The following article will provide detailed content regarding the enhancement of cybersecurity in the Tax Sector in Vietnam
General Department of Taxation of Vietnam to request enhancement of cybersecurity in the Tax Sector (Image from the internet)
On July 24, 2024, the General Department of Taxation issued Official Dispatch 3175/TCT-CNTT regarding the enhancement of cybersecurity in the Tax sector.
The General Department of Taxation of Vietnam requests the Tax Departments to implement several urgent tasks as follows:
- Heads of units must strictly instruct officials, public employees, and workers under their management to comply with the laws, regulations of the Ministry of Finance, and regulations of the General Department of Taxation on cybersecurity, information security, personal data protection, and state secret protection in cyberspace. They will be held accountable if the information systems under their management do not ensure compliance with cybersecurity regulations.
- Organize the implementation of cybersecurity measures for information systems under the management of the Tax Department:
+ For computers (including desktops and laptops): Ensure 100% of computers are updated with security patches, installed, and updated with the Tax sector's anti-malware software; refrain from using connected storage devices (USB, external hard drives, etc.); only install secure software. Computers within the internal network (LAN) must not directly connect to the Internet (through wireless networks, 3G, 4G, etc.). In cases where accessing external websites is necessary for work purposes, it must be done through the centralized Internet system (Internet gateway, proxy system) deployed by the General Department. Computers not connected to the internal network (desktop computers, laptops equipped by the Tax sector for use outside Tax Department premises) can only access websites serving work purposes when connected to the Internet.
+ For computers drafting confidential documents: Provide separate computers designated for drafting confidential documents; not connected to the LAN; not connected to the Internet; only use confidential USB devices issued by the Government of Vietnam Cipher Commission (do not use regular USB devices).
+ For servers deployed by the Tax Department: Review accounts authorized to access the server, change passwords (every 6 months); configure complex passwords (minimum of 8 characters; containing at least 3 out of the following 4 character types: uppercase letters (A - Z), lowercase letters (a - z), numbers (0 - 9), special characters; passwords should not contain account names); update security patches for servers; install and update the Tax sector's anti-malware software.
+ For applications: Review accounts on applications to ensure proper role-based access control; remove unused accounts (every 6 months).
+ For information systems developed and deployed by the Tax Department: Create a security level dossier for approval by the General Department before September 15, 2024 (through the Department of Information Technology) as per the directive in Notice 481/TB-BTC dated April 26, 2024, of the Ministry of Finance. The content of the security level dossier should follow the guidelines in Official Dispatch 478/CATTT-ATHTTT dated March 30, 2024, of the Department of Information Security - Ministry of Information and Communications (Notice 481/TB-BTC dated April 26, 2024, Official Dispatch 478/CATTT-ATHTTT dated March 30, 2024, at the link: ftp://ftp.tct.vn/Public/VPTCT/ATTT_2024/).
+ For users:
++ Keep account and password confidential and change passwords every 6 months; do not save passwords on browsers, applications; do not share accounts and passwords with others (except for technical support staff handling errors); do not use the same password for accounts provided by the sector with other accounts.
++ Do not open strange files sent from unknown email addresses; do not access information systems provided for tax officials' use from outside the internal network (email, audit log information systems, electronic document information systems, etc.) using computers that do not ensure security; do not use official email for personal work.
++ When using personal computers (self-equipped) or agency computers to access the internal network from outside, it must be done through a remote access system (VDI).
++ Do not install self-equipped devices (network devices, telecommunications devices (4G), endpoint devices (printers, IP phones), etc.) into the agency's internal network.
- Assign a focal point for implementing cybersecurity tasks and send the contact information (full name, position, email, phone number) to the Department of Information Technology (via Mr. Nguyen Thanh Phong, email: ntphong@gdt.gov.vn, phone: 024.7689679 - extension 6363).
More details can be found in Official Dispatch 3175/TCT-CNTT issued on July 24, 2024.
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |