What are regulations on exclusion of information systems from the List of major national security information systems in Vietnam?
What are regulations on exclusion of information systems from the List of major national security information systems in Vietnam? What are regulations on cooperation in appraising, assessing, and remedying incidents of major national security information system in Vietnam? What are regulations on criteria for regulations, procedures, and methods of ensuring cybersecurity for major national security information systems in Vietnam?
Thank you!
What are regulations on exclusion of information systems from the List of major national security information systems in Vietnam?
Pursuant to Article 6 of the Decree 53/2022/NĐ-CP stipulating exclusion of information systems from the List of major national security information systems in Vietnam as follows:
1. The governing body of a major national security information system shall apply for exclusion of such information system from the List of major national security information systems if the governing body detects that such information system fails to satisfy the bases prescribed in Article 3 of this Decree.
2. Annually, cybersecurity protection forces shall, based on their functions and tasks, review and detect information systems that fail to comply with regulations prescribed in Article 3 of this Decree and request the related governing bodies to apply for exclusion of such information systems from the List of major national security information systems.
3. An application for exclusion of an information system from the List of major national security information systems includes:
a) A written request for exclusion of the information system from the List of major national security information systems (Form No. 5 of the Appendix);
b) Other necessary documents directly related to the application for exclusion of the information system from the List of major national security information systems.
4. Order, procedures, and competency to consider and decide on the exclusion of information systems from the List of major national security information systems shall comply with regulations on the order, procedures, and competency to consider and decide on the inclusion of information systems in the List of major national security information systems.
What are regulations on cooperation in appraising, assessing, and remedying incidents of major national security information system in Vietnam?
Pursuant to Article 7 of the Decree 53/2022/NĐ-CP stipulating cooperation in appraising, assessing, and remedying incidents of major national security information system in Vietnam as follows:
1. The protection of cybersecurity and cyber information security of major national security information systems shall be performed according to regulations of laws on cybersecurity and cyber information security.
2. Principles of cooperation
a) Application of regulations of laws on cybersecurity and cyber information security to the appraisal, assessment, inspection, supervision, response, and remedy for incidents of major national information systems;
b) In case cooperation between many relevant parties is required, the Ministry of Public Security of Vietnam, the Ministry of National Defense of Vietnam, and the Cipher Department of the Government of Vietnam shall, based on the Law on Cybersecurity, take charge and cooperate with the Ministry of Information and Communications and Ministries and central authorities related to the organization of the appraisal, assessment, inspection, supervision, response, and remedy for incidents of major national security information systems according to their functions and assigned tasks;
c) The cooperation process shall ensure compliance with treaties and regulations of international organizations to which Vietnam is a signatory, the Law on Cybersecurity, and relevant laws in a proactive, regular, and timely manner that is in line with assigned functions, tasks, and entitlements.
3. Methods of cooperation
a) The Ministry of Public Security shall request relevant Ministries and central authorities to appoint their members to participate in the appraisal, assessment, inspection, supervision, response, and remedy for incidents of major national security information systems in writing;
b) Relevant Ministries and central authorities shall appoint their members to adequately participate in activities during the process of the appraisal, assessment, inspection, supervision, response, and remedy for incidents of major national security information systems according to the content of the request;
c) Records and documents that serve the appraisal, assessment, inspection, supervision, response, and remedy for incidents of major national security information systems shall be sent to participants by the Ministry of Public Security according to regulations.
4. Regarding the cooperation in supervising major national security information systems for cybersecurity and cyber information security:
a) Cybersecurity protection forces shall share the data on the testing of cybersecurity and cyber information security serving functions and assigned tasks with the Authority of Information Security and the Ministry of Information and Communications of Vietnam;
b) In case the supervision of cyber information security for major national security information systems has been performed, the supervision data shall be shared and generally used for cybersecurity and cyber information security;
c) Governing bodies of major national security information systems shall arrange premises, technical conditions and establish and connect systems and supervision devices of cybersecurity protection forces to information systems under their management for early detection and warning of cybersecurity risks.
What are regulations on criteria for regulations, procedures, and methods of ensuring cybersecurity for major national security information systems in Vietnam?
Pursuant to Article 8 of the Decree 53/2022/NĐ-CP stipulating criteria for regulations, procedures, and methods of ensuring cybersecurity for major national security information systems in Vietnam as follows:
1. Governing bodies of major national security information systems shall, based on regulations on cybersecurity, state confidentiality protection, confidential work, technical standards and regulations on cyber information security, and other relevant professional technical standards, develop regulations, procedures, and plans for the protection of cybersecurity of major national security information systems under their management.
2. Contents of regulations, procedures, and plans for the protection of cybersecurity shall elaborate on the major information system and major information prioritized for protection; management procedures, technical procedures, and professional procedures in using and protecting cybersecurity of the database and technical infrastructure; the criteria for personnel of cyber administration, system operation, assurance of cyber information security and safety, and activities of drafting, storing, and transmitting state confidentiality via information systems; responsibilities of each division and individual in managing, operating, and using; sanctions for violations.
Best regards!
