What is the order and procedures for cybersecurity supervision and cybersecurity testing in Vietnam?
What is the order and procedures for cybersecurity supervision in Vietnam?
Pursuant to Article 15 of Decree No. 53/2022/ND-CP on the order and procedures for cybersecurity supervision in Vietnam as follows:
- The Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam and the Cyber Command of the Ministry of National Defense of Vietnam shall conduct the supervision of cybersecurity of the national cyberspace and national major security information systems according to their functions and assigned tasks. The Cipher Department of the Government of Vietnam shall conduct the supervision of cybersecurity of cipher information systems of the Cipher Department of the Government of Vietnam according to its functions and assigned tasks.
- Order of the supervision of cybersecurity of cybersecurity protection forces:
+ Send written notifications to governing bodies of information systems to request the implementation of cybersecurity supervision measures which specify the reason, time, content, and the implementation scope of cybersecurity supervision;
+ Implement cybersecurity supervision measures;
+ Make periodic statistics and reports on cybersecurity supervision results.
- Governing bodies of major national security information systems shall:
+ Develop and implement cybersecurity supervision systems and cooperate with cybersecurity protection forces in implementing cybersecurity supervision activities for information systems under their management;
+ Arrange premises and technical conditions and establish and connect systems and supervision devices of cybersecurity protection forces to information systems under their management for cybersecurity supervision;
+ Provide and update information on information systems under their management, technical plans for the implementation of supervision systems for cybersecurity protection forces periodically or irregularly at the request of competent cybersecurity protection forces;
+ Notify cybersecurity protection forces of their supervision activities once every 3 months;
+ Protect the confidentiality of relevant information in the process of cooperating with cybersecurity protection forces.
- Telecommunications enterprises and enterprises that provide services of information technology, telecommunications, and the internet shall cooperate with cybersecurity protection forces in conducting cybersecurity supervision according to their entitlements for cybersecurity protection.
- Cybersecurity supervision results shall be protected as prescribed by law.
What is the order and procedures for cybersecurity supervision and cybersecurity testing in Vietnam? (Image from the Internet)
What is the order and procedures for cybersecurity testing in Vietnam?
According to Article 16 of Decree No. 53/2022/ND-CP on the order and procedures for cybersecurity testing as follows:
- Cybersecurity protection forces shall conduct cybersecurity testing for information systems according to regulations prescribed in Clause 5 Article 13 and Clause 1 Article 24 of the Law on Cybersecurity.
Cybersecurity testing contents include the inspection of compliance with regulations of laws on cybersecurity assurance and protection of state confidentiality in cyberspace; inspection and assessment of the efficiency of plans and measures to ensure cybersecurity and plans for responding to and remedying cybersecurity incidents; inspection and assessment of detection of vulnerabilities, security weaknesses, and malicious codes and system intrusion test attacks; other testing and assessments prescribed by governing bodies.
- Order and procedures for cybersecurity testing of cybersecurity protection forces:
+ Notify cybersecurity testing plans as per regulation;
+ Establish Testing Teams according to functions and assigned tasks;
+ Conduct cybersecurity testing and strictly cooperate with governing bodies of information systems during the testing process;
+ Make records of cybersecurity testing processes and results and preserve them as prescribed by law;
+ Notify cybersecurity testing results within 3 working days from the completion date of the testing.
- In case it is necessary to keep the current state of information systems to investigate and handle law violations, detect security weaknesses and vulnerabilities, provide guidelines, or participate in remedial activities as requested by governing bodies of information systems, cybersecurity protection forces shall request governing bodies of information systems to suspend cybersecurity testing in writing. The mentioned documents shall specify the reason, purpose, and time of the temporary suspension of cybersecurity testing.
What are the order and procedures for responding to and remedying cybersecurity incidents of major national security information systems in Vietnam?
According to Article 17 of Decree No. 53/2022/ND-CP stipulating the order and procedures for responding to and remedying cybersecurity incidents of major national security information systems as follows:
- Regarding major national security information systems, when facing cybersecurity incidents, shall comply with the following order and procedures for response and remedy as follows:
+ Cybersecurity protection forces shall provide written notifications and guidelines on temporary measures to prevent and handle cyber-attacks and remedy consequences of cyber-attacks and cybersecurity incidents for governing bodies of major national security information systems.
+ In case of emergencies, provide notifications by phone or other forms before providing written notifications;
+ Governing bodies of major national security information systems shall implement measures according to guidelines and implement other suitable measures to prevent, handle, and remedy consequences right after receiving notifications, excluding cases prescribed in Point c of this Clause.
+ In case of inability to handle, timely notify cybersecurity protection forces for coordination and response to cybersecurity incidents;
+ In case it is necessary to immediately respond to and prevent consequences that threaten national security, cybersecurity protection forces shall decide on the direct coordination and remedial response to cybersecurity incidents.
- Coordination and remedial response to cybersecurity incidents of cybersecurity protection forces:
+ Assess and decide on schemes for response and remedy for cybersecurity incidents;
+ Operate the response and remedy for cybersecurity incidents;
+ Preside over the receipt, collection, handling, and sharing of information on response and remedy for cybersecurity incidents;
+ Mobilize and cooperate with organizations and individuals inside and outside of Vietnam related to the participation in responding to and remedying cybersecurity incidents in necessary cases;
+ Appoint focal agencies to cooperate with relevant agencies of other countries or international organizations in responding to and handling international incidents based on international agreements or treaties that Vietnam is a signatory;
+ Inspect, supervise, and urge the implementation of units related to the response and remedy for cybersecurity incidents;
+ Make records of the process of responding to cybersecurity incidents.
- Organizations and individuals participating in responding to and remedying cybersecurity incidents shall implement measures, responses, and remedies for incidents according to the coordination of cybersecurity protection forces.
- In case of the protection of national security and social order and safety, telecommunications enterprises and enterprises that provide Internet services shall arrange premises, connectors, and necessary technical measures for the Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam to carry out their tasks and ensure cybersecurity. Telecommunications enterprises and enterprises that provide Internet services shall cooperate with the Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam in implementing the specific order and procedures.
LawNet