Requirements for application security and source code for internal software in the project of investing in information technology applications using state budget capital in Vietnam
Requirements for application security and source code for internal software in the project of investing in information technology applications using state budget capital in Vietnam. What are requirements for the function of information security communication for internal software in the project of investing in information technology applications using state budget capital in Vietnam? What are requirements for the function of backup in internal software for the project of investing in information technology applications using state budget capital in Vietnam? I have the need to understand, please explain.
Requirements for application security and source code for internal software in the project of investing in information technology applications using state budget capital in Vietnam
Based on Section II.6 Basic security requirements for internal software issued with Decision 742/QD-BTTTT in 2022 regulating requirements for Application Security and Source Code as follows:
6.1. Requirements for Application Security and Source Code for Internal Software include:
a) Have the function to validate the validity of input information, data before processing;
b) Have the function to protect the application against common types of attacks: SQL Injection, OS command injection, RFI, LFI, Xpath injection, XSS, CSRF;
c) Have the function to control errors, error messages from the application;
d) Have the function to ensure not storing authentication information, confidential information in the application source code.
6.2. Specific requirements for each function of Application Security and Source Code above when the software is deployed on the information system according to each level referred to in Section 4, Appendix attached.
What are requirements for application security and source code for internal software in the project of investing in information technology applications using state budget capital in Vietnam? (Image from the Internet)
Requirements for the function of information security communication for internal software in the project of investing in information technology applications using state budget capital in Vietnam
According to Section II.7 Basic security requirements for internal software issued with Decision 742/QD-BTTTT in 2022 regulating requirements for the Information Communication Security Function as follows:
7.1. The Information Communication Security Function for Internal Software includes:
a) Have the function to encrypt information, data (not public information, data) before transmission, exchange through the network environment;
b) Have the function to use digital signatures provided by the authorized agency to protect data and prevent repudiation (for applications requiring the use of digital signatures).
7.2. Specific requirements for each Information Communication Security Function above when the software is deployed on the information system according to each level referred to in Section 5, Appendix attached.
Requirements for the function of backup in internal software for the project of investing in information technology applications using state budget capital in Vietnam
In Section II.8 Basic security requirements for internal software issued with Decision 742/QD-BTTTT in 2022 regulating requirements for the Backup Function as follows:
8.1. The Backup Function for Internal Software includes:
a) Have the function to automatically backup;
b) Have the function to label data types stored according to established rules;
c) Have the function to configure to send backup data to the centralized storage system.
8.2. Specific requirements for each Backup Function above when the software is deployed on the information system according to each level referred to in Section 6, Appendix attached.
Best Regards!
