{"id":344,"date":"2021-02-12T15:36:02","date_gmt":"2021-02-12T14:36:02","guid":{"rendered":"https:\/\/portaltest.nacr.cz\/cro\/?page_id=344"},"modified":"2021-05-03T09:36:14","modified_gmt":"2021-05-03T07:36:14","slug":"pravidla-provozu-narp","status":"publish","type":"page","link":"https:\/\/portaltest.nacr.cz\/cro\/pravidla-provozu-narp\/","title":{"rendered":"U\u017eivatelsk\u00e1 pravidla provozu N\u00e1rodn\u00edho archivn\u00edho port\u00e1lu"},"content":{"rendered":"\n

Spr\u00e1va identit NDA<\/strong><\/p>\n\n\n\n

Spr\u00e1va identit NDA se \u0159\u00edd\u00ed n\u00e1sleduj\u00edc\u00edmi legislativn\u00edmi p\u0159edpisy a intern\u00edmi akty \u0159\u00edzen\u00ed: Z\u00e1kon \u010d. 181\/2014 Sb., o kybernetick\u00e9 bezpe\u010dnosti a o zm\u011bn\u011b souvisej\u00edc\u00edch z\u00e1kon\u016f, ve zn\u011bn\u00ed pozd\u011bj\u0161\u00edch p\u0159edpis\u016f; Vyhl\u00e1\u0161ka \u010d. 82\/2018 Sb., o bezpe\u010dnostn\u00edch opat\u0159en\u00edch, kybernetick\u00fdch bezpe\u010dnostn\u00edch incidentech, reaktivn\u00edch opat\u0159en\u00edch, n\u00e1le\u017eitostech pod\u00e1n\u00ed v oblasti kybernetick\u00e9 bezpe\u010dnosti a likvidaci dat, Slu\u017eebn\u00ed p\u0159edpis \u0159editelky N\u00e1rodn\u00edho archivu \u010d. 6\/2016 ze dne 26. 2. 2016 k ustanoven\u00ed syst\u00e9mu \u0159\u00edzen\u00ed bezpe\u010dnosti informac\u00ed (ISMS) v N\u00e1rodn\u00edm archivu; Slu\u017eebn\u00ed p\u0159edpis \u0159editelky N\u00e1rodn\u00edho archivu \u010d. 15\/2016 ze dne 2. 8. 2016 k ochran\u011b informac\u00ed v N\u00e1rodn\u00edm archivu; Slu\u017eebn\u00ed p\u0159edpis \u0159editelky  N\u00e1rodn\u00edho  archivu  \u010d. 10\/2020 ze dne 11. 5. 2020 k bezpe\u010dn\u00e9mu  chov\u00e1n\u00ed  u\u017eivatel\u016f  \u2013 U\u017eivatelsk\u00fd bezpe\u010dnostn\u00ed manu\u00e1l.<\/p>\n\n\n\n

NDA vyu\u017e\u00edv\u00e1 centralizovanou spr\u00e1vu identit. Ka\u017ed\u00fd u\u017eivatelsk\u00fd \u00fa\u010det je v\u00e1z\u00e1n na fyzickou osobu k prok\u00e1z\u00e1n\u00ed jej\u00ed \u010dinnosti v r\u00e1mci NDA.  S fyzickou osobou jsou sv\u00e1z\u00e1ny i tzv. strojov\u00e9 \u00fa\u010dty. Fyzick\u00e1 osoba zodpov\u00edd\u00e1 za aktu\u00e1lnost \u00fadaj\u016f u \u00fa\u010dtu uveden\u00fdch a za pou\u017eit\u00ed strojov\u00e9ho \u00fa\u010dtu v extern\u00edm syst\u00e9mu a je kontaktn\u00ed osobou pro p\u0159\u00edpad technick\u00fdch \u010di bezpe\u010dnostn\u00edch probl\u00e9m\u016f.<\/p>\n\n\n\n

Rozsah \u00fadaj\u016f, kter\u00e9 jsou pro NArP i IS NDA vedeny v modulu Administrace n\u00e1sledovn\u011b:<\/p>\n\n\n\n

1) Jm\u00e9no<\/p>\n\n\n\n

2) P\u0159\u00edjmen\u00ed<\/p>\n\n\n\n

3) E-mailov\u00e1 adresa<\/p>\n\n\n\n

4) Telefon<\/p>\n\n\n\n

5) P\u0159\u00edslu\u0161n\u00fd archiv\/archivy<\/p>\n\n\n\n

6) Organizace (pro roli P\u016fvodce I-IV)<\/p>\n\n\n\n

7) elektronick\u00e9 identity, kter\u00e9 se k \u00fa\u010dtu v\u00e1\u017eou<\/p>\n\n\n\n

8) u\u017eivatelsk\u00e9 jm\u00e9no<\/p>\n\n\n\n

9) typ \u00fa\u010dtu<\/p>\n\n\n\n

P\u0159\u00edstupov\u00e9 \u00fadaje a hesla<\/strong><\/p>\n\n\n\n

U\u017eivatel m\u016f\u017ee k p\u0159\u00edstupu vyu\u017e\u00edt slu\u017eeb kvalifikovan\u00e9ho spr\u00e1vce dle z\u00e1kona \u010d. 250\/2017 Sb., o elektronick\u00e9 identifikaci.  V ostatn\u00edch p\u0159\u00edpadech p\u0159\u00edstupov\u00e9 \u00fadaje generuje modul Administrace s n\u00e1sleduj\u00edc\u00edmi parametry:<\/p>\n\n\n\n

1) u\u017eivatelsk\u00e9 jm\u00e9no: p\u0159\u00edjmen\u00ed + prvn\u00ed p\u00edsmeno jm\u00e9na + inkrement\u00e1ln\u00ed \u010d\u00edslo<\/p>\n\n\n\n

2) u\u017eivatelsk\u00e9 jm\u00e9no (jednor\u00e1zov\u00fd \u00fa\u010det v roli P\u016fvodce II): puvodce + inkrement\u00e1ln\u00ed \u010d\u00edslo<\/a><\/p>\n\n\n\n

3) heslo: n\u00e1hodn\u00e1 skupina znak\u016f<\/p>\n\n\n\n

U\u017eivatel je povinen si heslo po prvn\u00edm p\u0159ihl\u00e1\u0161en\u00ed zm\u011bnit a dr\u017eet jej v tajnosti. To znamen\u00e1 nikomu jej nesd\u011blovat, neponech\u00e1vat napsan\u00e9 v m\u00edstech s p\u0159\u00edstupem dal\u0161\u00edch osob, neukl\u00e1dat do souboru voln\u011b p\u0159\u00edstupn\u00e9ho dal\u0161\u00edm u\u017eivatel\u016fm. P\u0159i ukl\u00e1d\u00e1n\u00ed hesel na PC je nutn\u00e9 soubor s hesly \u0161ifrovat (viz Pou\u017e\u00edv\u00e1n\u00ed kryptografick\u00e9 ochrany).<\/p>\n\n\n\n

Spr\u00e1va identit NDA uplat\u0148uje princip neodm\u00edtnutelnosti odpov\u011bdnosti. To znamen\u00e1, \u017ee u\u017eivatel odpov\u00edd\u00e1 za v\u0161echny skutky, kter\u00e9 byly vykon\u00e1ny jeho p\u0159ihla\u0161ovac\u00edm jm\u00e9nem za pou\u017eit\u00ed platn\u00e9ho hesla.<\/p>\n\n\n\n

V p\u0159\u00edpad\u011b podez\u0159en\u00ed na kompromitaci hesla (jeho prozrazen\u00ed, odposlechnut\u00ed, \u010di uhodnut\u00ed jinou osobou) je u\u017eivatel povinen<\/strong> neodkladn\u011b prov\u00e9st zm\u011bnu hesla a tuto skute\u010dnost neprodlen\u011b hl\u00e1sit na Helpdesk NDA jako kybernetick\u00fd bezpe\u010dnostn\u00ed incident. Takt\u00e9\u017e je povinen<\/strong> nahl\u00e1sit p\u0159\u00edslu\u0161n\u00e9mu Lok\u00e1ln\u00edmu spr\u00e1vci NArP a na Helpdesk NDA zm\u011bny pracovn\u00edho\/slu\u017eebn\u00edho pom\u011bru, resp. funk\u010dn\u00edho za\u0159azen\u00ed, kter\u00e9 m\u00e1 dopad na jeho opr\u00e1vn\u011bn\u00ed vykon\u00e1vat stanovenou \u010dinnost v r\u00e1mci NArP. Jde o povinnost jej\u00ed\u017e nespln\u011bn\u00ed je mo\u017en\u00e9 postihnout postupy podle slu\u017eebn\u00edho z\u00e1kona, p\u0159\u00edpadn\u011b z\u00e1kon\u00edku pr\u00e1ce a za jej\u00ed\u017e napln\u011bn\u00ed zodpov\u00edd\u00e1 zam\u011bstnavatel, kter\u00fd zam\u011bstnance o t\u00e9to povinnosti prokazateln\u011b informuje. <\/p>\n\n\n\n

P\u0159ihla\u0161ovac\u00ed heslo je nutn\u00e9 volit tak, aby nebylo snadno uhodnuteln\u00e9 a sou\u010dasn\u011b bylo dostate\u010dn\u011b odoln\u00e9 proti jeho zlomen\u00ed p\u0159i kybernetick\u00e9m \u00fatoku. Proto jsou stanoveny n\u00e1sleduj\u00edc\u00ed Pravidla pro tvorbu hesel:<\/p>\n\n\n\n

Minim\u00e1ln\u00ed d\u00e9lka: 12 znak\u016f (minim\u00e1ln\u00ed d\u00e9lka hesla u administr\u00e1tor\u016f a aplikac\u00ed je minim\u00e1ln\u011b 17 znak\u016f)<\/p>\n\n\n\n

Komplexnost: Heslo mus\u00ed obsahovat minim\u00e1ln\u011b<\/p>\n\n\n\n

– jedno velk\u00e9 p\u00edsmeno,<\/p>\n\n\n\n

– jedno mal\u00e9 p\u00edsmeno,<\/p>\n\n\n\n

– jednu \u010d\u00edslici,<\/p>\n\n\n\n

– jeden speci\u00e1ln\u00ed znak (. , – * _ ^ + # $ @ apod.).<\/p>\n\n\n\n

Pravideln\u00e1 zm\u011bna: Minim\u00e1ln\u011b 1x za 12 m\u011bs\u00edc\u016f.<\/p>\n\n\n\n

Opakovatelnost: Nov\u00e9 heslo nesm\u00ed b\u00fdt stejn\u00e9 jako 12 p\u0159edchoz\u00edch ji\u017e pou\u017eit\u00fdch hesel.<\/p>\n\n\n\n

Pro heslo nesm\u00ed b\u00fdt pou\u017eity jednoduch\u00e1 hesla typu \u201e1234\u201c, \u201eabcd\u201c apod., hesla vytvo\u0159en\u00e1 na z\u00e1klad\u011b mnohon\u00e1sobn\u011b se opakuj\u00edc\u00edch znak\u016f (\u201eaaaaa\u201c, \u201e99999\u201c, \u201ebbbbb55555\u201c, apod.), \u010di p\u0159ihla\u0161ovac\u00edho jm\u00e9na, e-mailu, n\u00e1zvu informa\u010dn\u00edho syst\u00e9mu nebo aplikace, snadno identifikovateln\u00e1 jm\u00e9na (vlastn\u00ed, rodi\u010d\u016f, sourozenc\u016f, d\u011bt\u00ed, dom\u00e1c\u00edch zv\u00ed\u0159at apod.), data narozen\u00ed, n\u00e1zvy m\u011bs\u00edc\u016f, a jin\u00e9 snadno predikovateln\u00e9 kombinace.<\/p>\n\n\n\n

Obnova hesla<\/strong><\/p>\n\n\n\n

U\u017eivatel m\u016f\u017ee vy\u017e\u00e1dat obnovu hesla prost\u0159ednictv\u00edm p\u0159ihla\u0161ovac\u00edho formul\u00e1\u0159e. Proces resetu hesla je u\u017eivateli zasl\u00e1n na registrovan\u00fd e-mail, po potvrzen\u00ed je u\u017eivateli zasl\u00e1no do\u010dasn\u00e9 heslo, kter\u00e9 si mus\u00ed p\u0159i prvn\u00edm p\u0159ihl\u00e1\u0161en\u00ed zm\u011bnit. Platnost odkazu pro vygenerov\u00e1n\u00ed do\u010dasn\u00e9ho hesla je 30 minut. O vygenerov\u00e1n\u00ed hesla je notifikov\u00e1na role Centr\u00e1ln\u00ed spr\u00e1vce, kter\u00e1 v p\u0159\u00edpad\u011b podez\u0159en\u00ed na zneu\u017eit\u00ed provede blokaci u\u017eivatelsk\u00e9ho \u00fa\u010dtu.<\/p>\n\n\n\n

Certifik\u00e1ty IS p\u0159istupuj\u00edc\u00edch k NDA<\/strong><\/p>\n\n\n\n

K identifikaci a autentizaci extern\u00edch IS p\u0159istupuj\u00edc\u00edc\u00edch k modul\u016fm NDA se pou\u017e\u00edvaj\u00ed syst\u00e9mov\u00e9 certifik\u00e1ty.<\/p>\n\n\n\n

Vytv\u00e1\u0159en\u00ed u\u017eivatelsk\u00fdch \u00fa\u010dt\u016f<\/strong><\/p>\n\n\n\n

Vytv\u00e1\u0159et u\u017eivatelsk\u00e9 \u00fa\u010dty a p\u0159id\u011blovat u\u017eivatelsk\u00e9 role jsou pro NArP opr\u00e1vn\u011bni pouze p\u0159\u00edslu\u0161n\u00ed u\u017eivatel\u00e9 v rol\u00edch Lok\u00e1ln\u00ed spr\u00e1vce a Centr\u00e1ln\u00ed spr\u00e1vce, strojov\u011b je vytv\u00e1\u0159en jednor\u00e1zov\u00fd \u00fa\u010det v roli P\u016fvodce II, Badatel, P\u016fvodce III a P\u016fvodce IV.<\/p>\n\n\n\n

Pozastaven\u00ed u\u017eivatelsk\u00e9ho \u00fa\u010dtu<\/strong><\/p>\n\n\n\n

Na z\u00e1klad\u011b vyhodnocen\u00ed provozu (nap\u0159. podez\u0159el\u00e9 mnoho\u010detn\u00e9 p\u0159ihla\u0161ov\u00e1n\u00ed atd. m\u016f\u017ee ve sv\u00e9 p\u016fsobnosti Lok\u00e1ln\u00ed \u010di Centr\u00e1ln\u00ed spr\u00e1vce pozastavit \u00fa\u010det u\u017eivatele. O pozastaven\u00ed \u00fa\u010dtu je u\u017eivatel notifikov\u00e1n e-mailem. O obnoven\u00ed \u010di zru\u0161en\u00ed \u00fa\u010dtu rozhodne Centr\u00e1ln\u00ed spr\u00e1vce do 72 hodin na z\u00e1klad\u011b prov\u011b\u0159en\u00ed stavu, p\u0159\u00edp. komunikaci s u\u017eivatelem a vyhodnocen\u00ed p\u0159\u00edp. hrozeb pro provoz. Provozn\u00ed \u0159\u00e1dy jednotliv\u00fdch modul\u016f (zejm\u00e9n\u011b modul IS CAM a modul IS PEvA)  mohou upravovat dal\u0161\u00ed parametry mimo v\u00fd\u0161e uveden\u00e9, jejich\u017e napln\u011bn\u00ed m\u016f\u017ee zp\u016fsobit pozastaven\u00ed \u00fa\u010dtu u\u017eivatele. V takov\u00e9m p\u0159\u00edpad\u011b se lh\u016fta 72 hodin pro rozhodnut\u00ed o obnoven\u00ed \u010di zru\u0161en\u00ed \u00fa\u010dtu pova\u017euje za lh\u016ftu minim\u00e1ln\u00ed.<\/p>\n\n\n\n

Zru\u0161en\u00ed u\u017eivatelsk\u00e9ho \u00fa\u010dtu<\/strong><\/p>\n\n\n\n

Zru\u0161en\u00edm \u00fa\u010dtu se rozum\u00ed smaz\u00e1n\u00ed \u00fadaj\u016f v centr\u00e1ln\u00ed spr\u00e1v\u011b identit NDA. Ru\u0161en\u00ed \u00fa\u010dt\u016f se \u0159\u00edd\u00ed n\u00e1sleduj\u00edc\u00edmi parametry:<\/p>\n\n\n\n

\u00fa\u010det (role)<\/td>Harmonogram zru\u0161en\u00ed<\/td><\/tr>
Badatel, P\u016fvodce III a IV<\/td>– automaticky 3 roky po ukon\u010den\u00ed platnosti badatelsk\u00e9ho listu, ev. 3 roky po posledn\u00edm p\u0159ihl\u00e1\u0161en\u00ed<\/td><\/tr>
P\u016fvodce II<\/td>automaticky 1 m\u011bs\u00edc po ukon\u010den\u00ed \u0159\u00edzen\u00ed a ev. p\u0159ed\u00e1n\u00ed vybran\u00fdch archiv\u00e1li\u00ed<\/td><\/tr>
Ostatn\u00ed role<\/td>Po nahl\u00e1\u0161en\u00ed zm\u011bny pracovn\u00edho\/slu\u017eebn\u00edho pom\u011bru, resp. funk\u010dn\u00edho za\u0159azen\u00ed u\u017eivatelem, bezodkladn\u011b po zji\u0161t\u011bn\u00ed p\u0159i pravideln\u00e9 revizi u\u017eivatelsk\u00fdch \u00fa\u010dt\u016f<\/td><\/tr>
V\u0161echny role<\/td>okam\u017eit\u011b p\u0159i z\u00e1va\u017en\u00e9m poru\u0161en\u00ed provozn\u00edch z\u00e1sad ev. naru\u0161en\u00ed kybernetick\u00e9 bezpe\u010dnosti<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

O zru\u0161en\u00ed \u00fa\u010dtu je u\u017eivatel notifikov\u00e1n e-mailem.<\/p>\n\n\n\n

\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"Spr\u00e1va identit NDA Spr\u00e1va identit NDA se \u0159\u00edd\u00ed n\u00e1sleduj\u00edc\u00edmi legislativn\u00edmi p\u0159edpisy a intern\u00edmi akty \u0159\u00edzen\u00ed: Z\u00e1kon \u010d. 181\/2014 Sb., o kybernetick\u00e9 bezpe\u010dnosti a o zm\u011bn\u011b souvisej\u00edc\u00edch z\u00e1kon\u016f, ve zn\u011bn\u00ed pozd\u011bj\u0161\u00edch p\u0159edpis\u016f; Vyhl\u00e1\u0161ka \u010d. 82\/2018 Sb., o bezpe\u010dnostn\u00edch opat\u0159en\u00edch, kybernetick\u00fdch bezpe\u010dnostn\u00edch incidentech, reaktivn\u00edch opat\u0159en\u00edch, n\u00e1le\u017eitostech pod\u00e1n\u00ed v oblasti kybernetick\u00e9 bezpe\u010dnosti a likvidaci dat, Slu\u017eebn\u00ed p\u0159edpis \u0159editelky […]","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/page-container.php","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/pages\/344"}],"collection":[{"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/comments?post=344"}],"version-history":[{"count":2,"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/pages\/344\/revisions"}],"predecessor-version":[{"id":526,"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/pages\/344\/revisions\/526"}],"wp:attachment":[{"href":"https:\/\/portaltest.nacr.cz\/cro\/wp-json\/wp\/v2\/media?parent=344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}