Regulations on management of access to internal network in banking operations in Vietnam

According to Article 29 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, each institution shall formulate and implement regulations on management of access to its internal network, which must meet the following requirements:

- Formulate and implement regulations on management of access to a network and network services, which shall consist of the following basic contents:

+ Permitted networks and network services, methods, means and requirements of information security for access purposes;

+ Responsibilities of administrators and users;

+ Procedures for grant, change and revocation of connection rights;

+ Control of network administration, access and use.

- Implement measures to strictly control the connections from untrusted networks to the institution’s internal network for the purpose of information security. 

- Take control of installation and use of remote access control software.

- Control access to ports used for setting and administration of network devices.

- Grant the right of access to a network and network services according to the principle that such right is sufficient enough to perform assigned tasks.

- Make connections from the Internet to the institution's internal network to serve activities that require the use of virtual private networks and multi-factor authentication.

Concurrently, each institution shall formulate and implement regulations on management of Internet connection which must meet the following requirements:

- Regulations on management of Internet connection include the following basic contents:

+ Responsibilities of each individual and departments involved in Internet usage and operation;

+ Types of users permitted to access and connect to the Internet;

+ Prohibited or restricted acts;

+ Internet access and connection control;

+ Methods of information security for Internet access.

- Manage all Internet connection ports in the institution in a concentrated and consistent manner. 

- Provide network security solutions for Internet connection ports in order to ensure safety before any risk of Internet attacks against the institution’s internal network.

- Use detection tools for promptly finding out vulnerabilities or holes, malicious attacks, unauthorized access to the institution’s internal network through Internet connection ports.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE