What are regulations on inspection of cybersecurity of national security information systems in Vietnam?

What are regulations on inspection of cybersecurity of national security information systems in Vietnam? - image from internet

Pursuant to Article 13 of the Cybersecurity Law in 2018 (effective from 01/01/2019) stipulating inspection of cybersecurity of national security information systems in Vietnam:

1. Inspection of cybersecurity means determination of cybersecurity status of an information system, information system infrastructure or information stored, processed or transmitted within the information system in order to prevent, discover and handle cybersecurity threats; implement plans and measures for ensuring normal operation of the information system.

2. A national security information system shall undergo cybersecurity inspection in the following cases:

a) An or network information security service or electronic device is put into use in the information system;

b) There are changes to status of the information system;

c) Annual inspection;

d) Ad hoc inspection in case of cybersecurity incidents or cybersecurity violations; at the request of a cybersecurity authority; expiration of the deadline for remediating vulnerabilities recommended by a professional cybersecurity force.

3. Cybersecurity inspection shall be carried out for:

a) Hardware systems, software systems, digital devices in information systems;

b) Cybersecurity regulations and measures;

c) Information stored, processed and transmitted within the information system;

d) Cybersecurity incident response and remediation plans of the information system admin;

dd) Measures for protection of state secrets; prevention of leak of state secrets through technical channels;

e) Cybersecurity protection.

4. The administrator of a national security information system shall carry out cybersecurity inspection in the cases mentioned in Point a through c Clause 2 of this Article and send the annual inspection report to the professional cybersecurity force of the Ministry of Public Security (or the Ministry of National Defense for military information systems) before October.

5. Ad hoc inspection of cybersecurity:

a) The cybersecurity force shall send a written notification to the system’s administrator at least 12 hours before the inspection in case of a cybersecurity incident or cybersecurity violation; at least 72 hours if the inspection is meant to serve state management of cybersecurity or the deadline for remediation of vulnerabilities has expired;

b) Within 30 days from the end of the inspection, the cybersecurity force shall send a notification and requests to the administrator in case weaknesses or vulnerabilities are found; provide instructions if requested by the admin;

c) The cybersecurity force of the Ministry of Public Security shall carry out ad hoc inspection of national security information systems other than those under the management of the Ministry of National Defense, cryptography systems of VGCA and cryptography products provided by VGCA for protection of state-secret information.

The professional cybersecurity force of the Ministry of National Defense shall carry out ad hoc cybersecurity inspection of military information systems.

VGCA shall carry out ad hoc cybersecurity inspection of its cryptography systems and cryptography products it provides for protection of state-secret information.

d) Administrators of national security information systems shall cooperate with professional cybersecurity forces in the ad hoc cybersecurity inspections.

6. The cybersecurity inspection results shall be kept confidential as prescribed by law.

Above are regulations on inspection of cybersecurity of national security information systems in Vietnam. Please refer to the Cybersecurity Law in 2018 for more details.

Best regards!