start a traffic generator to create traffic containing data
transmission channels of critical information objects and passing through
the PPA traffic pickup SS (file_SNMP). The procedure for launching and
software and go to the section for viewing messages about detected data
transmission channels of critical information objects. The procedure for
viewing messages is given in the document RU.BATC.00181-01 34 01
“Special software for the subsystem of primary information analysis.
Operator's Manual".
A.53.3.7 View data link discovery messages and verify that data links of
critical information objects have been identified from passing traffic, and
the following information is displayed for each detected link:
- connection time;
- subscriber (IP address, port);
- recipient (IP address, port);
- protocol;
- traffic volume.
A.53.4 PPA SPO is considered to have passed the tests according to clauses
142
- SSW PPA provides detection of data transmission channels
critical information objects of the connection with the IP address 10.10.10.11
and the SNMP protocol.
for the Amezit-V R&D MF, the PPA SSS must ensure the identification of information
resources of the opposing side.
5).
Programmer's Guide.
А.54.3.3 Log in to the operator interface of the PPA traffic pickup SS
and go to the section for setting the rules for detecting information
resources of the opposing party. The procedure for setting the rules for
identifying information resources is given in the document
A.54.3.4 Introduce rules for identifying information resources of the
opposing side by specifying a set of connection criteria to IP address
10.10.10.115 on port 13333.
A.54.3.5 Start the traffic generator to create traffic containing
connections to IP address 10.10.10.115 on port 13333 (pcap_13333 file) and
passing through the PPA traffic capture software. Resources are specified by
a set of criteria: IP address, port, protocol, URL, host name (SNI), Common
Name (CN). The procedure for launching and configuring the traffic
generator is given in the document RU.BATC.00181-01 32 01 “Special
Programmer's Guide.
143
A.54.3.6 Log in to the operator interface of the PPA traffic analysis SSW
and go to the section for viewing messages about detected resources of the
opposing party. The procedure for viewing messages is given in the
A.54.3.7 Review resource discovery messages and verify that adversary
information resources are identified from passing traffic that meet
predetermined criteria.
- user in the operator interface of PPA traffic analysis open source software
can see adversary resource discovery messages containing the following
information: connections to a host with IP address 10.10.10.115 on port
13333.
the TOR for the MF OCR "Amezit-V", the PPA PPA must ensure registration in
the information exchange drive (in full) of the subscriber specified by the
operator.
A.55.3 To check the SPO PPA for compliance
5).
Programmer's Guide.
A.55.3.3 Log in to the operator interface of the PPA traffic acquisition
software and go to the section for setting the rules that determine the subscriber
whose traffic should be saved. The procedure is given in the document
144
A.55.3.4 Enter the rules for saving traffic in the operator interface of the PPA
traffic pickup software for the selected subscriber of the connection to the IP
address 10.10.10.111 via the ftp protocol. The procedure for entering rules is
A.55.3.5 Start the traffic generator to create a stable information
exchange on behalf of the selected subscriber passing through the PPA
traffic pickup SS (the testdataftp file is transferred). The procedure for
software and go to the saved traffic viewing section. The procedure for
viewing the saved traffic is given in the document RU.BATC.00181-01 34 01
“Special software for the primary information analysis subsystem.
Operator's Manual".
A.55.3.7 View the content of files containing saved traffic and make
sure that the traffic of the subscriber specified by the operator is saved as
pcap files. The procedure for viewing the contents of files is given in the

software and go to the section for viewing connection statistics. The
Manual".
A.55.3.9 View the connection statistics of the subscriber selected by the
operator and compare the sizes of files containing the saved traffic with the
amount of transmitted traffic from the connection statistics. Make sure that the
information exchange of the subscriber specified by the operator is registered
in the information exchange drive (in full).
A.55.4 PPA SPO is considered to have passed the tests according to clauses
145
- the user, using the PPA traffic pickup software, was able to
configuring the rules for collecting traffic at the IP address 10.10.10.111 using the ftp protocol;
- SSW for retrieval of traffic The PPA completed the retrieval and saving of the filetest-
dataftp to connect to the IP address 10.10.10.111 using the ftp protocol.

of the ToR for the Amezit-V R&D SC, the software tools for the initial analysis of
information must ensure the fulfillment of the assignment requirements at
speeds up to 10 Gbit / s when the condition of "normal" traffic is met, and also
at speeds up to 6 Gb / s for traffic that does not satisfy the “normality”
condition.
A.56.3.1 Assemble the test stand in accordance with the diagram (see
Figure 5).
Programmer's Guide.
parameters for generating traffic at a rate of 10 Gbit/s (the share of short
packets (up to 64 bytes long) does not exceed 20%). The procedure for
software and go to the statistics viewing section. The procedure is given in
the document RU.BATC.00181-01 34 01 “Special software for the subsystem
of primary information analysis. Operator's Manual".
A.56.3.5 View traffic statistics and make sure that the speed of traffic
entering the PPA traffic analysis software complies with the requirements of
paragraph 3.2.5.13 of the TOR.
146
parameters for continuous traffic generation at a rate of 6 Gbit/s (the share
of short packets (up to 64 bytes long) exceeds 20%). The procedure for
setting up is given in the document RU.BATC.00181-01 32 01 “Special
Programmer's Guide.
A.56.3.7 Log in to the operator interface of PPA traffic analysis SSW
and go to the statistics viewing section. The procedure is given in the
A.56.3.8 View traffic statistics and make sure that the speed of traffic
entering the PPA traffic analysis software complies with the requirements of
paragraph 3.2.5.13 of the TOR for the R&D MF.
A.56.4 PPA software is considered to have passed the tests according to
clauses 3.2.5, 3.2.5.13 of the TOR for the SC R&D, if the report shows that the
primary analysis software information provide processing of traffic at speeds
up to 10 Gbit/s when the condition of "normal" traffic is met, as well as at
speeds up to 6 Gbit/s for traffic that does not satisfy the condition of
"normality".
for the MF R&D "Amezit-V", the SPO PPA must ensure interfacing with the channel-
forming equipment of various backbone data transmission networks.
N o t e . The list of joints is specified based on the results of
preliminary and technical (if necessary) design and is agreed with the lead
contractor.
5).
A.57.3.2 Using a set of patch cords (containing connectors of types FC,
SC, ST, LC), connect the D-link DGS-1100-24 router of the test bench to the
channel-forming equipment of the backbone networks
147
data transmission (communication channel with the stand simulating the
segment of the Internet). The procedure for setting up the test bench is given
in the document RU.BATC.00181-01 32 01 “Special software for the subsystem
of primary information analysis. System Programmer's Guide.
A.57.3.3 Using interfaces such as Ethernet and SFP, connect the PPA
servers to the test bench. The procedure for setting up the test bench is
A.57.3.4 Launch the browser on the operator's workstation connected

to the test bench and execute a request for access to the Internet
information resource (to the site yandex.ru).
A.57.3.5 Log in to the PPA operator interface. View connection
statistics and make sure that the test bench is connected to the channel-
forming equipment of the backbone data transmission networks (there is a
record of successful connection of the operator's workstation with
yandex.ru). The procedure for viewing statistics is given in the document
A.57.4 PPA SPO is considered to have passed the tests according to clauses A.57.3.1-
A.57.3.5 of the test program and methodology and fulfill clauses 3.2.5, 3.2.5.14 of the TOR on
the R&D MF, if the user from the operator's workstation was able to download the yandex
page .ru.

A.58.1 In this methodology, the TRD software is checked for compliance with
the requirements of clauses 3.2.6, 3.2.6.1 of the TOR for the Amezit-V R&D SC.
of the TOR for the MF R&D "Amezit-V", the SSW DRP must provide the functions
of data relaying in order to implement a covert exchange between the
technical means of monitoring the Internet and the Internet GIS resources
using protocols of the family TCP/IP.
A.58.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
A.58.3.1 Launch the browser and go to the authorization page of the

control interface of the SSW DRP.
148
A.58.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.58.3.3 Go to the "Routes" section.
A.58.3.4 Create a Tor type route named "Tor Route", in
as a rule for selecting an output node, select a rule of type "By country" and
specify a two-letter code of an arbitrary European country (for example, FR for
France or DE for Germany).
A.58.3.5 Go to the "Rules" section and create a rule of the "subnet" type for
the PMS PMS subsystem with the names "PMS".
A.58.3.6 Assign to createduser ruleroute "Route Tor".
A.58.3.7 For created user rules disable verification

application settings.
A.58.3.8 At the workstation user PMS launch browser and open
address: http://2ip.ru.
A.58.3.9 Check if the country specified by the service matches the
country of the exit node specified in the "Tor Route" route.
A.58.3.10 Go on address service:
https://check.torproject.orghttps://whoer.net/ .
A.58.3.11 Verify that the message "This browser is configured to use
Tor."
A.58.4 TRS SPO is considered to have passed the tests according to clauses
when performing the above steps of this technique
-
there were no error messages;
- when performing paragraphs. A.58.3.2 successful authorization was made in
management interface;
- when performing paragraphs. A.58.3.4 the created route appeared in the route table
route;
- when performing paragraphs. A.58.3.5 in the table of rules, the created
rule;
- the country defined by the service corresponds to the given country;
- servicecheck.torproject.org confirms the use of anonymization
Tor with the message "This browser is configured to use Tor.".
149
А.59.1 In this method, the TRD software is checked for compliance with the
of the ToR for the Amezit-V R&D SC, the PRD SSW must ensure the
performance of data relaying functions in order to implement a covert
exchange between the technical means of preparing, placing and "promoting"
special materials and Internet GIS resources using TCP/IP family protocols.
Notes:
1. The criteria for the secrecy of the exchange are the possibilities for
counteraction of the TX subsystem to the following signs of information
exchange using virtual routes:
- uniformity of outgoing traffic;
- long-term use of the nodes of the TX subsystem;
- uniformity of nodes (including control nodes).
2. The criteria for secrecy of the exchange also include:
- the ability of the DRP subsystem to resist attacks on traffic;
- protection of the client part of the DRP subsystem from attacks,
directed at application software in order to obtain a real network address;
- protection of server-side nodes from attacks aimed at

obtaining unauthorized access.
3. Use Tor as data relay protocols and
VPN tunnels.
A.59.3 To check the compliance of the SPO with the DRP

A.59.3.4 Create a VPN type route named "VPN Route". In the output
A.59.3.5 node selection rule, in the IP address field, select
arbitrary available IP address.
A.59.3.6 Set the Lifetime value to 180. Save
A.59.3.7 the created route.
150
A.59.3.8 Go to the "Rules" section and create a rule of the "subnet" type for the
RRP SSW subsystem with the name "PRR".
A.59.3.9 In the created rule, enter the IP address of the RRP workstation and select the
subnet mask "255.255.255.0".
A.59.3.10 Assign the "VPN route" route to the created rule. A.59.3.11
Disable checking of application settings in this rule. A.59.3.12 Start the
browser on the workstation of the RRR user and open the address: http://
internet.yandex.ru.
A.59.3.13 Verify that the displayed IPv4 address matches the egress
node rule in the VPN Route route.
A.59.3.14 Go to the "Tunnels" section on the TX user's workstation.
A.59.3.15 Select VPN Route tunnel and record the list of nodes used in
the tunnel.
A.59.3.16 Wait for VPN Route tunnel to be rebuilt. A.59.3.17 Check that
the duration of use of the nodes of the TX subsystem is determined by
the lifetime of the tunnel, to do this, check the list of used nodes in the card
of the new tunnel with the nodes used earlier.
A.59.3.18 Check that the list of tunnels contains "VPN Route" and "Tor
Route" entries.
A.59.3.19 Go to the "Rules" section.
A.59.3.20 Select the RRR rule.
A.59.3.21 Specify "Individual" in the value of the "Application settings"
parameter.
A.59.3.22 Select "disable" for the following parameters: Webrtc, Adobe
Flash, ActiveX, Java.
A.59.3.23 At the user's workstation PMS open address:
https://browserleaks.com/webrtc
A.59.3.24 Verify that the user software is protected from the attack to
obtain real local and public IP addresses - The Local IP Address and Public IP
Address fields should not display user IP addresses.
A.59.3.25 Go to the “Nodes” section on the TX user workstation and write

out the IP addresses (<IP-1> and <IP-2>) of two arbitrary nodes.
A.59.3.26 Run the program for each of the addresses with the following
flags:
nmap -sT -n <IP-1>
nmap -sT -n <IP-2>
151
A.59.3.27 Check heterogeneity nodes - output at
scanning, the ports of the services are different.
A.59.4 PWD SPO is considered to have passed the tests according to clauses
-
- the created route appeared in the route table "RouteVPN";
- the created rule is displayed in the rules table;
- displayedin the service http://internet.yandex.ru IPv4 address
corresponds to the IPv4 address of the specified exit node of the VPN route.
successfully tested methodology MethodologyNo. 58, during which
-
confirms support for relaying using Tor along the "Tor Route" route;
-successfully tested the use of various nodes in

rebuilding relay tunnels;
- successful verification of security against receiving real
User IP address (internal and external);
- successfully performed network scan node difference check
relaying;
- successfully tested methodology MethodologyNo. 77, including
checking the ability of the DRP subsystem to resist attacks on traffic and the
security of the server-side nodes from attacks aimed at obtaining
unauthorized access.
A.60.1 In this method, the TRS SSW is checked for compliance with the
the TOR for the MF R&D "Amezit-V" SPO TX should ensure the construction of
rational, from the point of view of secrecy and speed of information exchange,
virtual transport routes for data relaying.
Notes:
1. When building routes, templates should be used
construction of virtual transport routes created by the administrator.
2. A tool for preparing templates should be developed, also

performing the task of assessing the health, secrecy and speed of
information exchange.
152
A.60.3.1 Launch the browser and go to the authorization page of the DRS
SSW management interface.
A.60.3.4 Select an arbitrary active VPN route. Open the
A.60.3.5 Tunnels panel.
A.60.3.6 Verify that relay tunnels are built according to
with rules in the route – the exit node of the current tunnel is subject to the
rule for choosing the exit node of the route (for a VPN route, the node
properties are in the tooltip for the IP address field).
A.60.3.7 Initiate the creation of a new route template by pressing the
"Create" button.
A.60.3.8 Select the route type "VPN".
A.60.3.9 Set route length to "3".
A.60.3.10 Activate the "Rules" panel.
A.60.3.11 Check for all rules the possibility of selecting criteria types:
Group, Country, IP address.
A.60.3.12 Check that when any criterion is changed in an arbitrary rule:
- the number of available nodes in the card of this rule is changed in

line: "Nodes: <number of nodes>";
- changes the number of possible routes in the line "Possible
routes: <number of possible routes>".
A.60.3.13 Increase the route length by one rule.
A.60.3.14 Check the operation of the speed prediction function - the
values in the lines “Min. speed" and "Max. speed" in the route card.
A.60.3.15 Set each chain rule to one host IP address. A.60.3.16 Check
the operation of the stealth assessment function - in the route card in
the line "Stealth" the value "Minimum" should be displayed.
A.60.3.17 Remove criteria in all rules.
153
A.60.3.18 Check the operation of the stealth assessment function - the
route card displays the value "High" in the line "Stealth" (provided that the
number of available nodes in each card is at least 3).
-when performing the above steps of this technique
- successful authorization was made in the management interface;
- route tunnels are built in accordance with
specified rules in the route (checking the output address of the route tunnel
was successful);
- in the route editing tool, it is possible to set
the following types of host selection criteria: Group, Country, IP address;
- successfully tested the operation of the forecasting function
stealth and speed of information exchange when editing route rules.

A.61.1 In this method, the TRD software is checked for compliance with the
OKR "Amezit-V" SPO PRD should provide connection
automated workstations of operators of APK "Amezit" to the data exchange
system, which does not require additional settings for users.
A.61.3.1 Open the "Network and Sharing Control Center" on the DRP
user workstation.
A.61.3.2 Go to the "Change adapter settings" section. Right-click on
A.61.3.3 the Ethernet network interface
(LAN connection).
A.61.3.4 Select "Properties" from the context menu.
A.61.3.5 Select "Internet Protocol Version 4 (TCP/IPv4)" from the list and
click on the "Properties" button.
A.61.3.6 On the tab "Are common" choose "Get IP address
automatically" and "Obtain DNS server address automatically".
154
A.61.3.7 Connect the TX user workstation to the TX switch. Launch
A.61.3.8 the browser on the user's workstation and check
access to Internet GIS resources by opening an arbitrary Internet resource.
A.61.3.9 Verify user geographic masking using public identity services
location Internet users:

https://geoiptool.com.
A.61.3.10 Verify that the user's displayed geographic location is
different from the physical location.
- the page of an arbitrary Internet resource was successfully opened;
checking the geographical location did not reflect the real
-
geographic location of the user.
A.62.1 In this methodology, the TRP SSW is checked for compliance with the
the ToR for the Amezit-V R&D MF, the PRD SSW should ensure the automatic
construction of virtual routes with a given depth at specified time intervals.
Mechanisms for configuring and controlling the construction of virtual
routes should be provided.

A.62.3.4 Initiate the creation of a new route by pressing a button
"Create".
A.62.3.5 Select the route type "VPN".
155
A.62.3.6 In the new route card, make sure that the following parameters are
available: Type, Route length, Route lifetime.
A.62.3.7 Select any available active VPN route. Open the Tunnels
A.62.3.8 panel.
A.62.3.9 Make sure that the frequency of building new tunnels
corresponds to the lifetime parameter specified for the route (columns
“creation time” and “completion time”), with an error of no more than two
minutes.
A.62.3.10 Go to the "Tunnels" section.
A.62.3.11 Right-click any active VPN tunnel type.
A.62.3.12 Check for "Rebuild" and "Close" buttons in the tunnel card.
A.62.3.13 Press the "Rebuild" button.

A.62.3.14 Return to the Routes section and select the route for the
tunnel for which the rebuild was initiated.
A.62.3.15 Open the "Tunnels" panel.
A.62.3.16 Verify that the active tunnel on this route has changed
(tunnel rebuilding may take up to 5 minutes).
- successful authorization in the management interface;
- the following parameters are available in the route: Type, Route length, Lifetime;
-difference between creation time and tunnel termination time
corresponds to the lifetime of the route;
- the administrator has access to the "Rebuild" and "Close" buttons for
active tunnels;
- at the request of the administrator, the tunnel was successfully rebuilt by
route (when the tunnel is rebuilt, the current one is closed and a new one is
created).
A.63.1 In this method, the TRS SSW is checked for compliance with the
156
OKR "Amezit-V" SPO PRD should provide concealment
personalizing information about the means of data transmission from the means
of monitoring and analysis of the opposing side;
N o t e . The personalizing attributes of data transmission media
include:
- networkaddresses (MAC-, IP-addresses) belonging to (or
identified as hardware) RF Ministry of Defense;
- peculiarities network interactions, inherent
operating systems certified in the Russian Federation;
- application software (including GIS),
used in the Russian Federation.

A.63.3.4 Select the PMS rule.
A.63.3.5 Make sure the rule is configured to access GIS resources
Internet via the "Tor Route" route.
A.63.3.6 Open the list of proxy routes by going to the "Proxy routes"
subsection of the "Settings" section.
A.63.3.7Write down the IP address and port of the proxy service for the "Tor
Route" route.
A.63.3.8 Go to the "Nodes" section.
A.63.3.9 Select any node where an https server is available. The
presence of an https server can be checked in the Active Services panel of
the tunnel card. In the absence of such nodes, it is necessary to refer to the
document RU.VATS.00182-01 32 01 “Special software for the data relay
subsystem using intermediate servers. System Programmer's Guide" to
generate and install on the relay node a software package that includes an
https web server.
A.63.3.10 Get the IP address and SSH credentials for a host running an
https web server.
157
A.63.3.11 Connect to the relay node via SSH (according to the
document RU.VATS.00182-01 32 01 "Special software for the data relay
subsystem using intermediate servers. System programmer's manual") from
the TX user's workstation using the data of point A. 63.3.10.
A.63.3.12 In the terminal of the SSH session, run the following command:
tcpdump –i <network interface with host IP address> tcp port443<VPN server port>
- w /tmp/traffic.pcap
A.63.3.13 Perform the following actions on the user workstation

according to the document RU.VATS.00177-01 92 04 “Special software for
the subsystem for forming an autonomous segment of the data
transmission network. Wireshark software. User guide":
A.63.3.14 Start Wireshark.
A.63.3.15 Select a LAN connection interface for traffic analysis.
A.63.3.16 Start traffic analysis.

A.63.3.17 Launch browser. A.63.3.18
Open relays in browser>:<port of the address: https://<host-ip-address-
VPN server> /
A.63.3.19 In a browser, open the address: http://myexternalip.com/raw
A.63.3.20 Record the mapped IP address.
A.63.3.21 Close the browser.
A.63.3.22 Stop traffic analysis in Wireshark.
A.63.3.23 Save the traffic file to a file named: pc_traffic.pcap. A.63.3.24 At the TX
user's workstation, in the SSH connection window, interrupt data recording
from the network interface by pressing the key combination "Ctrl+C".
A.63.3.25 Move the file /tmp/traffic.pcap to the https directory of the
web server (refer to the document RU.VATS.00182-01 32 01 "Special
software for the data relay subsystem using intermediate servers. System
programmer's guide" to determine this directory) by executing the
commands:
chmod a+r /tmp/traffic.pcap
mv /tmp/traffic.pcap <path-to-web-dir (/var/www/fhs by default)>
A.63.3.26 Using the ICP user's workstation, launch the browser and
download the data file from the relay node by clicking on the link: https://<ip-
address-of-relay-node>>:<VPN server port> /traffic.pcap.
A.63.3.27 Copy the resulting traffic.pcap and pc_traffic.pcap files to the
DRP user workstation using a USB flash drive.
158
A.63.3.28 Launch Wireshark And open file traffic.pcap.
Filter traffic using filter expression: ip.addr == <IP ip- point address http://
myexternalip.com/raw> and tcp.port ==443<VPN server port> .
A.63.3.29 Start Wireshark and open the pc_traffic.pcap file. Filter traffic
using filter expression: ip.addr == < IP-relay node address SSH access
address>andor socks.remote_name == <IP address of the relay host> or
tcp.port == <port of the "Tor Route" route proxy service tcp.port == 443.
A.63.3.30 Check that the personalizing features in the PMS user's AWS
packets do not reach the relay nodes:
-The source IP address in outgoing pc_traffic.pcap packets must not be
found in traffic.pcap packages;
- The source MAC address in outgoing pc_traffic.pcap packets must not
be found in traffic.pcap packages.
A.63.3.31 At the RRP workstation open link V browser:
https://bit.ly/2Jb7jzR
A.63.3.32 Connect using an SSH client to the management server and execute
the command: sudo netstat –ntp | grep 37.9.96.20
A.63.3.33 Verify that the connection to the server 37.9.96.20 from the
DRP client is terminated on the control server and interaction with the
target service is performed on behalf of the application broker on the
control server, which eliminates the leakage of network interaction features
of client operating systems, as well as any other software security at the
network level. To do this, the output of the command must contain lines of
the following format:
tcp 0 0 <IP address on the management server>:<port> 37.9.96.20:443 ESTABLISHED <pid>/socks
A.63.3.34 Wait for the link to open or abort the download via the link to the RRP
workstation.
A.63.3.35 In the ssh session, re-execute the command:
sudo netstat –ntp | grep 37.9.96.20
A.63.3.36 Verify that the previously established connection to the target

service is closed by the application proxy after the completion of receiving data at
the RRP user's workstation. The output of the command must be empty or contain
a line indicating that the connection was closed:
tcp 0 0 <IP address on the management server>:<port> 37.9.96.20:443 TIME_WAIT <pid>/ socks
159
A.63.4 PWD SPO is considered to have passed the tests according to paragraphs
A.63.3.1-A.63.3.36 of the test program and procedure and fulfill paragraphs 3.2.6, 3.2.6.6 of
-
- have been successfully receivedIP address and SSH credentials
for node;
when comparing traffic files, no matching files were found
-
personalizing features;
- successfully tested blocking leaks of network features
interactions inherent in operating systems certified in the Russian
Federation and application software.
ToR for the Amezit-V R&D MF, the DRP SSS must ensure the concealment of
information about nationality.
A.64.3.1 Execute paragraphs A.61.3.1-A.61.3.7 of Method No. Method No.

61.
A.64.3.2 Run a command line on the user's workstation by executing
the following actions:
- press the key combination "Win+R";
- in the launch window that opens, enter:cmd.exe;
- press the key "Enter".
A.64.3.3At the command line, run the command: ipconfig. The result of the command
A.64.3.4 execution will contain the IP address of the workstation
user.
A.64.3.5 According to document RU.VATS.00182-01 34 01 “Special
data relay subsystem software using intermediate servers. Operator's
Guide" to install and run the SPO KPN.
160
A.64.3.6 According to the document RU.VATS.00182-01 92 01 “Special
software for the data relay subsystem using intermediate servers. User
Guide" follow the steps below.
A.64.3.7 Launch the browser and go to the authorization page of the DRS
A.64.3.9 Go to the "Rules" section and create a new rule with the name
"ARM DRP".
A.64.3.10 Enter for the rule the IP address obtained in A.64.3.4 and the
mask 255.255.255.255.
A.64.3.11 Select the route in the field: “Tor route” (created when
executing Method # Method # 58).
A.64.3.12 In the "Applied settings" choose meaning
"Individual" field.
A.64.3.13 Set all application settings parameters to "Enable".
A.64.3.14 Set the value of the "Time zone" parameter to any value
different from the time zone of the city of Moscow.
A.64.3.15 Select only one layout in the "Language layouts" parameter -
"en_US English (United States)".
A.64.3.16 Save the created rule.
A.64.3.17 At the operator's workstation, according to the document
RU.VATS.00182-01 34 01 “Special software for the data relay subsystem
using intermediate servers. Operator's Guide”, adjust the system settings to
provide access to Internet GIS resources.
A.64.3.18 Launch a browser and check for access to Internet GIS

resources by opening an arbitrary Internet resource.
A.64.3.19 Verify nationality masking using a public browser fingerprint
verification service (https://geoiptool.com). When checking, the specific
location of the user must not match the real one.
161
-
- command resultipconfig contained the IP address of the workstation
user;
the created rule appears in the rules table;
-
- wassuccessful masking national
accessories.
3.2.6.8 of the TOR for the Amezit-V R&D MF, the DRP SSW must provide data
masking at relay nodes for legitimate user requests to public services in the
following ways:
- placement of public proxy servers on relay nodes
data;
- placement of exit nodesTOR on data relay nodes;
- accommodationI2P routers on data relay nodes.
The method of masking data on relay nodes is determined by the
administrator.
For each of the methods, it should be possible to create a distribution
kit with the necessary software and settings, suitable for installation by the
administrator on a given data relay node.
N o t e . When creating a distribution kit, it is necessary to ensure a
difference in software settings in order to prevent opening of the nodes of the
DRP subsystem based on this feature, or to develop an additional configuration
tool.

A.65.3.4 Select any available node of the "Output" group. Write down
A.65.3.5 its IP address and host number.
162
A.65.3.6 Open the "Access Data" panel. Write
A.65.3.7 down the data for access via SSH.
A.65.3.8 Go to the "Routes" section. Select
A.65.3.9 the "VPN Route" route.
A.65.3.10 Clear exit node selection criteria (last node selection rule).
A.65.3.11 Specify the IP address obtained in A.65.3.5 as the egress

node selection criterion.
A.65.3.12 Save route.
A.65.3.13 Connect to the control server of the SSW TX via SSH on
behalf of the superuser (according to the document RU.VATS.00182-01 32 01
"Special software for the data relay subsystem using intermediate servers.
System programmer's guide").

programmer's guide" to generate a distribution for the node selected in
clause A.65.3.11 as the output. The distribution must include:
- tor - in exit-node mode;

- i2p router;
- proxy server;
- maskingOpenVPN over https server.
A.65.3.15 Install the received distribution on the output relay node of
the VPN Route.
A.65.3.17 Disable Internet access for all rules operating through VPN
Route (Route column).
A.65.3.18 Go to the "Tunnels" subsection of the "Routes" section.
A.65.3.19 Verify that there is no activity on the VPN Route tunnel.
A.65.3.20 Connect to this node using an SSH client and the credentials
obtained in A.65.3.7. The connection procedure must be carried out in
accordance with the document RU.VATS.00182-01 32 01 “Special software
for the data relay subsystem using intermediate servers. System
Programmer's Guide.
A.65.3.21 Execute the command "ps -ax | grep 'tor|openvpn|i2p|fhs|

prox| socks'" to check for running traffic masking processes.
163
A.65.3.22 Run the "netstat –nltpa | grep 'tor|openvpn|i2p|fhs| prox|
socks'" to display a list of open ports and connections.
A.65.3.23 Run a command to check existing connections through this
nodeas superuser :sudoif top
A.65.3.24 Customize connection mapping consistent
keystroke: sDn
This sequence disables source address mapping (s), enables target
service port mapping (D), disables domain name mapping (n).
A.65.3.25 Check for masking active compounds with

various Internet services(including ports 80 and 443), not initiated by the
users of the DRP, because all work through this route for users has been
suspended.
A.65.3.26 Press the "q" key to exit the iftop program. A.65.3.27 Check
the total number of established masquerade tcp connections with the
following command on behalf of the superuser:
netstat –ntp| wc-l
The number of connections must be more than 20.

A.65.3.28
A.65.3.29 Go to the "Rules" section in the DRP Management Interface.
A.65.3.30 Allow Internet access for users working through VPN Route.
A.65.3.31 Launch the Chromium browser on the workstation of the RPP user and
open the link:https://bit.ly/2Jb7jzR .
A.65.3.32 Checkat the output node of the relay, Whathave a connection to in
the iftop status output window, among the masked legitimate connections, the
connection to the node is displayedIP address 37.9.96.20.To do this, run the
command:
netstat --ntp|grep 37.9.96.20
-
- the distribution kit for the node was successfully created;

- were present in the list of processestor, i2p, proxy servers, openvpn,
https of the web server;
164
- ports for processes were present in the list of open portstor
(arbitrary port), i2p (arbitrary port), proxy server (arbitrary port), openvpn,
https webserver;
- wasrequest masking test successfully passed
users of the DRP subsystem among requests from third-party users.
A.66.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.9 of the ToR for the MF
OKR "Amezit-V" SPO PRD should provide concealment
personalizing application layer information should
be controlled by open source software installed on the operator's
workstation. The installed SSW must check the compliance of the user's local
settings and the user's current output network address. Checked settings
are as follows:
- prohibition of useWebRTC in the user's browser;
- prohibition of the use of plug-ins in the user's browser:Adobe
Flash, ActiveX, Java applets;
- time zone of the user in the system;
- available language layouts in the system.
The administrator should be able to define the requirements for the
user settings to be checked. If the user settings do not match, access to the
data relay subsystem should be blocked.
Note. Must be taken into account the following sources

personalizing information: browsers (when interacting with GIS OP services
via HTTP, HTTPS, WebRTC, WebDAV, FTP protocols); mail programs; instant
messaging programs; system and application software.


A.66.3.3 Go to the "Rules" section and select the "AWP TX" rule.
165
А.66.3.4 For all parameters of application settings, set the value
"Disable" (except for the time zone and language layouts).
A.66.3.5 Save changes to user settings.
A.66.3.6 Open a new browser tab and open the page:
http://ya.ru
A.66.3.7According to document RU.VATS.00182-01 34 01 “Special
data relay subsystem software using intermediate servers. Operator's
Guide" to change the application settings on the user's workstation
according to the recommendations of the SPO KPN.
A.66.3.8 Refresh browser tab according to paragraph
A.66.3.6.
A.66.3.9 Open public service checks settings
browser and anonymization settings (for example, https://2ip.ru/privacy).
A.66.4 PWD SPO is considered to have passed the tests in accordance with clauses
A.66.3.1-A.66.3.9 of the test program and methodology and fulfill clauses 3.2.6, 3.2.6.9 of the
-
before changing application settings on the user's workstation
-
the page was not opened (access to Internet GIS resources was blocked);
- after changing the application settings on the user's workstation

the page was opened successfully;
-resultschecking browser settings and options
anonymization corresponded to the requirements for application settings
specified above.
TOR for the Amezit-V R&D SC, the DRP SSW must ensure the creation of virtual routes
according to templates configured by the administrator with the following
parameters:
route length (at least3 steps);
-
- dotinput (a range of personalizing features or
nationality);
166
- exit point (a range of personalizing features or
nationality);
- list of national features corresponding to the virtual
route;
- mechanism for relaying data in the chain between the first and last
virtual route point - tor or vpn.

A.67.3.4 Click on the "Create" button.
A.67.3.5 Select an arbitrary route with VPN type.
A.67.3.6 In the route card for the "Application settings" parameter
select the "Check" value.
A.67.3.7 Activate the "Rules" route panel.
A.67.4 SPO PRD is considered to have passed the tests according to clause A.67.3.1-
A.67.3.7 of the test program and methodology and fulfilling clauses 3.2.6, 3.2.6.10
of the TOR for MF R&D, if:
- when performing the above steps of this technique
- when performing paragraphs. A.67.3.3 in the list of routes were displayed
routes like VPN and Tor;
- when performing paragraphs. A.67.3.4 a list of route types is displayed,
including the lines: VPN and TOR;
- when performing paragraphs. A.67.3.5 were present in the route card
parameters: "Length", "Type";
- when performing paragraphs. A.67.3.6 in the route card for application
settings, it was possible to configure requirements for: time zone, language
layouts and system localization;
- when performing paragraphs. A.67.3.7 node selection rules were displayed
relaying data and provided the ability to change the following criteria for
selecting nodes: "Country", "Provider", "IP address", "Group".
167
A.68.1 In this methodology, the TRD SSW is checked for compliance with the
OKR "Amezit-V" SPO PRD should provide the ability to
centralized management of open source software for data relaying (in
manual and automated mode): configuring "points" of entry, exit and
intermediate points of virtual transport routes of data relaying.
A.68.3.1 Verification is performed in accordance with Method No.

Method No. 67.
A.68.4 SPO TRD is considered to have passed the tests according to clause A.68.3.1 of
the test program and methodology and fulfill clauses 3.2.6, 3.2.6.11 of the TOR for the R&D
MF, if:
-
- when performing paragraphs. A.67.3.2 Practice No. Practice No. 67 was
successful authorization in the management interface;
it is possible to set rules for selecting each “point” (node) for a virtual
transport route for data relay of the “VPN” type;
it is possible to set the rules for choosing the input node "cover" and output
rules for virtual transport routes of relay type "Tor";
- when performing paragraphs. A.67.3.7 Practice No. Practice No. 67 Rule

selection allowed you to set criteria that define both a "set of nodes" (more
than 1 node that matches the selection rule criterion, for example, by
country) for each "point" of the route, and specific nodes (by IP address);
- when performing paragraphs. A.67.3.7 Methodology No. Methodology No. 67 on the card
route, the number of possible virtual transport tunnels that satisfy the
specified rules for selecting relay "points" in the route was displayed.
168
A.69.1 In this methodology, the TRD software is checked for compliance with the
3.2.6.12 of the TOR for the MF OCR "Amezit-V", the TX SSS should provide
the ability to predict the data transfer rate using a virtual transport route.

A.69.3.3 Go to the "Rules" section. Select the
A.69.3.4 rule "User DRP". Change the rules on
A.69.3.5 the card meaning parameter
"Application settings" to "Do not check".
A.69.3.6 Specify the "VPN Route" route.
A.69.3.7 Save rule changes. Go to the
A.69.3.8 "Tunnels" section. Select the VPN
A.69.3.9 Route tunnel.
A.69.3.10 B card tunnel check Availability values
"Projected Speed".
A.69.3.11 Open a new browser tab and open any public Internet
connection speed testing service (for example, https://2ip.ru/speed) to
determine the speed characteristics of the Internet GIS connection.
- the predicted data rate has been successfully displayed;
169
- the difference between the results of points A.69.3.10 and A.69.3.11 is
no more than 25%.

A.70.1 In this methodology, the TRD software is checked for compliance with the
ToR for the Amezit-V R&D MF, the TX SSW must ensure the control of the operability
of virtual route points.
A.70.3.1 Launch the browser and go to the authorization page of the PRD
A.70.3.4 Select any relay node with the node status displayed as a
"green indicator".
A.70.3.5 Write down its IP address and host number.
A.70.3.6 Open the "Access Data" panel. Write down the
A.70.3.7 data for access via SSH. Leave the browser tab
A.70.3.8 open. Using an SSH client, according to
A.70.3.9 document
using intermediate servers. System programmer's guide”, connect to the
relay node using the data of clause A.70.3.7.
A.70.3.10 Install tmux on the relay node. For relay nodes based on
Debian OS, the installation is performed by the command:
sudo apt-get install tmux
For nodes with an RPM-based package manager, the command:

sudo yum install tmux
Installation must be done on behalf of the superuser.

A.70.3.11 Start tmux by issuing the command:
tmux
A.70.3.12 Do next command (from name

superuser):
170
iptables -I INPUT 1 -j DROP; sleep 300; iptables -D INPUT 1
A.70.3.13 In the browser, return to the relay node tab (clause A.70.3.8).
A.70.3.14 Initiate node status check (according to document

RU.VATS.00182-01 92 01 "Special software for data relay subsystem using
intermediate servers. User manual").
A.70.3.15 Recheck node status after at least 7 minutes.
A.70.4 The TRD SPO is considered to have passed the tests according to clauses
-the health check was successfully carried out, the state of the node
during the first test it was displayed with a “red indicator” (the node is
unavailable), during the second test it was displayed with a “green indicator” (the
node is available).
A.71.1 This method is used to check the TRD software for compliance with the
A.71.2 In accordance with the requirements of clauses 3.2.6, 3.2.6.14
of the TOR for the Amezit-V R&D MF, the PRD SSW must provide the
functions of adding noise structures in order to statistically camouflage data
passing through data relaying facilities under legal user requests to public
services.
A.71.3.1 Verification is carried out in the course of the activities carried out under
Practice No. Practice No. 65.
A.71.4 The PRD SSW is considered to have passed the tests in accordance with
clause A.71.3.1 of the test program and methodology and fulfill clauses 3.2.6, 3.2.6.14 of
the TOR on the midrange of R&D upon successful completion of Method No. Method No.
65, since the function of camouflaging data passing through relay nodes
171
data is solved by running additional software on them, which ensures the
generation of constant transit traffic. Such software is Tor (in exit-node
mode) and I2P. In addition, the VPN server is started in port-sharing mode
with the https server, which is checked by accessing the browser at: https://
<relay-host-IP-address>. When opening the specified address in the
browser, the user should see an html page.

the TOR for the Amezit-V R&D SC, the DRS SSW must ensure the concealment of
the true purpose of the grouping of virtual route points by placing public
resources on them (requirements are specified based on the results of the
preliminary design stage) .
A.72.3.1 Verification is carried out in the course of the activities carried out under
Practice No. Practice No. 65.
A.72.4 The TRD SPO is considered to have passed the tests in accordance with
clause A.72.3.1 of the test program and methodology and fulfill clauses 3.2.6, 3.2.6.15 of
the TOR on the R&D midrange, if the checks of methodology No. Methodology No. 65
were successfully completed in terms of ensuring the possibility of placement on public
resource relay nodes of the following types:
- exit nodes of the anonymization networkTor;
- routeri2p;
- proxy server;
- web server (can be used to maskVPN servers under
https server).

A.73.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.16 of the ToR on the
Amezit-V R&D SC, the fulfillment of the requirements of the free software for data relaying in
terms of the free software for monitoring the Internet and the "promotion" of materials must
172
performed in various ways and prevent disclosure of information when

opening one of them.
A.73.3.1 Verification is performed during tests carried out in accordance

with Method No. Method No. 58 and Method No. Method No. 59.
B These methods check the possibility of relaying data using various
types of virtual routes (Tor and VPN) in accordance with the settings
specified by the system programmer.

A.74.1 In this methodology, the TRD STR is checked for compliance with the
of the ToR for the Amezit-V R&D SC, the technical solutions of the developed
open source software must block any direct interaction of the technical means
of promoting materials and monitoring the Internet, bypassing the data relay
system.
A.74.3.1 Execution requirements TK ensured way

inclusion of SSW DRP "into the break" of the communication channel between users of SSW
PRR, SSW PMS and GIS Internet.
A.74.4 The TX SSW is considered to have passed the tests in accordance with clause
A.74.3.1 of the test program and procedure and fulfills paragraphs 3.2.6, 3.2.6.17 of the TOR
on the R&D MF, since the TX SSW is installed "in the gap" on the communication channel
between the RRP SSW , SPO PMS and GIS Internet. In the specified scheme of distribution of
SSW DRD interaction with Internet GIS resources bypassing the relay system is impossible.

173
ToR for the Amezit-V R&D SC, the DRP SSW must provide an anonymization
gateway that provides the following interface mechanisms for other technical
means of the Amezit HSC (including geographically remote ones) :
-completeredirecting client traffic according to specified
rules administrator through the selected anonymization mechanism (VPN or
TOR);
- providingsocks proxy for each available exit node
on the anonymization gateway.
Notes:
1. The admin blocking function must be implemented
traffic of other technical means in the presence of signs that can violate the
secrecy of the work of the TX subsystem.
2. Such signs include:
- personalizing attributes of data transmission media (see clause A.63.2
of this document);
- personalizing information at the application level (see clause A.66.2
of this document);
- list of resources prohibited to visits (should be
customizable).
3. The function of timely notification should be implemented
administrator in case the traffic blocking function is triggered.
4. It must be possible to connect to the subsystem
PRD of territorially remote elements (including mobile components) of the
APC "Amezit".
A.75.3.3 Go to the "Rules" section. Select the
A.75.3.4 rule "User DRP". Change the rules on
A.75.3.5 the card meaning parameter
"Application settings" to "Do not check".
A.75.3.6 In the "Assigned route" parameter, select "Route
VPN.
A.75.3.7 Save the change.
174
A.75.3.8 Go V subsection "Proxy routes" section
"Settings".
A.75.3.9 Record the link in the value of the parameter: "List of routes".
A.75.3.10 A list of the format shall be output: socks5://
<proxyhost:proxy-port>, route name, route type (Tor or VPN), <exit node IP
address or Tor exit node selection options>.
A.75.3.11 Select an arbitrary entry for a VPN type route from the given
list.
A.75.3.12 Launch the Firefox browser and do the following:
A.75.3.13 Enter in the address bar: about:preferences#advanced

A.75.3.14 Go to the “Network” tab and open the connection settings.
A.75.3.15 Select "Manual proxy configuration".

A.75.3.16 In the "SOCKS Host" field, enter proxy-host (clause A.75.3.11).
A.75.3.17 In the Port field for "SOCKS Host", enter proxy-port (clause
A.75.3.11).
A.75.3.18 Click OK.
A.75.3.19 Open a new tab and enter: http://myexternalip.com/raw A.75.3.20
Compare the inferred IP address with the <exit node IP address> (clause
A.75.3.11).
software for the data relay subsystem using intermediate servers. User
Guide" do the following in Chrome:
A.75.3.22 Go to the "Prohibited resources" subsection of the "Settings"

section.
A.75.3.23 Add V list prohibited resources entry
myexternalip.com.
A.75.3.24 Go to the "Monitoring" section.
A.75.3.25 Check the Log for messages about blocking access to
"myexternalip.com".
A.75.3.26 Check blocking access To page
http://myexternalip.com/. To do this, open this page in the Chromium
browser. An opening error should be displayed.
A.75.3.27Go to the "Monitoring" sectionin the control interface SPO
DRP .
175
A.75.3.28 Check registration events V interface
administrator. In the "monitoring" section in the "Message log" panel, check
for an entry about blocking access for the "PDC User" to the
"myexternalip.com" resource.
A.75.3.29 Go to the "Settings" section.
A.75.3.30 Go to the "Forbidden resources" subsection. A.75.3.31
Remove "myexternalip.com" from the list of prohibited entry
resources.
- when performing paragraphs. A.75.3.20 checked IP addresses matched;
- when performing paragraphs. A.75.3.25 an opening error was displayed
pages after it was added to the list of prohibited resources;
- when performing paragraphs. A.75.3.27 was present in the message log
access block record.
OKR "Amezit-V" SPO PRD must perform detection and
countering attempts to run special software in a virtual environment and
under the control of debuggers.
A.76.3.4 Select any relay node with the node status displayed as a
"green indicator".
176
A.76.3.5 Write down its IP address and host
A.76.3.6 number. Open the "Access Data" panel.
A.76.3.7
A.76.3.8 Write down the data for access via
A.76.3.9 SSH. Open the Active Services panel.
A.76.3.10Record the process IDs (PIDs) of active services. The data is protected
by the monitoring and control service from the management of debuggers.
A.76.3.11 With the help of an SSH client, according to the document
using intermediate servers. System programmer's guide”, connect to the
relay node using the data of clause A.76.3.8.
A.76.3.12 The relay node has two secure TX SS modules:
- TOTP authorization module;

- monitoring and control module.
A.76.3.13 Determine the process PID of the TOTP authorization
module (according to the document RU.VATS.00182-01 32 01 "Special
programmer's guide") – PID1.
A.76.3.14 Determine the PID of the process of the monitoring and
control module (according to the document RU.VATS.00182-01 32 01
"Special software for the data relay subsystem using intermediate servers.
System programmer's guide") - PID2.
A.76.3.15 Attempt connection by debuggerto TOTR-authorization
moduleto all modules of active services by typing commandss atas
superuser:
gdb-p<PIDprotected process 1>
A.76.3.16 Attempt to connect the debugger to the monitoring and control

module by entering the command on behalf of the superuser:
gdb -p`pidof <PID2>ncs`
A.76.3.17 Disconnect from the relay node by issuing the command:

exit

Programmer's Guide" follow the steps below.
177
A.76.3.19 Create a relay node installation package for an arbitrary
relay node in the system.
A.76.3.20 Copy received packet to RRP VM(or any other virtual machine
running Debian OS) by running the command on the management server:
scp <package file path> <VM_username>@<virtual machine IP address>:/ tmp.
A.76.3.21 Connect to the RRP VM using an SSH client (according to the

preparing, placing and “promoting” special materials. System programmer’s
guide”) and run the host package relaying in accordance with the
instructions for installing SSW TX modules on the relay node (according to
the document RU.VATS.00182-01 32 01 "Special software for the data relay
subsystem using intermediate servers. System programmer's guide").
A.76.3.22 The result of execution of the start command shall contain the
message: VM detected.
A.76.4 PWD SPO is considered to have passed the tests in accordance with clauses
-
- when performing paragraphs. A.76.3.15 the debugger displayed a message about
impossibilityconnect to the TOTP authorization moduleconnect to protected
processes ;
- when performing paragraphs. A.76.3.16 the debugger displayed a message about
inability to connect to the monitoring and control module;
- when performing paragraphs. A.76.3.22 the result of the command execution contained
"VM detected" message.
ToR for the Amezit-V R&D MF, the PRD SSW should provide control over the state of
the grouping of points of virtual routes, prompt detection of attempts
178
receipt of UA to them, abnormal reboots of the hardware OS and other facts
of violation of information security (IS) of technical means of relaying,
including:
- unauthorized access with superuser rights;
- installation of additional (malicious) software;
- implementation of denial-of-service attacks;
- attempts to study open source software algorithms (launch under the control
debugger, tracing, setting breakpoints, violating the integrity of open source
software, running under the control of virtualization tools, changing the time);
-attempts to study the data transfer protocol (transfer
incorrect data to neighboring nodes of the virtual transport route, frequent
disconnections or long delays when sending service data);
- setting the prohibition to act as an exit point of the virtual
route.
N o t e . The list of actions related to the violation of IS of technical
means of data relaying is specified based on the results of preliminary and
technical (if necessary) design and is agreed with the lead contractor.

A.77.3.1 Prepare a stationary workstation to simulate a relay node:
A.77.3.2 Install OS Ubuntu 17.04. Install the SSH

A.77.3.3 server by running the command:
sudo apt-get install openssh-server
A.77.3.4 Install the SMB server with the command:

sudo apt-get install samba

Programmer's Guide" to install the necessary software to support Intel SGX.
A.77.3.6 Connect to the TX switch.

A.77.3.7 Set a static IP address from the subnet of the control server of
the SSW DRP.
A.77.3.8 Connect and configure a GSM modem to access Internet GIS
resources.
179
A.77.3.9 Upon completion of the basic setup, restart the workstation without
authorization in the system after the reboot.
programmer's guide" perform the following actions on the mobile
workstation of the user of the SPO DRD to add a new node:

PRD SSW management interface.
A.77.3.14 Create a new node with the name "Node M20" and enter the data of the
stationary workstation (the IP address must be specified for the local network).
A.77.3.15 Do not close the browser window.
Programmer's Guide" to perform the steps described below on the mobile
workstation of the user of the SSW DRD in order to configure the relay node.
A.77.3.17 Start the SSH client and connect to the control server of the
SPO PRD (according to the document RU.VATS.00182-01 32 01 "Special
programmer's guide").
A.77.3.18 Generate relay node software package for fixed
ARM.
A.77.3.19 Install the received package on the stationary
workstation. A.77.3.20 Switch to the browser window.
A.77.3.21 Go to the "Nodes" section. A.77.3.22
Update data on node "Node M20".
A.77.3.23 Verify that the node status indicator is green.
A.77.3.24 Go to the "Access data" section.

A.77.3.25 Check for the presence of the Onion node name in the "Access Data"
panel.
A.77.3.26 Disconnect the stationary workstation from the switch of the
SPO TX. A.77.3.27 Log in locally (using the keyboard) to the stationary on
workstation on behalf of the superuser.
180
A.77.3.28 The local authorization attempt (clause A.77.3.25) shall not
succeed.
A.77.3.29 Disconnect the "Mouse" type manipulator from the stationary
workstation. A.77.3.30 Update data on node "Node M20".
A.77.3.31 Within five minutes, the node status indicator should display
orange. Before moving to the specified color, the indicator may be displayed
in red.
A.77.3.32 Activate the "Event Log" panel. A.77.3.33 Check for
reports of the following events:
- hardware change: removed hardware <vendorId>:<producer-
tId>;
-system last boot time: Date and time of last boot;
- disable network interface <network interface name>;
- trying to login locally on behalf ofroot;
- unknown process detected:sambasmbd (PIDs=<one or
multiple process IDs>).
A.77.3.34 Go to the "Active Services" panel.
A.77.3.35 Find the process(es) "smbd" in the list.
A.77.3.36 Process identifiers must coincide With
identifiers in the PIDs of clause A.77.3.33. The state of the process(es)
should be Frozen.
-
- when performing paragraphs. A.77.3.12 successful authorization was made
to the management interface;
- when performing paragraphs. A.77.3.25 in the "Access Data" panel
the Onion node name was present;
- when performing paragraphs. A.77.3.28 an authorization error was displayed;
- after the execution of paragraphs. A.77.3.26 on the management server were received
node status data. Data transmission from the relay node was performed via a
GSM modem, since there were no other channels of communication with the GIS
OP Internet at the relay node. Thus, the possibility of connecting mobile
components to the subsystem is demonstrated;
when performing paragraphs. A.77.3.33 on the Event Log panel
-
were present listed in paragraphs. A.77.3.33 events;
181
- when performing paragraphs. A.77.3.35 was present in the list of processes
"smbd";
- when performing paragraphs. A.77.3.36 process IDs matched
identifiers of paragraphs. A.77.3.33, and the state of the processes was "Frozen".

OKR "Amezit-V" recording of the actions of technical means
data retransmission should be carried out at the retransmission control
workstation. It is not allowed to record the actions of users of the Amezit
HSC at the points of virtual transport routes located in the GIS OP, for which,
at the points of virtual transport routes, the open source software should
not write data to disk after launch.
Notes:
1. Prior to the GI stage, it is necessary to develop the following documents:
- methods of purchasing dedicated servers;
- methods for organizing technical support for dedicated
servers.
2. Rented physically dedicated servers must have
the following characteristics:
the possibility of remote control through the console with a separate
-
network address;
- network connection speed is not less100 Mbps for network
connections between the server and the client on the territory of Russia;
-technology supportIntel SGX server components (central
processor, motherboard, bios);
- hard drive at least64GB;
- RAM at least8GB;
- at least one publicIP addresses.
Servers rented in the same territory must be located on different
hosting sites and from different providers.
Free software support for up to 34 leased servers (Russia - 8 pcs., China - 6
pcs., USA - 6 pcs., Europe - 6 pcs., countries of the Arab world - 6 pcs., any other
countries - 2 pcs.)
Number of leased servers 6 pcs. (Russia - 2 pieces, China - 1 piece, USA - 1
piece, Europe - 1 piece, countries of the Arab world - 1 piece).
The lease term for servers is until the end of the R & D, plus one year.
182
The source of payment must not reveal the nationality of the tenant.


PWD SSW management interface.
A.78.3.3 Go to the "Tunnels" section.
A.78.3.4 Select the VPN Route tunnel.
A.78.3.5 Write out the nodes that are part of the tunnel card
route.
A.78.3.6 The IP addresses of all nodes of the route are written out in <regular
relay node IP address lookup expression>: ingress-node-ip-address|
intermediate-node-ip-address-1|…|egress-node-ip-address.
A.78.3.8 Get SSH credentials for all nodes on a route
(clause A.78.3.5).
A.78.3.10 Select an arbitrary rule with active clients and application
settings to be checked (the "Application settings" column should not contain
the value "Do not check").
A.78.3.11 Check the presence of entries in the "Message Log" panel
and the results of checks of the user's application settings in the "Check
History".
A.78.3.13 Select VPN Route. A.78.3.14
Open the "Tunnels" panel.
A.78.3.15 Check the history of tunneling along a given route. There
must be one active (current) tunnel and a log of records for previously
closed ones.
A.78.3.16 Connect to all relay nodes via SSH using the data received in
clause A.78.3.8. The connection procedure is performed in accordance with
the document RU.VATS.00182-01 32 01 “Special software for the data relay
subsystem using intermediate servers. System Programmer's Guide. On
each
183
run the following check commands on the relay host as superuser:
grep –RiE “<relay host IP search regular expression>” /var/log | grep -v "IP-address-of-host-to-connected-to"
A.78.3.17 Verify that the result of the search command in the system
event logs is not logged relay chain IP addresses
– the output of the search command must not contain the IP addresses of
other relay route nodes.
A.78.3.18 Check that the data relaying open source software processes
do not have files open for writing (they do not log actions in the file system).
To do this, run the commandas superuser:
"lsof-a-d1-999 -p“$(ps-ax|grep-E'[v]pn|[f]hs|[n]cs' |awk'{print $1;}' |paste-sd',' -)” / |awk'NR==1 ||
$4~/[0-9]+[uw]/'".
To display files opened for writing for open source processes. The
result of the command shouldbe emptycontain only one line - output title.
.
-
- access data has been successfully obtainedSSH to all nodes
route;
in the "Message Log" and "Check History" panels of the card
-
the selected rule had entries;
- in the history of the creation of tunnels along the selected route was present
one active tunnel and a list of previously closed tunnels;
- searchRoute node IP addresses in node event logs
route relay showed no entries found.
requirements of paragraphs 9, 9.12 of the TOR for the Amezit-V R&D SC.
A.79.2 In accordance with the requirements of paragraphs 9, 9.12 of the
TOR for the Amezit-V R&D SC, in case of emergency situations, attempts to
analyze the data relaying SSW, as well as at the administrator's command, all
SSW modules, configuration files, input and output data of the relay SSW must
be destroyed.
184
A.79.3 In order to check the compliance of the DRP SSW with the
A.79.3.4 Select any node where an https server is available. The
presence of an https server can be checked in the Active Services panel of
the tunnel card. In the absence of such nodes, it is necessary to refer to the
document RU.VATS.00182-01 32 01 “Special software for the data relay
subsystem using intermediate servers. System Programmer's Guide" to
generate and install on the relay node a software package that includes an
https web server.
A.79.3.5 Get the host IP address and SSH credentials for a host
running an https web server.
A.79.3.6 Connect to the relay node via SSH (according to the document
RU.VATS.00182-01 32 01 "Special software for the data relay subsystem
using intermediate servers. System programmer's manual") from the TX
user's workstation using the IP address and SSH access data for a host
running an https web server.
A.79.3.7 In the terminal of the SSH session, execute the following

commandsas superuser (root) :
# get the PID of the https server process
FHS_PID=`psax| grep fhs|grep -vfhsgrep |awk '{print $1;}'`
# getting the location of the FHS_PID executable sudolsof -p
$FHS_PID|grep fhs
A.79.3.8 Check that the output contains a path to the form< /fhs> to the executable
file of the open source software of the relay node.
A.79.3.9 Verify that the binary executable is not available for retrieval
with the command: ls</fhs> /fhs. You should see a message that the
specified file does not exist in the file system.
A.79.3.10 Check that the given file does not exist in the file system by
running the command: sudo find / -type f -name fhs. The output of the
command should not contain any files.
A.79.3.11 Check that the SSW DRP cryptocontainer image is filled with
null bytes: sudo hexdump -C /dev/mapper/cdisk | head.
185
A.79.3.12 Check that the fhs process (the HTTPS server of the open source
software package) is actually running and is bound by the cryptocontainer. To do this,
execute the commandsas superuser (root): :
# get the device ID of the cryptocontainer sudodmsetup ls|grep
cdisk
# output should be: cdsisk (<DEV:ID>)
sudolsof -p`pidof fhs|sed “s/ /,/”` $FHS_PID| grep <DEV,ID>
A.79.3.13 Check that the non-empty output of the last command contains
the stringkind :< /fhs> where /fhs– path to the fhs file (non-existent)..
A.79.3.14 If necessary, repeat the test of this technique for all
processes associated with the cryptocontainer (the entire SS package of the
relay node). Getting a list of process data is done with the command: sudo
lsof | grep <DEV,ID>
A.79.4 SPO PRD is considered to have passed the tests according to clauses
A.79.3.1-A.79.3.14 of the test program and methodology and fulfill clauses 9, 9.12 of the
TOR for MF R&D if:
- as a result of checking the location of the executable files of the node's open source software
retransmission - no files were found;
- as a result of checking the contents of the cryptocontainer - it is full
null bytes, i.e. the contents of the cryptocontainer are cleared after launch;
- node SF files were not found in the file system
relays.
A.80.1 In this methodology, the SPO of the RRR is checked for compliance with the
ToR for the MF R&D "Amezit-V", the SPO RRP should ensure the preparation of
special materials (text, graphics, video, audio messages).
A.80.3 In order to check the RRP SSW for compliance with the
A.80.3.1 Create the "Materials" directory on the Windows desktop of the

operator's workstation.
A.80.3.2 Checking the mechanism for preparing text materials is
performed in the following order:
A.80.3.2.1 Launch the Writer application from the LibreOffice office
suite.
186
A.80.3.2.2 In the empty text document that opens, enter the following text:
"Checking the preparation of text materials using an office software
package."
A.80.3.2.3 From the "File" menu, select "Save As...". Select the
A.80.3.2.4 "Materials" directory on the desktop, created
in paragraph A.80.3.1.
A.80.3.2.5 In the "File name" field, enter "Text material", in the field
"File type" select "Microsoft Word 2007-2013 XML (.docx)".
A.80.3.2.6 Save the file with the prepared text material by clicking the
"Save" button. (If the message "Document may include formatting or
content that cannot be saved in the selected Microsoft Windows 2007-2013
XML format" is displayed, deselect "Ask when saving in a format other than
ODF or the default" and click on the " Use the Microsoft Windows 2007-2013
XML format."
A.80.3.2.7 Close the Writer application by selecting Exit LibreOffice

from the File menu.
A.80.3.2.8 Launch the Word application from the Office suite
Microsoft office.
A.80.3.2.9 Press the key combination "Ctrl + O".
A.80.3.2.10 In the file selection dialog that opens, go to
directory "Materials" on the desktop and select the file "Text Material".
A.80.3.2.11 Click on the "Open" button.
A.80.3.2.12 Supplement the text of the file with the phrase "Verification
A.80.3.2.13 information". Press the key combination "Ctrl + S".
A.80.3.2.14 Close the Microsoft Office Word application by clicking
the key combination "Alt+F4".
A.80.3.2.15 Launch the Adobe Acrobat application.
A.80.3.2.16 Select the "Create pdf from file" task. Select
A.80.3.2.17 file "Text material" V directory
"Materials" on the desktop and click on the "Open" button.
A.80.3.2.18 In the "View" menu, select "Tools - Content Editing".
A.80.3.2.19 In the "Edit Content" panel that opens, select the "Add
Text" command.
A.80.3.2.20 In a new line of the open file, enter the text "Checking the
preparation of text materials using Adobe Acrobat".
A.80.3.2.21 Select "Save As..." from the "File" menu.
187
A.80.3.2.22 In the dialog box that opens, go to the "Materials"
directory on the desktop, created in paragraph A.80.3.1.
A.80.3.2.23 In the "File name" field, enter "Text material2", in the "File
type" field, select "Adobe PDF files".
A.80.3.2.24 Save the file with the prepared text material by clicking the
"Save" button.
A.80.3.2.25 Close Adobe Acrobat by selecting Exit from the File menu.
A.80.3.2.26 Verification of the preparation of text materials is considered

completed if in the "Materials" catalog (created in clause A.80.3.1):
- when opening the file "Text material.docx" is displayed
the text "Verification information" is displayed;
- when opening the text file2.pdf" is displayed
the text "Verification information" is displayed.
A.80.3.3 Checking the mechanism for preparing graphic materials is
A.80.3.3.1 Launch the Adobe Photoshop application.
A.80.3.3.2 From the "File" menu, select "New...".
A.80.3.3.3 In the window that opens, in the "Details of
style" specify:
- style name: Graphic data;
- width:100 Pixels;
- height:100.
A.80.3.3.4 Click on the "Create" button.
A.80.3.3.5 On the toolbar choose tool
"Arbitrary figure".
A.80.3.3.6 In the drop-down block "Fill" select yellow color. In the
A.80.3.3.7 "Shape" drop-down block, select the "Lightning" shape. In
A.80.3.3.8 the working (white) area of the document, left-click
mouse button in the upper left corner, release the mouse button in the lower right corner of
the workspace.
A.80.3.3.9 From the "File" menu, select "Save As...".
A.80.3.3.10 In the window that opens, specify the path to the "Materials" directory
on the desktop (created in clause A.80.3.1) and set:
- file name: Graphic data;
- file type:JPEG.
A.80.3.3.11 Click the "Save" button.
188
A.80.3.3.12 In the "JPEG Options" window that opens, click the button
OK.
A.80.3.3.13 Exit the application by selecting "Exit" in the
"File" menu (if the message "Save changes to the Adobe Photoshop Image
Data document before exiting?" is displayed, click on the "No" button).
A.80.3.3.14 Checking the preparation of graphic materials is

considered completed if the "Materials" catalog (created in paragraph
A.80.3.1) when opening the file "Graphics.jpg" displays the data entered in
paragraphs A.80.3.3.5-A .80.3.3.8.
A.80.3.4 Verification mechanism training audio materials
is done in the following order:
A.80.3.4.1 Launch the Sony Sound Forge Pro app.
A.80.3.4.2 In the "Transport" menu, select the "Record" item or press
keyboard shortcut "Ctrl+R".
A.80.3.4.3 Say into the microphone the phrase "Checking the preparation of
audio materials using the Sony Sound Forge program."
A.80.3.4.4 At the end of the phrase, press the "Record" button or the
key combination "Ctrl+R".
A.80.3.4.5 From the "File" menu, select "Save As...".
A.80.3.4.6 In the window that opens, select the "Materials" directory on
desktop (created in A.80.3.1) and specify the save options:
- file name: Audio data;
- file type:MP3 audio (*.mp3);
- pattern: Audio128 kbps;
- save metadata in file: disable. A.80.3.4.7
Click on the "Save" button.
A.80.3.4.8 Quit the program by selecting "Exit"
File menu.
A.80.3.4.9 Launch the MorphVOX Pro application.
A.80.3.4.10 On the left side of the "Voices" panel, select the "Woman"
voice alias.
A.80.3.4.11 In the "MorphVOX" menu, select "Morph file". In the
A.80.3.4.12 window that opens, do the following:
- in the "Source" line, click on the "Browse" button and select from the catalog
"Materials" on the desktop file "Audio data.mp3" (created in paragraphs
A.80.3.4.1–A.80.3.4.7);
189
- in the "Destination" line, click on the "Browse" button, select a directory
"Materials" on the desktop, set the file name "Audio data" and the file type - Wave
files (*.wav);
- click on the "Make" button;
- wait for the conversion process to complete;
- click on the "Exit" button.
A.80.3.4.13Quit the program by selecting "Exit"
MorphVOX menu.
A.80.3.4.14 Launch the Voice Converter application.
A.80.3.4.15 Double-click with the left mouse button in the central area
program windows.
A.80.3.4.16 In the "Materials" directory on the desktop created in
paragraph A.80.3.1, select the file "Audio data.wav".
A.80.3.4.17 If the message “This is a stereo sound. Only left channel
will be processed" press the "OK" button.
A.80.3.4.18 In the top menu, press the “PRESETS” button and select the
“Kid” preset from the drop-down list.
A.80.3.4.19 Click on the "Apply And Save Conversion" button in the top
menu.
A.80.3.4.20 In the window that opens, select the "Materials" folder on
the desktop, set the file name "Audio data2" and click the "Save" button.
A.80.3.4.21 Wait for the conversion process to complete and the file to be
written.
A.80.3.4.22 Close the program by clicking on the "Close" button in the
upper right corner of the window.
A.80.3.4.23 Training check audio materials counts
performed if in the Materials catalog (created in A.80.3.1):
- atwhen you open the "Audio Data.wav" file, the
modified audio data according to the voice alias selected in clause
A.80.3.4.10;
- atopening the "Audio Data2.wav" file is played
modified audio data according to the presets selected in clause A.80.3.4.18.
A.80.3.5 The check of the mechanism training video materials

is carried out in the following order:
A.80.3.5.1 Launch the Sony Vegas Pro application.
A.80.3.5.2 In the menu "File - Import" select the item "Multimedia ...".
190
A.80.3.5.3 In the window that opens, select the "Materials" directory on
desktop (created in clause A.80.3.1). While holding down the Ctrl key, select
the files "Audio data2.wav" and "Graphic data.jpg" in it.
A.80.3.5.4 Click on the "Open" button.
A.80.3.5.5 From the Project Media panel, drag the Audio2.wav file onto
the timeline.
A.80.3.5.6 From the Project Media panel, drag the Image Data.jpg file
onto the timeline.
A.80.3.5.7 Align the timing of graphic data on the timeline with the
audio data by moving the right edge of the graphic data on the timeline to
the right edge of the audio data.
A.80.3.5.8 On the "Video Special Effects" panel, select the "News" item
from the tree-like list.
A.80.3.5.9 Drag and drop the "Color" preset onto the graphics data
timeline.
А.80.3.5.10 In the "Video event special effects" window that opens, in the "Point
size" line, click on the "Animate" button.
A.80.3.5.11 On the displayed timeline, set the cursor position to the
beginning of the timeline and set the value 0 in the "Point size" field.
A.80.3.5.12 Set the cursor position to the end of the time scale, click on
the "Add keyframe" button and set the value 1 in the "Point size" field.
A.80.3.5.13 Close the Video Event FX window with the Close button in the
upper right corner of the window.
A.80.3.5.14 Select "Render As..." from the File menu. In the "Render as"
A.80.3.5.15 window that opens, in the "Output Format" section
saving in MPEG-4 format (select video quality in presets for iPod).
A.80.3.5.16 Click on the "Browse" button.

A.80.3.5.17 Select the "Materials" directory on the desktop (created
in paragraph A.80.3.1), specify the file name "Video data" and click on the
"Save" button.
A.80.3.5.18 Click on the "Render" button.
A.80.3.5.19 Wait for the rendering process to complete, then
click on the "Close" button in the rendering process window.
A.80.3.5.20 Exit the program by selecting the "Exit" item in the "File"
menu (when a window with the message "Save changes to Untitled?" is
displayed, click the "No" button).
191
A.80.3.5.21 Verification training video materials counts
executed if in the "Materials" directory, when opening the "Video data.mp4"
file, a video image of the "Lightning" figure is played with the phrase
"Checking the preparation of audio materials using the Sony Sound Forge
program" in the audio sequence.
A.80.4 SPO RRR is considered to have passed the tests according to clauses
A.80.3.1-A.80.3.5.21 of the test program and methodology and fulfill clauses 3.2.7, 3.2.7.1
of the TOR for the R&D MF, if the checks of clauses A.80.3 are successfully completed.
2.26, A.80.3.3.14, A.80.3.4.23, A.80.3.5.21.

A.81.1 In this methodology, the SPO of the RRP is checked for compliance with the
of the ToR for the Amezit-V R&D SC, the hiding and generation of legendary
personalizing information in special materials must be ensured by clearing or
filling in metadata for the following file formats:
- office documents (Microsoft Office Word, OpenOffice Writer, Adobe
PDF) in terms of available attributes: title, subject, author, keywords,
creation time, modification time, manager, company, category, status, last
edited author, version number, application, comments, last printed time;
- graphic files (JPG, PNG) in terms of exif attributes (for JPG) and GPS-
coordinates;
- audio files (mp3) in the part of ID3 tags;
video files - modification of the time of creation and modification of
-
tracks. A.81.3 In order to check the RRP SSW for compliance with the
A.81.3.1 Run open source software "Legend".
A.81.3.2 Checking the completion of metadata in office documents

is done in the following order:
A.81.3.2.1 Click on the "Select file" button.
A.81.3.2.2 Select on the desktop in the "Materials" catalog
(created in clause A.80.3.1) the "Text Material.docx" file (created in clauses
A.80.3.2.1 to A.80.3.2.6).
A.81.3.2.3 Click on the "Open" button. Set the
A.81.3.2.4 following parameters in the table:
192
- "Name": PIM test;
- "Theme": checking the legend;
- "Author": Pyotr Razumovsky;
- "Keywords": PIM; legend;
- "Time of creation":2000.08.01 10:20:30;
- "Time to change":2000.10.20 01:02:03;
- "Manager": Ivanov Ivan Ivanovich;
- "Company": Titanum;
- "Category": test document;
- "Status": checked;
- "Last edited author": PIM operator;
- "Version number":5;
- "Application": notepad;
- "Comments": test comment;
- "Last print time":2010.01.02 03:04:05.
A.81.3.2.5 Click on the "Save Changes" button.
A.81.3.2.6 Through Windows Explorer, open the "Materials" directory on
desktop.
A.81.3.2.7 Right-click on the text file icon
material.docx" and select "Properties" from its context menu.
A.81.3.2.8 In the opened window "Properties: Text material.docx", on the
tab "Details", check the presence of the values specified in paragraph
A.81.3.2.4 in the file's metadata.
A.81.3.2.9 Close the "Properties: Text Material.docx" window by
pressing the "OK" button.
A.81.3.3 Checking for metadata filling in graphic files is performed in
the following order:
(created in A.80.3.1) the Image Data.jpg file (created in A.80.3.3.1 to
A.80.3.3.12).
- "Comments":LegendCheck;
- "Copyright":JPGAuthor
- "Creator":JPGCreator;
- Shooting time:2000.08.01 10:20:30;
- "Camera Maker":SONY;
193
- "Camera Model":DSC-H300;
- "GPS Latitude": 51;
- "GPS Longitude": 20;
- "GPS Altitude: 8.
desktop.
A.81.3.3.7 Right click on file icon
"Graphic data.jpg" and select "Properties" from its context menu.
A.81.3.3.8 In the opened window "Properties: Graphic data.jpg"

on the "Details" tab, check for the presence of the values specified in clause
A.81.3.3.4 in the file's metadata.
A.81.3.3.9 Close the window "Properties: Graphic data.jpg"
by pressing the OK button.
A.81.3.4 Checking for metadata filling in audio files is performed in the
following order:
(created in clause A.80.3.1) the "Audio Data.mp3" file (created in clauses
A.80.3.4.1 to A.80.3.4.7).
- "Name": PIM test;
- "Performer": Pyotr Razumovsky;
- "Album": Unreleased;
- "Year":2100;
-"Genre": author's song.
desktop.
A.81.3.4.7 Right click on file icon
"Audio data.mp3" and select "Properties" from its context menu.
A.81.3.4.8 In the "Properties: Audio data.mp3" window that opens, on the
"Details" tab, check the presence of the values specified in paragraph A.81.3.4.4 in
the file's metadata.
A.81.3.4.9 Close the "Properties: Audio data.mp3" window by pressing the
"OK" button.
194
A.81.3.5 Checking for metadata filling in video files is performed in the
following order:
(created in clause A.80.3.1) the file “Video data. mp4" (created in A.80.3.5.1
to A.80.3.5.19).
- "Time of creation":2000.08.01 10:20:30;
- "Time to change":2000.10.20 01:02:03.
desktop.
A.81.3.5.7Right click on file icon
"Video data.mp4" and select "Properties" from its context menu.
A.81.3.5.8 In the "Properties: Video data.mp4" window that opens, on the
"Details" tab, check the presence of the values specified in paragraph A.81.3.5.4 in
the file's metadata.
A.81.3.5.9 Close the "Properties: Video data.mp4" window by clicking on
"OK" button.
A.81.3.6 Click on the "Select file" button.
A.81.3.7 Select on the desktop in the "Materials" catalog (created
in clause A.80.3.1) the "Text Material.docx" file (created in clauses A.80.3.2.1
to A.80.3.2.6).
A.81.3.8 Click on the "Open" button.
A.81.3.9 Click on the "Clear all metadata" button.
A.81.3.10 Through Windows Explorer, open the "Materials" directory on
the desktop.
A.81.3.11 Right-click on the "Text material.docx" file icon and select the
"Properties" item from its context menu.
A.81.3.12 In the opened window "Properties: Text material.docx" on
the "Details" tab, check the absence of personalizing information in the file's
metadata.
A.81.3.13 Close the "Properties: Text material.docx" window by pressing the
"OK" button.
A.81.4 The SPO of the RRR is considered to have passed the tests in accordance with
195
3.2.7.2 ToR for R&D MF, if the checks in paragraphs A.81.3.2.8, A.81.3.3.8, A.81.3.4.8,
A.81.3.5.8, A.81.3.12 are completed successfully.

3.2.7.3 of the ToR for the Amezit-V R&D SC, the RRP SSW should provide
bypassing the restrictions of additional privacy parameters in social
networks by automating the following actions of virtual users:
- joining closed groups;
- sending requests to add users as friends.
N o t e . It should be possible to automate the process of creating
virtual users that meet the criteria for performing the specified actions.
A.82.3.1 Launch web browser.

A.82.3.2 Enter the address of the web interface in the address bar of the browser
SPO PRR and pass authorization in the system.
A.82.3.3 Go to the "Events" section.
A.82.3.4 On the command bar, click on the "Collection" button.
A.82.3.5 Name "PIM Activities" for the new collection of activities.
A.82.3.6 Verification of membership of virtual users in a group is

A.82.3.6.1 Being in the PIM Events collection, click on the “+ Event”
button on the command bar.
A.82.3.6.2 In the window that opens, set the following parameters of
the event:
- "Name": PIM Entry into the group;
- "Type of event": Typical actions;
- "Script": Joining a group;
- "Social networks": enable VKontakte;
- "Start": set the current time;
- "end": set the time for15 minutes more than current;
- "Communities": select the "PIM Fictional" group;
196
- "Address": ask address groups For intros:
https://vk.com/urup_group;
- "Quantity":5.
A.82.3.6.4 Wait for the creation of the event to complete. Check for
A.82.3.6.5 users from the PIM community
fictitious" in the subscribers of the group specified in clause A.82.3.6.2.
A.82.3.7 Verification of sending user friend requests is performed in
the following order:
A.82.3.7.1 Open V web browser page
"https://twitter.com/kotova74".
A.82.3.7.2 Mark (remember or write down) the number of readers.
A.82.3.7.3 From the PfM Events collection, click on
command bar to the "+ Event" button.
A.82.3.7.4 In the window that opens, set the following event
parameters:
- "Name": PIM User Subscription;
- "Script": Subscribe to the user;
- "Social networks": turn on Twitter;
- "Address" set the address of the user to add to friends:https://twit-
ter.com/kotova74;
- "Quantity":5.
A.82.3.7.5 Click on the "Save" button. Wait for the creation
A.82.3.7.6 of the event to complete. Repeating paragraphs
A.82.3.7.7 A.82.3.7.1 to A.82.3.7.2, check
increasing the number of readers on the user's page by the value specified
in clause A.82.3.7.4.
A.82.3.1-A.82.3.7.7 of the test program and methodology and fulfill clauses 3.2.7, 3.2.7.3
- regarding the entry of virtual users into the group, if
users from the "PIM fictitious" group are present in the subscribers of the group
https://vk.com/urup_group;
197
- in terms of sending requests to add users as friends, if
the number of readers on the user page "https://twitter.com/kotova74"
increased by 5.
of the ToR for the Amezit-V R&D MF, the RRP SSW should provide automated
placement of special materials in the following services:
- Twitter;
- livejournal;
- In contact with;
- Facebook;
- YouTube;
- Classmates;
- Instagram;
- blog spot.
The following types of actions of virtual users must be supported in
the specified social networks:
- Twitter:
- automatic registration of accounts;
- fillinguser profiles: avatar, geography, name
user, description (about yourself);
- placement of text publications (tweets);
- placement of publications with images;
- posting comments;
- "likes" (approvals) to publications and comments;
- reprint of publications (reposts);
- adding to friends (subscriptions);
- receiving and sending private messages.
- livejournal:
user, description (about yourself), interests;
- placement of text publications;
- posting comments;
198
- reprint of publications;
- In contact with:
- automatic registration of accounts with confirmation bySMS;

- posting comments;
- adding to friends;
- joining a group;
- Facebook:
- posting comments;
- joining a group;
- YouTube:
user, description (about yourself);
- uploading a video to your page;
- posting comments;
- "likes" (approvals) to videos and comments;
- "dislikes" (disapproval) to videos and comments;
- imitation of viewing by an authorized user;
- channel subscription.
199
- Classmates:
- posting comments;
- joining a group;
- Instagram:
- posting comments;
- "likes" (approvals) to photos;
- receiving and sending private messages;
- placing photos on their pages.
- blog spot:
- posting comments;
- instant messaging servicesTelegram, Whatsapp):
- completing user profiles;
- sending text messages toTelegram and WhatsApp;
- sending images, video and audio materials toTelegram.
To implement confirmation of registration by SMS, as well as the tasks of
sending SMS and distributing audio recordings through telephone networks
(calls), the Dinstar multi-SIM solution hardware and software system should be
used, including: SIM-bank, GSM-gateway (at least 4 antennas), local SIM cloud
server.
The function of copying profile information should be supported
only for social networks supported by the subsystem.
200

A.83.3.4 On the left in the list of "Objects" select the collection "Events
PIM" (created in clause A.82.3.5).
A.83.3.5 On the command bar, click on the "+ Event" button. In the
A.83.3.6 window that opens, set the following parameters
Events:
- "Name": PIM Placement of materials;
- "Type of event": Placement of publications;
- "Script": Placement of publications;
- "Social networks": turn on Twitter;
- "Library": select from the library "PIM Publications" (must
be created and filled with text materials in accordance with the user
manual);
- "Quantity":20;
- "each message is no more than1 time": enable.
A.83.3.8 Wait for the event to complete. Check for posts with text
A.83.3.9 content from
of the library specified in clause A.83.3.6 on the pages of users of the PIM
Fictional group.
A.83.3.10 Checking the list of available actions in the relevant
"Services" is performed in paragraphs A.97.3.1.
A.83.4 SPO RRP is considered to have passed the tests according to paragraphs
-on the pages of users of the PIM Fictional group
there are publications from the "Library";
- method verification successfully completed browser windows are launched
virtual users;
201
the TOR, the following means of raising the ratings of distributed special materials
should be provided at the Amezit-V R&D center:
- automated cheat counters of approvals (likes) and
reprints (reposts) for user-defined publications;
- identification of keywords (hashtags) corresponding to a given
user text.
Notes:
1. It must be possible to automate reprints
source materials to other social networks
2. Automation of actions should be carried out taking into account
“Methods for increasing the effectiveness of the distribution of special and
counter-propaganda materials, agreed with the main contractor (see clause
13.3.9 of the ToR).
A.84.3
A.84.3.1 Launch browser.

A.84.3.3 Performance check automated cheats
counters of approvals (likes) and reprints (reposts) for user-defined
publications are performed in the following order:
A.84.3.3.1 Go to the "Events" section.
A.84.3.3.2 On the left side of the "Objects" list choose collection
is the "PIM Activities" (created in A.82.3.5).
A.84.3.3.3 On the command bar, click on the "+ Event" button.
A.84.3.3.4 In the window that opens, set the following parameters of
the event:
- "Name": PIM Upgrade;
- "Script": Publication approval and reprint;
- "Social networks": Twitter;
- "End": set the time for15 minutes more than current;
202
- "Address": set the address of any publication from the results obtained in
paragraph A.83.3.9;
"Approvals":3;
-
- "Reprints":5.
A.84.3.3.5 Click on the "Save" button.
A.84.3.3.6 Wait for the event to complete. Checking
A.84.3.4 Keyword Identification (hashtags),
matching the user-specified text is executed in the following order:
A.84.3.4.1 Go to the "Libraries" section. On the

A.84.3.4.2 left side of the Libraries list choose subsection
"Messages".
A.84.3.4.3 Go to any non-empty library.
A.84.3.4.4 Move the cursor over the title of any message with the text not
less than ten words.
A.84.3.4.5 Click on the button in the header of the message
"#".
A.84.3.4.6 In the opened modal window "Recommendation of hashtags"
enter value: "Number of hashtags": 5.
A.84.3.4.7 Click on the "Analyze" button.
A.84.3.4.8 Wait for the analysis to complete.
A.84.3.4.10 Place the cursor on the title of the message for which
analysis was performed and click on the edit button that appears.
A.84.3.1-A.84.3.4.10 of the test program and procedure and fulfill clauses 3.2.7, 3.2.7.5 of
- in the message editing window there are recommended
hashtags;
- on the page of the target publication there is information about the availability
approvals and reprints of the publication from users of the "PIM Fictional"
group.
203
of the TOR for the Amezit-V R&D SC, the RRP SSW must provide automated
registration of user accounts using personal data generated (taking into
account social engineering technologies): first name, last name, date of birth,
place of residence, interests, as well as photographs.

A.85.3.3 Go to the "Users" section.
A.85.3.4 On the command bar, click on the "Register" button. In the
A.85.3.5 window that opens, enter the following information:
- "Name": PIM Fictional;
- "Description": registration with fictitious data;
- "Number of Users":5;
- "Services": "Twitter, VKontakte and Odnoklassniki;
- "Mailboxes for confirmation":Mail.ru;
- "Type of registration": fictitious data;
- "Gender": women only;
- "Age": from18 to 24;
- "Avatar Libraries": "Students";
- "Libraries of names": "Female names (Russian)";
- "Libraries of names": "Female surnames (Russian)";
- "Libraries of interests": "Students", "Doctors";
- "Libraries of descriptions": "Female", "Cooking";
- Geodata Libraries: Russia.
A.85.3.6 Click on the "+Create" button to start the task of automated
registration of user accounts.
A.85.3.7 Wait for the completion of the registration task for at least
one user in at least one social network.
N o t e . The registration task indicator is displayed in the Registrations
subsection in the Progress column. After generating virtual user profiles,
the number of registered users is displayed in this column in the line "PIM
Fictional" in the format "Registration of bots 5 (<X>)", where <X> is the
number of actually registered users.
204
A.85.3.9 On the left in the list of "Objects" click on the line with the
"Registration Fictitious" community.
A.85.3.10 After selecting an arbitrary user in the workspace, check that
the data in the user profile and registered services match the data specified
in clause A.85.3.5.
A.85.4 SPO RRR is considered to have passed the tests according to clause A.85.3.1-
A.85.3.10 of the test program and procedure and fulfill clauses 3.2.7, 3.2.7.6 of the TOR on
the R&D MF, if clause A.85.3.10 is successfully completed .

ToR for the Amezit-V R&D SC, the RRP SSW must ensure the creation of a copy of the
profile of a real-life subject.

A.86.3.4 On the command bar, click on the "Register" button. In the
A.86.3.5 window that opens, enter the following information:
- "Name": Registration Real;
- "Description": registration with real data;
- "Quantity":2;
- "Services": "Twitter, VKontakte;
- "Mailboxes":Yandex;
- "Registration type": real profiles;
- "Profile addresses": addresses (separated by a line break):
- https://vk.com/gassiev_murat;
- https://twitter.com/kotova74.
A.86.3.6 Click on the "+Create" button to start the task of automated
registration of user accounts.
A.86.3.7 Wait for the completion of the registration task for at least
one user in at least one social network.
205
A.86.3.9 On the left in the list of "Objects" click on the line with the
"Register Real" group.
A.86.3.10 Click on the user avatars in the workspace, check that the
data in the user profiles matches the data of the real profiles specified in
clause A.86.3.5.
the TOR on the R&D MF, if clause A.86.3.10 is successfully completed .

A.87.1 This method is used to check the SPO of the RRP for compliance with the
the ToR for the SC R&D "Amezit-V", the RRP SSW must provide support for at least
100 profiles of social network users from one workplace.

A.87.3.4 Count in the list of "Objects" the total number of virtual users
indicated to the right of the community name.
A.87.4 The PRR SSW is considered to have passed the tests in accordance with
clauses A.87.3.1-A.87.3.4 of the test program and methodology and fulfill clauses
3.2.7, 3.2.7.8 of the TOR for the R&D MF, if the total number of users supported in the
SSW received in paragraph A.87.3.4 is greater than 100.

of the ToR for the Amezit-V R&D SC, the RRR open source software must
provide automated preparation of e-mail (Yandex, Mail.ru, Gmail) when
registering accounts in supported services.
N o t e . Measures must be implemented to prevent unauthorized
access to accounts.
206

A.88.3.3 The technique is carried out using the results of the technique
Method No. 85.
A.88.3.5 On the left in the "Objects" list, click on the line with the community
"PIM Fictional".
A.88.3.6 Click on the user avatars in the workspace, check that the
registered services in the user profiles match the registration task data.
A.88.3.7 At the level of the "PIM Fictional" user community, click in the
workspace on the name of any user in the "Users" column to go to a window
with information about the existing accounts of the selected user.
A.88.3.8 Verify that the following rules are followed for account
passwords generated by STRs to prevent unauthorized access to created
accounts:
- password length at least10 characters;
- passwords use upper and lower characters at the same time
registers;
- Passwords contain special characters and/or numbers.
A.88.4 SPO RRP is considered to have passed the tests according to
clauses 3.2.7, 3.2.7.9 of the TOR on the R&D MF, if e-mail registration is
completed and the following rules are met for account passwords
generated by open source software that prevent unauthorized access to
created accounts:
- password length at least10 characters;
- passwords use upper and lower characters at the same time
registers;
- Passwords contain special characters and/or numbers.
207
of the ToR for the Amezit-V R&D SC, the RRP SSW must ensure the preparation,
storage and presentation of the virtual user profile to the operator: personal
data, existing accounts in supported services, history of actions , private
conversations in existing accounts.
Notes:
1. It should be possible to add, edit and
deleting the comments of the APK operator.
2. Must be able to customize the display
list of virtual user profiles (grouping accounts of one profile, grouping
profiles, sorting, filters by age, languages, interests, nationality, etc.).
A.89.3
A.89.3.1 In the address bar, enter the address of the web interface of the RRP open source software
in the browser and pass authorization in the system.
A.89.3.2 The technique is carried out using the results of the technique
Method No. 86.
A.89.3.4 On the left in the "Objects" list, click on the line with the community
"Registration Real".
A.89.3.5 In the upper part of the objects menu, click on the filter
button. In the filter panel that opens, enter the following data: "User
description (about yourself)": boxer.
A.89.3.6 Press the "Enter" button.
A.89.3.7 Make sure that the workspace on the right displays the user
"Murat Gassiev".
A.89.3.8 In the upper part of the workspace to the right of the name of
the user community, left-click and enter the text in the activated input field:
“checking the input of an arbitrary comment to the community”.
A.89.3.9 On the left in the "Objects" list, hover the cursor over the line
with the "Register Real" community and make sure that the operator's
comment is also displayed as a tooltip to the community.
208
A.89.3.10 In the upper part of the workspace to the right of the name
of the user community, left-click on the comment "checking the input of an
arbitrary comment to the group".
A.89.3.11 Clear the input field from the comment.
A.89.3.12 On the left in the list of "Objects" move the cursor over the line with the
"Register Real" community and make sure that the operator's comment has been
successfully deleted.
A.89.3.13 B working areas press on name column
User: Make sure the list is sorted by username.
A.89.3.14 View data in user profiles by clicking on user avatars.
A.89.3.15 Make sure that the displayed user data contains: image
(avatar), first name, last name, interests, description, age (date of birth).
A.89.3.16 Click on the link in the "User" column of any virtual user and
go to the list of his accounts.
A.89.3.17 Verify that a list of accounts is displayed for the selected
user.
A.89.3.18 In the command bar, click on the "Tasks" button. In the
upper right corner of the workspace, select the type of displayed tasks
"Planned" and click on the "View" button for any of the tasks.
A.89.3.19 Make sure that the task parameters contain the login and
password of one of the accounts of the user being viewed. Click on the
"Close" button.
A.89.3.20 In the command bar, click on the "Dialogues" button.
A.89.3.21 Verify that a list of private message conversations for the
given user is displayed.
-user profile data has an informative presentation
and match the given filters;
- for the selected user, a list of his accounts is displayed;
- for the selected user, a list of his personal
messages (dialogs).
209
ToR for the Amezit-V R&D SC, the RRP SSS should provide analysis and generation of
reports on activity external to the profile, including:
- personal messages received and their number;
the number of added subscribers (friends);
-
- mentions by other users and their number (if any)
technical feasibility);
- comments and reposts to profile publications, as well as their
quantity;
- recommendations for improving dissemination efficiency
special materials (see paragraph A.84.2 of this document).
N o t e . Analysis and report generation should be performed in the
following modes:
- at the request of the user - in a specified time interval from
notification of the user about the readiness of the report;
-in near real time according to a predetermined
set of parameters.

A.90.3.4 On the left in the "Objects" panel, select the community "PIM
Fictional".
A.90.3.5 IN working areas section choose arbitrary
user.
A.90.3.6 On the command bar, click the Report button.
In the dialog box that opens, set the values:
A.90.3.7
- "Time period": select the value "All period";
- "Service": select "Twitter";
- set the switches to the "On" position: "Personal messages",
Subscribers, Mentions, Comments, Reprints, Endorsements,
Recommendations.
210
A.90.3.8 Click on the "Create" button.
A.90.3.9 Wait for completion formation report (stage
formation is displayed in the current modal window).
A.90.3.11 Open a saved file.
3.2.7.11 of the TOR for the R&D MF, if the opened document displays:
- information about the account for which the report was generated;
- the time interval for which the data for the report was collected;
-table containing counters: "Private messages", "Subscribers",
"Mentions", "Comments", "Reprints", "Approvals", "Recommendations";
- "Private Messages" section containing text and senders

received private messages for the specified interval or the text "No private
messages received";
- "Mentions" section containing messages with mentions
this user or the text "No references found";
- the "Comments" section containing the comments received on
publications of the user or the message "No comments found";
- section "Recommendations" containing recommendations for increasing
the rating of this user in the social network. For example, "This user has no
comments and approvals for publications, it is recommended to increase
the number of subscribers for this user."
3.2.7.12 of the ToR on the MF R&D "Amezit-V" SPO RRP should ensure the
dissemination of information messages to GIS OP subscribers via e-mail.

