Who are the cybersecurity protection forces in Vietnam? What are the procedures for assessing the criteria for cybersecurity of major national security information systems?

Main Content

• Who are the cybersecurity protection forces in Vietnam?
• What is the application for the certificate of eligibility for cybersecurity of a major national security information system in Vietnam?
• What are the procedures for assessing the criteria for cybersecurity of major national security information systems in Vietnam?

Who are the cybersecurity protection forces in Vietnam?

Pursuant to Clause 9, Article 2 of Decree 53/2022/ND-CP stipulates as follows:

Interpretation of terms

For the purpose of this Decree, the following terms shall be construed as follows:

...

9. Cybersecurity protection forces include:

a) Department of Cyber​​Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam;

b) The Department of Military Security Protection, General Political Department, and Cyber Command of the Ministry of National Defense of Vietnam.

Accordingly, Cybersecurity protection forces include:

- Department of Cyber​​Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam;

- The Department of Military Security Protection, General Political Department, and Cyber Command of the Ministry of National Defense of Vietnam.

Who are the cybersecurity protection forces in Vietnam? What are the procedures for assessing the criteria for cybersecurity of major national security information systems in Vietnam?

What is the application for the certificate of eligibility for cybersecurity of a major national security information system in Vietnam?

Pursuant to Clause 3, Article 14 of Decree 53/2022/ND-CP stipulates this content as follows:

Order and procedures for assessing the criteria for cybersecurity of major national security information systems

...

3. An application for the certificate of eligibility for cybersecurity of a major national security information system includes:

a) A written request for certification of the criteria for cybersecurity (Form No. 7 of the Appendix);

b) A pre-feasibility research report and a document on the design and construction of the project on investment in the development of the information system before its approval;

c) Documents on solutions to ensure cybersecurity of the major national security information system.

4. In case of failure to achieve cybersecurity eligibility, cybersecurity protection forces shall request the governing body of the major national security information system to supplement and upgrade its major national security information system to ensure eligibility.

Accordingly, An application for the certificate of eligibility for cybersecurity of a major national security information system includes:

- A written request for certification of the criteria for cybersecurity (Form No. 7 of the Appendix);

- A pre-feasibility research report and a document on the design and construction of the project on investment in the development of the information system before its approval;

- Documents on solutions to ensure cybersecurity of the major national security information system.

What are the procedures for assessing the criteria for cybersecurity of major national security information systems in Vietnam?

Pursuant to Clause 2, Article 14 of Decree 53/2022/ND-CP stipulates as follows:

Order and procedures for assessing the criteria for cybersecurity of major national security information systems

...

2. Order of the assessment of the criteria for cybersecurity of major national security information systems:

a) Governing bodies of major national security information systems shall submit applications for assessment of the criteria for cybersecurity of major national security information systems to cybersecurity protection forces competent to assess the criteria for cybersecurity according to regulations prescribed in Clause 3 Article 12 of the Law on Cybersecurity;

b) Cybersecurity protection forces shall receive, inspect, and provide guidelines on the completion of applications for assessment of the criteria for cybersecurity and issue receipt documents after receiving the valid applications;

c) After receiving the adequate and valid applications, cybersecurity protection forces shall assess the criteria for cybersecurity and provide notifications on the results within 30 days from the receipt date of such applications for governing bodies of major national security information systems;

d) In case of eligibility for cybersecurity, the Director of the cybersecurity criteria assessment agency shall issue certificates of eligibility for cybersecurity to major national security information systems within 3 working days from the end date of the cybersecurity criteria assessment.

Accordingly, governing bodies of major national security information systems shall submit applications for assessment of the criteria for cybersecurity of major national security information systems to cybersecurity protection forces competent to assess the criteria for cybersecurity according to regulations prescribed in Clause 3 Article 12 of the Law on Cybersecurity;

- Cybersecurity protection forces shall receive, inspect, and provide guidelines on the completion of applications for assessment of the criteria for cybersecurity and issue receipt documents after receiving the valid applications;

- After receiving the adequate and valid applications, cybersecurity protection forces shall assess the criteria for cybersecurity and provide notifications on the results within 30 days from the receipt date of such applications for governing bodies of major national security information systems;

- In case of eligibility for cybersecurity, the Director of the cybersecurity criteria assessment agency shall issue certificates of eligibility for cybersecurity to major national security information systems within 3 working days from the end date of the cybersecurity criteria assessment.