Chapter V
RECEIPT AND VERIFICATION OF THE CLASSIFICATION PROPOSAL
Article 14. Submission and receipt of the classification proposal
1. For an information system to be given class 1, 2 or 3:
Operators of the information system shall send 01 original copy and 02 authenticated copies of the classification proposal to the specialized information security units for verification.
2. For an information system to be given class 4 or 5:
a) The administrator of the information system shall send 01 original copy and 04 authenticated copies of the classification proposal to the Ministry of Information and Communications (the Authority of Information Security) for verification;
b) For an information system to be given class 4 or 5, the recipient and receiving address shall be:
Ministry of Information and Communications (the Authority of Information Security), Floor 8, 115 Tran Duy Hung Building, Cau Giay District, Hanoi.
In case of changing the receiving address, the Authority of Information Security shall announce the change of address in accordance with laws.
3. Within 05 working days from the day on which the proposal is received, the recipient shall verify whether it is satisfactory. If the proposal is unsatisfactory, the recipient shall send a written notification to the applicant for supplements.
Article 15. Verification of the classification proposal
1. For an information system to be given class 1, 2 or 3:
The specialized information security unit shall verify the classification proposal as prescribed in Article 16 of Decree No. 85/2016/ND-CP.
During the verification process, the specialized information security unit shall collect written opinions of related units if necessary.
2. For an information system to be given class 4 or 5:
The Ministry of Information and Communications shall verify the classification proposal as prescribed in Article 16 of Decree No. 85/2016/ND-CP. The verification of the classification proposal shall follow the process below:
a) The Authority of Information Security shall request for written comments of the Department of Legal Affairs and other related unit affiliated with the Ministry of Information and Communications if necessary within their assigned functions and duties;
b) The Ministry of Information and Communications shall request for written comments of the Ministry of National Defense and the Ministry of Public Security in accordance with the laws.
c) Based on written comments of the Ministry of National Defense, the Ministry of Public Security and other related units, the Ministry of Information and Communications shall establish a verification council to discuss and give specific opinions. The chairperson of the verification council is assigned by the Minister of Information and Communications, the members are representatives of the leaders of the Authority of Information Security, Department of Legal Affairs, VNCERT - Ministry of Information and Communications, representatives of leaders of functional units of the Ministry of Public Security, Ministry of Defense and some independent experts (if necessary).
Article 16. Mechanism for verification cooperation
1. Operators of the information system shall cooperate with the unit verifying the classification proposal in determining the suitability of the classification proposal and operational requirements of corresponding information system.
2. In case of necessity, the unit verifying the classification proposal shall inspect and assess the information system security proposal according to the proposed class. The security inspection and assessment shall not affect the normal operation of the information system and the information system administrator or operators shall be notified if there are weaknesses in the information security.
…………………………..
Protect confidentiality of origin and content of information as agreed between parties sharing information.
4. The Information sharing is done at least every quarter and in accordance with the actual operation of the respective information system.
5. Shared information includes:
a) Information has yet been analyzed or analyzed on the risk of information insecurity; Information about occurred network attacks
- Types of network attacks recorded at the system;
- Quantity of network attacks recorded at the system;
- Samples of the recorded information of network attacks;
- Other data as agreed between parties sharing information.
b) Information security activities such as propagation, training, experiment and other data.
Tìm kiếm
Thông tư số 03/2017/TT-BTTTT (Bản Word)
Thông tư số 03/2017/TT-BTTTT (Bản Pdf)