Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system

Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system (Internet image)

Regarding this issue, LawNet would like to answer as follows:

1. Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam in Vietnam

Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system according to Article 10 of Decree 53/2022/ND-CP are as follows:

- Hardware devices that are components of the system shall be tested for cybersecurity to detect weaknesses and confidential vulnerabilities, malicious codes, transceivers, and malicious hardware for the assurance of compatibility with other components in the major national security information system.

Administrative devices must be installed with operating systems and clean applications and have layers of firewall protection. Information systems that handle state confidentialities shall not be connected to the Internet.

- Products that are warned or notified to have risks of cybersecurity disorder by cybersecurity protection forces shall not be put into use, or they shall have measures to handle and remedy weaknesses, confidential vulnerabilities, malicious codes, and malicious hardware before being put into use.

- Digital data and information shall be handled and stored via information systems of state confidentiality shall be encrypted or have protection measures during the process of establishment, trade, and storage on the Internet according to regulations of laws on state confidentiality protection.

- Information technology devices, communication means, data containers, and devices serving activities of information systems shall be managed, destroyed, or fixed according to laws on state confidentiality protection and working regulations of governing bodies of such information systems.

- System software, feature software, middleware, database, application programs, source codes, and development tools shall be periodically reviewed and updated with patches.

- Mobile devices and devices with information storage features when connecting to the internal network of a major national security information system shall be tested and controlled for safety assurance and may only be used in such information systems.

- Devices and means that store information when connecting, transporting, and storing shall:

= Test the confidentiality before connecting to major national security information systems;

= Control the connection and disconnection of devices of major national security information systems;

= Implement measures to ensure safety during transport and storage and protection measures regarding the stored information of state confidentiality.

2. Order and procedures for cybersecurity supervision in Vietnam

Order and procedures for cybersecurity supervision in Vietnam according to Article 15 of Decree 53/2022/ND-CP are as follows:

- The Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam and the Cyber Command of the Ministry of National Defense of Vietnam shall conduct the supervision of cybersecurity of the national cyberspace and national major security information systems according to their functions and assigned tasks.

The Cipher Department of the Government of Vietnam shall conduct the supervision of cybersecurity of cipher information systems of the Cipher Department of the Government of Vietnam according to its functions and assigned tasks.

- Order of the supervision of cybersecurity of cybersecurity protection forces:

= Send written notifications to governing bodies of information systems to request the implementation of cybersecurity supervision measures which specify the reason, time, content, and the implementation scope of cybersecurity supervision;

= Implement cybersecurity supervision measures;

= Make periodic statistics and reports on cybersecurity supervision results.

- Governing bodies of major national security information systems shall:

= Develop and implement cybersecurity supervision systems and cooperate with cybersecurity protection forces in implementing cybersecurity supervision activities for information systems under their management;

= Arrange premises and technical conditions and establish and connect systems and supervision devices of cybersecurity protection forces to information systems under their management for cybersecurity supervision;

= Provide and update information on information systems under their management, technical plans for the implementation of supervision systems for cybersecurity protection forces periodically or irregularly at the request of competent cybersecurity protection forces;

d) Notify cybersecurity protection forces of their supervision activities once every 3 months;

dd) Protect the confidentiality of relevant information in the process of cooperating with cybersecurity protection forces.

4. Telecommunications enterprises and enterprises that provide services of information technology, telecommunications, and the internet shall cooperate with cybersecurity protection forces in conducting cybersecurity supervision according to their entitlements for cybersecurity protection.

5. Cybersecurity supervision results shall be protected as prescribed by law.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE