Jiangxi Province, Computer Information System Security Measures

Original Language Title: 江西省计算机信息系统安全保护办法

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Get a Day Pass for only USD$19.99.
(The people's Government of Jiangxi province, on September 7, 2004 at the 25th Executive meeting, people's Government of Jiangxi province, on September 23, 2004 the 135th promulgated as of November 1, 2004) first in order to protect the security of computer information systems, computer application and development, safeguarding national interests and public interests, in accordance with the People's Republic of China and other relevant provisions of the regulations on protection of computer information system security, combined with the facts of the province, these measures are formulated.
    Article computer information systems in these measures refers to the computer and its related and supporting equipment and facilities (including networks) which, according to certain rules of application goals and information collection, processing, storage, transmission, retrieval, and processing of human-machine system.
    Article within the administrative area of the province of computer information system security procedures apply.
    Not connected to computer security protection measures according to the relevant State provisions.
    Fourth article computer information system of security protection work, focus maintenance following involved national affairs, and economic construction, and defense construction, and tip science and technology, important field, and focus units of computer information system of security: (a) County above State, and defense units; (ii) Bank, and insurance, and securities, financial field; (three) post, and telecommunications, and broadcast, and TV field; (four) energy, and traffic field; (five) national and the province focus research units; (six) focus website;
    (VII) other important areas of the State, key units.
    Fifth article police organ is computer information system security work of competent sector, its main duties is: (a) publicity computer information system security legal, and regulations, and regulations; (ii) supervision, and check, and guide computer information system security work; (three) Organization training computer information system security management personnel; (four) investigation against computer information system security of illegal crime case; (five) on important field, and focus units of computer information system of construction engineering for Security Guide;
    (Vi) is responsible for the management of the prevention and control of computer viruses and other harmful data; (VII) supervision and inspection of computer information system security product sales activities, (VIII) shall carry out other duties in accordance with law.
    National Security Agency, the national security agency and other relevant government departments, in the context of responsibilities under the related work of the computer information system security.
    Sixth construction and application of computer information systems shall comply with the laws, regulations and other relevant regulations of the State.
    Key areas, key units of the new computer information system should be in the 30th after a system built by construction units report to the people's Government at the public security organ for the record. The seventh article in computer information system classified security protection.
    Safety level criteria and specific measures for classified security protection, in accordance with the relevant provisions of the State.
    Eighth International networking of computer information systems to implement filing system. Use the international networking of computer information networks of citizens, legal persons and other organizations when applying for network access unit shall fill in the user registration form.
    Access units shall from the date of formal Unicom network in the 30th, designated by the province, the public security organs to accept filing procedures, and to report regularly on changes to this user on the network.
    Article important areas, the key unit of computer information systems using units shall establish safety management of computer information systems, specifies the Security Manager.
    Safety management and safety managers are responsible for the running of computer information systems and running environment checks, preparing to run log, eliminate security risks in a timely manner, may be subject to infestation and damage the development of emergency preparedness.
    Security managers should participate in public security organs computer information system security training. Tenth Article important field, and focus units of computer information system using units should established following security management system: (a) computer room security management system; (ii) information released audit, and registration system; (three) information monitored, and save, and clear and backup system; (four) virus detection and network security vulnerability detection system; (five) account using registration and operation permission management system; (six) security education and training system; (seven) illegal case report and assist investigation system; (eight) other and security
    Related management systems.
    11th article important field, and focus units of computer information system using units should implementation following security technology measures: (a) 60 day above system network run log and user using log records save measures; (ii) security audit and warning measures; (three) garbage mail cleanup measures; (four) identity registration and recognition confirmed measures; (five) computer viruses control measures; (six) information mass limit and harmful data control measures; (seven) national provides of other security technology measures.
    12th Internet online service business premises and business units in front of the opening must be according to law by the people's Governments above the county-level public security organs of information network security examination and certificates issued by the relevant departments in accordance with law.
    Internet online service business premises and business operation entity shall fulfill its computer information systems security obligations, it may not stop the implementation of security measures.
    13th article any units and personal shall not using international networking engaged in following against computer information network security of activities: (a) making, and copy, and released, and spread harmful information; (ii) without allows, on computer information network function for delete, and modified or increased; (three) without allows, on computer information network in the storage, and processing or transmission of data and application for delete, and modified or increased; (four) deliberately making, and spread computer viruses, destructive program;
    (E) other acts endangering computer information network security.
    14th district city people's Government above the public security organ shall site or other media on computer virus epidemic situation forecast issued in a timely manner.
    Any unit and individual shall in any way release the computer virus epidemic. Section 15th of the violations that occurred in computer information systems, users shall promptly take measures after the discovery, to preserve the site and related information, and report to the people's Governments above the county-level public security organ within 24 hours. Public security authorities after receiving the report, shall take immediate measures to dispose of.
    Related to national security, the State security organs shall be disposed of.
    In the computer information systems violation cases and the circumstances surrounding this serious accident, people's Governments above the county-level public security organs shall inform the unit of time to use.
    16th public security organs computer information system should be conducted regularly, when you detect security risks, shall be to use units of the computer information system safety rectification notices issued, and to make suggestions for improvement, guidance, supervision and use rectification to eliminate hidden dangers.
    17th article police organ for protection computer information system security, in following emergency situation Xia, can take 24 hours within temporarily downtime, and suspended networking, and backup data, measures, units and personal should truthfully provides about information and information, and provides related technology support and necessary of assist: (a) computer information system was malicious attack led to system paralysis of; (ii) computer information system was virus infection led to system paralysis of; (three) through computer information system to outside large sent harmful information of;
    (D) in computer information systems in the spying case that occurred during and after that evidence may be destroyed or lost or difficult to obtain, and (v) other urgent measures should be taken.
    People's Governments above the county-level public security organs before the emergency measures provided for in the preceding paragraph, shall be approved by the organs in charge.
    18th computer information system security product producers in its products to enter the market before the sale, it shall be issued by the Ministry of public security made the computer information system security product license, and its fixed position products marked "sales permission" tag.
    No unit or individual shall sell no "sales permission" tag security-specific products.
    Computer information system security product management, should be opened in 30th district people's Government above the public security organs in the record.
    19th district governments above city public security organs shall be responsible for the supervision and inspection of computer information system security product license, sale of computer information system security product units and individuals, validation checking and sampling monitoring measures can be taken.
    Management of the commercial code, in accordance with the provisions of the State Council regulations on commercial cryptographic implementation.
    20th important areas, key units of the new computer information systems was not filed within the prescribed period, ordered by public security organs to correct; it fails, and fined 1000 Yuan fine.
    21st key areas, key unit of computer information systems used in violation of the provisions of article Nineth, the public security organ shall order rectification; fails to reform, reorganization within the public security authorities may impose a 6 month downtime.
    22nd article important field, and focus units of computer information system using units violation this approach tenth article, and 11th article provides of, by police organ ordered deadline corrected, give warning; late not corrected of, on units directly is responsible for of competent personnel and other directly responsibility personnel can and at 5000 Yuan following fine, on units can and at 15000 Yuan following fine; plot serious of, can and at 6 months within stop networking, and downtime reorganization.
    23rd article using international networking engaged in this approach 13th article by column activities of, by police organ give warning, has illegal proceeds of, confiscated illegal proceeds, on personal can and at 5000 Yuan following fine, on units can and at 15000 Yuan following fine; plot serious of, can and at 6 months within stop networking, and downtime reorganization; violation security management provides of, law be security punishment; constitute crime of, law held criminal.
    24th special products for computer information system security sales-free "sales permission" tag security-specific products, or not in accordance with the requirements of these measures within the deadlines for filing procedures, the public security organ shall order correction within; it fails, fined a maximum of 1000 more than 5000 Yuan.
    25th other acts in violation of these rules, otherwise penalties by the State from its provisions.
    26th in public security work in the computer information system security, using his power to ask for or accept bribery or other illegal, dereliction, constitute a crime, criminal responsibility shall be investigated according to law; do not constitute a crime, administrative sanctions according to law.
    27th the following terms shall have the meanings herein as: computer virus, refer to prepare damage computers or inserted in a computer program or destroy data, computer use, and can replicate a set of computer instructions, or code.
    Bad data, refers to the computer information systems and their storage media, appear, endangering computer information systems security operation and function of the program, or to national security and public safety hazards or potential threat information.
    Access units, is responsible for access to the international networking of computer information networks operating unit.
    Computer information system security product, refers to dedicated hardware and software for the protection of computer information system security product.
    28th army of computer information system security, in accordance with the relevant regulations of the army.
    Article 29th of computer information system security management, in accordance with the relevant provisions of national and provincial.
                                                                                                          30th these measures shall come into force on November 1, 2004.

Related Laws