211
Events:
- "Name": PIM Placement of materials;
- "Type of event": Distribution of materials;
- "Script": Sending emails;
- "End": set the time after20 minutes from current;
- "Library": select from the library "PIM Publications" (must
be created and filled with text materials in accordance with the document
RU.BATC.00183-01 92 01 “Special software for the subsystem for preparing,
placing and promoting special materials. User guide");
- "Letters to the recipient":20;

- "Unique messages": mark;
- "Recipients": specify the email address of an arbitrary
a virtual user from the "PIM Fictional" community.
A.91.3.7 Click on the "Save" button. Wait for the
A.91.3.8 creation of the event to complete.
A.91.3.9 Using virtual email credentials
of the user selected as the recipient of the letters, enter the e-mail of the
virtual user (using a web browser), go to the Inbox and check for new letters
sent as part of the action of paragraph A.91.3.6.
A.91.4 SPO RRR is considered to have passed the tests according to

clauses 3.2.7, 3.2.7.12 of the TOR on the R&D MF, if there are emails in the
user's mailbox, sent during the event and their content matches the data
sent.
A.92.1 This method is used to check the SPO RRP for compliance with the
212
ToR for the MF R&D "Amezit-V", the RRP SSS should ensure the dissemination of
information messages to subscribers of the GIS OP through automated
distribution of personal messages in supported services.

Events:
- "Name": PIM Messages to subscribers;
- "Script": Sending private messages;
- "Social networks": mark Twitter;
- "Communities": select the community "PIM Fictional";
- "Recipients" set (line break separated) identifiers
arbitrary users in a given social network from the PIM Fictional community;
- "Messages": select "PIM Messages" from the library;

- "Amount from":1;
- "Number to":5.
A.92.3.7Click on the "Save" button. Wait for the
A.92.3.8 creation of the event to complete.
A.92.3.9 Sign in to the social network Twitter using your credentials
of the user specified as "Recipient" in clause A.92.3.6, go to the private
messages section and check for incoming private messages from the "PIM
Messages" library.
A.92.3.10 Repeat this procedure for each of the social networks
defined by the Social Networks parameter of the event.
213
A.92.4 SPO RRR is considered to have passed the tests according to
clause A.92.3.1-A.92.3.9 of the test program and methodology and fulfill
clauses 3.2.7, 3.2.7.13 of the TOR for the R&D MF, if messages from the PIM
Messages library, are present in personal messages of social network
recipients specified during events.
the ToR on the MF R&D "Amezit-V", the RRP SSS must ensure the dissemination of
information messages to subscribers via telephone networks using IP telephony
technology.

Events:
- "Name": PIM Phone calls;
- "Event type": Telephony;
- "Scenario": Phone calls;
- "SIM cards": select 3 arbitrary SIM cards from the list;
- "Subscribers": indicate the mobile phone number used for
testing;
- "Message library": select the "Test call" library
(prepared and uploaded earlier);
- "Number of attempts": set value3;
- "Period between attempts": set value30. A.93.3.7
Click on the "Save" button.
214
A.93.3.8 Wait for the creation of the event to complete.
A.93.3.9 Wait for an incoming call to the phone used for
checks.
A.93.3.10 Accept an incoming call and listen to the message. A.93.3.11 Go
to the "Management" section. Select "Settings" from the list of objects.
Using the IP address, login and password specified in the "Value" field of the
"IP telephony server" parameter, connect to the server and log in to the web
interface.
A.93.3.12 Select the menu item "Reports" - "Asterisk log files". In the
"Filter" field, enter "\[<mobile phone number for testing in the format
79161234567>@from-internal". Click on the "Show" button. Check for up-to-
date log records of the test call made.
A.93.3.13 Select the menu item "Reports" - "Call Event Logging". Click
on the "Search" button. Check for a completed test call in the list.
- an incoming phone call was made from one of the numbers
specified in the "SIM cards" field when creating an event;
-the listened message matched the message loaded
to the "Test call" library;
- on serverIP telephony log and call history were present
records of the completed test call.
A.94.1 This method is used to check the SPO RRR for compliance with the
the ToR for the MF R&D "Amezit-V", the RRP SSS should ensure the dissemination
of information messages to subscribers via SMS / MMS messages.

215
A.94.3.4 On the left in the "Objects" list, select the "PIM Activities" collection
(created in paragraph A.82.3.5).
Events:
-"Name": PIMSMS mailing;
- "Event type": Telephony;
- "Scenario": Sending SMS messages;
- "SIM-cards": select 3 arbitrary SIM-cards from the list;
- "End": set the time after10 minutes from the current;
- "Recipient numbers": enter the mobile phone number,
used for testing;
- "Message Library": select from the "PIM Messages" library
SMS” (should be prepared and filled in in advance in accordance with the
document RU.BATC.00183-01 92 01 “Special software for the subsystem for
preparing, placing and promoting special materials. User’s Guide”);
- "Number of SMS to the subscriber": specify the value3.

A.94.3.8 Wait for the event to complete.
A.94.3.9 In the process of performing an event to a phone number,
specified in paragraph A.94.3.6, 3 SMS messages must be received.
- received SMS messages were sent from the numbers specified in the field
"SIM-cards" (any of them);
- the content of the messages corresponds to the messages included in
library "PIM Messages SMS".
the ToR for the Amezit-V R&D SC, the RRP SSW should provide information
support for the distribution of special materials in the supported services
should be provided with the following functions:
216
- analysis of text materials specified by the operator and generation
relevant keywords (hashtags);
- analysis of the effectiveness of dissemination of information materials,
including the dynamics of publications and the activity of the response from
users of social networks.
N o t e . informational security activities By
distribution of materials should be carried out taking into account the
“Methodology for increasing the efficiency of distribution of special and
counter-propaganda materials”, agreed with the main contractor (see clause
13.3.9 of the ToR).
A.95.3

A.95.3.3 Verification of the analysis of text materials specified by the operator
and the generation of keywords relevant to them is performed in the following order:
A.95.3.3.1 Go to the "Libraries" section.

A.95.3.3.2 In the "Objects" list, click on "Messages". On the
A.95.3.3.3 command bar, click on the "+ Library" button. Enter
A.95.3.3.4 the name of the library "PIM analysis".
A.95.3.3.5 Add arbitrary text to the library with a length of at least
1000 characters. To get the text do the following:
- in the browser go tohttps://news.google.ru;
- choose any news item with enough characters
(at least 1000).
A.95.3.3.6 Copy the text of the news to the clipboard and paste it into
the "Text" field of the generated library message.
A.95.3.3.8 Hover your cursor over the title of the message you created. Click in
A.95.3.3.9 the header of the message on the button that appears
"#".
A.95.3.3.10 In the opened modal window "Recommendation of hashtags"
enter: "Number of hashtags": 10.
A.95.3.3.11 Click on the "Analyze" button in the open dialog box. Wait
A.95.3.3.12 for the analysis to complete.
217
A.95.3.3.13 Verify that the modal window displays between 1 and 10
suggested hashtags.
A.95.3.3.15 Place the cursor on the title of the message for which
analysis was performed and click on the edit button that appears.
A.95.3.3.16 Verify in the displayed modal window that the "Hashtags"
field contains the recommended hashtags.
A.95.3.4 Checking the analysis of the effectiveness of information
dissemination
materials, including the dynamics of publications and the activity of the
response from users of social networks, is performed in the following order:
A.95.3.4.1 Go to the "Events" section.

A.95.3.4.2 Open the collection of events "PIM Events". Open the "PIM
A.95.3.4.3 Posting Materials" event
(created during the implementation of the methodology No. Methodology No. 91) or any other
with the type "Publication placement".
A.95.3.4.4 On the command bar, click the Report button.
A.95.3.4.5 In the dialog box that opens, select the following
report sections:
- "publication dynamics": included;
- "calculation interval":10 minutes;
- "user response": enabled.
A.95.3.4.7 Wait until the report is generated. Click on
A.95.3.4.8 the "Save" button.
A.95.3.4.9 Open the file in Microsoft Office Word.
A.95.4 SPO RRR is considered to have passed the tests according to clause
A.95.3.1-A.95.3.4.9 of the test program and procedure and fulfill clauses 3.2.7,
3.2.7.16 of the TOR for the R&D MF, if the check in clause A.95.3.3.7 completed
successfully and the content of the activity report file (clause A.95.3.4.9) contains
the following data:
-the timing of the distribution event;
- event title;
- table with time intervals in increments10 min containing
information about the number of published publications in a given time
interval, the number of approvals received, reprints and comments on these
publications.
218
requirements of paragraph 3.2.7.17 of the TOR for the Amezit-V R&D SC.
of the ToR for the Amezit-V R&D MF, in the process of distributing
information materials, the RRP subsystem must provide the “real user
effect” in the following ways:
- automatic conducting vital activity virtual
users, including the following actions: filling personal pages with
publications in accordance with their personal interests, adding friends,
joining groups, viewing social network pages in reading mode (“surfing”);
- when working with social networks, actions should be imitated

real users;
- character-by-character data entry, link navigation, page scrolling,
delays between actions.
A.96.3.1 Prepare VM agents for this scan:

A.96.3.1.1 Using browser and document RU.BATC.00183-01 32
01 "Special software for the subsystem of preparation, placement and
"promotion" of special materials. System Programmer's Guide", connect to
any of the virtualization servers.
A.96.3.1.2 Enter your login and password to enter the virtualization environment
Proxmox V.E.
A.96.3.1.3 Shut down all agent VMs. Run
A.96.3.1.4 only one agent VM. Open a
A.96.3.1.5 running agent VM.
A.96.3.1.6 Go to the "Console" section and log in to the system with
using the login and password of the user on this VM.
A.96.3.1.7 Edit the /etc/prr/agent.conf file to change the parameter
"headless: yes" to "headless: no".
A.96.3.1.8 Run command in console: sudo god agents restart.
A.96.3.2 Open a new browser window.
219
A.96.3.4 Go to the "Journals" section.
A.96.3.5 Check for success records of the following types:
-"Publication";
- "User Subscription";
- "Republishing".
A.96.3.6 Go to the page of any user who has completed a successful
"Publish" action. Check if the user's page contains a posted post made as
part of automatic liveness.

A.96.3.8 In the "Objects" menu, select the "PIM Events" collection.
A.96.3.9 Restart PIM Subscribe to
user", changing the time of the event to the current one and clicking on the
"Restart" button in the event line.
A.96.3.10 Switch to the browser window with the previously opened
virtual machine window (A.96.3.1).
A.96.4 The SPO of the RRR is considered to have passed the tests according to
clauses A.96.3.1-A.96.3.10 of the test program and methodology and fulfill clause
3.2.7.17 of the TOR for the R&D MF, if during the restarted event (clause A.96.3.9 ) on
the agent VM screen:
- virtual user browser windows are launched;
- virtual users perform the social login procedure
net;
-virtual users perform subscription actions on
user, simulating work with the browser;
- virtual users perform the posting of publications in
within automatic life.
N o t e . After completing the methodology, all agent virtual machines are
launched in the Proxmox VE interface.
requirements of paragraph 3.2.7.18 of the TOR for the Amezit-V R&D SC.
ToR on the Amezit-V R&D SC, the actions of the SPO of the technical means of
"promotion" of materials should not disclose national and departmental affiliation. To
do this, the following mechanisms must be implemented:
220
managing the actions of virtual users through
-
subsystem graphical interface: sending private messages, adding friends,
joining groups, posting publications, sending comments. The execution of
these actions by a virtual user must occur in accordance with an individual
activity schedule or at a point in time specified by the operator;
- interaction with supported services should occur

only through the PRD subsystem;
providing the operator with all the necessary data for work from
-
under a specific account: login and password, required browser and
environment settings.
Notes:
1. The application verification function must be implemented
software based on the virtual user legend (keyboard layouts supported by
the browser, version and language of the operating system, etc.).
2. The use blocking function must be implemented

PRR subsystems for personal purposes.
3. The possibility of multi-user should be implemented
the use of open source software of the PRR subsystem by geographically distributed
elements of the APC "Amezit" (through the PPD subsystem).
A.97.3
A.97.3.1 Checking the performance of actions (sending private

messages, adding friends, joining groups, posting publications, sending
comments) by a virtual user in accordance with an individual activity
schedule or at a time specified by the operator is carried out in the following
order:
A.97.3.1.1 Launch browser.
A.97.3.1.2 Enter the web address in the browser's address bar
the open source software interface of the RRR and pass authorization in the system.
A.97.3.1.3 Go to the "Users" section.

A.97.3.1.4 In the left menu of objects, click on the filter button
users.
A.97.3.1.5 Select in filters:
- select "All communities" in the drop-down list;
221
- Vkontakte services.
A.97.3.1.6 In the workspace, in the "User" column, click on the link with
the left mouse button.
A.97.3.1.7 On the command bar, click the "+ Task" button. In the "Account"
A.97.3.1.8 field, select the account of the "VKontakte" service. Check the
A.97.3.1.9 contents of the list of available tasks in the "Type
tasks".
A.97.3.1.10 Select "Publication" in the "Type of task" field. Set the
A.97.3.1.11 following values in the task parameters:
- in the "Start of the task" field: time in5 minutes from current;
- in the "Text" field: My new post;
- in the "Links" field:http://ya.ru;
- in the "Hashtags" field: post tag.
A.97.3.1.12Click on the "Save" button.
A.97.3.1.13 In the command bar, click on the "Tasks" button.
A.97.3.1.14 In the upper right corner of the workspace, select the value
"Planned" filter.
A.97.3.1.15 Find the created task in the list of scheduled tasks for
publication.
A.97.3.1.16 Click on the "View" button for this task. Check the task
A.97.3.1.17 parameters for compliance with the specified ones. Remove a
A.97.3.1.18 task from the list of scheduled tasks by clicking on
the delete icon in the line with the task.
A.97.3.1.19 Verify that the remote task is not in the list of scheduled
tasks.
A.97.3.2 Verification of interaction with supported services through
DRP SS only is carried out in the following order:
A.97.3.2.1 Block access to Internet GIS resources for RRP open source
users.
A.97.3.2.2 Carry out the activity "PIM Entering the group" according to
the procedure Method No. 82.
A.97.3.2.3 Verify that result repeated tests
negative (no action should be performed successfully by virtual users).
A.97.3.3 Verification of the provision of data to the operator for work

from under a specific virtual user account is carried out in the following
order:
222
A.97.3.3.1 Enter the web address in the browser's address bar
the open source software interface of the RRR and pass authorization in the system.
A.97.3.3.2 Go to the "Users" section.

A.97.3.3.3 Select a random virtual user by clicking
left-click on the link in the "User" column in the workspace.
A.97.3.3.4 Make sure that for each available account the user displays
his service, login and password.
A.97.3.3.5 On the command bar, click on the "Session" button. Check
A.97.3.3.6 user session data for access. Checking the blocking of the
A.97.3.4 use of the RRP subsystem in
personal purposes are performed in the following order:
A.97.3.4.1 Perform the “PIM Joining a Group” activity according to
Methodology No. 82 for a user with the “Operator” role.
A.97.3.4.2 Verify that the created event does not start executing. The
status of the event in the event list should show as Pending Confirmation.
A.97.3.4.3 Log in to the PRR open source software on behalf of a user with a role
"User".
A.97.3.4.4Go to the "Events" section.
A.97.3.4.5Select the collection in which the event was created
"PIM Joining the Group".
A.97.3.4.6 Verify that the created event is displayed with the status
"Awaiting confirmation", next to the status the "Confirm" button is
displayed.
A.97.3.4.7 Click on the "Confirm" button for this event. Check for a
A.97.3.4.8 change in event status.
A.97.3.4.9 SPO RRP is considered to have passed the tests according to clause A.97.3.1-
A.97.3.4.9 of the test program and methodology and fulfilling paragraph 3.2.7.18 of the TOR
for MF R&D, if:
- the list of available virtual user tasks contains:
- private message;
- user subscription;
- joining a group;
- publication;
- a comment;
- OK;
- reprint.
- user task parameters correspond to the specified ones;
223
- the remote user task is not in the list of scheduled tasks;
- when blocking resources with the help of SPO PRD, the created event
not performed;
- for each available virtual user account
its service, login and password are displayed;
- The user session data contains the following entries:
- user agent of the browser;
- proxy server;
- user screen resolution;
- user's time zone;
- user language;
- command to launch the browser "Chromium.
- a user with the "Operator" role cannot run the created
action to be taken; confirmation of the event by a user with the role "User"
transfers the event to the "Started" state.
requirements of clause 3.2.7.19 of the TOR for the Amezit-V R&D SC.
A.98.2 In accordance with the requirements of paragraphs of paragraph
3.2.7.19 of the ToR for the MF R&D "Amezit-V", the RRP SSS should provide
automated interaction with the SSS of the linguistic support subsystem.
A.98.3.1 Configure the path to the server of the linguistic support subsystem by
setting the value plo_server in the configuration file config/config.yml (the action is
performed by the administrator of the Amezit APK).
A.98.3.3 In the address bar of the browser, enter the address of the web interface
STR software and are authorized in the system.
A.98.3.4 Go to the "Libraries" section.
A.98.3.5 On the left in the menu of objects, select the "Messages"
A.98.3.6 subsection. On the left in the "Message Libraries" list, select any
a non-empty message library.
A.98.3.7 In the workspace, move the cursor over the header of any
message.
224
A.98.3.8 In the header of the message, click on the displayed button “
” (“Translate”).
A.98.3.9 In the "Message translation" modal window that opens, in the "Text"
field, enter the text to translate "hello test one two three".
A.98.3.10 Click on the "Run" button.
A.98.3.11 Wait for the result of the transfer in the "Transfer" field.
A.98.3.12 To view the format of the transmitted data in the browser,
open the developer console (using the Ctrl+J key combination) and go to the
“Network” tab.
A.98.3.1-A.98.3.12 of the test program and procedure and fulfill paragraph 3.2.7.18 of the TOR
for the R&D MF, if:
-
- when translating the text of the message, the text "hello
check one two three";
- when viewing the format of the transmitted data, the formats of the sent
and received data correspond to accepted PLO formats.
requirements of paragraphs 9.3.2, 9.3.3 of the TOR for the Amezit-V R&D SC.
A.99.2 In accordance with the requirements of paragraphs 9.3.2, 9.3.3 of the ToR
for the Amezit-V R&D SC, the RRP SSW must ensure that the requirements for the data
processing mode and the rights to access the processed information are met.
A.99.3 To check the compliance of the RRP SSW with the requirements,

SPO PRR.
A.99.3.3 In the authorization window that opens, enter obviously incorrect
login and/or password (login - AnyUser, password - somePassword).
A.99.3.4 After pressing the "Login" button, an unauthorized access
error message and in the absence of access to the SSW should be displayed.
A.99.3.5 Pass authorization in the system with valid data in accordance

with document RU.BATC.00183-01 92 01 “Special
225
software for the subsystem of preparation, placement and "promotion" of
special materials. User guide".
A.99.3.6 After clicking on the “Login” button, the main interface of the
RRP SSW should open, which indicates successful access to the SSW.
A.99.4 The SPO of the RRR is considered to have passed the tests according to
clauses A.99.3.1-A.99.3.6 of the test program and procedure and fulfill clauses 9.3.2, 9.3.3
of the TOR for the R&D MF, if in clause A.99.3.4 access the user is not provided and an
error message is displayed, and in clause A.99.3.6 the user has successfully logged on to
the system.
A.100 Methodology No. 100
A.100.1 In this methodology, the SPO of the RRP is checked for compliance with
the requirements of clause 9.17 of the TOR for the Amezit-V R&D SC.
A.100.2 In accordance with the requirements of clause 9.17 of the ToR for the
Amezit-V R&D SC, the RRP SSW must ensure the functions of registering and storing the
actions of operators.
A.100.3.1 In accordance with the document RU.BATC.00183-01 32 01

“Special software for the subsystem for preparing, placing and promoting
special materials. System Programmer's Guide" to connect to the
management interface server via the SHHclient on behalf of the superuser.
Domain name for connection (Hostname): ui.srv.
A.100.3.2 In the SSH client window, enter the following command: tail –f /srv/prr-ui/logs/*log.
A.100.3.3 Start the browser and in the address bar enter the address of the control interface of
the PRR open source software.
A.100.4 The RRP SSW is considered to have passed the tests in accordance with clauses
A.100.3.1-A.100.3.3 of the test program and methodology and fulfill clause 9.17 of the TOR on
the R&D MF, if after the execution of clause A.100.3.3 in the SSH client window there are the
request data to the control interface of the following form is displayed:
Started GET “<request path>” for <client IP> at <Request time> Processing by
<Controller and request processing method via #>
For example:
Started GET “/” for 10.10.10.10 at 2018-04-20 13:15:42 Processing by

AuthController#login
226
A.101.1 In this methodology, the SPO PTT is checked for compliance with the
A.101.2 In accordance with the requirements of clauses 3.2.8, 3.2.8.1 of the TOR
for the Amezit-V R&D SC, the PTT open source software must ensure the detection of
actual critical vulnerabilities in Microsoft Windows XP and older, Microsoft Windows
Server 2003 and older, Red Hat 5 and older, CentOS 5 and older, Debian 6 and older,
Ubuntu 12 and older. The relevance of software versions is established on the date of
approval of the program and methods of preliminary testing.
A.101.3 In order to check the SPO PTT for compliance with the
A.101.3.1 Make sure you have a set of software and hardware tools,
including a PC with installed OS Microsoft Windows XP and older, Microsoft
Windows Server 2003 and older, Red Hat 5 and older, CentOS 5 and older,
Debian 6 and older, Ubuntu 12 and older.
N o t e . It is allowed to use VMs imitating PCs operating under the
control of the listed operating systems.
A.101.3.2 Select one of the PCs listed in A.101.3.1, and
scan the software components of the OS of this PC using the MaxPatrol
vulnerability scanner. The check is carried out in accordance with the
document RU.VATS.00184-01 92 02 “Special software for the
telecommunications equipment testing subsystem. MaxPatrol software.
User guide".
A.101.3.3 Perform operations on static and structural code analysis in
accordance with clause A.104 for OS components for which there are
program source codes.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.104 (methodology Methodology No. 104).
A.101.3.4 Perform operations on dynamic analysis of OS code in
in accordance with paragraph A.105.
A.101.3.5 Perform automated recognition operations
standard library functions used in the OS, in accordance with clause A.106.

227
A.101.3.6 Perform operations on signature analysis of dangerous
operations performed in the OS, in accordance with clause A.107.
A.101.3.7 Perform automated search operations
the changes made to the OS program code when it is modified in
accordance with clause A.111.
A.101.4 SPO PTT is considered to have passed the tests according to clause A.101.3.1-
- according to the results of the checks performed in points A.101.3.2-A.101.3.7,
received reports containing correct and consistent data on the vulnerabilities of
the tested operating systems;
- The software used during inspections searches for and
detection of vulnerabilities of the tested OS.
TOR for the Amezit-V R&D SC, the PTT open source software must ensure the detection of
current critical vulnerabilities in MS SQL Server 2008/2008R2/2012, Oracle Database 10
for Linux/Windows, Oracle MySQL 4.x. and Microsoft Office 2003 and higher, Adobe,
OpenOffice for Linux platforms, Microsoft Explorer, Opera, FireFox, Google Chrome
browsers, Adobe Reader software, Adobe Flash. The relevance of software versions is
established on the date of approval of the program and methods of preliminary testing.
A.102.3 To check the SPO PTT for compliance with the requirements,
A.102.3.1 Make sure that a set of software and hardware is available,

including a PC with installed software MS SQL Server 2008/2008R2/2012,
Oracle Database 10 for Linux/Windows, Oracle MySQL 4.x. and Microsoft
Office 2003 and higher, Adobe, OpenOffice for Linux platforms, Microsoft
Explorer, Opera, FireFox, Google Chrome browsers, Adobe Reader software,
Adobe Flash.
228
N o t e . It is allowed to use VMs imitating PCs with the listed software
installed on them.
A.102.3.2 Select one of the PCs with installed software listed
in clause A.102.3.1. Select one program from the software installed on the
PC and scan it using the MaxPatrol Vulnerability Scanner. The check is
carried out in accordance with the document RU.VATS.00184-01 92 02
“Special software for the telecommunications equipment testing subsystem.
MaxPatrol software. User guide".

accordance with clause A.104 for software components for which there are
program source codes.
A.102.3.4 Perform operations on dynamic analysis of software code in
in accordance with paragraph A.105.
A.102.3.5 Perform automated recognition operations
standard library functions used in the software, in accordance with clause
A.106.
A.102.3.6 Perform signature analysis operations on dangerous
operations performed by the software in accordance with clause A.107.
changes made to the software code when it is modified in accordance with
clause A.111.
A.102.4 SPO PTT is considered to have passed the tests according to clause A.102.3.1-
received reports containing correct and consistent data on the
vulnerabilities of the tested software;
229
detection of vulnerabilities in programs being checked.

the ToR for the Amezit-V R&D SC, the PTT open source software must ensure the
detection of actual critical vulnerabilities in information security software, which
includes system, server and application software listed in paragraphs . A.101.2,
A.102.2 of this document.
A.103.3 In order to check the SPO PTT for compliance with the
A.103.3.1 Make sure that a set of software and hardware is available,

including a PC with three different copies of information security software
installed on them, which include system, server and application software
listed in paragraphs 3.2.8.1, 3.2.8.2 of the TOR at the midrange ROC "Amezit-
V".
N o t e . It is allowed to use VMs that imitate PCs with information
security software installed on them.
A.103.3.2 Select one of the PCs with installed software listed
in clause A.103.3.1. Select one program of information security tools
installed on the selected PC and scan it using the MaxPatrol vulnerability
scanner. The check is carried out in accordance with the document
RU.VATS.00184-01 92 02 “Special software for the telecommunications
equipment testing subsystem. MaxPatrol software. User guide".

accordance with clause A.104 for software components of information
security tools for which there are program source codes.
A.103.3.4 Perform operations on dynamic software code analysis
means of information security in accordance with clause A.105.
230
A.103.3.5 Perform operations for automated recognition of standard
library functions used in information security software, in accordance with
clause A.106.
A.103.3.6 Perform signature analysis operations on hazardous
operations performed by information security software, in accordance with
clause A.107.
changes made to the program code of the software of information security tools
when it is modified in accordance with clause A.111.
A.103.3.8 Testing the ability to detect current critical
information security software vulnerabilities is considered passed if:

received reports containing correct and consistent data on the
vulnerabilities of the verified information security software;
detection of vulnerabilities of the checked programs of information security tools.
A.103.3.9 Checking for the presence of Immunity CANVAS software in the PSS is
carried out in accordance with clauses A.103.3.10, A.103.3.11.
A.103.3.10 For verification, it is necessary to run the Immunity CANVAS software
and demonstrate its performance using the selected software sample as an example.
A.103.3.11 Checking for the presence of the Immunity CANVAS software

in the PTT SSW is considered successful if the operable Immunity CANVAS
software is included in the PTT SSW.
A.103.4 SPO PTT is considered to have passed the tests according to clauses
3.2.8.4 of the TOR for the R&D MF, if the conditions in clauses A.103.3 are met. 8 and
A.103.3.11.

A.104.1 This method is used to check the SPO PTT for compliance with the
231
A.104.2 In accordance with the requirements of paragraphs 3.2.8, 3.2.8.5 of the TOR
for the SC R&D "Amezit-V", the PTT open source software must provide a structural and static
analysis of the source texts of programs in programming languages:
-C;
- C++;
- NET;
- java
- PHP.
A.104.3.1 Verification performed With using in advance
prepared software samples, which are files developed in C, C++, .NET, Java,
PHP programming languages. The files of open source software of the APC
"Amezit", files of any freely distributed software, or specially generated test
cases can serve as samples of program source texts.
A.104.3.2 The test is performed in accordance with the documents

RU.BATC.00184-01 92 08 “Special software for the telecommunications
equipment testing subsystem. Application Inspector software. User
Manual”, RU.BATC.00184-01 34 09 “Special Software for Telecommunication
Equipment Testing Subsystem. PVS-Studio software. User guide".
A.104.3.3 Verification of static (structural) analysis of control samples,

depending on the programming language, is performed using the
appropriate software (analysis software) presented in the table.
Table 2 - Compliance of static (structural) analysis software with verified test

cases
Name of static software Programming language
No.
(structural) analysis verifiable source code
p/p
(analysis software) programs
1 PVS Studio C, C++
2 FindBugs Java
3 BugScout Java, .NET, C#, PHP
4 PT Application Inspector Java, .NET, PHP
232
A.104.3.4 To carry out a check, the following steps should be taken:
A.104.3.4.1 Select a sample software developed in one of the

programming languages listed in A.104.2.
A.104.3.4.2 Select software tool analysis - BY,
corresponding to the programming language in which the sample software is developed.
A.104.3.4.3 Perform structural and static analysis of the software
sample using an appropriate analysis software tool.
A.104.3.4.4 Verify that structural and static analysis of the software
sample can be performed with an appropriate software analysis tool.
A.104.3.4.5 If necessary, perform additionally (by decision of the

commission) paragraphs A.104.3.4.1–A.104.3.4.4 for any other arbitrary
software sample (several arbitrary software samples).
A.104.4 SPO PTT is considered to have passed the tests according to
clauses A.104.3.4.1-A.104.3.4.5 of the test program and methodology and fulfill
clauses 3.2.8, 3.2.8.5 of the TOR for the R&D MF, if the analysis software tools
listed in the table, provide a static (structural) analysis of software samples
developed in the programming languages specified in clause A.104.2.

ToR for the Amezit-V R&D MF, the PTT open source software must provide
dynamic software analysis.
A.105.3.1 Verification ensure dynamic analysis BY

is performed using pre-prepared software sample files, which are compiled
binary modules. The executable files and libraries of the open source
software of the APK "Amezit", executable files and libraries of any software,
or specially generated test cases can serve as samples of binary modules.
233
A.105.3.2 Verification of software sample files is performed using the
following analysis software tools:
- disassembler -IDA Pro Disassembler;
- decompiler -Hex-Rays Decompiler;
- application fuzzing softwarePeach Fuzzer;
- console utility for fuzzing applications -AFL;
- additional module for softwareIDA Pro - ida-x86emu;
- debugger -x64dbg.
A.105.3.3 Testing is performed in accordance with documents
equipment testing subsystem. IDA Pro software. User Manual”,
RU.BATC.00184-01 92 11 “Special Software for Telecommunication
Equipment Testing Subsystem. x64dbg software. User guide".
A.105.3.4 To perform a check, the following steps should be taken:
A.105.3.4.1 Select sample software.

A.105.3.4.2 Select the appropriate analysis software. Perform
A.105.3.4.3 software sample analysis using
selected analysis software.
A.105.3.4.4 In addition to A.105.3.4.1 to A.105.3.4.3, perform the
checks in A.108.3.5 and A.108.3.10.
A.105.3.4.5 Verify that a dynamic
analysis of the software sample by the analysis software used.
A.105.3.4.6 If necessary, additionally (by decision of the commission)
perform paragraphs A.105.3.4.1–A.105.3.4.5 for any other arbitrary software
sample (several arbitrary software samples).
clauses A.105.3.4.1-A.105.3.4.6 of the test program and methodology and
fulfill clauses 3.2.8, 3.2.8.6 of the TOR for the R&D MF, if the analysis
software listed in clause A .105.3.2 and used in A.105.3.4.4 provide dynamic
analysis of software samples.
234
the ToR for the Amezit-V R&D MF, the PTT open source software must provide
automated recognition of the used standard library functions according to the
following list: _getlong, udp_cksum, os_strncpy, os_strncmp, os_strlen, os_strchr,
os_strrchr, os_memcmp, os_memset, os_memcpy, scanf, printf, gets.
A.106.3 Checking the provision of automated recognition of the
standard library functions used is performed using pre-prepared software
sample files, which are files containing the standard library functions listed
in clause A.106.2.
A.106.4 Verification of software sample files is performed using the

IDA Pro analysis software.
А.106.5 Testing is carried out in accordance with the document
equipment testing subsystem. IDA Pro software. User guide".
A.106.6.1 Copy the software samples to the sign_test

directory. A.106.6.2 Start the IDA Pro program.
A.106.6.3 Open the sample software file located in the sign_test
directory in IDA Pro for analysis.
A.106.6.4 Start the analysis process of the open sample software file and
wait for the completion message.
A.106.6.5 View the list of identified functions for the presence of standard
library functions and compare them with the list of standard library functions
in the source code of the software sample file. Make sure that all standard
library functions of the source code of the software sample file are displayed in
the list of detected functions.
A.106.6.6 Repeat (if necessary) steps A.106.6.3–A.106.6.5 for the
remaining software sample files located in the sign_test directory.
A.106.7 SPO PTT is considered to have passed the tests in accordance with
3.2.8, 3.2.8.7 of the TOR for the R&D MF, if, upon fulfillment of clauses A.106.6.3 –
A.106.6.6 All standard library functions from the list of standard library functions
given in clause A.106.2 are found in the sample software files.
235
ToR for the Amezit-V R&D SC, the PTT SSS must provide signature analysis of
potentially hazardous operations according to the following list:
- callLoadLibraryEx or LoadLibrary with an argument containing
relative path;
- calling functions that work with the format string (scanf, printf);
- calling functions that do not control the size of the input when writing to the buffer
(gets, scanf, strcpy);
- calling functions that copy buffers (memcpy,
CopyMemory);
- function withoutControl Flow Guard;
- the presence of a module without supportASLR;
- the presence of a page with the rights to record and execute;
- register transfer operations (jmpreg, allreg);
- absenceNX-bit;
- the presence of debug information in the file.
A.107.3 Verification of signature analysis of potentially dangerous
operations is performed using pre-prepared software samples, which are
files that include calls to the functions listed in clause A.107.2.
A.107.4 Verification of software sample files is performed using the

IDA Pro analysis software.
A.107.5 Checking is carried out in accordance with the document
equipment testing subsystem. IDA Pro software. User guide".
A.107.6.1 Copy the software samples to the critical_test

directory. A.107.6.2 Start the IDA Pro program.
A.107.6.3 Open the software sample file located in the critical_test
directory in IDA Pro for analysis.
236
A.107.6.4 Start the analysis process of the open sample software file and
wait for the completion message.
A.107.6.5 View the presence of potentially dangerous operations in the list of
identified operations and compare them with the list of operations in the source code
of the software sample file. Make sure that all potentially dangerous operations of the
source code of the software sample file are displayed in the list of detected
operations.
A.107.6.6 Repeat (if necessary) steps A.107.6.3–A.107.6.5 for the
remaining software sample files located in the critical_test directory.
A.107.7 SPO PTT is considered to have passed the tests in accordance with
3.2.8.8 of the TOR for the R&D MF, if, when performing the actions in clauses A.107.6
.3- A.107.6.6 all potentially dangerous operations from the list given in paragraph
A.107.2 are detected.

the ToR for the Amezit-V R&D SC, the PTT SSW must ensure the restoration
of the operation logic and network interaction protocols of third-party
software through the use of the following mechanisms and software tools:
- capturing network packets passing through the network

interface, parsing them by OSI model levels, statistical analysis of packet
arrays, recording and replaying network sessions, researching protocol
encapsulation, compiling your own samples of individual packets and their
sequences using traffic analysis software tools such as Wireshark and Scapy;
-debugging, tracing, data change control, change

values of variables during code execution, tracking the progress of the
program, viewing the contents of memory cells and processor registers,
searching for errors, setting and removing breakpoints using software
debugging tools such as WinDBG and gdb;
- dynamic instrumentation of binary code, injection
commands during program execution, creating your own utilities
237
dynamic analysis, Taint-analysis using dynamic analysis software tools such
as Intel PIN and Dynamo Rio.
N o t e . To include in the program documentation for the Amezit APK
a methodology for restoring the operation logic and protocols for software
network interaction based on working with the above technical means.
A.108.3 To check the SPO PTT for compliance

A.108.3.1 Verification ensure recovery logic

functioning and protocols of network interaction Third-party software by
using mechanisms and software tools for capturing network packets
passing through the network interface, parsing them according to the levels
of the OSI model, statistical analysis of packet arrays, recording and
replaying network sessions, studying protocol encapsulation, compiling
your own samples of individual packets and their sequences using traffic
analysis software such as Wireshark and Scapy is performed in accordance
with clauses A.108.3.2 to A.108.3.4.
A.108.3.2 The test is performed using a workstation (PC) connected to

the SPAN port of the network switch through which network flows circulate
between network nodes and remote application servers. The PC must have
Wireshark and Scapy software installed. Two applications are used as the
test object (application No. 1 is software under Android operating system,
which includes the function of data exchange via HTTPS protocol,
application No. 2 is software under Windows OS, generated using
obfuscation mechanisms).
A.108.3.3 To perform a check, the following steps must be taken:
A.108.3.3.1 Launch Wireshark and Scapy traffic analysis software,

enable packet monitoring mode on all network interfaces.
A.108.3.3.2 Run the prepared applications No. 1, No. 2 and register the
network traffic generated by them.
A.108.3.3.3 Parse the recorded packets into layers of the OSI model,
observing the presentation of this data in the program interface.
A.108.3.3.4 Perform statistical analysis of arrays of packets, evaluate
the distribution of packets over various protocols, the quantitative
proportion of packets with certain characteristics.
238
A.108.3.3.5 Perform recording and playback of network sessions.
A.108.3.3.6 Conduct protocol encapsulation research. Perform the
A.108.3.3.7 formation of your own samples of individual
packages and their sequences.
A.108.3.3.8 Simulate information exchange between a mail service
client and server using SMTP and/or POP3 protocols and check the
applicability of guidelines for restoring the operation logic and network
interaction protocols of third-party software in relation to the network traffic
analysis tools used.
functioning and protocols of network interaction Third-party software by using
mechanisms and software tools for capturing network packets passing
through the network interface, parsing them according to the levels of the OSI
model, statistical analysis of packet arrays, recording and replaying network
sessions, studying protocol encapsulation, compiling your own samples of
individual packets and their sequences using software tools for analyzing
traffic such as Wireshark and Scapy is considered successful if clauses
A.108.3.3.1–A.108.3.3.7 are successfully completed, and the analysis of the
recorded session of the exchange of the client and the server of the mail
service with messages using the SMTP protocols and / or POP3 made it
possible to highlight the sequence of operations that correspond to the RFC
specifications for these protocols.
functioning and network interaction protocols for third-party software
through the use of mechanisms and software tools for debugging, tracing,
monitoring data changes, changing the values of variables during code
execution, monitoring program execution, viewing the contents of memory
cells and processor registers, searching for errors, installing and
uninstalling breakpoints using software debugging tools such as WinDBG
and GNU Debugger are carried out in accordance with clauses A.108.3.6–
A.108.3.9.
A.108.3.6 Verification in progress With using in advance
a prepared software sample, which is a binary executable file with the “exe”
extension.
A.108.3.7 Testing is performed in accordance with documents
equipment testing subsystem. GNU Debugger software. User Manual”,
RU.BATC.00184-01 92 04 “Special
239
software for testing subsystem of telecommunication equipment. WinDBG
A.108.3.8.1 Launch the WinDBG program.

A.108.3.8.2 Open the sample software file in WinDBG. Check the
A.108.3.8.3 performance of the debugging mechanisms.
A.108.3.8.4 Check the operability of the program execution tracing
mechanisms.
A.108.3.8.5 Check performance mechanisms control
data changes.
A.108.3.8.6 Check performance mechanisms changes
variable values during code execution.
A.108.3.8.7 Verify that the mechanisms for tracking the progress of the
program are working.
A.108.3.8.8 Check performance mechanisms viewing
contents of memory cells and processor registers.
A.108.3.8.9 Verify that the error-finding mechanisms are working.
A.108.3.8.10 Check the operation of the mechanisms for setting and
removing checkpoints.
A.108.3.8.11 Do points A.108.3.8.1 to A.108.3.8.10 With
using the GNU Debugger program.
functioning and network interaction protocols for third-party software
through the use of mechanisms and software tools for debugging, tracing,
monitoring data changes, changing the values of variables during code
execution, monitoring program execution, viewing the contents of memory
cells and processor registers, searching for errors, installing and
uninstalling breakpoints using software debugging tools such as WinDBG
and GNU Debugger are considered successful if A.108.3.8.1 to A.108.3.8.11
are successful.

functioning and protocols of network interaction Third-party software
through the use of mechanisms and software tools for dynamic
instrumentation of binary code, injection of commands during program
execution, creation of own dynamic analysis utilities, Taint-analysis using
dynamic software tools
240
analysis of the Intel Pin and DynamoRIO types is carried out in accordance with clauses
A.108.3.11 to A.108.3.14.
A.108.3.11 Verificationperformed With using in advance
a prepared software sample, which is a binary executable file with the “exe”
extension.
A.108.3.12 Verification is carried out in accordance with the documents
equipment testing subsystem. Intel PIN software. Operation manual”,
RU.BATC.00184-01 92 13 “Special software for testing subsystem of
telecommunication equipment. DynamoRIO software. Manual".
A.108.3.13 To carry out a check, the following steps must be taken:
A.108.3.13.1 Start the Intel Pin tool. A.108.3.13.2 Open the sample software
file in the Intel Pin program. A.108.3.13.3 Check for the absence of
information about errors and failures in the operation of binary code
dynamic instrumentation mechanisms.
A.108.3.13.4 Check the absence of information about errors and
failures in the operation of command injection mechanisms during program
execution.
A.108.3.13.5 Check the absence of information about errors and failures in the
operation of mechanisms for creating your own dynamic analysis utilities,
Taintanalysis.
A.108.3.13.6 Do points A.108.3.13.1 to A.108.3.13.5 With
using the DynamoRIO software.
functioning and protocols of network interaction Third-party software
through the use of mechanisms and software tools for dynamic
instrumentation of binary code, command injection during program
execution, creation of own dynamic analysis utilities, Taint-analysis using
dynamic analysis software tools such as Intel Pin and DynamoRIO is
considered successful if, during the checks performed in paragraphs
A.108.3.13.1 to A.108.3.13.6, information about errors and failures is
missing.
A.108.3.15 Verification of the presentation of methods for restoring the
operation logic and protocols of network interaction of the software as part of
the software documentation for the Amezit-V software is carried out by viewing
the documentation set submitted for testing for the presence of
241
of these methods and evaluation of the content of these methods for the possibility
of their application when conducting checks using Wireshark and Scapy, WinDBG and
GNU Debugger, Intel Pin and DynamoRIO programs.
A.108.3.16 The verification is considered successful if the set of
documentation submitted for testing contains methodological instructions
for restoring the operation logic and protocols of software network
interaction, and their content ensures that they are carried out using
Wireshark and Scapy, WinDBG and GNU Debugger, Intel software Pin and
DynamoRIO restoration of the logic of functioning and protocols of software
network interaction.
the TOR for the R&D MF, if the conditions in clauses A.108.3 are met. 4, A.108.3.9,
A.108.3.14, A.108.3.16.

the ToR for the Amezit-V R&D SC, the PTT SSS should provide automated
verification of the Amezit SAVZ SSS.
A.109.3 Verification is performed using two pre-prepared control
software samples: software sample No. 1 - a test file containing malicious
code; sample software #2 is a secure freeform file. During the check,
software samples that are known to contain malicious code may be
additionally used.
A.109.4.1 Launch the traffic analyzer software.

A.109.4.2 Launch VMware Client software, check that the management VM and
CACS VM are enabled, make sure that all VMs of the anti-virus control stand are
disconnected from the Internet, and make sure that anti-virus programs are working.
A.109.4.3 Launch (restart) the control STR (launcher.py) on the

management VM (restart is performed in order to generate new logs in case
the control STR was launched earlier).
242
A.109.4.4 Launch the browser and connect to the web interface of the open
source software of the anti-virus control stand.
A.109.4.5 Select the software control sample No. 1 and start the procedure for its
verification by the ABCS.
A.109.4.6 Wait until the end of the check, view the results in a report
presented in tabular and graphical form, make sure that the SAVZ of
malicious code is detected in the software sample No. 1, make sure that
there is data from all the SAVZ included in the anti-virus control stand SSW .
A.109.4.7 Write (copy to a text file) the hash value of software sample
No. 1.
A.109.4.8 Select the software control sample No. 2 and start the procedure for its
verification by the ABCS.
A.109.4.9 Wait until the end of the check, view the results in a report
presented in tabular and graphical form, make sure that software sample
No. 2 is safe, make sure that there is data from all SAVZ included in the SSW
of the anti-virus control stand.
A.109.4.10 Select one of the additional software samples and start the
procedure for its verification by the CAD (clauses A.109.4.10 and A.109.4.11 can be
omitted or performed by decision of the commission).
A.109.4.11 Wait for the end of the check, view the results in a report
presented in tabular and graphical form, make sure that the SAVZ of
malicious code is detected in the software sample, make sure that there is
data from all the SAVZ included in the anti-virus control stand SSW.
A.109.4.12 Schedule the verification of software sample #1 using the

hash value recorded in clause A.109.4.7, indicating the start time of the
verification is five minutes from the current time and the verification interval is
one day.
A.109.4.13 Wait for the scheduled check of software sample No. 1,
view the results in a report presented in tabular and graphical form, and
make sure that the results of checks performed in manual and automated
modes are identical.
A.109.4.14 Verify that the scheduled scan starts at the specified time
(the time of the scan is displayed in the report and in the event logs).
243
A.109.4.15 Set a new schedule for Software Sample #1. Verify that the
dialog box that opens before saving the new schedule is displayed with
information about the previous schedule.
A.109.4.16 View the event logs, make sure that there are no Internet
connections during and after the checks, that there are no critical errors
that could occur during the operation of the anti-virus control stand SSW
(errors that arose for reasons not related to the work of the checked
programs are not a sign of inoperability of the open source software of the
anti-virus control stand).
A.109.5 The PTT SSS is considered to have passed the tests in accordance with clauses
A.109.4.2-A.109.4.16 of the test program and methodology and fulfills clauses 3.2.8, 3.2.8.10
of the TOR on the R&D MF, if during the operation of the SWS of the anti-virus control stand:
- in the test software sampleNo. 1 (and additional software samples) identified

the presence of malicious code;
- in the test software sampleNo. 2 no malicious code detected;
the generated reports contain the results of checks of all
-
SAVZ included in the stand;
- software sample checkNo. 1 is made in accordance with the specified in
time schedule and when setting a new schedule, information about the
previous schedule is displayed;
- results of software sample checksNo. 1, made in manual and
automated mode, identical;
- during and after the checks, there was no connection to
the Internet, data transfer to a third party did not occur;
- there are no software failures (critical errors).
the ToR for the Amezit-V R&D SC, the PTT SSW must provide automated
updating of virus signature databases from trusted sources.
A.110.3.1 Launch the traffic analyzer software.
244
A.110.3.2 Run the VMware Client software, check that the management VM and the
SAVZ VM are turned on, make sure that the VM is disconnected from the Internet, make
sure that anti-virus programs are working.
A.110.3.3 Specify the update time in the config.py configuration file and
coordinate the specified time with the time for updating the BAT (in each BAT, set
the required time and conditions for updating).
A.110.3.4 Run (restart) the control software (launcher.py) on the
control VM (restart is performed to accept the changed data of the
configuration file and generate new event logs if the control software was
launched earlier).
A.110.3.5 Wait for the start time of the BAS update. Make sure that
VMs automatically connect to the Internet after they are restored from pre-
created images (snapshots).
A.110.3.6 Use a traffic analyzer to monitor the IP addresses that the
ABBA are accessing for updates.
A.110.3.7 Wait for the update procedure to complete (by default, the
update duration is one hour). Make sure that the Internet is automatically
turned off after the update procedure is completed.
A.110.3.8 Make sure that the IP addresses from which the SAVZ anti-
virus databases are updated belong to the developers of anti-virus
programs using the Whois service.
Notes:
1. The IP addresses of the update servers are pre-set by the SAVZ
developers and cannot be changed by standard means of anti-virus
programs.
2. Updating anti-virus databases and SAVZ can be performed using the
main or "mirror" servers of anti-virus software developers.
3. Protection against changes in the IP addresses of the servers

involved in the process of updating the anti-virus databases and
SAVZ is provided by the update procedure using images of the
SAVZ VM that were not affected by malware.
A.110.3.9 Go to the Events tab of the VMware Client and view
event logs for each SAVZ. Check for messages:
- Virtual machine disks consolidation succeeded

virtual machine completed successfully).
245
- Reconfigured virtual machine (virtual machine reconfiguration -
disconnecting the VM from the Internet);
- Reconfigured virtual machine (virtual machine reconfiguration -
connection of the VM to the Internet);
- The execution state of the virtual machine has been reverted to the state of
cnapshot temp_snap,with ID [number] (the virtual machine was restored from a snapshot
(backup image) temp_snap with ID [number], where [number] is the snapshot number);
-Reconfigured virtual machine (virtual machine reconfiguration -

preparing the VM for recovery).
N o t e . Updating of some SAVZ may not be performed due to the
absence of changes made by the developer to the anti-virus databases at
the time of the check.
A.110.3.10 Go to the "Console" tab of the VMware Client software and for
each BAS, make sure that there are no messages about the need for
updating.
Anti-virus databases and SAVZ are updated in three stages:
-
1) recovery of VM SAVZ from previously created images
(snapshots);
2) updating of anti-virus databases and SAVZ from sources
belonging to the developers of anti-virus programs;
3) creation of VM SAVZ images (snapshots) with updated anti-
virus programs;
- Anti-virus databases and SAVZ are updated at the specified time
and with a fixed duration;
- connection of VM SAVZ to the Internet is carried out only after
restoring a VM from previously created images (snapshots) and only for the period of
updating the anti-virus databases and SAVZ.
ToR for the Amezit-V R&D SC, the PTT open source software must provide an automated
search for changes made to the program code of system and application software of
third-party developers when it is modified.
246
N o t e . All software includes 32-bit and 64-bit versions where
available.
A.111.3.1 In the directory with the diff_test test data sets, create
nested directories, place the control files v1.c, v2.c (or others), as well as
their compiled versions (the v2 file is a modified version of the v1 file) in
them.
A.111.3.2 Using the BinDiff software tool, search for changes in
executable files in accordance with the instructions given in the document
equipment testing subsystem. BinDiff and Diaphora software. Operator's
Manual".
A.111.3.3 Check the completeness of the changes found. A.111.3.4
Using the Daiphora software tool, search for changes in executable
files in accordance with the instructions given in the document
equipment testing subsystem. BinDiff and Diaphora software. Operator's
Manual".
A.111.3.5 Check the completeness of the changes found. A.111.3.6 If
necessary, perform similar operations with additional test pieces.

clauses 3.2.8, 3.2.8.12 of the TOR for the R&D MF, if the renamed functions
are found during the test and modified sections of code (added and
removed constructs).
3.2.8.13 of the ToR for the Amezit-V R&D SC, the PTT SSW should provide
modeling of information security threats based on the developed SSW
sample that imitates the behavior of widespread computer viruses (Trojans)
and provides :
247
functioning under the control of operating systems of the family
-
Windows on 32- and 64-bit processors;
- remote control through an intermediate data exchange node and
commands over a secure protocol (using our own control system and
command relaying);
- counteracting detection by local defenses when
installation in the system;
-uniqueness of the binary file of each sample and implementation
algorithms for modifying an executable file to minimize the possibility of
entering it into anti-virus databases;
- countering detection by local defenses after
installation in the system;
- collecting general information about the system and sending it to the management server;
- collecting information about keystrokes on the keyboard;
- collecting information about the file system and transferring the specified files to
control center, as well as transferring files from the control center to the file
system;
- taking screenshots with the transfer of information to the center
management;
- support for a modular structure that allows you to dynamically change
sample functionality.
A.112.3.1 Verification of ensuring operation under the control of the

Windows OS family on 32-bit and 64-bit processors is performed during the
tests carried out in accordance with clauses A.112.3.3–A.112.3.39 using
target PCs running under OS Windows 7 x32 and Windows 10 x64.
A.112.3.2 The test for ensuring operation under operating systems of

the Windows family on 32-bit and 64-bit processors is considered successful
if the checks given in clauses A.112.3.3 to A.112.3.39 are passed successfully,
while in In the course of their execution, target PCs running both Windows 7
x32 and Windows 10 x64 were involved.
A.112.3.3 Checking the provision of remote management through
intermediate node for the exchange of data and commands over a secure
248
protocol (using its own control system and command relay) is performed in
accordance with clauses A.112.3.4 to A.112.3.6.
A.112.3.4 Verification is performed using an infrastructure consisting
of a control workstation and components simulating: a control server, an
intermediate server, a target PC running Windows OS (version 7 x32 or
version 10 x64), with the corresponding software modules SPO "Sputnik",
and a traffic control node.
A.112.3.5.1 Run the traffic analysis software on the traffic control node,
make sure it is connected to the intermediate server.
A.112.3.5.2 Launch a browser on the control workstation, connect to
the web interface of the SPO "Sputnik", create a task for viewing the list of
directories of the target PC, wait for the status of the task to change to
"Completed".
A.112.3.5.3 Verify, using traffic analysis software, that there are no
unencrypted packets transmitted through the intermediate server during
data exchange between the control server and the target PC.
A.112.3.6 Verification of the possibility of remote control through an
intermediate node for the exchange of data and commands over a secure
protocol (using its own control system and command relay) is considered
successful if:
- target PC directory listing operation completed
correctly;
- The traffic analysis software did not register the transmission of commands and data in
open (unencrypted) form during their relaying through an intermediate
server.
A.112.3.7 Verification ensure opposition discovery
local means of protection when installed in the system is carried out in
accordance with clauses A.112.3.8–A.112.3.10.
A.112.3.8 The check is performed using the installation file of the "agent"
module of the "Sputnik" open source software, a component that imitates the
target PC running under Windows OS (version 7 x32 or version 10 x64) with the
installed SAVZ.
N o t e . To carry out the check, as target PCs with the SAVZ installed on
them, it is allowed to use the components of the open source software of the
anti-virus control stand.
249
A.112.3.9 To perform a check, the following steps must be performed:
A.112.3.9.1 Download the installation file of the "agent" module of the

"Sputnik" open source software to the target PC running Windows (version 7
x32 or version 10 x64), with the SAVZ installed.
A.112.3.9.2 Check the CACS of the “agent” module installation file and
make sure that there are no security threats or that they exist in accordance
with the operational restrictions on the use of the Sputnik open source
software.
A.112.3.10 Verification ensure opposition discovery
By local means of protection during installation into the system, it is considered
successful if the SAVS does not detect security threats in the installation file of
the “agent” module, or if a security threat is detected in accordance with the
operational restrictions on the use of the Sputnik open source software.
A.112.3.11 Verification of ensuring the uniqueness of the binary file of each

sample and the implementation of modification algorithms for the executable file,
which make it possible to minimize the possibility of entering it into the databases
of anti-virus tools, is performed in accordance with clauses A.112.3.12–A.112.3.14.
A.112.3.12 The check is performed using a sample file containing

malicious code, an operator workstation, components that imitate the
control server and the target PC running under Windows OS (version 7 x32
or version 10 x64), with the SAVZ installed.
N o t e . To carry out the check, it is allowed to use the components of the
open source software of the anti-virus control stand as target PCs with the
SAVZ installed on them.
A.112.3.13
actions:
A.112.3.13.1 Run on the operator's workstation the program module of the
cryptor, which ensures the uniqueness of the binary file.
A.112.3.13.2 As input data, pass to the cryptor module a previously
prepared sample file that contains malicious code and is detected by anti-
virus tools as a security threat.
A.112.3.13.3 Generate at least five binary samples, calculate their

checksums using one cryptographic
250
algorithm and compare the obtained checksum values. Note the difference
in the obtained values of the checksums.
A.112.3.13.4 Examine each SABZ sample that initially identified the
prepared sample file as a security risk and verify that there are no security
risks.
A.112.3.14 The verification of ensuring the uniqueness of the binary file of
each sample and the implementation of algorithms for modifying the executable
file, which make it possible to minimize the possibility of entering it into the
databases of anti-virus tools, is considered successful if:
- checksums of similarly generated samples
different from each other;
- generated samples are not identified by CABZ as representing
security threat.
A.112.3.15 Verification of the provision of countermeasures after installation
in the system to detection by local means of protection is carried out in
accordance with paragraphs A.112.3.16–A.112.3.18.
A.112.3.16 The check is performed using the installation file of the "agent"
module of the "Sputnik" open source software, a component that imitates the
target PC running under Windows OS (version 7 x32 or version 10 x64) with the
SAVZ installed.
N o t e . To carry out the check, it is allowed to use the components of the
open source software of the anti-virus control stand as target PCs with the
SAVZ installed on them.
A.112.3.17
actions:
A.112.3.17.1 Update the SAVZ anti-virus database (if not updated
earlier) on the target PC running Windows OS (version 7 x32 or version 10
x64).
A.112.3.17.2 Disconnect the target PC from the Internet. A.112.3.17.3 Install
on the target PC the “agent” program module of the “Sputnik” open source
software and launch the SAVZ in the full computer scan mode. Wait for the end of
the check and make sure that there are no security threats or that they exist in
accordance with the operational restrictions on the use of the Sputnik software.
A.112.3.18 Upon completion of the test, it is obligatory to bring the target

PC and the ABCS installed on it into a state that prevents the possible transfer
of the results of the performed test to a third party.
251
A.112.3.19 The verification of countermeasures after installation in the
system to detection by local means of protection is considered successful if
the SAVZ does not detect security threats or if security threats are detected
in accordance with the operational restrictions on the use of the Sputnik
software.
A.112.3.20 Verification of ensuring that general information about the system is
collected and sent to the management server is performed in accordance with clauses
A.112.3.21–A.112.3.23.
A.112.3.21 The check is performed using an infrastructure consisting
of a control workstation and components that imitate: a control server, an
intermediate server and a target PC running Windows OS (version 7 x32 or
version 10 x64), with the corresponding software installed on these
components. SPO Sputnik modules.
A.112.3.22 To carry out an audit, the following steps must be

performed:
A.112.3.22.1 From the control workstation, send a command to the “agent”
software module of the “Sputnik” free software to collect and send data about the target
PC to the control server.
A.112.3.22.2 View on the control workstation the received data about the name
of the PC, the name of the user account, the type and version of the OS, the IP
address of the node and compare them with the corresponding data of the target PC.
Make sure that the data received and the data of the target PC are identical.
A.112.3.23 The verification of ensuring the collection of general information

about the system and sending it to the control server is considered successful if
the data on the name of the PC, the name of the user account, the type and
version of the OS and the IP address of the node received by the control server
are identical to those of the target PC .
A.112.3.24 Verification of ensuring the collection of information about keystrokes on
the keyboard is performed in accordance with paragraphs A.112.3.25 to A.112.3.27.
of a control workstation and components that simulate a control server, an
version 10 x64), with the corresponding software modules installed on these
components SPO "Sputnik".
252
A.112.3.26 To carry out an audit, the following steps must be
performed:
A.112.3.26.1 Execute a set on the keyboard of the target PC
free text, press navigation keys such as down arrow, left arrow, PageUp, etc.
(the set of keys to be pressed can be prepared in advance, or recorded in
the process of pressing arbitrary keys).
A.112.3.26.2 View the received data on the pressed keys on the control
workstation and compare the list of keys pressed on the target PC with the
list of keys received by the control server.
A.112.3.27 The keystroke collection assurance check is considered
successful if the keystroke list and sequence data received by the control
server matches the keystroke list and sequence on the target PC.
A.112.3.28 Verification of ensuring the collection of information about the file

system and the transfer of specified files to the control center, as well as the transfer
of files from the control center to the file system, is performed in accordance with
clauses A.112.3.29–A.112.3.31.
A.112.3.30 To carry out an audit, the following steps must be taken:
A.112.3.30.1 On the control workstation, perform the operation of receiving

the list of files of the target PC, view the received list of directories and files, and
make sure that it is displayed correctly.
A.112.3.30.2 Select an arbitrary file from an arbitrary directory of the
target PC and send a command to download it to the control server.
A.112.3.30.3 Wait for the file to load. Compare the file uploaded to the
control server with the source file located in the file system of the target PC
and make sure they are identical.
A.112.3.30.4 Select an arbitrary file in an arbitrary directory of the
control server and send a command to load it into the specified directory of
the target PC.
253
A.112.3.30.5 Wait for the file to be loaded, make sure that the file is loaded
into the specified directory of the target PC. Compare the file loaded on the target
PC with the source file and make sure they are identical.
A.112.3.31 Verification of ensuring the collection of information about the file
system and the transfer of specified files to the control center, as well as the transfer
of files from the control center to the file system, is considered successful if:
- the list of directories and files of the target PC is displayed correctly;
- files transferred between the control server and the target PC,
identical;
- the file transferred to the target PC is loaded into the specified
directory operator.
A.112.3.32 Verification of ensuring that screenshots are taken with the
transfer of information to the control center is performed in accordance with
paragraphs
A.112.3.33–A.112.3.35.
A.112.3.34 To carry out the check, it is necessary to send a command

from the control workstation to take screenshots of the target PC, wait for
the operation to complete and make sure that new files with screenshots of
the target PC are created in the image gallery (all screenshots). View the
received images and make sure they are displayed correctly.
A.112.3.35 The verification of ensuring the execution of screenshots
with the transfer of information to the control center is considered
successful if, after issuing the command to take screenshots, a correct
screen image of the target PC is received.
A.112.3.36 Verification of the provision of support for a modular structure that
allows dynamic change in the functionality of the sample is carried out in accordance
with clauses A.112.3.37 to A.112.3.39.
version 10 x64), with installed
254
on the specified components by the corresponding software modules of SPO
"Sputnik".
A.112.3.38 To carry out the test, it is necessary to download the test
module to the target PC, run the function of the installed module with the
specified parameters, check the correctness of the specified function
execution.
A.112.3.39 A test to ensure support for a modular structure that allows
dynamic modification of the functionality of a sample is considered
successful if:
- module core "agent" SPO "Sputnik" allows you to install
additional modules loaded onto the target PC via the Internet;
- module core "agent" SPO "Sputnik" correctly performs the functions
loaded module.
3.2.8.13 of the TOR for the R&D MF, if the conditions of clauses A.112.3.2 are met
A.112.3.6, A.112.3.10, A.112.3.14, A.112.3.19, A.112.3.23, A.112.3.27, A.112.3.31,
A.112.3.35, A .112.3.39.
the ToR for the Amezit-V SC R&D, the SPO PTT should provide modeling of
elements and segments of computer networks of an autonomous segment for
testing the functionality of information security tools.
N o t e . Options and functional modeling of information security
possibilities
threats are determined based on the results of preliminary design and are
agreed with the lead contractor.

A.113.3.1 Run VMware ESXi software, make sure all VMs of LAN No. 1
are connected to virtual gateway No. 1 (if there is no connection, connect),
make sure that all VMs of LAN No. 2 are connected to virtual gateway No. 2
(if there is no connection – connect), view and record the IP addresses of
servers No. 1 and No. 2 of the Internet, start (restart) all VMs.
255
A.113.3.2 Log in to one of the LAN No. 1 VMs, launch a command line
window (cmd.exe) on this VM and execute the ipconfig command in it.
A.113.3.3 Make sure that the IP addresses of all PCs included in LAN No. 1
are displayed.
A.113.3.4 Execute the ping [IP address] command, where [IP address] is the IP address of
one of the servers (No. 1 or No. 2) of the Internet.
A.113.3.5 Make sure that the selected VM is connected to LAN No. 1 to
the Internet servers.
A.113.3.6 Log in to one of the VMs of LAN No. 2, launch a command
line window (cmd.exe) on this VM and execute the ipconfig command in it.
A.113.3.7 Make sure that the IP addresses of all PCs included in LAN No. 2
are displayed.
A.113.3.8 Execute the ping [IP address] command, where [IP address] is the IP address of
one of the servers (No. 1 or No. 2) of the Internet.
A.113.3.9 Make sure that the selected VM is connected to LAN No. 2 to
the Internet servers.
- network VMLAN No. 1 form a single network that simulates a local
organization network;
- network VMLAN No. 2 form a single network that simulates a local
network of managing workstations;
available VM (serversNo. 1 and No. 2), simulating technical

-
GIS resources OP Internet;
- at points A.113.3.5, A.113.3.9 VM network connection present
LAN No. 1 and VM of LAN No. 2 to servers No. 1 and No. 2 of the Internet network,
simulating the connection of a PC of LAN No. 1 and LAN No. 2 networks to the GIS OP
Internet.
A.114.1 This method is used to check PCB SSW for compliance with the
ToR for the Amezit-V R&D SC, the PCB SSS must ensure the storage of information
collected using the PMS and PKS subsystems with the following deadlines:
256
- for free software for monitoring the Internet and the media:
- storage of information from social networks -1 month;

- storage of information from online media and websites –2 months;
- for the SSW for monitoring autonomous segment messages:
- storing metadata about user sessions -2 weeks;
- storing files from user session -2 months.
The volume of stored information must be at least 16 TB.
N o t e . The timing of data retention, the choice of information to store, the
amount of information to store, and the choice of information to delete after the data
retention period expires, should be configurable.
A.114.3 To check the PCB SPD for compliance
A.114.3.1 Launch the browser on the operator's workstation. A.114.3.2 In

the address bar, enter the address of the application server and press the
"Enter" key. The address of the application server is specified after installing
and configuring the PCB open source software in accordance with the
document RU.VATS.00185-01 32 01 “Special software for the data storage
subsystem. System Programmer's Guide. The login page will open.
admin, password: password) and click on the “Login” button. The page of
stored publications in PCB will open. The description of the PCB SSS
interface is given in the document RU.VATS.00185-01 34 01 “Special software
for the data storage subsystem. Operator's Manual".
A.114.3.4 At the top of the page in the navigation bar, click on "Files".
The page with directories in the file storage opens.
A.114.3.5 In the working area of the "Files" page, select the "media"
directory. The page will display media files (video, audio, photo) received
from the PMS.
A.114.3.6 In the top bar of the "Files" page, click on the "Working
Directory" link. The root directory will open with the directories in the file
storage.
A.114.3.7 In the workspace of the "Files" page, select the "reports"
directory. The page will display the report files received from the ICP.
A.114.3.8 In the top bar of the "Files" page, click on the "Working
Directory" link. The root directory will open with the directories in the file
storage.
257
A.114.3.9 In the working area of the "Files" page, select the "pks" directory.
The page will display report files received from the SDN subsystem.
A.114.3.10 At the top of the page in the navigation bar, click on
"Settings". The page with file storage settings opens.
A.114.3.11 Configure data storage parameters by setting the following
fields:
- "Data retention periods":
- "Storage of information from social networks" -1 month;
- "Storage of information from the media" -2 months;
- "File retention periods":
- "Storing metadata about user sessions" -2 weeks;
- "Storing files from a user session" -2 months;
- "Amount of data storage" - minimum16 GB. A.114.3.12 Configure
data storage by setting the flags in the field "Stored information
selection":
- data from social networks;
- files from social networks;
- data from online media and websites;
- files from online media and websites;
- ICP reporting files;
- PCS reporting files. A.114.3.13 Click on
the "Save" button.
A.114.4 The PCB SPO is considered to have passed the tests according to clauses
the TOR for R&D SC, if:
- stored publications were displayed on the publications page,
received from PMS, with the specified settings;
- the files page displayed files received from PMS, with
specified settings;
- the files page displays report files received from
PCS, with the specified settings;
- the settings were saved without errors.
258
ToR for the SC R&D "Amezit-V", the PCB SSW must ensure the storage of templates
for processing news information portals.
A.115.3 To check the compliance of the PCB SSS with the
requirements, the following steps should be performed.
A.115.3.1 Repeat A.114.3.1 through A.114.3.3 (Method No. 114). A.115.3.2

In the upper part of the working area of the "DB" page, click on the
"Sources and templates" tab. A page with a list of sources from which
publications were collected will open.
A.115.3.3 Next to the source, click on the "Templates" icon to go to the
source templates page.
A.115.4 PCB SSS is considered to have passed the tests according to
clauses 3.2.9, 3.2.9.2 of the TOR for SC R&D, if the list of templates of the
selected source displays templates, used in collecting information.
TOR at the SC R&D "Amezit-V", the SPO PCB should ensure the storage of analytical
reports prepared in the APK "Amezit".
A.116.3 In order to check the PCB STR for compliance with the
A.116.3.1 Repeat A.114.3.1 through A.114.3.3 (Method No. 114).

The page with directories in the file storage opens.
A.116.3.3 In the workspace of the "Files" page, select the "reports"
directory. Analytical references stored in the subsystem will be displayed on
the page.
A.116.4 The PCB SSS is considered to have passed the tests in accordance with
clauses A.116.3.1-A.116.3.3 of the test program and methodology and fulfill clauses 3.2.9,
3.2.9.3 of the TOR for SC R&D, if the "reports" catalog displays those stored in subsystem
of analytical references.
259
the TOR for the SC R&D "Amezit-V", the PCB SSS should provide information
structuring.
A.117.3.1 On working table workstation administrator run

reviewer.
A.117.3.2 In the address bar, enter the address of the monitoring service
Kibana of the ElasticSearch data warehouse and press the "Enter" key. The
address of the Kibana monitoring server is specified after installing and
configuring the PCB open source software in accordance with the document
RU.VATS.00185-01 32 01 “Special software for the data storage subsystem. System
Programmer's Guide. The Kibana monitoring service page will open.
A.117.3.3 In the right part of the panel, click on the “Dev Tools” tab. A page will
open with the "Console" field for entering queries to the database to search for data.
A.117.3.4 In the query entry field, enter a query of the form:

GET <database name>/_mappings
where <database name> is the name of the cluster deployed in the

ElasticSearch database used by the PMS subsystem to store data. The name of the
index is specified after installing and configuring the SPO PCB in accordance with
the document RU.VATS.00185-01 32 01 “Special software for the data storage
subsystem. System Programmer's Guide. The information output window will
display all the data structures stored in the ElasticSearch database.
A.117.3.5 On the desktop of the administrator's workstation, enter the terminal by
clicking the left mouse button on the terminal icon. The console will open.
A.117.3.6 Enter the following command in the console:
$ ssh root@ <DBMS node IP address>
where <DBMS host IP address> is the IP address of the DBMS host where the
PostgreSQL DBMS is deployed, and press the Enter key. The IP address of the database node
is specified after installing and configuring the PCB open source software in accordance with
the document RU.VATS.00185-01 32 01 “Special software for the subsystem
260
data storage. System Programmer's Guide. You will be prompted to enter a
password from the root user.
A.117.3.7 Enter the password for the root user (root by default). Press
the "Enter" key. A remote connection to the DBMS node will be made.
A.117.3.8 In the console enter the command:

$ psql -h localhost -U postgres <database name>
where <database name> is the name of the PostgreSQL DBMS, which stores
service information for the operation of the PMS subsystem. The name of the
database is specified after installing and configuring the SPO PCB in accordance with
the document RU.VATS.00185-01 32 01 “Special software for the data storage
subsystem. System Programmer's Guide.
You will be logged into the PostgreSQL DBMS console.
A.117.3.9 In the console enter the command:
\d+ *.*
and press the "Enter" key. All data structures stored in the PostgreSQL
database will be displayed.
A.117.4 PCB SSS is considered to have passed the tests according to clauses
- displayed data structures stored in the databaseelasticsearch;
- displayed data structures stored in the databasePostgreSQL.
for the SC R&D "Amezit-V", the PCB SSS should provide data search in information
arrays.

A.118.3.2 On the publications page, click on the "Filter" panel. The
filtering panel will open.
A.118.3.3 On the filter panel, fill in the fields for filtering on the
"Publications" page:
- in the "Search" field, specify a request to search for publications;
261
- in the "Subjects" field, indicate the topic for which the selected
publications;
- in the "Resource" field, indicate the source of the publication;
- in the "Author" field, indicate the author of the publication;
- in the "Region" field, specify the geographical region of the publication;

- in the "Emotional coloring" field, specify the range of tonality
publications;
- In the "Date" field, specify the range of appearance of publications.
After entering data in the filtering fields on the "Publications" page, a search will
be automatically performed and the list of publications will be updated.
The page with directories in the file storage will open.
A.118.3.5 In the upper filtering panel, select the fields to filter on the
files page:
- in the "File type" field, specify the type of displayed files;
- in the "Date" field, specify the dates the files were modified;
- In the "Amount" field, specify the size of the files.
- publications were displayed according to the specified search attributes;
- files were displayed according to the specified search attributes.
the ToR for the Amezit-V R&D MF, the PCB SSS must provide information to the
operator in graphical form.

On the top bar of the page, select the "Authors" tab. The page with the
list of authors of publications will open.
A.119.3.3 On the top panel of the page, select the "Sources and
templates" tab. A page with a list of publication sources will open.
262
A.119.3.4 Next to the source, click on the "Templates" icon to go to the
source templates page.
A.119.3.5 At the top of the page, in the navigation bar, click on "Files".
A.119.3.6 In the top panel of the page, select the "Settings" tab. A page
with file storage settings will open.
the TOR for the R&D SC, if:
- the publications page is displayed;
- the page of authors of publications was displayed;
- the publication sources page is displayed;
- the publication source templates page is displayed;
- the files page is displayed;
- the settings page is displayed.
of the ToR for the Amezit-V R&D SC, PCB SSS must provide data backup.
A.120.3 In order to check the compliance of the PCB SSS with the
A.120.3.1 Repeat A.114.3.1 through A.114.3.3 (Procedure No. 114).

A.120.3.3 In the "Backup time" field, specify the frequency of backup.
A.120.3.5 Double-click the left mouse button on the "backup"
directory. A page with a list of files - system backups - will open.
A.120.3.6 Perform the data recovery procedure from the latest
backups in accordance with document RU.VATS.00185-01 46 01 “Special
263
data storage subsystem software. Maintenance Manual".
of the ToR for R&D SC, if:
- backups are successfully created, according to the configured
parameters;
- the backup procedure was successful.
for the Amezit-V R&D MF, the PCB SSS must ensure the storage of video and audio
archives.

A.121.3.2 At the top of the page, in the navigation bar, click on "Files".
A.121.3.3 In the upper filtering panel, select the fields to filter on the
files page:
- in the "File type" field, specify the type of files:
- "Audio" -MP3 to display mp3 audio files;
- "Video" -MP4 to display mp4 audio files.
of the TOR for the R&D SC, if:
- audio files are displayed in the file list;
- video files are displayed in the file list;
ToR for the Amezit-V R&D SC, PCB SSW should provide simultaneous viewing of archives
(up to 3 connections) without stopping the recording.
264
A.122.3.1 Log in to the workstation of operator 1.

A.122.3.2 On the desktop of operator 1, start the explorer. A.122.3.3 In
Explorer, go to the network directory of the file storage. The address of
the network directory is specified after installing and configuring the PCB open
source software in accordance with the document RU.VATS.00185-01 32 01
“Special software for the data storage subsystem. System Programmer's Guide.
A.122.3.4 In the network file storage directory, open the "media"

directory containing audio and video files.
A.122.3.5 Save the audio or video file to the current directory. A.122.3.6
Without waiting for the end of the save procedure, open another video
or audio file for viewing or listening.
A.122.3.8 On the desktop of operator 2, start the explorer. A.122.3.9 In
Explorer, go to the network directory of the file storage. The address of
the network directory is specified after installing and configuring the PCB open
source software in accordance with the document RU.VATS.00185-01 32 01
“Special software for the data storage subsystem. System Programmer's Guide.

A.122.3.11 Open a video or audio file for viewing or listening.
A.122.3.12 Open a video or audio file available for viewing or listening.

A.122.3.14 On the desktop of operator 3, start the explorer. A.122.3.15In the
explorer, go to the network directory of the file storage. The address of the
network directory is specified after installing and configuring the PCB open source
software in accordance with the document RU.VATS.00185-01 32 01 “Special
software for the data storage subsystem. System Programmer's Guide.

265
A.122.3.17 Open a video or audio file available for viewing or listening.
of the TOR for the R&D SC, if:
when watching a video file or listening to an audio file, the procedure
-
saving the file has not been undone;
saved by the operator1 video or audio file available for
-
viewing or listening to operator 2 and operator 3;
- viewvideo or audio file listening is available
simultaneously for operator 1, operator 2 and operator 3.

A.123.1 This method is used to check the PCB SSW for compliance with the
of the ToR for the MF R&D "Amezit-V", the PCB SS shall provide automated
interaction with the LS of the linguistic support subsystem.

At the top of the page in the navigation bar, click on "Translate". The text
translation window will open.
A.123.3.3 In the "Text" field, enter the text to be translated.
A.123.3.4 Under the "Text" field, select the language of the text from the drop-down list.
A.123.3.5 Under the "Translation" field, select the language of translation from the drop-
down list.
A.123.3.6 Press the "Transfer" button. The translated text will appear in the
Translation field.
A.123.4 The PCB SSS is considered to have passed the tests according to clauses
the ToR for R&D SC, if:
- the text has been translated;
- There were no errors during the translation process.

A.124.1 This method is used to check the RSS software for compliance with the
266
the ToR on the Amezit-V R&D center in the subsystems of the Amezit APK, processing
of information constituting a state secret is not provided, with the exception of a
separate circuit of the POR subsystem, represented by a separate group servers and
workstations. In the specified circuit, information classified up to and including “top
secret” is processed.
The security of information in this circuit of the ERP subsystem must be
ensured using certified security tools that meet the requirements of the
relevant governing documents.
Providing access to the processed information must be implemented by
using a firewall certified according to the requirements of the 2nd protection
class in accordance with the Order of the FSTEC of Russia dated February 9,
2016 No. 9.
Security role-playing (mandate) demarcations access To
processed information should be implemented at the operating system
level.
Access to the information of the ERP subsystem should be provided taking
into account the category of users and the level of authority granted to each
category.
A.124.3 In order to check the SS of the ROR AP for compliance with the
A.124.3.1 Make sure that the Kaspersky Anti-Virus software is installed on the
processing workstation.
A.124.3.2 Log in to the Astra Linux SE 1.5 operating system on the AWS of
the POR AP operator under the account of the administrator of the operational
management HSC with access level 2.
A.124.3.3 Log in to the SPO POR AP under the account of the
administrator of the HSC for operational management.
A.124.3.4 Go to the "Administration" section, select the "User
management" item in the menu.
A.124.3.5 Create accounts for users of the following categories: duty
officer, head of the center, operator, administrator of the agro-industrial
complex.
A.124.3.6 In the "Administration" section, select the "Privilege Matrix"
item from the menu, compare the levels of authority granted to each
category of users.
267
A.124.3.7 Log in to the Astra Linux SE 1.5 operating system on the
operator's workstation of the POR AP under the account of the operational
duty operational management with access level 2.
A.124.3.8 Log in to the SPO POR AP under the account of the operational
duty officer of the operational management. Check the current access level in the
SPO POR GS by hovering over the indicator of the current access level displayed in
the upper right corner of the SPO POR GS interface.
A.124.3.9 Go to the AP event planning and control module. A.124.3.10
In the AP event planning and control module, go in turn to the
following sections: "Operations", "Events", "Tasks", "Subtasks" and "Chat".
A.124.3.11 Log in to the Astra Linux SE 1.5 operating system under an

account with access level 1.
A.124.3.12 On the workstation of the operator of the POR AP, log in to the
SPO of the ROR AP under the account of the operational on-duty operational
management. Check the current access level in the SPO POR GS by hovering over
the indicator of the current access level displayed in the upper right corner of the
SPO POR GS interface. Make sure that there is no access to the data of the
sections: "Operations", "Events", "Tasks", "Subtasks" and "Chat".
A.124.3.13 Log in to the Astra Linux SE 1.5 operating system under an
account with access level 0.
A.124.3.14 On the workstation of the operator of the POR AP, log in to the
SPO of the ROR AP under the account of the operational on-duty operational
management. Check the current access level in the SPO POR GS by hovering over
the indicator of the current access level displayed in the upper right corner of the
SPO POR GS interface. Make sure that there is no access to the data of the
sections: "Operations", "Events", "Tasks", "Subtasks" and "Chat".
A.124.3.15 At the workstation of the AP administrator, launch the SS
POR AP and check the access control to information constituting a state
secret, taking into account the category of users and the level of authority
granted to each category.
A.124.4 The RSS SSW is considered to have passed the tests according to clauses
on the R&D MF, if:
- the subsystem includes a unidirectional gateway "STROM-
1000";
- the subsystem contains hardware and software modules
trusted download "Sobol";
268
-includes software "Kaspersky Anti-Virus";
- users are assigned access according to the access matrix to
information (constituting a state secret) about current tasks;
- the value "2" indicator of the current access level and
access to sections of the SPO POR GS interface is available when working with access
level 2 and there is no access to sections of the SPO POR GS interface when working with
access levels 0 and 1.
- administrator of the agro-industrial complex access to the processed information,
constituting a state secret is not provided.
A.125.1 In this methodology, the RSS software is checked for compliance with the
TOR for the Amezit-V R&D SC, the ERP SSS must ensure that the closed segment of
the ERP subsystem of the integrated environment in the geographic information
system is displayed on the electronic map of the area with the possibility of
outputting a digital form of the object with graphic and text documents.
A.125.3 In order to check the ERP SSW for compliance with the
A.125.3.1 Run GIS Operator SE on the workstation of the operator POR

AP. A.125.3.2 In the GIS Operator SE open an electronic map of the
area. A.125.3.3 Open the classifier editor and add a new layer.
A.125.3.4 Create a new vector object in the classifier. A.125.3.5 On the
"Semantics" tab of the classifier editor, create the following semantics:
"Name", "Location", "Additional description", "Image" and "Form".
A.125.3.6 Add the "Name", "Location", "Additional Description",

"Image", and "Form" semantics to the list of object semantics.
A.125.3.7 Draw an object from a previously created layer to the map area.
A.125.3.8 Select the added feature on the map. A window will open with
object properties and semantic characteristics. In this window, fill in the "Value"
field:
- to the semantic characteristic "Image" add a link to
image;
269
- to the semantic characteristic "Form" add a link to
document.
A.125.3.9 Save changes made.
A.125.3.10 Reselect the added object on the map. A window will open
with filled semantic characteristics.
A.125.3.11 View object image And attached
text document by selecting the value of the corresponding semantic
characteristic.
A.125.4 SPO ROR is considered to have passed the tests according to clauses
- when the symbol of an object was activated, its form was displayed with
graphic and text documents.
of the ToR for the Amezit-V R&D SC, the POR SSW must ensure display and
editing (if you have access rights) on the electronic map of the area of the
geoinformation system of the closed segment of the POR subsystem of the
form (name , location, additional description, etc.) when the symbol of the
object is activated.
A.126.3.1 Run GIS Operator SE on the workstation of the POR AP operator.

A.126.3.2 In the GIS Operator SE open an electronic map of the area.
A.126.3.3 Select an object on the map (activate the symbol of the object).
A.126.3.4 Edit the values of the semantic characteristics "Name",

"Location", "Additional description" in the form of the selected object. Save
your changes.
A.126.3.5 Select edited object. The object form with the changed
values of semantic characteristics will open.
270
A.126.3.6 Open the GIS remote administration program Administrator
(from the GIS Server) on behalf of the administrator. For the selected object,
change the type of protection of the selected data - uncheck the "Editing"
flag.
A.126.3.7 Select edited object. Check the lack of access to editing the
values of the semantic characteristics "Name", "Location", "Additional
description".
3.2.10.2 of the TOR for the R&D MF, if:
-
- when the symbol of the object was activated, its form was displayed;
when performing paragraphs. A.126.3.5 object form opened with
-
changed values of semantic characteristics;
when performing paragraphs. A.126.3.7 The operator does not have access
to edit the values of the specified semantic characteristics.
A.127.1 This methodology checks the RSS software for compliance with the
A.127.2 In accordance with the requirements of clauses 3.2.10, 3.2.10.3 of the TOR for
the Amezit-V R&D SC, the RSS RSS should provide:
- drawing an integrated situation on an electronic map
terrain in the geoinformation system from the workstation of the operator of the closed segment of
the POR subsystem;
-the ability to manage an electronic map of the area closed
segment of the POR subsystem on the collective display screen using an
additional screen that responds to touch.
N o t e . Under the management of an electronic map are understood
such actions as moving the map, changing the scale and activating symbols
to view the electronic form of the object.
A.127.3 To check the compliance of the ERP SSW with

A.127.3.3 Add features to the map from an existing feature classifier.
271
A.127.3.4 Run SS ROR AP. In the AP event planning and control
module, perform the sequence of actions to create a test subtask, add a link
to the map to the subtask.
A.127.3.5 Open the module for visualizing the state and statistics of the
AP, go to the test subtask and display the electronic map of the POR area on
the collective display screen.
A.127.3.6 Move and scale the map using an additional screen that
responds to touch.
A.127.3.7 Select an object on the map (activate the symbol of the
object).
A.127.4 The SPO ROR is considered to have passed the tests according to clauses
-
- when performing paragraphs. A.127.3.3 application has been carried out
integrated situation on an electronic map of the area;
- when performing p. A.127.3.6 a move has been made and
scaling the map on the shared screen;
when the symbol of an object was activated, its form was displayed.

the ToR for the Amezit-V R&D SC, the ERP SSS must ensure the accumulation of
information in manual mode by creating electronic forms of objects on the electronic
map of the area of the closed segment of the ERP subsystem.
A.128.3.1 Run the GIS Operator SE on the workstation of the POR AP operator.
A.128.3.2 In the GIS Operator SE open an electronic map of the area. A.128.3.3
Create the "PMI Objects" layer.
A.128.3.4 Add the objects "Object PMI 1" and "Object PMI 2" to the
created layer.
A.128.3.5 Add the object "Object PMI 1" to the map.
A.128.3.6 Save changes on the map and close the GIS Operator SE.
272
A.128.3.7 Repeat paragraphs. A.128.3.1 to A.128.3.2.
A.128.3.8 Add the object "Object PMI 2" to the map.
A.128.3.9 Consistently activate the symbols of the objects "Object PMI
1" and "Object PMI 2".
A.128.4 The SPO ROR is considered to have passed the tests in accordance with clauses
A.128.3.1-A.128.3.9 of the test program and methodology and fulfill clauses 3.2.10, 3.2.10.4 of the
-
- when performing paragraphs. A.128.3.3, А.128.3.8 on the electronic card
areas are displayed "Object PMI 1" and "Object PMI 2";
- when the objects' symbols were activated, their forms were displayed.
the TOR for the Amezit-V R&D SC, the ERP SSS must ensure that the operator applies
graphic information to the electronic map of the area of the closed segment of the
ERP subsystem in the selected layer using a library of conventional symbols.
A.129.3 To check the ERP SSW for compliance with the requirements,

А.129.3.3 Add the object “PMI Object 3” to the previously created layer “PMI
Objects” (clause A.128.3.3).
A.129.3.4 Add object "Object PMI 3" to the map.
A.129.3.5 Hide all layers except for the PMI Objects layer.
A.129.3.6 Display hidden layers.
A.129.3.7 View the symbol library in the classifier editor.
-
273
- when performing paragraphs. A.129.3.3, A.129.3.6 an object has been created with
using the library of symbols;
- when performing paragraphs. A.129.3.5, A.129.3.6 on the electronic card
terrain, only the objects of the “PMI Objects” layer were displayed;
- when performing paragraphs. A.129.3.7 in the symbol library in a layer
"Objects PMI" there is a symbol "Object PMI 3".
TOR for the SC R&D "Amezit-V", the SPO ROR must ensure the export of the following
types of electronic documents:
- sections of the electronic map with the applied situation in the format
bitmap;
- text data of object forms;
- nested data of card object forms in the archive formatZIP. Import of
files with text data, tables and diagrams is carried out by attaching
files to the object form.
Import forms must be implemented.
A.130.3.1 Run GIS Operator SE on the workstation of the POR AP

operator. A.130.3.2 In the GIS Operator SE open an electronic map of
the area. A.130.3.3 Export an arbitrary section of the electronic map of
the area to the Bitmap format, saving the image in a previously created
directory in a file called "Map section".
A.130.3.4 Open the "Map section" file with the built-in image viewer
software.
А.130.3.5 Select on the map the object “PMI Object 1”.
A.130.3.6 Select a file with attached text data, export the text data of
the form, saving them in a previously created directory in a file called "Text
data.odf".
A.130.3.7 Open file "Text data.odf" built-in

software tool for viewing odf files.
274
A.130.3.8 Export the data of the form of the object "PMI Object 1" to
the ZIP format, saving the form in a previously created directory in a file
called "Form 1".
A.130.3.9 Open the "Form 1" file with the built-in software tool for
viewing ZIP files.
A.130.3.10 Import the "Form" file into the "Form Object 1" object's
form.
A.130.3.11 Import the form of the object "Object PMI 1". A.130.3.12 Check
that the connection of the technical means of the open segment to the
technical means of the closed segment of the POR is consistent with the scheme
of the test bench, make sure that there is a unidirectional gateway that excludes
accidental export and transfer of forms from the closed to the open segment of
the POR.
A.130.4 SPO ROR is considered to have passed the tests according to clauses A.130.3.1-
A.130.3.12 of the test program and methodology and fulfill clauses 3.2.10, 3.2.10.6 of the TOR
for the R&D MF, if:
-
- atimplementation of paragraphs. A.130.3.4 a review has been performed
exported map area;
- atimplementation of paragraphs. A.130.3.7 was reviewed
exported file with text data;
- atimplementation of paragraphs. A.130.3.9 was reviewed
exported file with object form;
- when performing paragraphs. A.130.3.10 the file was imported into
object form;
- when performing paragraphs. A.130.3.11 the form was imported
object;
- when performing paragraphs. A.130.3.12 compliance was established
connecting the technical means of the open segment to the technical means
of the closed segment of the POR test bench circuit through a unidirectional
gateway.
the ToR for the Amezit-V R&D MF, the RSS RSS must provide a visual display
275
information displayed in a multi-window mode on information display
means (information windows should be able to freely position and scale on
a shared screen).
A.131.3 To check the compliance of the ERP SSW with the

A.131.3.1 On the ERP OS operator’s workstation, launch the ERP OS SSW

and go to the OS event planning and control module in accordance with the
processing results and their visualization on the interactive screen of the open
segment. User guide".
A.131.3.2 Reduce the size of the browser window to a quarter of the screen
area and move it to the upper left corner of the screen.
A.131.3.3 Reopen the page of OS event planning and control module
in a new browser window.
A.131.3.4 Reduce the size of the browser window to a quarter of the screen
area and move it below the first browser window.
A.131.3.5 Go to the “Video wall” page of the module for visualizing the status and statistics
of the AP on the operator's workstation of the AP POR.
A.131.3.6 On the "Video wall" page, go to the "Settings by display"
menu located in the upper right corner.
A.131.3.7 In the "Settings by display" menu, alternately change the mode of
displaying information on the screen:
- 1st mode (1 monitor);
- 2nd mode (2 monitors);
- 3rd mode (3 monitors).
A.131.3.8 Verify that when switching from one mode to another, the
proportions (scale) of the screen fields have changed.
- implementedmoving windows on display media
information;
- scaling of windows on display devices was implemented
information.
276
of the ToR for the Amezit-V R&D SC, the SPO ERP should ensure planning and
control of the implementation of measures to limit the information of the local
area.
A.132.3.1 On the workstation of the operator of the POR AP, start the SPO ROR
AP. A.132.3.2 On the operator’s workstation of the POR AP, enter the SPO of the
POR AP under the account of the operational on-duty operational management,
create the operation “Operation PMI 1”, the event “Action PMI 1”, appoint the
responsible executor of the operational on-duty operational management, take it into
work , create the task "Problem PMI 1 in two segments", appoint the head of the
operational management department as the responsible executor, check the status
of the task. Take the task "Problem PMI 1 AP" to work.
A.132.3.3 Within the framework of the created task "Problem of PMI 1 in two
segments", create a subtask "Subtask of PMI 1 of the AP" and appoint the operational
management operator as the responsible executor.
А.132.3.4 On the workstation of the operator of the POR GS, enter the
SPO of the POR GS under the account of the operator of operational
management, start the subtask "Subtask PMI 1 AP", check the status of the
subtask. Attach to the subtask a text file with a report on the completion of
the subtask "POR PMI Text.txt" and additional analytical materials (image
"POR PMI Image.jpg", audio file "POR PMI Audio.mp3" and video file "POR
PMI Video.avi"), add comments to the subtask.
A.132.3.5 On the ERP OS operator’s workstation, log in to the OS ERP SSS
under the account of the operational on-duty operational management, create
the task “PMI Task 1 for AP” as part of the AP event by entering the task
identifier “PMI Task 1 in two segments” of the closed segment and appoint the
head of the operational management department as the responsible executor.
Take the task to work.
277
A.132.3.6 Within the framework of the created task "Problem of PMI 1 in two
segments", create a subtask "Subtask of PMI 1 for OS" and appoint the operational
management operator as the responsible executor.
A.132.3.7 On the workstation of the POR OS operator, enter the SPO
POR OS under the account of the operational management operator, start
the subtask "Subtask PMI 1 for OS", attach to the subtask a text file with a
report on the completion of the subtask "POR PMI Text. txt" and additional
analytical materials (image "POR PMI Image OS.jpg", audio file "POR PMI
Audio OS.mp3" and video file "POR PMI Video OS.avi"), add comments to the
subtask.
- tasks were created in the operating system as part of the events of the closed segment
(AP) from the AP operations, independent of each other;
- in the interface of the module for planning and controlling activities of the AP
created subtasks are displayed;
- in the information exchange module and by e-mail
responsible executors received notifications about changes in the status of
relevant operations, activities, tasks and subtasks;
- positive results of the inspections were obtained;
- an operation containing an activity and a task has been created in the SPO ROR AP, in
SS ERP OS created a copy of the task of the AP in a legend form as part of
the planned AP event;
- the SPO POR GS displays the data of the subtask received from the OS.

TOR for the MF R&D "Amezit-V", the open source software should provide an
integrated presentation of various types of information (text, graphics, audio and
video).
A.133.3 In order to check the SS ERP OS for compliance with the
278
A.133.3.1 On the workstation of the POR AP operator, enter the SPO of
the ROR AP. In the planning and control module for AP events, open the
subtask "Subtask PMI 1 AP", created earlier.
A.133.3.2 Open in turn the attached files “POR PMI Text.txt”, “POR PMI
Image.jpg”, “POR PMI Audio.mp3”, “POR PMI Video.avi”.
- the contents of the files “POR PMI Text.txt",
"POR PMI Image.jpg", "POR PMI Audio.mp3", "POR PMI Video.avi".

for the Amezit-V R&D SC, the SPO ROR should provide information exchange between
higher and subordinate bodies.
Notes:
1. The function to continue downloading audio should be implemented,
video materials when the connection is broken during the information exchange of
territorially remote elements of the open segment of the ERP subsystem.
2. Interaction of territorially remote elements of an open
segment of the POR subsystem is carried out using the PPD subsystem.
3. It is allowed to install open source software of the open segment of the ERP subsystem on
hardware of the PPD subsystem for the Amezit-OU and Amezit-M
complexes.
4. In order to organize interaction with mobile groups, do not
included in the APK "Amezit", to implement the function of preparing
temporary email boxes (Yandex, Mail.ru, Gmail), receiving, sending and
deleting email messages.
A.134.3 To check the compliance of the ERP SSW with
A.134.3.1 On the operator's workstation of the OS ERP and the OS application

server, run the OS ERP OS.
279
А.134.3.2 Within the framework of the created task “PMS 1 OS Task”, create the
subtask “PMS 2 OS Subtask” and appoint the operational management operator as
the responsible executor, check the status of the subtask.
A.134.3.3 On the operator's workstation of the OS ERP, enter the SPO
of the ERP OS under the account of the operator of operational
management, start the subtask "Subtask PMI 2 OS", check the status of the
subtask. Attach to the subtask a text file with a report on the completion of
the subtask "POR PMI Text.txt" and additional analytical materials (image
"POR PMI Image.jpg", audio file "POR PMI Audio.mp3" and video file "POR
PMI Video.avi"), add comments to the subtask.
A.134.3.4 During the download of analytical materials, disconnect the
cable from the network interface of the OS application server. On the OS
application server, execute the command to calculate the md5 checksum of
the username of the downloader in the terminal: echo –n “username” |
md5sum. Go to the POR placement directory, then to the uploaddir
directory. Make sure there is a directory with a name that matches the
computed md5 checksum. After the download process is interrupted, you
must restore the network connection by connecting a cable to the network
interface to continue downloading. Wait for the download to finish.
A.134.3.5 Launch the Mozilla Thunderbird e-mail client on the POR OS

operator's workstation with a configured user account with the role of
operational management operator. Send a test message with the attached
text file “POR PMI Text.txt” to the head of the operational management
department of the department.
A.134.3.6 In the OS planning and control module, in the
"Administration" section, select the "Address book editor" item. The Address
Book Editor tab opens.
A.134.3.7 Generate an address book for a user with the role of
operational duty operational control by setting a flag to display users with
the role of operational duty officer of the regional control center.
А.134.3.8 On the workstation of the ERP OS operator, enter the OS ERP

OS under the account of the operational on-duty operational management,
go to the OS event planning and control module, then to the OS information
exchange module (Chat tab). Send a test message to the operational duty
officer of the regional control center by selecting it from the appropriate
group in the address book.
280
A.134.3.9 In the address book, move the cursor over the user name
with the role of the operational duty officer of the regional control center, in
the pop-up menu, click on the "User profile" button. In the window that
opens, click on the link in the "E-mail" field corresponding to the e-mail
address of the operational duty regional control center. In the window that
opens for creating a letter from the Mozilla Thunderbird email client, send a
test message to the operational duty officer of the regional control center
with the attached text file "POR PMI Text.txt".
А.134.3.10 On the ERP OS operator's workstation, log in to the ERP OS

SSS under the account of the operational duty officer of the regional control
center and open the Mozilla Thunderbird e-mail client. Read the received
message, open the attached text file "POR PMI Text.txt".
A.134.3.11 On the OS application server, log in to the SPO POR OS

under the account of the operational duty officer of the regional control
center. Go to the OS event planning and control module, then to the OS
information exchange module (Chat tab). Send a test message to the
operational duty officer of the operational management.
A.134.3.12 At the workstation of the ERP OS operator, the operational duty
officer of the operational control should wait for a test message to be received from
the operational duty officer of the regional control center.
A.134.3.13 On the OS ERP operator workstation in the OS information
exchange module, move the cursor over the user name with the role of the
operational duty officer of the regional control center and make sure that its
status is “Available”, and the status icon is green. Go to the dialogue area with
the operational duty officer of the regional control center and send him the file
"POR PMI Text.txt".
A.134.3.14 On the OS application server in the OS information exchange
module, the operational duty officer of the regional control center should
download the received file “POR PMI Text.txt” and open it.
A.134.3.15 At the POR OS operator's workstation, check access to the
Yandex, Mail.Ru, Gmail e-mail services by sequentially typing in the address bar of
the browser: mail.yandex.ru, mail.ru, gmail.com.
A.134.3.16 On the OS operator's workstation, launch the OS POR OS SSW in
the Mozilla Firefox browser from the Astra Linux SE 1.5 operating system, log in
under the operator account, go to the "Preparing mailboxes" section of the POR
OS SSW.
281
A.134.3.17 In the event planning and control module of the SPO POR
OS, click on the link to download the plug-in for autofilling forms, save and
install the plug-in in accordance with the document RU.VATS.00211-01 32 01
“Special software for the subsystem for processing results and their
visualization on the interactive screen of the open segment. System
Programmer's Guide.
A.134.3.18 Do the following:
A.134.3.18.1 Select the Mail.Ru mail service, set the number of
accounts to 10, click the "Start preparation for registration" button.
A.134.3.18.2 wait until the generation of credentials for 10 mailboxes is
completed.
A.134.3.18.3 Click on the "Save data to file" button. Open file to view
accounts. Close file.
A.134.3.18.4 Select one of the accounts and proceed to registering a
Mail.Ru account. On the registration page, make sure that the required
fields are filled in, and click on the "Register" button. If registration is denied
due to the username being the same as an already registered user, retry
registration for another account.
A.134.3.18.5 Log in to the mailbox under the created account on the

page of the Mail.Ru mail service.
A.134.3.19 Repeat the above steps for Gmail and Yandex mail services.
A.134.3.20 Send a “test” message from the created mailbox of the

Mail.Ru mail service to the created mailboxes of the Gmail and Yandex
services.
A.134.3.21Delete received test messages on the created Gmail and
Yandex service mailboxes.
A.134.3.22 Interaction check territorially remote
elements of the open POR segment using PPD is carried out by providing a
communication organization scheme.
A.134.3.23 Log in to the POR OS operator's workstation under the account of the PPD
operator. Open the web interface of the SPO POR OS from the operator's workstation POR OS
(performs the role of AWP PPD) by entering the address of the POR OS server in the address bar.
A.134.3.23 of the test program and methodology and fulfill clauses 3.2.10, 3.3.11 of the TOR
for the R&D MF, if:
282
-
- when the network connection was restored, the boot process was
resumed automatically;
- message sentwith attached file from the operator's workstation
OS POR to the OS application server and back via e-mail;
- there were no error messages, in the information module
test messages were received by the operators of the control center and the
regional control center, the file "POR PMI Text.txt" was received by the
operator of the control center from the operator of the regional control
center;
- accounts for preparation were generated in the open source software interface10
mailboxes for the mail services Yandex, Mail.Ru, Gmail, the accounts were
uploaded to a file, when going to the registration page of the SPO POR
mailbox, the registration fields were auto-filled, the mailbox under the created
account was successfully logged in, the message “test” was received from the
created mailbox of the Mail.Ru mail service, the “test” message was
successfully deleted on the mailboxes of the Gmail and Yandex services;
- the presence of a communication organization scheme;
- POR OS web interface was opened from AWP PPD and a request was received for
entering login and password.

А.135.1 In this methodology, the RSS software is checked for compliance with the
of the ToR for the Amezit-V R&D MF, the RSS RSS should provide automated
interaction with the RSS of the linguistic support subsystem.
A.135.3.1 For the HSC administrator to configure the path to the

language support subsystem server by adding an entry in the OS POR
configuration file config_ink.php to the $g_plo_server variable. If you are not
connected to the language engine, use the language engine simulator by
setting the $g_plo_server variable to plo_server_imitator.php.
283
A.135.3.2 On the OS POR operator's workstation, open the "OS Linguistic
Support Subsystem" in the left field, enter the text to translate "hello test one
two three". In the right window, as you enter text, the translation is displayed.
A.135.3.3 To view the format of transmitted data, click the link "Data
from the server".
A.135.4 A check is considered successful if:
- when performing paragraphs. A.135.3.2 received the text of the translation;
- when performing paragraphs. A.135.3.3 displays the formats of sent and

received data and they correspond to the accepted formats of the linguistic
support subsystem.
requirements of paragraph 9.6 of the TOR for the Amezit-V R&D SC.
A.136.2 In accordance with the requirements of clause 9.6 of the ToR
for the Amezit-V R&D SC, the ERP SSW must provide functions for detecting
and preventing unauthorized activity in near real time
А.136.3.1 On the operator's workstation POR OS in the terminal, execute the

command to connect via SSH protocol to the controlled workstation and enter the
wrong password.
A.136.3.2 At the controlled workstation, search for an authorization
attempt with an incorrect password using the event management system of IS
Komrad.
A.136.3.3 In the event management system of IB "Komrad" on the
"Events" page, view the diagram of events in real time.
A.136.3.3 of the test program and methodology and fulfill clause 9.6 of the TOR for the R&D
MF, if:
-
- bad password login attempt event logged
on a controlled workstation;
284
-in the event management system of IB "Komrad" was displayed
a diagram of events in near real time.
requirements of paragraphs 9.8, 9.9 of the TOR for the Amezit-V R&D SC.
A.137.2 In accordance with the requirements of clauses 9.8, 9.9 of the ToR for
the Amezit-V R&D MC, the ERP SSW should provide the functions of inventorying
resources and monitoring changes in the Amezit HSC infrastructure.
A.137.3.1 Start the event management system of IS Komrad on the

workstation of the POR OS operator.
А.137.3.2 Create a hierarchical map of network inventory in the event
management system of IS Komrad.
A.137.3.3 Add a node (controlled by AWP) to the network map. A.137.3.4 On
the controlled workstation, go to the terminal and issue a command to
block the ICMP service.
A.137.3.5 In the web interface systems management events
IB "Komrad" wait for the change of the icon that displays the availability status of the node
(controlled by the workstation).
A.137.3.5 of the test program and methodology and fulfill clauses 9.8, 9.9 of the TOR for the
R&D MF, if:
-
- when performing paragraphs. A.137.3.2, A.137.3.3 hierarchical map created
inventory of the network on which the node is displayed (controlled workstation);
- when performing paragraphs. A.137.3.4, A.137.3.5 rendered
monitoring the availability of technical means in the form of a hierarchical network map.

requirements of clause 9.10 of the TOR for the Amezit-V R&D SC.
A.138.2 In accordance with the requirements of clause 9.10 of the ToR for
the Amezit-V R&D SC, the ERP SSS must ensure the collection and analysis
285
information security events coming from the controlled subsystems of the
APK "Amezit".
A.138.3 To check the compliance of the ERP SSW with the
A.138.3.1 On the operator's workstation POR OS in the terminal, execute the

command to connect via SSH protocol to the controlled workstation and enter the
wrong password.
A.138.3.2 Search for an authorization attempt with an incorrect password on the
controlled workstation.
A.138.3.2 of the test program and methodology and fulfill clause 9.10 of the TOR for the R&D
MF, if:
-
- bad password login attempt event logged
on a controlled workstation.

requirements of clause 9.11 of the TOR for the Amezit-V R&D SC.
A.139.2 In accordance with the requirements of clause 9.11 of the ToR
for the Amezit-V R&D SC, the ERP SSW should provide visualization of the
received data and notification of the security administrator about
information security incidents.
А.139.4 Create a correlation directive with the name “Test Directive” on the
workstation of the OS ERP operator for three authorization attempts with an
incorrect password within 30 seconds, received from one source.
A.139.5 On the POR OS operator's workstation in the terminal, execute the
command to connect via SSH to the controlled workstation and enter the wrong
password for the root user three times.
A.139.6 Wait for the incident notification to appear.
A.139.7 On the "Correlation" page in the "Incidents" section, find an
incident with the name "Test Directive" and view the incident card.
286
A.139.8 SPO ROR is considered to have passed the tests in accordance with clauses
A.139.4-A.139.7 of the test program and methodology and fulfill clause 9.11 of the TOR for
the R&D MF, if:
- there were notifications about a new information incident
security;
- the incident record is recorded on the "Correlation" page in
section "Incidents";
- the incident card contains the directive name "Test directive" and
records of three authorization events with incorrect password.

A.140.1 In this methodology, the Amezit-V SPO is checked for compliance with the
requirements of clauses 3.4, 3.4.1-3.4.2 of the TOR for the Amezit-V R&D SC.
A.140.2 In accordance with the requirements of clauses 3.4, 3.4.1-3.4.2 of the TOR,
the requirements for survivability and resistance to external influences must be met on
the Amezit-V R&D SC.
A.140.3 During the audit, the quality of CDs with the Amezit-V open source software is
evaluated, as well as the conditions for using the purchased components of the Amezit HSC.
A.140.3.1 Verification quality CDs WithSPO "Amezit-V",

is performed by comparing the performance characteristics of the
presented CDs with the performance characteristics required for CDs
(carriers) in accordance with GOST R 7.0.2-2006.
A.140.3.2 Verification of the conditions for the use of purchased
components of the Amezit APK is carried out by comparing the performance
characteristics stated in the technical specifications (TS) or other
accompanying documentation for these components with the performance
characteristics required for the Amezit APK.
clause A.140.3.1-A.140.3.2 of the test program and procedure and fulfill clauses 3.4,
3.4.1-3.4.2 of the TOR for the R&D MF, if:
- presentedCD-ROMs with SPO "Amezit-V" on operational
specifications correspond to the performance specifications for CD-disks
(carriers);
- purchased components correspond conditions
product application. Sustainability of computer facilities (hereinafter -
287
SVT) to the impact of mechanical and climatic factors are confirmed by their
specifications and other accompanying documentation.

A.141.1 In this methodology, the Amezit-V open source software is checked for compliance with
the requirements of paragraph 3.5 of the TOR for the Amezit-V R&D SC.
A.141.2 In accordance with the requirements of paragraphs of paragraph 3.5 of the
TOR, the reliability requirements must be met on the Amezit-V R&D SC.
A.141.3.1 Perform installation, configuration and verification of the open source software included
in the Amezit-V open source software in accordance with the documents:
telecommunication systems. Stand for control of information and technical
objects of life support systems No. 1. System programmer's guide”;

objects of life support systems No. 2. System programmer's guide”;

288
Guide";
-RU.VATS.00183 -01 32 01 "Special software
A.141.3.2 Verify that there is no loss of configuration information due
to failures and failures of the hardware platform within a given period of
time.
A.141.4 SPO "Amezit-V" is considered to have passed the tests
according to clause A.141.3.1-A.141.3.2 of the test program and
methodology and fulfill clause 3.5.1 of the TOR for the R&D MF, if it is
ensured that the loss of configuration information due to failures and
hardware platform failures.
the requirements of paragraphs 3.6, 3.6.1-3.6.2 of the TOR for the Amezit-V R&D center.
A.142.2 During the audit, the composition of the roles of users of the Amezit-V
software is evaluated, the distribution of functions between them, as well as the
completeness and quality of the ergonomic support program are evaluated.
A.142.2.1 Verification is performed by comparing the composition of
users of the Amezit-V software and the distribution of functions between them,
described in the operational documentation (user manual, operator's manual,
system programmer's manual) with the functions available to users in the
interface, as well as assessing the completeness and the quality of the
ergonomics program.
A.142.3 SPO "Amezit-V" is considered to have passed the tests according to clause
A.142.2.1 of the test program and procedure and fulfill clauses 3.6, 3.6.1-3.6.2 of the TOR
for the R&D MF, if:
289
- the ergonomics program is drawn up in accordance with
requirements of GOST RV 29.00-002-2005;
- the composition of the roles of users of the Amezit-V open source software, described in
operating documents (user manual, operator manual, system programmer

manual), as well as the distribution of functions between them correspond
to the roles and functions of users available in the interface for each user.

A.143.1 This method is used to check the Amezit-V software for compliance with
the requirements of paragraphs 3.7, 3.7.1 on the Amezit-V R&D center.
A.143.2.1 Perform maintenance of the SPO, which is part of the

Amezit-V SPO, in accordance with the documents:
transmission network. Maintenance Manual";
subsystems for monitoring messages of an autonomous segment of the
data transmission network. Maintenance Manual";
subsystems for monitoring the Internet and the media. Maintenance
Manual";
telecommunication systems. Maintenance Manual";

objects of life support systems No. 1. Maintenance manual”;

telecommunication systems. Information technology control stand
290
objects of life support systems No. 2. Maintenance manual”;

subsystems of primary information analysis Maintenance Manual”;

data relay subsystems using intermediate servers. Maintenance Manual";

materials. Maintenance Manual";
subsystems for testing telecommunication equipment. Maintenance
Manual";
storage subsystems. Maintenance Manual";
screen. Maintenance Manual".
A.143.2.2 Make sure that the information processed by the software
systems is preserved during the maintenance of the open source software.
A.143.3 SPO "Amezit-V" is considered to have passed the tests according
to clauses A.143.2.1-A.143.2.2 of the test program and methodology and fulfill
clauses 3.7, 3.7.1 of the TOR for the SC R & D, if the APC "Amezit" provides the
ability to carrying out scheduled maintenance of technical means with the
preservation of information processed by software systems.
A.144.1 In this methodology, the Amezit-V open source software is checked for compliance
with the requirements of clauses 3.9, 3.9.1 of the TOR for the Amezit-V R&D SC.
A.144.2 Verification is carried out by comparing the operational
characteristics, safety regulations and fire prevention measures presented
in the operation manual of the APK "Amezit", with the operating rules,
safety precautions and fire prevention measures described in the
documents: GOST RV 20.39.107-98, GOST 12.2 .007.0, GOST 12.4.124, GOST
12.1.018, GOST 12.1.038, GOST RV 20.39.309-98.
clause A.144.2 of the test program and procedure and fulfill clauses 3.9, 3.9.1
291
TK for MF R&D, if the operational characteristics, safety regulations, illegal
measures presented in the operating manual of the APK "Amezit" comply
with the rules for operation, safety and fire prevention measures described
in the documents: GOST RV 20.39.107-98, GOST 12.2 .007.0, GOST 12.4.124,
GOST 12.1.018, GOST 12.1.038, GOST RV 20.39.309-98.

with the requirements of paragraphs 3.10, 3.11, 9.3.1, 9.3.4, 9.3.5, 10 of the TOR for the Amezit-V
R&D center.
A.145.2 In the course of the audit, compliance with the requirements of the
secrecy regime, protection from foreign technical intelligence (ITR), the
requirements for protecting state secrets, and the requirements for protecting
information from unauthorized access when performing the Amezit-V R&D SC is
assessed.
A.145.3.1 Check the availability of licenses for the right to conduct

work containing information related to state secrets.
A.145.3.2 Make sure that the stamp of all documents in which the
totality of information constitutes a state secret and developed within the
framework of the Amezit-V R&D SC has a secrecy level - "Secret";
appointment, composition and capabilities of the AIC "Amezit" - "Secret";
information disclosing the modes of operation and methods of using the
APK "Amezit" - "Secret"; information on individual events that do not reveal
the plans (concepts) of information confrontation - "Secret".
A.145.3.3 Make sure that the documents for the Amezit-V R&D SC include the
Instructions for protection against engineering and technical personnel, developed in
accordance with the requirements of GOST RV 50859-2010.
A.145.3.4 Make sure that the document RU.VATS.00176-01 94 01
“Special software “Amezit-V”. Security Administrator Guide" provides the
following information:
- the degree of secrecy of the processed and stored information in
complex - "unclassified";
- the class of information protection from unauthorized access is defined - 1B;
- for information processing are used certified
serially produced in a protected design technical means.
292
according to clauses A.145.3.1-A.145.3.4 of the test program and procedure
and fulfill clauses 3.10, 3.11, 9.3.1, 9.3.4, 9.3.5, 10 TK for MF R&D, if the
results obtained (checks of paragraphs A.145.3.1-A.145.3.4 of the program
and test methods) fully comply with the requirements.
requirements of paragraphs 3.12, 3.12.1-3.12.4 of the TOR for the Amezit-V R&D SC.
A.146.2 In accordance with the requirements of paragraphs 3.12,

3.12.1-3.12.4 of the TOR for the MF R&D "Amezit-V", the SPO "Amezit-V" should be
standardized, unified and catalogued.
A.146.3.1 In the user interface of the "Amezit-V" software, generate a

report in accordance with the documents:
subsystems for monitoring the Internet and the media. User guide";

materials. User guide";
293
subsystems for testing telecommunication equipment. User guide";

A.146.3.2 Verify that generated reports are uniformly structured and
have the same functionality.
A.146.3.3 Launch the Amezit-V software in accordance with the
documents:
Operator's Manual";
transmission network. Operator's Manual";
subsystems for monitoring the Internet and the media. Operator's Manual";
telecommunication systems. Operator's Manual";
subsystems of primary information analysis. Operator's Manual";
data relay subsystems using intermediate servers. Operator's Manual";

Operator's Manual";
subsystems for testing telecommunication equipment. Operator's
Manual";
storage subsystems. Operator's Manual";
294
screen. Operator's Manual".
A.146.3.4 Make sure that the Amezit-V open source software is
standardized and unified and has the following quality indicators - Amezit open
source software is launched through a browser, is built using thin client
technology (client-server architecture), screen forms of the interface have a
single presentation style .
clauses A.146.3.1-A.146.3.4 of the test program and methodology and fulfill clauses
3.12, 3.12.1-3.12.4 of the TOR for the R&D MF, if:
- standardization and unification of forms of documents circulating in
the product is provided by improving the forms and reducing the variety of
documents of the same functional purpose;
- the requirements for standardization and unification are met, the procedure
tasks and composition in accordance with GOST B 15.207, GOST B 20.39.105;
- the materials of the technical project reflect information about
existing analogues of the developed product;
- Open source software ensures the use of developed and promising
solutions for the systematic modernization of the complex and the creation of
various modifications. This ensures maximum unification of the samples.

with the requirements of paragraphs 3.14, 3.14.1, 7, 7.1-7.2 of the TOR for the Amezit-V R&D
center.
A.147.2 According to the requirements of paragraphs 3.14, 3.14.1, 7, 7.1-7.2 of the
ToR for the Amezit-V R&D SC, the Amezit-V SPO must comply with the design
requirements, requirements for conservation, packaging and labeling
A.147.3 Verification is made by visual inspection of the package
LCD.
A.147.4 SPO "Amezit-V" is considered to have passed the tests in accordance with
clause A.147.3 of the test program and methodology and fulfill clauses 3.14, 3.14.1, 7,
7.1-7.2 of the TOR for the R&D MF, if:
- on LCD packages inflicted marking containing
manipulation sign, basic and informational inscriptions;
- the number of LCDs in one package -1 PC.;
295
- the marking applied to the packaging meets the requirements
GOST RV 20.39.309-98;
- the marking is stable, mechanically strong, does not erase, does not
is washed off with liquids used during operation;
- packaging conservation meets the requirements of GOST9.014-78,
GOST RV 20.39.309-98.
the requirements of paragraphs 4.1-4.3 of the ToR for the Amezit-V R&D SC.
A.148.2 During the audit, the technical and economic requirements for
the Amezit-V software are evaluated.
A.148.3 The following indicators are evaluated:
- calculation of the contract price of the SC R&D "Amezit-
- V"; scope of work performed;
- results of the feasibility study of the created open source software.
A.148.5 Check Availability approved act financial

technical acceptance (MTP). Make sure that the composition of the TOE and the scope of work
performed correspond to the scope and scope of work stated in the ICC act.
A.148.6 Check contract calculation. Make sure that the calculation of the
contract price of the Amezit-V SC R&D was carried out on the basis of the planned
costs when performing the scope of work established by the ToR, using the direct
account method for the calculation items, in accordance with the provisions of:
- Decree of the Government of the Russian Federation datedDecember 13, 2013 No. 1155
"On approval of the Regulations on the application of types of prices for products
under the state defense order";
- Decree of the Government of the Russian Federation datedDecember 5, 2013 No. 1119 "On
approval of the Regulations on state regulation of prices for products

supplied under the state defense order” (as amended by Decrees of the
Government of the Russian Federation No. 1298 of 03.12.2014, No. 941 of
04.09.2015);
- Decree of the Government of the Russian Federation datedApril 28, 2015 No. 407 "On
the procedure for determining the initial (maximum) price of the state
contract, as well as the price of the state contract concluded with a single
supplier (contractor, performer), when
296
procurement of goods, works, services under the state defense order” (as amended
by Decree of the Government of the Russian Federation dated 04.09.2015 No. 941);
- Order of the Ministry of Industry and Energy of Russia datedAugust 23, 2006 No. 200 "On
approval of the Procedure for determining the composition of costs for the production of
defense products supplied under the state defense order” (as amended by the Order of the
Ministry of Industry and Energy of Russia dated 07.11.2013 No. 1773);
- other applicable legislative and regulatory legal acts
Russian Federation.
A.148.7 Make sure that the initial data in determining the contract price of
the R&D MC were: TOR for the MC R&D, labor intensity of the MC R&D in
accordance with the TOR for the MC R&D "Amezit-V", execution sheet, economic
indicators for R&D, established for 2016. and coordinated by 474 military
representation of the Ministry of Defense of the Russian Federation.
A.148.8 Make sure that the contract price of the SC KOR "Amezit-V" is
270,000,000.00 (Two hundred and seventy million) rubles. 00 kop.
A.148.9 Check the content of the final report on the R&D MF, make sure that
the feasibility studies for the creation of an open source software are determined by
the following indicators:
- estimated cost, duration of training
and development of serial production;
- Estimated price of open source software in mass production;
- cost of life cycle stages, including marginal
the cost of production of open source software, the marginal average annual
cost of operating products and maintaining it during storage;
- limitthe complexity of manufacturing SPO V serial
production.
A.148.10 Amezit-V SPO is considered to have passed the tests in accordance with
clause A.148.5-A.148.9 of the test program and methodology and fulfill clauses 4.1-4.3 of the
TOR for the R&D MF, if the calculation of the contract price for the Amezit-V R&D MF, the
volume of the work performed, the results of the feasibility study of the created open source
software comply with the requirements stated in paragraphs 4.1-4.3 of the TOR for the
Amezit-V R&D center.

with the requirements of clauses 5.3, 5.3.1-5.3.4 of the TOR for the Amezit-V R&D center.
297
A.149.2 According to clause 5.3.1 of the TOR for the Amezit-V R&D SC, the diagnostic
support of the product must be carried out in accordance with GOST 26656, GOST 27518 and
other applicable scientific and technical documentation.
A.149.3 According to the requirements of clause 5.3.2 of the TOR for the
Amezit-V R&D SC At the preliminary design stage, the following requirements for
diagnostic support are specified and agreed with the lead contractor:
- quantitativevalues of technical
diagnosing; fitness requirements To technical
diagnostics (testability) of the sample;
- requirements for the nomenclature of diagnosed (controlled)
parameters and their characteristics;
- requirements for the means of technical diagnostics (control
technical condition);
- requirements for methods and rules of technical diagnostics
(control of technical condition);
- conditional probabilities of undetected and false failures
(faults) in the product with the accuracy to which the location of the failure
(fault) is determined;
- conditional probability of erroneous prediction of safe
operation;
- frequency and duration of technical diagnostics
(control of technical condition);
- depth troubleshooting And completeness technical
diagnostics (technical condition control).
A.149.4 According to the requirements of paragraph 5.3.3 of the ToR for
the Amezit-V R&D SC, the substantiation of the requirements for diagnostic
support, indicators of technical diagnostics, as well as restrictions on these
indicators should be carried out based on the achievement of the maximum
possible efficiency of the product.
A.149.5 According to clause 5.3.4 of the ToR for the Amezit-V R&D SC,
to ensure operational control and troubleshooting, the product under
development should provide for software methods for detecting and
localizing faults in the software of subsystems.
A.149.6 To verify the requirements of paragraphs 5.3.1-5.3.3 of the ToR on the
SC R&D, it is necessary to open the agreed requirements for the diagnostic support of
the Amezit-V software (ref. 120/5140s FSUE "RNIIRS" dated 10/25/2017). Make sure
that:
298
- diagnostic software for open source software "Amezit" was developed in
in accordance with GOST 26656, GOST 27518 and other applicable NTD;
- the following indicators are defined:
- quantitative values indicators technical
diagnosing; requirements fitness To
technical diagnostics of the (traceability)
sample;
- requirements To nomenclature diagnosed
(controlled) parameters and their characteristics;
- requirements for technical diagnostic tools (control of
technical condition); requirements for methods and
- diagnostics (technical condition monitoring);
rules technical

(faults) in the product with the accuracy to which the
location of the failure (fault) is determined;
- conditional probability of erroneous forecasting
safe operation;
- frequency and duration of diagnostics (technical technical
condition monitoring);
- depth of troubleshooting and completeness of technical
diagnostics (technical condition control);
- substantiation of requirements for diagnostic support,
indicators of technical diagnostics, as well as restrictions on these
indicators, are given based on the achievement of the maximum possible
efficiency of the product.
requirements of clause 5.3.4 of the ToR for the Amezit-V R&D SC, perform the
steps described below.
A.149.7.1 Run the Amezit-V software in accordance with the documents:
299


A.149.7.2 Simultaneously with the launch of the Amezit-V open source software,
execute the diag.sh/diag.bat script. Also, it is possible to add a script to cron or
another scheduler for periodic control.
The input data for the script is the file checksum.dat containing the
following values line by line <full path to the component, component
subsystem name, checksum in md5 format> without spaces. For example:
D:\first.rar,testModule,cf4de6a10e4d1c6506be3867e608810c D:
\first.rar,testModule2,cf4de6a10e4d1c6506be3867e6088101. A.149.7.3
Make sure that the Amezit-V SSS checksum corresponds to the
checksum declared in the operating documentation for the Amezit-V SSS.

clause A.149.6-A.149.7.2 of the test program and methodology and fulfill clauses 5.3,
5.3.1-5.3.4 of the TOR for the R&D MF, if:
- diagnostic software for open source software "Amezit" was developed in
in accordance with GOST 26656, GOST 27518 and other applicable NTD;
300
- the following indicators are defined: quantitative values of
- diagnostic indicators; requirements for suitability for
technical
technical diagnostics (traceability) of the sample; To
- requirements To nomenclature diagnosed

(controlled) parameters and their characteristics;
- requirements for technical diagnostic tools (control of
technical condition); requirements for methods and
- diagnostics (technical condition monitoring);
rules technical

(faults) in the product with the accuracy to which the
location of the failure (fault) is determined;
- conditional probability of erroneous forecasting
safe operation;
- frequency and duration of diagnostics (technical technical
condition monitoring);
- depth of troubleshooting and completeness of technical
diagnostics (technical condition control);
- substantiation of requirements for diagnostic support,
indicators of technical diagnostics, as well as restrictions on these
indicators, are given based on the achievement of the maximum possible
efficiency of the product;
- to ensure operational control and diagnostics
faults in the developed product, software methods for detecting and
localizing faults in subsystem software are provided.
A.150.1 This methodology checks the Amezit-V open source software for
compliance with the requirements of clauses 5.4, 5.4.1-5.4.2.1, 5.4.2.4-5.4.3.3 of the TOR
for the Amezit-V R&D SC.
A.150.2 During the test, the mathematical, software and information-
linguistic support of the open source software "Amezit-V" is evaluated.
requirements of paragraphs 5.4.1.1-5.4.1.3, you must perform the steps
described below.
A.150.1.1 Review program documentation:
301
Program description";
subsystems for monitoring messages of an autonomous segment of the data transmission
network. Program description";
subsystems for monitoring the Internet and the media. Program description";
telecommunication systems. Program description";
subsystems of primary information analysis. Program description";
data relay subsystems using intermediate servers. Program description";

Program description";
subsystems for testing telecommunication equipment. Program
description";
storage subsystems. Program description";
screen. Program description".
A.150.1.2 SPO "Amezit-V" is considered to have passed the tests according to
clause A.150.1.1 of the test program and procedure and fulfill clauses 5.4.1.1-5.4.1.3 of
- software documentation contains:
- mathematical methods and data processing algorithms;
- mathematical methods and algorithms for visual presentation
of information about the results of data processing; methods,
- models and algorithms are described in detail, documented and
independent of their software implementation.
302
- models and algorithms are developed with maximum use
proven standard models, methods and algorithms.
requirements of paragraphs 5.4.2.1, 5.4.2.4-5.4.3.2, you must perform the
actions described below.
A.150.2.1 Install, configure and launch the Amezit-V software in
accordance with the operational documents:

Guide";
303
A.150.2.2 In the user interface, perform the necessary operations in
accordance with the operational documents:


A.150.2.3 SPO "Amezit-V" is considered to have passed the tests according to
clause A.150.2.1-A.150.2.2 of the test program and methodology and fulfill clauses
5.4.2.1, 5.4.2.4-5.4.3.2 of the TOR for the R&D MF , If:
- OPO SPO "Amezit-V" was installed in the minimum required
for the operation of the configuration and does not contain gaming programs;
- used operating systems of personal computers, have
a full set of services for the assembly of software modules, network
interaction, inclusion in and exclusion from systems
304
various hardware, information security control, display of information and
ensuring the functioning of distributed databases, regardless of what
computer technology they work on;
- software tools of open source software "Amezit-V" support the reference

open systems interconnection model and ensure the independence of application-
level programs from the network environment;
- software included in the free software "Amezit-V"
compatible with each other;
- software included in the free software "Amezit-V"
compatible with each other;
- the software interface of the SPO "Amezit-V" has
semantic transparency, unambiguity and intuitive accessibility for various
categories of users, regardless of the computer technology used and the
operating environment;
- in the development of the open source software "Amezit-V" the funds were used
automated debugging, supporting syntactic and semantic control of the
correctness of modules written in programming languages of various
levels and languages of information systems (database management
systems, spreadsheets, etc.) and control of their translation into machine
code of computer commands. The automated debugging tools used
provide the following functions:
- control of the correctness of the source texts of programs and the issuance of
information about the place and nature of errors;
- issuance of debugging results and necessary intermediate
data in the debugging language after their preliminary
processing;
- the ability to adjust the debugged program with in order to
correct the errors found.
- it is possible to expand the functionality without
significant improvements to the program code (building on a modular
basis);
- extension programming interfaces are clearly documented and
included in the operational documentation.
- all open source functions support the Russian language and provide
Russian-language user interface (taking into account the legend
requirements);
305
- SPO provides processing of information documents on
supported Unicode languages. This takes into account the morphology for
documents in Russian and English.
requirements of paragraph 5.4.3.3, you must perform the steps described below.
A.150.3.1 Launch the PMS open source software in accordance with
the document RU.BATC.00179-01 32 01 “Special software for the Internet
and media monitoring subsystem. System Programmer's Guide.
A.150.3.2 Start ElasticSearch and run the following command in the
console:
GET amesyte/post/_search
{
"query": {
match: {
"post_text": "ISIS Syria"
}
},
size: 100
}
A.150.3.3 Verify that the command finds all posts containing the word
"Syria" or "ISIL".
console:
GET amesyte/author/_search {
"query": {
match: {
"name_analyzed": "Vladimir"
}
}
}
A.150.3.5 Verify that the command results in finding all authors whose
full name is "Vladimir".
console:
GET amesyte/post/_search {
size: 0
"aggs": {
hosts: {
terms: {
"field": "url_host",
size: 10
}
}
}
}
306
A.150.3.7 Verify that What V result fulfillment teams
all sources in which publications were collected were displayed, indicating
the number of posts for each source.
console:
"query": {
"query_string": {
"default_field": "post_text", "query": "+(Syria al-
Nusra) -(USA)"
}
}
}
A.150.3.9 Verify that What V result fulfillment teams

(using a custom query) found all posts that necessarily used the words
"Syria" or "Al-Nusra" and did not contain the use of the word "USA".

console:
"query": {
bool: {
"must": [
{
term: {
"rco_objects.original.keyword": {
"value": "ERDOGAN"
}
}
}
]
}
},
"aggs": {
"objects": {
terms: {
"field": "rco_objects.original.keyword"
}
}
}
}
What V result
A.150.3.11 Make sure fulfillment teams
all objects in whose publications the person "ERDOGAN" was found by the
semantic analyzer were displayed (case insensitive).
A.150.3.12 Start PostgreSQL (web interface database) and run the following
command in the console:
307
select * from login_user
A.150.3.13 Verify that the command results in displaying a list of all

users of the PMS PMS subsystem.
A.150.3.14Start PostgreSQL (web interface database) and run the following
select * from themes
A.150.3.15 Make sure that as a result of the command execution, a list of all
topics of all users of the SPO PMS subsystem is displayed.
A.150.3.16Start PostgreSQL (web interface database) and run the following
select * from notifications where viewed=false
A.150.3.17 Make sure that as a result of the command execution a list

of all topics of all unviewed notifications of all users of the SSS PMS
subsystem is displayed.
A.150.3.18 Start PostgreSQL (media collector database) and run the
command:
select * from sources
A.150.3.19 Verify that the command results in a list of all collector

sources.
A.150.3.20 Start PostgreSQL (media collector database) and run the
command:
select s.name, sel.query from templates t inner join sources s on s.id = t.- source_id inner join selectors
sel on sel.template_id = t.id
A.150.3.21 Verify that the command results in a list of all collector

sampling templates for each source.
A.150.3.22 "Amezit-V" software is considered to have passed the tests according to
clause A.150.3.1-A.150.3.21 of the test program and procedure and fulfill clause 5.4.3.3 of
- found all posts that used the words "Syria" or
Igil";
- found all authors whose full name is "Vladimir"; all sources in which
- publications were collected were displayed, with
indicating the number of posts for each source;
- found all posts in which the words were necessarily used
“Syria” or “Al-Nusra” and there were no uses of the word “USA”;
- all objects were displayed, in the publications of which the semantic
the analyzer found the person "ERDOGAN" (case was not taken into account);
308
- a list of all users of the subsystem was displayed; a list of all topics
- of all users was displayed; a list of all unviewed notifications of all
-
users;
- a list of all collector sources was displayed;
- a list of all collector data sampling templates for
each of the sources.
with the requirements of clauses 8, 8.1-8.7 of the TOR for the Amezit-V R&D SC.
A.151.2 During the audit, the composition of the training equipment of the SPO
"Amezit-V" is evaluated.
A.151.3 Verification is performed by comparing the composition of the
submitted sketches of training aids with the approved list of training aids.
The completeness and quality of educational and training aids are also
evaluated in accordance with the approved sketches (ref. 120/292-9578
FSUE "RNIIRS" dated October 24, 2017).
A.151.3 of the test program and methodology and fulfill clauses 8, 8.1-8.7 of the TOR for the
R&D midrange, if:
- training aids developed in the SC ROC include
in your composition:
- educational and technical posters;

- teaching materials for the (instructions) By
implementation of basic operations;
- practical tasks and exemplary performance standards basic
operations;
- teaching materials implemented means
modern information technologies (videos, presentations, interactive video
courses and simulators, etc.);
- the composition of training aids is determined and agreed on
stage of the RKD;
- the list and sketches of educational and technical means are developed in
in accordance with the requirements of GOST 2.605-68, agreed with the main
contractor within the time specified in GOST RV 2.902-2005;
309
- the composition and content of educational and technical means are sufficient for
study of the design, principle of operation, methods of use and
maintenance of the product;
- Training of the Consumer's personnel was carried out (as agreed) according to
device and operating rules of SPO "Amezit-V" at the stage of preliminary
tests.
with the requirements of clauses 9, 9.2 of the TOR for the Amezit-V R&D SC.
A.152.2 The patent research report is checked for compliance with
GOST 15.011-96 “System for developing and putting products into
production. Patent research. Content and procedure.
A.152.3 Open a report on patent research and compare the contents
of the report with the requirements of GOST 15.011-96 “System for the
development and production of products. Patent research. Content and
procedure.
A.152.4 SPO "Amezit-V" is considered to have passed the tests according
to clause A.152.3 of the program and test methods and fulfill clauses 9, 9.2 of
the TOR for the SC R & D, if the submitted patent research report is developed
in accordance with GOST 15.011-96 "Development system and putting products
into production. Patent Research. Content and procedure” contains:
- title page;
- list of performers;
- content;
- abstract;
- list of abbreviations, symbols; general data
- about the object of study; the main part
- (analytical);
- conclusion;
- applications:
- task to conduct patent research; search
- regulations;
- search report.
310
A.153.1 In this methodology, the Amezit-V SPO is checked for compliance
9.7
with the requirements of clauses 9, TOR for the Amezit-V R&D SC.
A.153.2 To carry out the check, hardware is required that is part of the
Amezit HSC.
A.153.3.1 Do launch SPO "Amezit-V" according to
operational documentation:


311
A.153.4 Check the SSW POT in accordance with the document
RU.VATS.00180-01 51 01 “Special software for the analysis subsystem of
information and technical objects of telecommunication systems. Program
and test methods”.
A.153.4.1 Scan open source software "Amezit-V" for vulnerabilities
using open source software in accordance with document RU.VATS.00180
-01 92 01 "Special software for the analysis subsystem of information and
technical objects of telecommunication systems. User guide".
A.153.4.2 Verify that, when performing checks:

- in the settings of operating systems, which is part of the HPS of each
subsystems of APK "Amezit" the address of the update server (repository) is specified;
- Missing error messages.
A.153.4.3 Amezit-V software is considered to have passed the tests in
accordance with clauses A.153.3.1-A.153.4.2 of the test program and
methodology and fulfill clauses 9, 9.7 of the TOR for the R&D MF, if the
resource security (scanning) is for vulnerabilities) and subsequent elimination
of the discovered vulnerabilities.
with the requirements of clauses 9, 9.8 of the ToR for the Amezit-V R&D SC.
A.154.2 The following hardware is required to perform the test:
- Operator's workstation of the open segment SPO POR;

- APK "Amezit".
312


A.154.3.2 Switch on the workstation of the operator of the open POR
segment according to the document RU.VATS.00186-01 34 01 “Special software for
the subsystem for processing results and their visualization on an interactive
A.154.3.3 Enable the module “monitoring the infrastructure of the SPO
ERP” in accordance with the document RU.VATS.00186-01 34 01 “Special
software for the subsystem for processing results and visualizing them on an
interactive screen. Operator's Manual".
A.154.3.4 Perform actions for display states
infrastructures described in the document RU.VATS.00186-01 34 01 “Special
software for the subsystem for processing results and their visualization on
an interactive screen. Operator's Manual".
- composition and status of nodes displayed in the module interface
"monitoring the infrastructure of the SSW ERP" corresponds to the
composition and state of the nodes connected to this module via the local
area network (LAN).
313
A.154.4 Amezit-V software is considered to have passed the tests according to
clauses A.154.3.1-A.154.3.5 of the test program and methodology and fulfill clauses 9,
9.8 of the TOR for the R&D SC, if the inventory of resources of the Amezit HSC is
ensured.

requirements of paragraphs 9, 9.9 of the ToR for the Amezit-V R&D SC.
- Operator's workstation of the open segment SPO POR;

- APK "Amezit".
operational documentation for SPO.

A.155.3.2 Turn on the operator's workstation of the open segment of the
SPO POR according to the document RU.VATS.00186-01 34 01 “Special software
for the subsystem for processing results and visualizing them on an interactive
A.155.3.3 Enable the module “monitoring module of the SPO POR
infrastructure” in accordance with the document RU.VATS.00186-01 34 01
“Special software for the subsystem for processing results and their
visualization on an interactive screen. Operator's Manual".
A.155.3.4 Perform actions to display the infrastructure described
states
in the
processing results and their visualization on an interactive screen.
Operator's Manual".
A.155.3.5 Make changes to the infrastructure of the APK "Amezit": turn on
or turn off workstations or servers that are not included in the module
"monitoring the infrastructure of the SSW ERP".
A.155.3.6 Verify that when performing checks:
- composition and status of nodes displayed in the module interface
“monitoring of the ERP SS infrastructure” was changed during the execution of
clauses A.155.3.4 and A.155.3.5 and corresponds to the composition and state of the
nodes connected to this module via LAN;
314
A.155.4 Amezit-V software is considered to have passed the tests in accordance
with clauses A.155.3.1-A.155.3.6 of the test program and methodology and fulfill clauses
9, 9.9 of the ToR for the R&D MF, if monitoring of changes in the infrastructure of the
Amezit APK is provided .

the requirements of paragraphs 9, 9.10 of the ToR for the Amezit-V R&D SC.
- AWP security administrator APK "Amezit";

- APK "Amezit" (subsystems PKS, PRR, PRD, PTT, PMS, PCB, POR).

315

A.156.3.2 Turn on the security administrator workstation according to
the document RU.VATS.00176-01 94 01 “Special software “Amezit-V”. Security
Administrator's Guide.
A.156.3.3 Deploy the open source software "Complex of operational
monitoring, response and data analysis (Komrad)" (product designation -
NPESH.60010-02.02) on the hardware used by the subsystems PKS, PRR,
PRD, PTT, PMS, PCB, POR.
A.156.3.4 Perform actions to ensure the collection and analysis of
information security events coming from the controlled subsystems of the
Amezit HSC, described in the document RU.VATS.00176-01 94 01 “Amezit-V
Special Software”. Security Administrator's Guide.

- SPO "Complex of operational monitoring, response and analysis
data (Komrad)" (product designation - NPESH.60010-02.02) is deployed in accordance
with the operational documentation of the product;
clauses 9, 9.10 of the TOR for the R&D MF, if collection and analysis of information
security events is provided, coming from the controlled subsystems of the APK
"Amezit".
the requirements of paragraphs 9, 9.11 of the TOR for the Amezit-V R&D SC.
- AWP security administrator; APK

- "Amezit".
316
operational documentation for SPO.

A.157.3.2 Turn on the security administrator workstation according to
the document RU.VATS.00176-01 94 01 “Special software “Amezit-V”. Security
Administrator's Guide.
A.157.3.3 Deploy the open source software "Complex of operational
monitoring, response and data analysis (Komrad)" (product designation -
NPESH.60010-02.02) on the hardware used by the subsystems PKS, PRR,
PRD, PTT, PMS, PCB, POR.
A.157.3.4 Perform actions By ensuring visualization
received data and alerting the security administrator about information
security incidents described in the document RU.VATS.00176-01 94 01
“Amezit-V Special Software”. Security Administrator's Guide.

- SPO "Complex of operational monitoring, response and analysis
data (Komrad)" (product designation - NPESH.60010-02.02) is deployed in accordance
with the operational documentation of the product;
according to clauses A.157.3.1-A.157.3.5 of the test program and
methodology and fulfill clauses 9, 9.11 of the TOR for the R&D MF, if
visualization of the received data and notification of the security
administrator information security incidents.
A.158.2 Verification is performed by visually viewing the source code of
the SSW.
A.158.2 of the test program and methodology and fulfill clauses 9, 9.13 of the TOR for the
R&D midrange, if:
- in scripts and configuration data files of open source software "Amezit-V"
there are no comments;
317
- names of modules, classes, generated data, etc. Not
disclose nationality, information about the developer and the Customer.

A.159.2 To carry out the check, hardware is required, from the composition
of the APC "Amezit".
A.159.3.1 Execute launch SPO "Amezit-V" according to


318
A.159.3.2 Perform tests of the PPA SSS in accordance with the
document RU.VATS.00181-01 51 01 “Special software for the subsystem of
primary information analysis. Program and test methods”.
A.159.3.3 Configure the module “Monitoring of the SPO POR
infrastructure” in accordance with the document RU.VATS.00181-01 32 01
“Special software for the subsystem of primary information analysis. System
Programmer's Guide.
A.159.3.4 Connect the "Scat traffic analyzer" device, which is part of the
PPA, to the data transmission channel. Connect in accordance with the
A.159.3.5 Perform analysis of the traffic transmitted in the channel in

accordance with the document RU.VATS.00181-01 92 01 “Special software
for the subsystem of primary information analysis. User guide".
A.159.3.6 Repeat the analysis for each data link. A.159.3.7 Verify
that, when performing checks:
- As a result of the analysis of the STR, the PPA did not issue any messages about
traffic anomalies and the possibility of protocol compromise;
- when performing the above actions of this technique
there were no error messages.
A.159.4 Amezit-V SSS is considered to have passed the tests in accordance
with clauses A.159.3.1-A.159.3.7 of the test program and methodology and fulfill
clauses 9, 9.15 of the TOR for the R&D MF, if Amezit-V SSS transmits data about its
current state using protocols that are resistant to detection and compromise.

A.160.2 The following hardware is required to perform the check: APK
Amezit.
319


A.160.3.2 Perform tests of the PPA SSS in accordance with the
primary information analysis. Program and test methods”.
А.160.3.3 Configure the module “monitoring of the infrastructure of the
SPO ERP” according to the document RU.VATS.00186-01 32 01 “Special
320
software for the results processing subsystem and their visualization on an
interactive screen. System Programmer's Guide.
A.160.3.4 Connect the “Scat traffic analyzer” device, which is part of the
PPA subsystem, to the data transmission channel in accordance with the
processing results and visualizing them on an interactive screen. Operator's
Manual".
A.160.3.5 Perform a MiTM attack on the data transmission channel
according to the document RU.VATS.00186-01 92 01 “Special software for
the subsystem for processing results and visualizing them on an interactive
- none of the MiTM attacks carried out by PPA open source software were
- successful; there were no error messages.
A.160.4 The Amezit-V software system is considered to have passed the tests
according to paragraphs A.160.3.1-A.160.3.7 of the test program and methodology and fulfill
clauses 9, 9.16 of the TOR for the R&D midrange, if the Amezit-V software system is organized
information exchange provides protection against MiTM attacks.

requirements of paragraphs 9, 9.17 of the TOR for the Amezit-V R&D SC.
A.161.2 To carry out the check, the hardware included in the APC
"Amezit" is required.
321


A.161.3.2 For the SS of each subsystem:
- perform actions recorded in the SS event log, in
in accordance with the operator's manual of each SPO;
- open the event log.
- registered actions of operators were displayed in the log
events of each subsystem;
according to clause A.161.3.1-A.161.3.3 of the test program and
methodology and fulfill clauses 9, 9.17 of the TOR on the R&D MF, if all
actions of operators are recorded and recorded in storage information to
ensure a full analysis of the procedure for the actions of officials.
requirements of clauses 9, 9.18 of the TOR for the Amezit-V R&D SC.
322
A.162.2 To carry out the check, the hardware that is part of the Amezit
HSC is required.


A.162.3.2 Open the workstation of the operator of the open source software of the PKS, PMS, PCD, PTT,
PRR, PRD subsystems.
A.162.3.3 Log on to an arbitrary address on the Internet.
323
- was blocked from logging in to an arbitrary address on the network
Internet from open source workstations of PKS, PMS, PCB, PTT subsystems;
- logging in to an arbitrary address on the Internet from working
places of the SPO of the RRP and RRP subsystems was interrupted by a message about the
danger of the actions taken;
A.162.3.6 Amezit-V SPO is considered to have passed the tests in accordance
with clause A.162.3.1-A.162.3.5 of the test program and methodology and fulfills
clauses 9, 9.18 of the TOR for the R&D midrange, if Amezit-V SPO excludes the
possibility of using the functionality of the complex by the operator for personal
purposes.
requirements of paragraphs 13.1-13.5.1, 13.7-13.10, 13.14-13.16 of the TOR for the
Amezit-V R&D SC.
A.163.2 During the audit, the procedure for the implementation and acceptance of the stages of the
Amezit-V SSS is evaluated.
A.163.3 Verification of compliance with the analysis of the submitted reporting
documentation.
clause A.163.3 of the test program and methodology and fulfill clauses 13.1-13.5.1,
13.7-13.10, 13.14-13.16 of the TOR for the R&D MF, if:
- the procedure for the implementation and acceptance of the stages of the SC R & D was carried out in
in accordance with GOST RV 15.203-2001;

- notifications about the readiness of stages for acceptance were submitted;
- together with a notice to organize the acceptance of stages
presented:
- the documents referred to in s.5.2.11 GOST RV 15.203-2001;
- reporting scientific and technical documentation provided for by the TOR for
MF ROC;
- accounting data on the results obtained in the R & D, in the formNo. 1,
approved by order of the Ministry of Justice of Russia, the Ministry of Industry and
Science of Russia of July 17, 2003 No. 173/178 (registered with the Ministry of Justice of
Russia of July 29, 2003 No. 4933) on paper in one copy.
324
325
Annex B
General scheme for connecting hardware SPO "Amezit-V"
Figure 1 - General connection diagram
326
Hardware connection diagrams SPO POT, PAS, PPA,
PCS
Figure 2 - Scheme of the test bench SPO POT
327
Figure 3 - Scheme of the test bench SPO PAS
Figure 4 - Scheme of the test bench SPO PKS
328
Figure 5 - Scheme of the test bench SPO PPA
The composition of the SPO POT test bench is shown in the table below.
Authentic
Services and
No. Name Purpose OS IP address ation
utilities
information
Scanner
Kali vulnerabilities
linux POT, ssh,
Operator workstation ssh{root:O90
1 ARM POT 2.0 generator 10.0.6.57
SWEAT 52p}
(2018.1) traffic
x64 APCS
trafficGenerator
2 APK emulator ssh{root:Kn2
APK SKAT CentOS ftp, ssh, apache 018eeDeep}
10.0.6.167
SKAT "Generator 6x64 2, php ftp{ftpu:Pass
traffic" Wd6231}
3 DD-WRT emulator
switching
http{admin:a
th
CentOS ssh, apache dmin}
equipment 10.0.6.207
6x32 2, dhcp server ssh{root:ad-
(services
min}
administrators
ania)
4 brute force emulator CentOS ssh, bfd 10.0.6.31 ssh{root:Gw
329
detector systems
detection
invasions
(system
detection
attempts 7x64 1547!}
enumeration
passwords to
services
administrators
ania)
5 APCS emulator
Windows rdp{admin:A
Server components WinCC 10.0.6.168
7x32 sutP}
APCS
6 APCS Simulator
ARM emulator
Client Windows processes rdp{admin:A
operator 10.0.6.215
10x32 sutP}
APCS
process control system, step7,
OPC
7 GNS emulator
network Debian 8 ssh{root:Gw
ssh, gns 10.0.6.204
infrastructures x64 1547}
s
8 DVL Node emulator
linux c
set
DVL 1.5 ssh{root:toor
vulnerabilities ssh 10.0.6.148
x64 }
(damn
Vulnerable
linux)
330
Scheme of connecting hardware SPO PRD
Local network segment
SPO PRR SPO PMS GIS Internet

Relay nodes
user workstation user workstation

SPO PRR SPO PMS
Switch
GSM modem SPO DRP Management Server
SPO DRP
Stationary workstation Mobile workstation

user user
SPO DRP SPO DRP
Figure 6 - Scheme of the test bench SPO PRD
331
Annex E
List of abbreviations
APK Hardware and software complex

IS Information security Unauthorized
NSD access Random access memory
RAM Experimental design work Operating
OKR system
OS
PASS Subsystem for forming an autonomous segment of a data transmission
network
PCS Autonomous Segment Message Control Subsystem
PMS Internet and Mass Media Monitoring Subsystem
BY Software
POR Results processing subsystem
SWEAT Subsystem for analysis of information and technical objects of
telecommunication systems
PAP Autonomous Segment Primary Traffic Analysis Subsystem
DRP Data Relay Subsystem Using Intermediate Servers
PRR Subsystem for preparation, placement and promotion of special

materials
PSS Wired communication network
PTT Subsystem testing telecommunications
equipment
PCB Data storage subsystem Mass media
mass media Special software Component
SPO
MF
MF ROC Component of development work
TK
332
Approval sheet
by customer: from the Artist:
333

Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7

Uploaded by

Copyright:

Available Formats

You might also like

Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7

Uploaded by

Copyright:

Available Formats

Translated from Russian to English - www.onlinedoctranslator.

PROGRAM AND METHODS OF PRELIMINARY TESTS

1.2 Purpose and objectives of the tests ............................................... ...............................3

1.3 General provisions............................................................... ...................................................3

1.4 Scope of tests............................................................... .................................................5

1.9 Reporting.................................................... ................................................. .......31

1.1 Test object

- TOR for an integral part of development work (hereinafter - TOR

- AdditionNo. 1 to the terms of reference for the component

1.3.5 The timing of the preliminary tests is determined

1.3.8 The test results are recorded in the protocols. In progress

1.3.9 The Preliminary Test Panel may

on the midrange R&D "Amezit-V" or the requirements of program documentation;

p/p checks Add-ons test

Examination relaying Methodology

p/p checks Add-ons test

p/p checks Add-ons test

Examination conjugation With

Examination automatic Methodology

p/p checks Add-ons test

p/p checks Add-ons test

p/p checks Add-ons test

p/p checks Add-ons test

p/p checks Add-ons test

Examination automatic Methodology

p/p checks Add-ons test

Checking the performance of data

p/p checks Add-ons test

p/p checks Add-ons test

p/p checks Add-ons test

Internet and "promotion"

p/p checks Add-ons test

Automated Placement Check

p/p checks Add-ons test

Checking automated email

Validation of analysis and

p/p checks Add-ons test

p/p checks Add-ons test

p/p checks Add-ons test

p/p checks Add-ons test

Examination display And

p/p checks Add-ons test

p/p checks Add-ons test

Examination detection And

p/p checks Add-ons test

p/p checks Add-ons test

Checking protection against MiTM attacks

-RU.VATS.00182-01 51 01 "Special software

-RU.VATS.00183-01 32 01 "Special software

-RU.VATS.00185-01 32 01 "Special software

- connection hardware and software funds To

-RU.VATS.00182-01 32 01 "Special software

A.1.3.1 Compare submitted

A.1.3.2 Analyze the content and execution of the submitted documents

- suggestions to the network administrator's guide

- the following documents have been developed:

- a methodology for updating interfaces for interfacing with external

- The OPO includes: