Security Vision has launched an updated product Security Vision CII, ensuring the implementation of legal requirements in terms of critical information infrastructure in an automated mode.
Key updates include:
- Areas of activity of critical information infrastructure entities and connections with typical industry critical information infrastructure facilities;
- Updating the form of information about a critical information infrastructure facility;
- Automation of the calculation of economic significance in terms of categorization of critical infrastructure facilities;
- Automation of assessment of technical protection status indicators;
- Threat modeling based on a general list of information security threats.
Additions and updating of the categorization and reporting process
Standard industry lists of critical information infrastructure facilities have been incorporated into the categorization process. Also, in connection with amendments to Russian Government Resolution No. 127 of February 8, 2018 (as amended on November 7, 2025) "On Approval of the Rules for Categorizing Critical Information Infrastructure Facilities of the Russian Federation, as well as the List of Critical Information Infrastructure Criteria Indicators and Their Values", the significance criteria for critical information infrastructure facilities have been updated, and the information form for the results of critical information infrastructure facility categorization has been updated.
Calculation of economic significance
Automation of the calculation of economic significance in the process of categorizing a critical information infrastructure facility is carried out in accordance with the methodological document of the Federal Service for Technical and Export Control of Russia – “Recommendations for assessing the indicators of criteria for the economic significance of critical information infrastructure facilities of the Russian Federation.”
The calculation is carried out based on the following indicators of the criteria for the significance of critical information infrastructure objects and their values:
- Damage to the critical information infrastructure entity (indicator No. 8)
- Damage to the Russian Federation budget (indicator No. 9)
- Termination of financial transactions (indicator No. 10)
The calculation result is not only the value of the criterion by which the category (significance) of the critical information infrastructure facility is determined, but also the accompanying economic indicators, which are automatically included in the “Justification” section for the corresponding criterion.
Assessment of technical protection indicators
The assessment is automated in accordance with the FSTEC of Russia's methodological document of November 11, 2025, "Methodology for Assessing the State of Technical Information Protection in Information Systems and Ensuring the Security of Significant Objects of the Critical Information Infrastructure of the Russian Federation".
The product automatically calculates the current security status for each group of indicators and determines the final security level.
Threat modeling
The functionality of information security threat modeling has been significantly expanded. In addition to the existing threat modeling approach, based on a new section of the FSTEC of Russia's information security threat database, threat assessment has been implemented in accordance with the FSTEC of Russia's methodological document, "Information Security Threat Assessment Methodology". Threat modeling automatically generates threat scenarios based on a sequence of tactics and techniques, and identifies relevant threat implementation methods.
Thus, the user can independently choose the threat modeling methodology.
Reports and dashboards
Added reports on threats neutralized by protective measures, as well as a general list of threats not applicable for assessment, with justification for their irrelevance.
A separate dashboard has been created for the threat modeling methodology across the general list.
.png)
.png)
.png)
