Advanced Search

Yunnan Provincial Monitoring Network And Information System Security Management

Original Language Title: 云南省网络与信息系统安全监察管理规定

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

(Adopted at the 17th ordinary meeting of the People's Government of Yumnan, 10 May 2004, No. 130 of 7 November 2004 by the People's Government Order No. 130 of 7 November 2004, effective 1 January 2005)

Article 1 promotes the application and development of the network in order to protect network and information system security, in line with the National People's Republic of China Computer Information System Safety Protection Regulations and relevant laws, regulations and regulations.
Article 2
More than the public security authorities at the district level are responsible for the management of networks and information systems in the present administration.
More than the national security authorities at the district level, the national confidential work sector, the information industry and other relevant sectors are responsible, within their respective responsibilities, for the work related to cybersecurity management.
Article 3 introduces a security hierarchy of protection systems for networks and information systems.
Priority protection is given to the safety of key information systems relating to basic information networks and relationships in the areas of national security, economic life and social stability:
(i) organs at all levels;
(ii) Financial units such as banking, insurance, securities;
(iii) Postal, telecommunications units;
(iv) Broadcast, television, press publishing units;
(v) Energy units, such as electricity, coal, fuel and fuel;
(vi) Transport units such as aviation, railway and priority roads, water transport;
(vii) Water and water supply units;
(viii) Key reserve units;
(ix) Focus construction units;
(x) Large businesses, information technology enterprises;
(xi) Focus on scientific research, educational institutions;
(xii) Social emergency services such as health, firefighting, emergency relief;
(xiii) Other units requiring priority protection.
The network and information systems that focus on protection should meet the following safety protection requirements:
(i) The safety of air and external environments, equipment and the media should be consistent with the requirements of the relevant laws, regulations and standards;
(ii) Safeguards for information operations, such as risk analysis, backup and recovery and response;
(iii) Information security measures, such as operational system safety, database security, cyber safety, protection of the virus, mission control, and protection against unlawful incursions, attacks networks and information systems;
(iv) Use of specialized products with administrative licences, such as the Computer Information System Safe-specific Product sales permit;
(v) The creation of a network and information system safety management body or a dedicated or part-time network and information systems safety officer with specific responsibility for the protection of cyber and information systems.
Article 5 Networks and information systems that engage in international networking operations or provide central protection to the public, and in addition to the safety protection requirements under article IV, the following safety protection requirements should be met:
(i) Measures with a systematic operation and user-use log recording over 60 days;
(ii) Measures to record the user's call number or web addresses;
(iii) Registration and identification measures with user status;
(iv) Safeguarding measures such as garbage filters, harmful information control;
(v) The installation of soft-management hardware with State-mandated security.
Article 6. Networks and information systems that focus protection should be established:
(i) The security management system of computer air fleets;
(ii) The system of duty-free and secure responsibility for security management responsibilities;
(iii) Web safety loopholes and the upgrading of security systems;
(iv) Operational competence management systems;
(v) The user registration system;
(vi) Review, registration, maintenance, clearance and backup systems issued by information;
(vii) A management system for information-sharing services.
Article 7. The network that focuses on protection is dedicated to or part-time networks with information systems and information systems safety officers should be eligible for national accredited information safety professionals without access to information security professionals, and should be organized by or subject to professional training with the relevant sector organizations.
The Network and the Information Systems Safety Officers have introduced the annual professional appraisal system.
Article 8. Networks and information systems safety packages are undertaken by units with a network and information systems safety pool.
Networks that focus on protection should be equipped with a pool of expertise endorsed by the relevant national departments and adapted to the needs of the safety pool, with relevant networks and information systems safety standards.
Networks and information systems safety packages should be made available to the public security authorities in the State (market) and subject to oversight by public security authorities.
Article 9. The safety pools should implement national standards relating to the safety and security of information systems in the context of the focus on protected networks and the integration of information systems, to communicate all information to the information systems and information systems in a timely manner after the completion of the security pool and to have confidential responsibilities for the network structure of the safe assembly system, the configuration and the national secret, commercial secrets that have been informed. Conditions are prohibited in the safety pooled network and information systems.
Article 10. The network and information systems that focus on protection should be presented by the security measures programme before new construction, alteration and expansion.
Article 11 focuses on protected networks and information systems to implement safety technology testing systems. Safety technology testing is implementing national standards and industry standards. The safety-technical testing does not meet security requirements and should be restructured.
The network and information systems that focus on protection should be tested for the first safety technology prior to the formalization of use; the first safety technical test should be completed within six months of the date of operation of this provision.
The network and information systems that focus on protection should be conducted at least once a year after the first safety technical test.
Networks focusing on protection and updating or upgrading of information systems equipment, changes in the network structure, and the types and nature of information processing, have a direct impact on security protection measures, and safety technical testing should be carried out before the operation.
Networks and information systems outside the focus on protection should strengthen safety technology testing and address them in a timely manner.
Article 12. The network and information systems use units that focus on protection should be retained in connection with the discovery of hidden or accidental damage to network and information systems security, and reporting to public security authorities at the local district level within 24 hours. In cases where public safety agencies have found that the damage to the network is hidden or accidental to the security of information systems, the relevant units should be notified in a timely manner.
The use units should take timely measures to eliminate, deal with hidden or accidents that endanger networks and information systems. Public security authorities should strengthen monitoring inspections to deal in a timely manner with incidents that endanger the safety of networks and information systems.
Article 13 Networks and information systems safety technology tests are carried out by units with a security technology test capability.
Networks that focus on protection should be endorsed by national authorities. For special circumstances to complete safety technical testing, the necessary equipment to carry out safety tests, such as computer operations systems, databases, networks, airfield environments, should be equipped with the necessary equipment to adapt to the safety-technical testing needs, the acquisition of cyber and information systems safety standards and the professional safety training of provincial public security authorities or the examination of qualified technical personnel.
The network and the information system safety technology test unit should be made available to the public security authorities in the State (market) and subject to oversight by public security authorities.
Article 14. Safety technology testing units shall be confidential for all information, such as the testing elements of the network of the detective units and the information system, the results of the testing and the State secret, commercial secrets involved. Conditions are prohibited in the established network and information systems.
Article 15 units engaged in research on the development and conduct of hazardous data control studies, such as computer-based products, should be reported to provincial public security authorities.
Article 16 units operating on Internet-based Internet-based service locations, such as Internet bars, should perform information safety responsibilities, implement information networking safety technical measures and receive oversight by public security authorities and the relevant sectors, in accordance with the provisions of the Internet-based Workplace Management Regulations.
Article 17 consists of one of the following acts, which is being rectified by the order of the public security organs at the district level, warnings or fines of up to 150,000 units, and fines of up to 5,000 dollars for individuals; and criminal liability under the law:
(i) Illicit intrusion of networks and information systems that focus protection, modification, deletion, enhancement, destruction of the functions, procedures and data of networks and information systems;
(ii) The production, dissemination of hazardous networks and information systems safety procedures or the malicious transmission of methods such as the production and use of hazardous networks and information systems safety processes, which cause damage to networks and information systems;
(iii) deliberately disrupt the functioning of networks and information systems;
(iv) Other hazardous networks and information systems safety.
Article 18
(i) To endanger national security, undermine social stability, undermine national unity, promote philosophicalism and credibility;
(ii) To advocate for obscene, cascacause, violence, fraudulent activities, disrupt social order and violate the legitimate rights and interests of others;
(iii) Other acts prohibited by law, regulations.
Article 19 networks that focus on protection and information systems use units are one of the following cases: the time limit for orders by the public security organs at the district level is being changed or will be processed with the relevant departments; the impossibility of delay; fines for a person responsible for direct responsibility and other direct responsibilities may be fined up to 1000 dollars; the amount of unconstitutionality, administrative disposition or discipline; and the legal accountability of the offence:
(i) Failure to meet the requirements for the safety and protection of information systems under article IV of this provision;
(ii) Web and information systems that engage in international networking operations and provide access services to the public do not meet the requirements for the safety and protection of information systems under articles IV and 5 of this provision;
(iii) No security protection regime under article 6 of this provision;
(iv) The use of cyber and information systems safety technology testing, as prescribed, or by testing to be used without security requirements;
(v) Identification of hidden or accidents that endanger the safety of networks and information systems is concealed, suspended, false or deliberately disrupted the original records.
Article 20
(i) Failure to conduct safety packages or safety technical tests in accordance with national networks and information systems safety standards, resulting in damage to networks and information systems;
(ii) The intentional features of concealments in networks and information systems that conduct safe assembly or safety technical tests;
(iii) Disclosure of the network structure, configuration or other countries that have been acquired in the course of safety consolidation, safety technology testing;
(iv) Stereotypes and safety technology testing results.
Article 21 Staff members of State organs who play a role in the management of cyber and information systems, abuse of their functions, provocative fraud are subject to administrative disposition by law, which constitutes a crime and hold criminal responsibility under the law.
Article 2