General Department of Taxation of Vietnam to request enhancement of cybersecurity in the Tax Sector

General Department of Taxation of Vietnam to request enhancement of cybersecurity in the Tax Sector (Image from the internet)

On July 24, 2024, the General Department of Taxation issued Official Dispatch 3175/TCT-CNTT regarding the enhancement of cybersecurity in the Tax sector.

General Department of Taxation of Vietnam to requests enhancement of cybersecurity in the Tax Sector 

The General Department of Taxation of Vietnam requests the Tax Departments to implement several urgent tasks as follows:

- Heads of units must strictly instruct officials, public employees, and workers under their management to comply with the laws, regulations of the Ministry of Finance, and regulations of the General Department of Taxation on cybersecurity, information security, personal data protection, and state secret protection in cyberspace. They will be held accountable if the information systems under their management do not ensure compliance with cybersecurity regulations.

- Organize the implementation of cybersecurity measures for information systems under the management of the Tax Department:

+ For computers (including desktops and laptops): Ensure 100% of computers are updated with security patches, installed, and updated with the Tax sector's anti-malware software; refrain from using connected storage devices (USB, external hard drives, etc.); only install secure software. Computers within the internal network (LAN) must not directly connect to the Internet (through wireless networks, 3G, 4G, etc.). In cases where accessing external websites is necessary for work purposes, it must be done through the centralized Internet system (Internet gateway, proxy system) deployed by the General Department. Computers not connected to the internal network (desktop computers, laptops equipped by the Tax sector for use outside Tax Department premises) can only access websites serving work purposes when connected to the Internet.

+ For computers drafting confidential documents: Provide separate computers designated for drafting confidential documents; not connected to the LAN; not connected to the Internet; only use confidential USB devices issued by the Government of Vietnam Cipher Commission (do not use regular USB devices).

+ For servers deployed by the Tax Department: Review accounts authorized to access the server, change passwords (every 6 months); configure complex passwords (minimum of 8 characters; containing at least 3 out of the following 4 character types: uppercase letters (A - Z), lowercase letters (a - z), numbers (0 - 9), special characters; passwords should not contain account names); update security patches for servers; install and update the Tax sector's anti-malware software.

+ For applications: Review accounts on applications to ensure proper role-based access control; remove unused accounts (every 6 months).

+ For information systems developed and deployed by the Tax Department: Create a security level dossier for approval by the General Department before September 15, 2024 (through the Department of Information Technology) as per the directive in Notice 481/TB-BTC dated April 26, 2024, of the Ministry of Finance. The content of the security level dossier should follow the guidelines in Official Dispatch 478/CATTT-ATHTTT dated March 30, 2024, of the Department of Information Security - Ministry of Information and Communications (Notice 481/TB-BTC dated April 26, 2024, Official Dispatch 478/CATTT-ATHTTT dated March 30, 2024, at the link: ftp://ftp.tct.vn/Public/VPTCT/ATTT_2024/).

+ For users:

++  Keep  account  and  password  confidential  and  change  passwords  every  6  months;  do  not  save  passwords  on  browsers,  applications;  do  not  share  accounts  and  passwords  with  others  (except  for  technical  support  staff  handling  errors);  do  not  use  the  same  password  for  accounts  provided  by  the  sector  with  other  accounts.

++  Do  not  open  strange  files  sent  from  unknown  email  addresses;  do  not  access  information  systems  provided  for  tax  officials'  use  from  outside  the  internal  network  (email,  audit  log  information  systems,  electronic  document  information  systems,  etc.)  using  computers  that  do  not  ensure  security;  do  not  use  official  email  for  personal  work.

++  When  using  personal  computers  (self-equipped)  or  agency  computers  to  access  the  internal  network  from  outside,  it  must  be  done  through  a  remote  access  system  (VDI).

++  Do  not  install  self-equipped  devices  (network  devices,  telecommunications  devices  (4G),  endpoint  devices  (printers,  IP  phones),  etc.)  into  the  agency's  internal  network.

- Assign a focal point for implementing cybersecurity tasks and send the contact information (full name, position, email, phone number) to the Department of Information Technology (via Mr. Nguyen Thanh Phong, email: ntphong@gdt.gov.vn, phone: 024.7689679 - extension 6363).

More details can be found in Official Dispatch 3175/TCT-CNTT issued on July 24, 2024.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE