Communication network security management

    (January 21, 2010 People's Republic of China Ministry of industry and information technology announced 11th come into force on March 1, 2010) first in order to strengthen the management of communication network security, improve communication network security capability, secure communications networks safe, according to the People's Republic of China Telecommunications Ordinance, these measures are formulated.

    Article People's Republic of China territory of telecom operators and Internet service providers (collectively "communications network") management and operation of public telecommunication networks and the Internet (hereinafter "communications network"), network security, application of this approach.

    Internet domain name services mentioned in these measures refers to settings or DNS domain name database, as the registered name holder's domain name resolution services act or authority.

    Network security work in these measures refers to prevent communication network blocks, interrupt, paralysis or illegally control, as well as to prevent the transmission in the communication network, storage, processing of data loss, leakage, or has been tampered with and the work carried out.

    Third communication network security protection work of active defense and comprehensive prevention, graded protection principles.

    Fourth People's Republic of China Ministry of industry and information technology (hereinafter referred to as Ministry of industry and information technology) is responsible for the national communication network security unified guidance, coordination and inspection of the work, organizations establish communication network security protection system, development of communications industry standards.

    All provinces, autonomous regions and municipalities directly under the Communications Authority (hereinafter referred to as communications authority) according to the regulations, communication network security work within the administrative area for guiding, coordinating and checking.

    Ministry of industry and information technology and communications authority referred to as "telecommunications authority".

    Fifth communication network units should be in accordance with the telecommunications authority requirements and communication industry standard communication network security work, the units are responsible for the security of communication networks.

    Article sixth run units new construction, renovation or expansion of communication networks communication network projects, construction safety and security communications network facilities, and acceptance of and put into operation simultaneously with the principal part of the project.

    Communication network security fee for new construction, renovation or expansion of facilities, construction project budget estimates should be incorporated into this unit.

    Seventh communication network was officially put into operation units of this unit should be running communications networks Division, and in accordance with the communication network element after the destruction might have on national security, economy, social order and public interest damage, divided into separately from low to high level, two-tier, three-tier, four-stage, five-level.

    Telecommunications management should organize experts to review the classification of communications networks unit.

    Communication network units should be adjusted according to actual situation communication networks cell division and level, and reviewed in accordance with the provisions of the preceding paragraph.

    Eighth communication network unit shall, within communications networks rating review by 30th, communications networks unit of Division and classification in accordance with the following provisions to the telecommunications authority for the record:

    (A) the basic telecommunication business operators group to the industrial and information apply for the direct management of communications networks unit record; basic telecommunication business operators the provinces (autonomous regions and municipalities) subsidiary, branch is accountable to the local traffic authority to apply for the management of communication networks unit for the record;

    (B) value-added telecommunication service operators to make decision telecommunication management of telecommunications business license filings;

    (C) the Internet domain name service provider to the Ministry of industry and information technology, for the record.

    Nineth communications networks unit to handle communication networks unit for the record, the following information shall be submitted:

    (A) communication network element name, rank and functions;

    (B) the unit name and contact details of responsible units of communication networks;

    (C) communications network unit of person in charge's name and contact information;

    (D) communication network topology, and network boundaries, mainly hardware and software and models, and critical facilities;

    (E) telecommunications regulatory agencies required to submit additional information relating to communication network security.

    Filing information change in the preceding paragraph, communication network operation unit shall, from the date of change in the 30th to telecommunications regulators changed the record.

    Communications networks reported information shall be true, complete running units.

    Article tenth of telecommunications regulatory bodies shall record information authenticity, integrity verified, record information found untrue, incomplete, correction notice filing units.

    11th communications networks unit should be implemented commensurate with the communication network cell level security measures, and compliance testing according to the following provisions:

    (A) the three-level and three-level communication network element should be an annual compliance review;

    (B) secondary communications network unit should carry out a compliance review every two years.

    Adjustment of the communication Division of the network elements and levels shall, within 90 days from the date of completion of the adjustment, repeat the compliance evaluation.

    Communications networks unit shall, upon completion of the evaluation in the 30th, communication network element of the compliance evaluation results, rectification or corrective action plan submitted to the communications network unit of the record.

   12th communications networks operating unit organization shall, in accordance with the following provisions on the communication network security risk assessment unit, to eliminate major cyber security risks:

   (A) the three-level and three-level communication network element should be an annual risk assessment;

    (B) a secondary communication network element should be a security risk assessment every two years.

    Before major national events, and communications networks unit should be in accordance with the Telecommunications Authority's request for security risk assessment.

    Communication network security risk assessment after the 30th in the security risk assessment, risk treatment or treatment plan submitted to the communications network unit of the record.

    13th communications networks unit should be important to the communication network unit lines, equipment, systems, and data backup.

    14th communications networks unit shall organize drills, test the effectiveness of communication network security measures.

    Communications networks unit shall participate in telecommunications management organizations walkthrough.

    15th communications networks unit to establish and run a communications network security monitoring system, to monitor the communications network of the security situation.

    16th communications networks unit may appoint a professional body to carry out communication network security testing, evaluation, monitoring, and so on.

    Should be based on communication network of the Ministry of industry and information security needs, strengthening the provisions of the preceding paragraph the security trustee evaluation, assessment, monitoring guide.

    Article 17th telecommunications regulatory bodies should be carried out on the operation of communication networks communication network security checks.

    The telecommunications regulators can take the following measures:

    (A) access to communications networks operating unit compliance evaluation report and risk assessment report;

    (B) access to communication networks running on network security protection of documents and records;

    (C) communication network operating unit staff to understand the situation;

    (D) identification of the operating unit of the facility of communication networks;

    (V) technical analysis of the communications network and testing;

    (Vi) other screening measures stipulated by laws and administrative regulations.

    Article 18th telecommunications regulatory bodies can delegate communication network security activities of the specialized agencies.

    19th communications networks shall cooperate with the management of the institution and its delegate inspection activities of the specialized agencies, for a major cyber security risks found in the inspection shall be timely rectification.

    Article 20th telecommunications regulatory bodies to examine communication network security work, should not affect the normal operation of the communications network, shall not charge any fee, inspected units shall not be required to purchase a specified brand or the unit's security software, equipment or other products.

    21st telecommunications regulators and their delegates in the work of the specialized institutions for children checked was informed that State secrets, business secrets and personal privacy, and confidentiality obligations.

    22nd disobey article sixth, seventh, first and third paragraphs, eighth and Nineth, 11th, 12th, 13th, 14th, 15th and 19th article, by telecommunications regulatory agency ordered corrective action ex officio; it refuses to be given a warning, and a fine of less than 5,000 yuan and 30,000 yuan.

    Article 23rd telecommunications authority who violate this article 20th and 21st article, shall be given administrative sanctions constitutes a crime, criminal responsibility shall be investigated according to law. 24th article this way come into force on March 1, 2010.