Responsibilities of agencies, organizations, and units in implementing cybersecurity protection measures in Vietnam

Responsibilities of agencies, organizations, and units in implementing cybersecurity protection measures in Vietnam (Internet image)

Regarding this issue, LawNet would like to answer as follows:

1. Responsibilities of agencies, organizations, and units in implementing cybersecurity protection measures in Vietnam

According to Article 22 of Decree 53/2022/ND-CP stipulating the responsibilities of agencies, organizations, and units in implementing cybersecurity protection measures in Vietnam:

- Cybersecurity protection forces shall provide specific guidelines to relevant agencies, organizations, and individuals in implementing regulations on order and procedures for applying certain cybersecurity protection measures.

- Agencies, organizations, and individuals shall, within their scope of responsibilities and entitlements, timely support and cooperate with cybersecurity protection forces in implementing regulations on order and procedures for implementing certain cybersecurity protection measures.

- In case cross-border supply enterprises are declared to violate Vietnamese laws by competent authorities, Vietnamese organizations and enterprises shall cooperate with relevant competent agencies in preventing and handling acts of violating laws of cross-border supply enterprises.

- Any acts of exploiting or taking advantage of cybersecurity protection measures to violate laws shall be handled based on their nature and level of violation according to regulations of the law; In case of damage to legitimate rights and benefits of organizations and individuals, compensate as prescribed by law.

- Regarding information systems not included in the List of major national security information systems, the Ministry of Public Security of Vietnam, the Ministry of National Defense of Vietnam, and the Ministry of Information and Communications of Vietnam shall synchronously cooperate in protecting cybersecurity and cyber information security according to their functions and assigned tasks:

+ The Ministry of Information and Communications of Vietnam shall act as the focal point in charge of civil activities, excluding regulations prescribed in Points b and c of this Clause;

+ The Ministry of Public Security of Vietnam shall be the focal point in charge of activities of protecting national security, social order and safety, and cybersecurity and preventing and combating cybercriminals, cyber-terrorists, and cyber-spies;

+ The Ministry of National Defense of Vietnam shall be the focal point in charge of activities of protecting the Fatherland in cyberspace.

2. Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam

Criteria for assurance of cybersecurity for devices, hardware, and software that are components of the system in Vietnam according to Article 10 of Decree 53/2022/ND-CP are as follows:

- Hardware devices that are components of the system shall be tested for cybersecurity to detect weaknesses and confidential vulnerabilities, malicious codes, transceivers, and malicious hardware for the assurance of compatibility with other components in the major national security information system.

Administrative devices must be installed with operating systems and clean applications and have layers of firewall protection. Information systems that handle state confidentialities shall not be connected to the Internet.

- Products that are warned or notified to have risks of cybersecurity disorder by cybersecurity protection forces shall not be put into use, or they shall have measures to handle and remedy weaknesses, confidential vulnerabilities, malicious codes, and malicious hardware before being put into use.

- Digital data and information shall be handled and stored via information systems of state confidentiality shall be encrypted or have protection measures during the process of establishment, trade, and storage on the Internet according to regulations of laws on state confidentiality protection.

- Information technology devices, communication means, data containers, and devices serving activities of information systems shall be managed, destroyed, or fixed according to laws on state confidentiality protection and working regulations of governing bodies of such information systems.

- System software, feature software, middleware, database, application programs, source codes, and development tools shall be periodically reviewed and updated with patches.

- Mobile devices and devices with information storage features when connecting to the internal network of a major national security information system shall be tested and controlled for safety assurance and may only be used in such information systems.

- Devices and means that store information when connecting, transporting, and storing shall:

+ Test the confidentiality before connecting to major national security information systems;

+ Control the connection and disconnection of devices of major national security information systems;

+ Implement measures to ensure safety during transport and storage and protection measures regarding the stored information of state confidentiality.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE