Critical Information Infrastructure Protection under 187-FZ
From CII object categorisation to GosSOPKA connection — we manage the entire project. We work with banks, industrial enterprises, energy and transport companies.
Get a consultationFull scope of CII protection work
CII Object Categorisation
We identify the list of CII objects and assign significance categories (1, 2 or 3) per FSB and FSTEK requirements. We prepare categorisation acts for regulatory approval.
SZKI Construction
We design and implement the critical information infrastructure protection system per FSTEK orders No. 235 and No. 239. We select certified protection tools.
GosSOPKA Connection
We organise interaction with the National CSIRT: configure sensors, reporting and incident response procedures.
Monitoring & Response
Continuous CII object security monitoring. Upon incident detection — rapid response and GosSOPKA notification within required timeframes.
187-FZ penalties in 2025: who is affected and what has changed
Since 2023, CII subjects face criminal liability for security requirement violations that entail serious consequences. Fines for legal entities reach several million rubles, and for executives — criminal sentences under Article 274.1 of the Russian Criminal Code.
Law 187-FZ applies to organisations in: healthcare, science, transport, communications, energy, banking, fuel & energy complex, nuclear energy, defence industry, aerospace, mining, metallurgy and chemical industries.
Our team has managed over 40 CII categorisation projects, none of which received rejection during FSTEK approval. We start with a free preliminary analysis — we determine whether your organisation needs to categorise objects and within what timeframes.