(Health Conference of the Hygiene People's Government on 21 May 2012 to consider the adoption of Decree No. 5 of 25 May 2012 No. 5 of the Hon-Government Order No. 5 of 25 May 2012 for implementation effective 1 July 2012.

Chapter I General

Article 1 promotes the development of healthy development, the preservation of legitimate rights, public interest and social stability, and the development of this approach in line with the laws, regulations and regulations such as the Safeguard of computer information systems in the People's Republic of China.

Article 2

Computer information systems involving State secrets are implemented in accordance with the provisions of the relevant legislation, regulations and regulations.

Article III. Safety of computer information networks upholds the principles of “protection and management” and “ Who is responsible for doing business and who is responsible”.

Article IV. Governments of municipalities, districts (markets, districts) should strengthen the leadership of the safe management of computer information networks by integrating this work into integrated governance and annual objective appraisals for the management of the people at this level.

Article 5 is the responsibility of the municipal public security authorities for the safe management of computer information networks throughout the city, and the network safety defence component is specifically responsible for the day-to-day work of the safety and protection of computer information networks.

Regional, district (market) public security authorities are responsible for the safe management of computer information networks within the scope of this jurisdiction, in accordance with their responsibilities.

National security authorities and confidential, passwords, business, cultural radio movies, industry and information, inspection and other relevant administrative authorities are able, in accordance with their respective responsibilities, to manage the safety of computer information networks.

Computer information networks operate, use units, and should be tailored to the relevant work related to the safe management of computer information networks.

Chapter II

Article 6. Public security authorities perform the following duties in the management of the safety of computer information networks:

(i) Guidance, supervision, inspection, operation of computer information networks, establishment and implementation of safety protection systems and safety protection technical measures;

(ii) To guide, monitor, inspect public information services in computer information networks, the protection of the information security hierarchy and the safety assessment of computer information networks services, and to identify public information containing information contained in article 24 of this approach, should be informed of the operation of the computer information network, the deletion of service units and, if necessary, the suspension of web services to the sender;

(iii) Processing of requests for computer information networks;

(iv) To receive security incidents against computer information networks, reports of cases, survey sites and collect relevant evidence and to investigate violations of the safety management of computer information networks by law;

(v) To guide or organize computer information networks operating, using units for the safe protection of computer information networks;

(vi) The management of the computer virus;

(vii) In emergencies such as national security, public safety, social stability and the safety of critical computer information networks, the requirement for the relevant units to take appropriate urgent measures, in accordance with the statutory procedures, has been reported;

(viii) Other responsibilities under laws, regulations and regulations.

Article 7. National security authorities are responsible for the management of the national security matters of the computer information network, which is governed by the law by computer information networks that endanger national security violations.

Article 8

Article 9. The password management should strengthen the supervision, inspection and guidance of the computer information system's password product use units, conduct regular inspections and evaluation of the availability, use and management of the computer information system safety hierarchy and train the operation and management of the password product use units.

In the course of monitoring inspections, the password management found that there was a security concealment, a violation of the password regulations or a failure to meet the requirements of the password standards, which should be addressed in accordance with the relevant provisions of the password management.

Article 10

(i) The security protection management of the computer information network of this unit, the establishment of a sound security protection management system, the implementation of security protection technical measures, and security of the network of this unit;

(ii) Training in safety education for users of the network;

(iii) The discovery of public information containing safety, harmful data or the use of networks to commit violations, should immediately cease the transmission of violations, retain the relevant original record and report to the local public security authorities within 24 hours;

(iv) Assist, cooperate with, inter alia, public security authorities and national security authorities in investigating violations by law;

(v) Provide information on the safety of computer information systems, Internet-based data and other data documents to public security agencies, national security agencies and other relevant departments;

(vi) Other responsibilities under laws, regulations and regulations.

Chapter III Security protection

Article 11. The computer information system implements a security hierarchy protection system.

The level of security protection of computer information systems is divided into five levels, and the principles, standards, levels of security protection and management are implemented in accordance with the relevant national provisions.

The information system should be protected in line with the basic requirements for the protection of the national information security hierarchy, in accordance with the relevant provisions and technical standards.

Article 12

The new, alteration and expansion of the computer information system, which should operate, use units determine the level of security protection of computer information systems at the planning, design stage, and build in parallel information security facilities that meet the requirements of the security protection hierarchy and implement safety protection measures.

The planning, construction, operation and use of computer information systems should be used in the planning, construction of the computer information systems safety protection facility, in order to meet national requirements and to meet the information safety and security needs of computer information systems.

The operation, use units of the secondary and above-second computer information networks shall apply to the public security authorities in accordance with the following provisions:

(i) The construction of a new computer information network within 30 days of operation;

(ii) The computer information network has been operating, within 30 days of the date of operation of the scheme;

(iii) Changes in the structure of the computer information network, processing processes, service content etc.

Article 14.

(i) The security management system of computer air fleets;

(ii) The security responsibility regime and the confidentiality regime;

(iii) To verify, register and update user registration information systems in a timely manner;

(iv) The management system for registration and operation of authority in the accounts;

(v) Safety management functions;

(vi) Important equipment, media management systems;

(vii) The publication, registration, maintenance, clearance and replenishment system of information;

(viii) The information network security education and training system;

(ix) The information network security emergency response system;

(x) Cases, incidents reports and assistance in the identification system;

(xi) Other security protection systems should be established and implemented.

Article 15. The operation of computer information networks, the use of units should strictly implement safety protection technical measures in accordance with the provisions of the Internet Safety Protection Technical Measures and other relevant laws, regulations and regulations.

The operation of the computer information network and the use of units should enhance the daily testing of the security conditions of the computer information network, and regular screening of computer information networks in accordance with national regulatory norms and technical standards, as measured, self-identified and self-identified, should be adapted in a timely manner.

Article 17

In the event of a major sudden incident, the computer information network should operate, use units should be processed in a timely manner in accordance with the requirements for emergency disposal and subject to movement control by public security agencies and designated other relevant sectors.

In violation of national confidentiality provisions that disclose or may disclose State secrets, immediate measures should be taken and reported on the relevant organs, units, authorities, units should be processed immediately, reporting to the location's national security organs or the confidential administration sector and retain the relevant original record.

Article 18 Internet service providers, Internet access units, should be available within 30 days of the date of Cyclone, within 30 days of the self-exploitation of the web-based approach, to the CNSS application for the processing process.

Internet service providers should register real information from users. Changes in user information should be made from 30 days of the date of the change and the application of a change procedure by a network of security authorities in the original case.

The Internet Information Services Unit should establish a sound information review system, specifying information reviewers, discovering that they fall under article 24 of this approach, and should immediately remove the contents of the offence, preserve the original records and report to the local public security organs, national security authorities, and report to the relevant administrative authorities.

The computer information network should use fixed Internet web addresses, such as real recordings and retention of user registration information, to provide electronic bulletins, web games and other instant communication services.

Article 20 uses the internet access unit using the internal web address to the Internet, which should record and retain information, such as end-of-user hardware addresses, and the Internet web addresses, with over 60 days.

Article 21, which establishes a unit of Internet-based service places under the law, should strictly implement the relevant provisions of the Regulations on the Management of Workplaces of Internet Access Services and regularly communicate their cybersecurity and relevant information to the security sector of the public security organs with managerial competence.

Article 22 does not operate Internet service providers and should comply with the following provisions:

(i) Within 15 days from the date on which Internet access services have been provided, within 15 days from the date of operation of the current Internet access service, applications for the processing of requests have been made by the network security authorities at the location;

(ii) Changes in their statutory representations, places, web addresses, etc., from 15 days from the date of the change in the above-mentioned situation to the public security authorities in the original case for the processing of the change;

(iii) The installation and operation of security-protection technology facilities consistent with national standards, the networking of information management platforms for public security authorities and the assurance of their online functioning;

(iv) Provision of Internet-based Internet access sites that are accessible to services in a non-linear manner should record and retain user information and accompany information such as Internet terminal hardware addresses.

Article 23. The computer information network security services should be established by law. It is proposed that within 30 days prior to operational activities in this city, operational activities have been carried out within 30 days of the date of operation, and that the CNDP's network security authorities apply for clearance procedures.

The computer information network security services and their staff should comply with the following provisions:

(i) Servicing in accordance with relevant laws, regulations and standards for information security technologies;

(ii) In the course of the service, the technical secrets of national secrets, commercial secrets and computer information systems were not disclosed;

(iii) No illicit possession and use of user information resources;

(iv) There should be no concealment in the computer information system.

No unit or person may use computer information networks to produce, issue and disseminate information containing the following:

(i) To reject the basic principles enshrined in the Constitution;

(ii) To endanger national security, disclose State secrets, subversive national regimes and undermine national unity;

(iii) Damage to national honour, interests and public interest;

(iv) incitement to national hatred, national discrimination, destruction of national unity or violations of national customs;

(v) Destabilize national religious policies and promote philosophicalism and envelope;

(vi) Dispersing rumours, disrupting social order and undermining social stability;

(vii) Raise public malicious comments on others, public privacy or physical attacks against others, including by means of implying, video;

(viii) Hearing of others in blatant insults or fabricated facts;

(ix) Activities on behalf of illegal associations;

(x) The sale of laws, regulations prohibiting the circulation of goods;

(xi) The illegal sale of laws, regulations and restrictions on the circulation of goods constitutes a threat to public safety;

(xii) contains elements such as obscene, pornography, cascabo, violence, fraud, terror, or instigation of crime and the transfer of criminal methods;

(xiii) Other information prohibited by law, regulations and regulations.

No unit or person may engage in activities that endanger the safety and order of computer information networks:

(i) Access to computer information systems or unlawful possession, use and stealing computer information systems resources without permission;

(ii) Delete, modifying, increasing or disrupting computer information systems functions without permission;

(iii) To delete, modify or increase data and applications stored, processed or transmitted in computer information systems without permission;

(iv) Damage to the operating environment, facilities and equipment of the computer information network;

(v) Theft, banditry, falsification and destruction of Internet resources;

(vi) The intentional production, dissemination, use of computer-based, malicious software destructive procedures, or the production, publication, reproduction, dissemination of destructive procedures or information on their machines, source procedures;

(vii) deliberately block the transmission of information that impedes, disrupts and disrupts computer information networks, with malicious use of cyber resources;

(viii) The use of computer information networks against the will of others and the use of information on behalf of others;

(ix) Resources known to this unit or to its own computer information network, the main space, etc., have been used by others to engage in activities that may endanger the safety of the computer information network;

(x) The unauthorized use of computer information networks to collect, use, provide and sell information from others;

(xi) Other acts that endanger the safety and order of computer information networks.

Chapter IV Corporal punishment

The main heads of State organs, State-owned enterprises and units in violation of the provisions of this approach have serious consequences and have been given administrative disposal in accordance with the relevant provisions.

The staff of the public security agencies and other departments violate the provisions of this approach by playing a role, abuse of authority or provocative fraud, which is dealt with by their units or superior authorities, the inspection body in accordance with the relevant provisions.

Article 27, in violation of the provisions of this approach, provides for a warning by the public security authorities within the scope of the management authority to correct their deadlines; a failure to change before it is granted to a stopping machine within six months by law:

(i) No level of security protection of computer information systems;

(ii) Non-processarial proceedings or changes in requests;

(iii) No significant security accidents in computer information systems are reported at the time specified;

(iv) The computer information system security protection facility does not plan, build in accordance with national information safety standards for regulatory and technical standards.

In violation of this approach, there are one of the following cases where the public security authority is warned within the scope of the management authority to correct its deadlines; a fine of up to $50 million for non-operational units and a fine of more than 1,000 dollars for operating units.

(i) No hierarchy and self-assessment of computer information systems in accordance with the relevant national provisions, or a measurement and self-assessment that are not in compliance with the requirements and are not rectified in a timely manner;

(ii) The relevant departments do not provide information, Internet-based data and other data documents when they investigate the safety of computer information networks and alleged violations by law;

(iii) The absence of a computer information system emergency response to a major incident, or the absence of a timely processing of a major incident would not be subject to the control of the sector concerned.

Article 29, in violation of this approach, does not establish and implement a security protection management system for the computer information network, or does not implement safety and technical protection measures, which are sanctioned by public security authorities in accordance with article XXI of the International Network for the Safety of Intranet.

Article 33 The operating units of Internet-based service locations violate the relevant management provisions and punish them in accordance with the relevant provisions of the Regulations on the Management of Workplaces on Internet Access.

Article 31, on the Internet, which is licensed by law, does not justify the release, write-off of its licence in accordance with the statutory suspension or the conditions for the cancellation of business licences after the commencement of the operation.

Article 32 or individuals violate article 24, article 25 of this approach, which is sanctioned by public security authorities in accordance with the provisions of the Law on the Safety and Security of the People's Republic of China, the computer information network's safety protection management approach and other relevant provisions.

In violation of this approach, other laws, regulations, regulations and regulations are governed by the law.

Article 34 of the Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families (art.

Chapter V

The meaning of the following wording in this approach:

(i) The “ computer information network” means a computer information system that is to be processed by computers and their associated facilities equipment, in accordance with certain applicable objectives and rules, including computer information systems that do not have access to the Internet, including the computer information system (including the local area network) and the Internet access (contrajective of wireless access);

(ii) “Security of computer information networks”, including the operation of computer information networks and the safety of information content;

(iii) “Intranet operation, use units” means all operators, users, including Internet access services, Internet data centre services, Internet information services units, Internet access services units, Internet access services units, Internet access services units, Internet access units, Internet access units (accessible access) units, computer information systems that do not have access to the Internet, and the use units that do not have access to the Internet (contrajectives);

(iv) “serious sudden incidents”, which refer to major events harmful to the wide dissemination of information, mass cyberattacks, computer sanitary conditions that endanger the safety of computer information networks;

(v) “Internet service providers” means units providing Internet access services to users, Internet data centre services, Internet information services and Internet access services;

(vi) “Intranet use units” means units requiring connectivity and the use of the Internet for this unit;

(vii) “Internet data centre service units” means units providing services such as hosting, rental and virtual space rental;

(viii) “The computer information network security service provider” means units engaged in the design, construction, testing, maintenance, supervision, counselling, training, measurement, etc. of computer information networks;

(ix) “Electronic notice services” means an act of information dissemination conditions for Internet users on the Internet in a variety of formats, such as forums, chat rooms, pamphlets, blogs and microbos.

Article 36 of this approach is implemented effective 1 July 2012.