Chapter IV
IMPLEMENTATION OF CERTAIN ACTIVITIES OF PROTECTING CYBERSECURITY IN STATE AGENCIES AND POLITICAL ORGANIZATIONS AT CENTRAL AND LOCAL LEVELS
Article 23. Development and completion of regulations on the use of computer networks of state agencies and political organizations at central and local levels
1. State agencies and political organizations at central and local levels shall develop regulations on the use, management, and assurance of the internal computer network security and computer networks with Internet connection under their management. Contents of regulations on assurance of cybersecurity and cyber-safety shall be in accordance with regulations on cybersecurity protection, state confidentiality protection, technical standards and regulations on cyber information security, and other relevant professional technical standards.
2. Regulations on the use and assurance of computer network security of state agencies and political organizations at central and local levels shall:
a) Identify major information and information network systems to be prioritized for cybersecurity assurance;
b) Elaborate on prohibitions and principles of management and use and ensure cybersecurity and internal computer networks that store or transmit state confidentiality shall have a complete physical separation from computer networks, devices, and electronic means with Internet connection, other cases shall ensure compliance with regulations of laws on state confidentiality protection;
c) Have procedures for professional and technical management in operating, using, and ensuring cybersecurity of data and technical infrastructure. Such procedures shall satisfy basic requirements for information system safety assurance;
d) Have criteria for personnel in charge of network administration, system operation, cybersecurity assurance, information safety, and work related to the compilation, storage, and transmission of state confidentiality via computer system networks;
dd) Specifically stipulate responsibilities of each division, official, and staff member in managing, using, and ensuring cybersecurity and information safety;
e) Stipulate sanctions for violations of regulations on cybersecurity assurance.
Article 24. Development and completion of schemes for cybersecurity assurance for information systems of state agencies and political organizations at central and local levels
1. Heads of state agencies and political organizations at central and local levels shall issue schemes for cybersecurity assurance for information systems under their management, ensuring synchronicity, unity, focus, and sharing of natural resources to optimize efficiency and avoid duplicate investment.
2. Schemes for cybersecurity assurance for information systems include:
a) Regulations on cybersecurity assurance in designing and developing information systems, satisfying basic requirements for technical and professional management;
b) Cybersecurity appraisal;
c) Cybersecurity assessment and testing;
d) Cybersecurity supervision;
dd) Prevention, response, and remedy incidents and dangerous situations of cybersecurity;
e) Risk management;
g) Ending of operation, utilization, repair, liquidation, and cancellation.
Article 25. Schemes for response and remedy to cybersecurity incidents of state agencies and political organizations at central and local levels
1. Schemes for response and remedy to cybersecurity incidents include:
a) Schemes for prevention and handling of information sabotaging the Socialist Republic of Vietnam, inciting riots, disrupting public order, slandering, and infringing upon the order of economic management uploaded on information systems;
b) Schemes for prevention and combat against cyber-spies and protection of information of state confidentiality, work confidentiality, business confidentiality, personal confidentiality, family confidentiality, and personal life on information systems;
c) Schemes for prevention and control of acts of using cyberspace, information technology, and electronic means to violate laws on national security and social order and safety;
d) Schemes for prevention and combat against cyber-attacks;
dd) Schemes for prevention and combat against cyber-terrorists;
e) Schemes for prevention and control of dangerous situations of cybersecurity.
2. Contents of schemes for response and remedy to cybersecurity incidents
a) General provisions;
b) Assessments of risks and cybersecurity incidents;
c) Schemes for response and remedy to specific situations;
d) Tasks and responsibilities of agencies in organizing, coordinating, handling, responding to, and remedying incidents;
dd) Training, drills, incident prevention, detection supervision, and assurance of conditions for readiness for response and remedy to incidents;
e) Measures to ensure and organize the implementation of schemes, plans, and implementation budget.
Tìm kiếm
Nghị định 53/2022/NĐ-CP (Bản Word)
Nghị định 53/2022/NĐ-CP (Bản Pdf)