Order and procedures for assessing the criteria for cybersecurity of major national security information systems in Vietnam

Order and procedures for assessing the criteria for cybersecurity of major national security information systems in Vietnam (Image from Internet)

1. Order and procedures for assessing the criteria for cybersecurity of major national security information systems in Vietnam

According to the provisions in Article 14 of Decree No. 53/2022/ND-CP, the Order and procedures for assessing the criteria for cybersecurity of major national security information systems is as follows:

- The assessment of cybersecurity conditions for information systems listed as critical to national security is carried out by specialized forces in charge of cybersecurity protection as per regulations.

- The sequence of assessing cybersecurity conditions for information systems critical to national security:

+ The owner of the information system critical to national security submits a dossier requesting the assessment of cybersecurity conditions for such a system to the specialized cybersecurity protection forces with the authority to assess cybersecurity conditions according to Clause 3, Article 12 of the Cybersecurity Law 2018;

+ The specialized cybersecurity protection forces receive, check, guide the completion of the dossier requesting the assessment of cybersecurity conditions and issue a receipt immediately upon receiving a complete and valid dossier;

+ After receiving a complete and valid dossier, the specialized cybersecurity protection forces proceed with assessing cybersecurity conditions and inform the results within 30 days from the date of issuing the receipt for a complete and valid dossier from the owner of the information system critical to national security;

+ In cases where cybersecurity conditions are met, the head of the agency assessing cybersecurity conditions issues a Certificate of sufficient cybersecurity conditions for the information system critical to national security within 03 working days from the completion of the cybersecurity conditions assessment.

- The dossier requesting a certification of sufficient cybersecurity conditions for the information system critical to national security includes:

+ A written request for certification of cybersecurity conditions (Form No. 07, Appendix issued with Decree No. 53/2022/ND-CP);

Form No. 07

+ Pre-feasibility study reports, construction design dossiers of the information system investment project before approval;

+ Dossiers of cybersecurity guarantee solutions for the information system critical to national security.

- In cases where cybersecurity conditions are not met, the specialized cybersecurity protection forces request the owner of the information system critical to national security to supplement, upgrade the system to ensure sufficient conditions.

2. Order and procedures for cybersecurity appraisals of major national security information systems in Vietnam

Order and procedures for cybersecurity appraisals of major national security information systems in Vietnam are stipulated in Article 13 of Decree No. 53/2022/ND-CP as follows:

- The Cybersecurity and Anti-High-Tech Crime Department under the Ministry of Public Security and the Cyber Operations Command under the Ministry of Defense are responsible for conducting cybersecurity appraisals of the national cyberspace and information systems critical to national security according to assigned functions and tasks. The Government Cipher Agency monitors cybersecurity for the cipher information systems under the Government Cipher Agency's control according to assigned functions and tasks.

- The procedure for cybersecurity appraisals by specialized cybersecurity protection forces:

+ Sending a written notice requesting the implementation of cybersecurity appraisals measures to the owner of the information system; the notice should clearly state the reasons, time, content, and scope of the cybersecurity appraisals;

+ Implementing cybersecurity appraisals measures;

+ Periodically, compiling statistics and reporting the results of cybersecurity appraisals.

- Responsibilities of the owner of the information system critical to national security:

+ Building and implementing a cybersecurity appraisals system, cooperating with specialized cybersecurity protection forces to conduct cybersecurity appraisals for the information systems under their management;

+ Providing the premises, technical conditions, setting up, and connecting systems, and monitoring devices of the specialized cybersecurity protection forces to the information system under their management to facilitate cybersecurity appraisals;

+ Providing and updating information about the information systems under their management, technical plans for deploying the monitoring system to the specialized cybersecurity protection forces periodically or on request by the competent specialized cybersecurity protection forces;

+ Informing the specialized cybersecurity protection forces about their monitoring activities periodically every 03 months;

+ Keeping confidential information related to cooperation with specialized cybersecurity protection forces.

- Telecommunications enterprises, information technology service providers, telecommunications, and internet service enterprises are responsible for cooperating with specialized cybersecurity protection forces in monitoring cybersecurity as per authority to ensure cybersecurity protection.

- The cybersecurity appraisals results are kept confidential according to legal regulations.

Vo Tan Dai

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE