Yunnan Provincial Monitoring Network And Information System Security Management

Original Language Title: 云南省网络与信息系统安全监察管理规定

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
(May 10, 2004, Yunnan Provincial people's Government, the 17th Executive meeting on November 7, 2004, 130th promulgated by the people's Government of Yunnan province as of January 1, 2005) first in order to protect the network and information systems security, and promote the application and development of the network, according to the People's Republic of China regulations on protection of computer information system security, relevant laws and regulations, combined with the facts of the province, these provisions are formulated.
    Second people's Governments above the county level leadership and coordination of the network and information system security.
    Above the county level shall be responsible for the administration of public security within the network and the security supervision and management information system.
    State security organs above the county level, the State secret-guarding Department, information technology Department and other relevant departments, in network and information systems security within the scope of their respective duties and responsibilities related to the management of the work.
    Article on network and information system classified security protection system.
    On following units involved of based information network and relationship national security, and economic lifeline, and social stable, aspects of important information system of security, implemented focus protection: (a) levels organ; (ii) Bank, and insurance, and securities, financial units; (three) post, and telecommunications units; (four) broadcast, and TV, and news published units; (five) focus power, and coal, and gas, and fuel, energy units; (six) Aviation, and railway and focus Highway, and water, transport units; (seven) water and the water supply units;
    (H) the important reserve units (nine) key construction unit (10) large industrial and commercial enterprises, information technology, (11) focus on scientific research, educational institutions (12) health, fire fighting, emergency rescue and other emergency service providers (13) other units need to be protected.
    Fourth article focus protection of network and information system should reached following security requirements: (a) room and the external environment, and equipment and the media of security should meet about legal, and regulations, and regulations and standard of requirements; (ii) has risk analysis, and backup and recovery, and capacity disaster emergency, information run security protection measures; (three) has operating system security, and database security, and network security, and virus protection, and access control, information security protection measures and prevention illegal invaded, and attack network and information system of security protection measures;
    (D) use the computer information system security product license and other certificates for administrative license of network and information system security products (v) setting up a network and information system security management institution or full-time or part-time network and information system security officers, in charge of network and information system security. Fifth article engaged in international networking business or to public provides Internet service of focus protection of network and information system, except should reached fourth article provides of security requirements outside, also should reached following security requirements: (a) has system run and user using log records save 60 day above of measures; (ii) has records user main called phone number or network address of measures; (three) has using who identity registration and recognition confirmed measures; (four) has garbage mail filter, and
    Harmful information security protection measures such as control; (e) the national security management software and hardware are installed.
    Sixth article focus protection of network and information system using units should established following security protection system: (a) computer room security management system; (ii) security management responsibility people of appointment and security responsibility system; (three) network security vulnerability detection and security system upgrade management system; (four) operation permission management system; (five) user registration system; (six) information released of review, and registration, and save, and clear and backup system; (seven) information mass service management system.
    Seventh article focused on the protection of network and information system staffed with full-time or part-time network and information system security officers should be qualified as a nationally recognized information security professionals, lack of qualified information security professionals, should be subject to public security organs above the county level organization or in conjunction with relevant departments, professional training and examinations.
    Network and information systems security professional of the year under examination system.
    Article eighth network and information system security integration with the integration of network and information system security unit.
    Engaged in the protection of network and information system security integration integration qualification of unit shall obtain the approval of relevant State departments, and is equipped with Adaptive security integration needs, acquire the relevant network and information systems security standards technical personnel.
    Integrated network and information system security unit shall provide the State (City) public security organ for the record above, and accept the supervision and inspection of the public security organs. Nineth security integrated unit engaged in the protection of network and information system security integration, should be implementing national standards related to network and information security, security integration is complete when all the information in a timely manner to make network and information systems unit, and security integration systems network architecture, configuration, and security integration that has confidential State secrets, business secrets.
    Prohibit the setting in network and information system security integration covert channel.
    Tenth article focused on the protection of network and information systems before the building, rebuilding, expansion, and use safety programme should be reported to the police having jurisdiction for the record. 11th article focused on the protection of network and information systems security technology detection system. Testing the implementation of relevant national standards and industry standards of security technology.
    Detected by the security technology does not meet security requirements, corrective action should be carried out.
    Protection of networks and information systems should be officially put into use before safety technology for the first time detected; before the implementation of these provisions has been put into official use shall be completed within 6 months from the date of implementation of this provision security technology to test for the first time.
    Focused on the protection of network and information systems security technology for the first time after test, testing should be conducted at least once a year security technology.
    Focused on the protection of network and information system equipment replacement or retrofit, changes in network structure, as well as the process type, nature of the information changes, and have a direct impact on security measures, should be put into operation before the affected part of safety testing.
    Focus on the protection of network and information systems security technology should be strengthened testing, to eliminate hidden perils. 12th protected flat against the use of networks and information systems network and information system security vulnerabilities or incidents, should retain the original recording, and within 24 hours of the local public security organs above the county level report.
    Police found against network and information system security vulnerabilities or incidents, shall promptly notify the relevant units. Shall promptly take measures to eliminate, undermining the security of networks and information systems risks or accidents.
    Public security organs should strengthen supervision and inspection, the timely processing of undermining the security of networks and information systems.
    13th detection of network and information systems security technology, borne by the unit in a safe technical testing capabilities. Engaged in the protection of network and information system security technical detection units should be recognized by the national authorities.
    Due to special conditions, the number of nights: measurement, must possess computer operating systems, databases, networks, computer room environment necessary for safety testing equipment, equipped with adapted security technology testing needs, control network and information systems security standards and approved by the provincial-level public security organs ' professional security training or qualified technicians.
    Network and information systems security technology detection units should state (City) public security organ for the record above, and accept the supervision and inspection of the public security organs. 14th security technical detection units detected network and information system of the test content, test results, and involved State secrets, trade secrets and all other information should be kept confidential.
    Ban set up covert channel detection of network and information system.
    Article 15th network and information system security product research and development and engaged in research on computer viruses and other harmful data control unit should be reported to provincial-level public security organ for the record.
    16th units engaged in Internet cafes and other Internet service operating, in accordance with the regulations of the administration of business sites of Internet access services on the Internet requirements and relevant regulations of the State, and performance of information network security duties, implementation of the information network security measures, accept the supervision and administration of the public security organs and the relevant departments. 17th article units or personal has following behavior one of of, by County above police organ ordered corrected, give warning or on units at 15000 Yuan following of fine, on personal at 5000 Yuan following of fine; constitute crime of, law held criminal: (a) illegal invaded focus protection of network and information system, modified, and delete, and increased, and damage network and information system of function, and program and the data of; (ii) making, and spread against network and information system security of program,
    Teach or malicious harm network and information system security procedures, such as the production and use of methods, resulting in damage of networks and information systems and (iii) with the intent to interfere with normal operation of the network and information system; (d) any other acts against network and information system security.
    18th article units or personal using network and information system implementation following behavior one of of, by police organ law give administrative punishment; constitute crime of, law held criminal: (a) against national security, and damage social stable, and damage national unity, and promote cult, and superstition of; (ii) publicity obscene, and gambling, and violence, implementation fraud activities, disrupt social order, against others lawful rights and interests of of; (three) legal, and regulations ban of other behavior. 19th article focus protection of network and information system using units has following case one of of, by County above police organ ordered deadline corrected, or with about sector for processing; late not corrected of, on units at 10,000 yuan following of fine, on directly is responsible for of competent personnel and other directly responsibility personnel can at 1000 Yuan following of fine; constitute disciplinary of, law give administrative sanctions or disciplinary; constitute crime of, law held criminal:

    (A) not reached this provides fourth article provides of network and information system security requirements of; (ii) engaged in international networking business and to public provides Internet service of network and information system not reached this provides fourth article and fifth article provides of network and information system security requirements of; (three) not established this provides sixth article provides of security protection system of; (four) not by provides for network and information system security technology detection, or by detection up not to security requirements and unauthorized using of;
    (V) found potential undermining the security of networks and information systems or concealment, delaying the report, report deceitfully or vandalism, original records. 20th article network and information system security integrated units, and security technology detection units in security integrated, and security technology detection activities in the has following case one of of, by County above police organ ordered corrected, on units at 30,000 yuan following of fine, on directly is responsible for of competent personnel and other directly responsibility personnel can at 5000 Yuan following of fine; constitute crime of, law held criminal: (a) not according to national network and information system security standard for security integrated or security technology detection,
    Caused network and information system damage of; (ii) deliberately in for security integrated or security technology detection of network and information system in the set hidden channel of; (three) leaked security integrated system of network structure, and configuration or in security integrated, and security technology detection process in the gets of other national secret, and commercial secret of; (four) issued false security integrated, and security technology detection results proved of.
    21st functionaries in network and information systems security monitoring and managing dereliction of duty, abuse of power, favoritism, and shall be given administrative sanctions constitutes a crime, criminal responsibility shall be investigated according to law.
                                      22nd article of the regulations come into force on January 1, 2005.