Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam

Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam (Internet image)

Regarding this matter, LawNet would like to answer as follows:

1. Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam

Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam according to Article 10 of Decree 53/2022/ND-CP are as follows:

- Hardware devices that are components of the system shall be tested for cybersecurity to detect weaknesses and confidential vulnerabilities, malicious codes, transceivers, and malicious hardware for the assurance of compatibility with other components in the major national security information system. Administrative devices must be installed with operating systems and clean applications and have layers of firewall protection. Information systems that handle state confidentialities shall not be connected to the Internet.

- Products that are warned or notified to have risks of cybersecurity disorder by cybersecurity protection forces shall not be put into use, or they shall have measures to handle and remedy weaknesses, confidential vulnerabilities, malicious codes, and malicious hardware before being put into use.

- Digital data and information shall be handled and stored via information systems of state confidentiality shall be encrypted or have protection measures during the process of establishment, trade, and storage on the Internet according to regulations of laws on state confidentiality protection.

- Information technology devices, communication means, data containers, and devices serving activities of information systems shall be managed, destroyed, or fixed according to laws on state confidentiality protection and working regulations of governing bodies of such information systems.

- System software, feature software, middleware, database, application programs, source codes, and development tools shall be periodically reviewed and updated with patches.

- Mobile devices and devices with information storage features when connecting to the internal network of a major national security information system shall be tested and controlled for safety assurance and may only be used in such information systems.

- Devices and means that store information when connecting, transporting, and storing shall:

+ Test the confidentiality before connecting to major national security information systems;

+ Control the connection and disconnection of devices of major national security information systems;

+ Implement measures to ensure safety during transport and storage and protection measures regarding the stored information of state confidentiality.

2. Criteria for personnel of system operation, administration, and cybersecurity protection in Vietnam

Criteria for personnel of system operation, administration, and cybersecurity protection in Vietnam according to Article 9 of Decree 53/2022/ND-CP are as follows:

- Divisions in charge of system operation and administration and cybersecurity protection are required.

- Personnel in charge of system operation and administration and cybersecurity protection shall have professional qualifications in cybersecurity, cyber information security, and information technology; have commitments to protect the confidentiality of information on major national security information systems during the process of working and after leaving the job position.

- Mechanisms of independent professional operations between divisions of operation, administration, and protection of cybersecurity for major national security information systems are required.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE