Recently, Ningbo Cyberspace Administration, Ningbo Development and Reform Commission, and Ningbo Big Data Bureau jointly issued the "Ningbo Municipal Affairs Information Project Cybersecurity Review Measures" (hereinafter referred to as the "Measures"). What are the provisions of the "Measures"? What are the characteristics and highlights? Let us look at it together.
1. What is the background of the "Methods"?
Network security is a major strategic issue related to national security and national development, as well as to the work and life of the people. Our city has established a network security review system for government affairs information projects. The purpose is to improve the security and controllability level of government information systems and promote the development of network security and informatization through the network security review initiative. The promulgation of the "Measures" provides an important system guarantee for the city's network security review of government information projects.
2. What is the basis for the network security review of government information projects?
The network security review of government affairs information projects is a work carried out in accordance with the "Network Security Law of the People's Republic of China", "Network Security Review Measures" and "Ningbo Municipal Affairs Information Project Construction Management Measures". Article 10 of the "Cyber Security Law of the People's Republic of China" stipulates that the construction and operation of networks or the provision of services through the network shall, in accordance with the provisions of laws, administrative regulations and mandatory requirements of national standards, adopt technical measures and other necessary measures to ensure network security , Stable operation, effectively respond to network security incidents, prevent network illegal and criminal activities, and maintain the integrity, confidentiality and availability of network data.
3. Which government information projects need to be reviewed for network security?
According to Article 2 of the "Ningbo Municipal Administration Informationization Project Construction Management Measures" (Yongzheng Banfa [2020] No. 59), government affairs informationization projects include: municipal-level unified e-government network platform, key business information systems, and information resources Database, information security infrastructure, e-government infrastructure (data center, computer room) and other projects that meet the requirements of the national "Government Information System Definition and Scope". The construction of this municipal informationization project shall be subject to network security review in accordance with these Measures. Other informationization projects shall be implemented with reference to these Measures.
4. What are the key assessments of the cybersecurity review of government information projects? The
network security review focuses on assessing the possible network security risks of the government information system, mainly considering the following factors: the impact on the stable operation of the government information system, including the possibility of the system being controlled, interfered with, and business continuity being damaged; resulting in personal information And the possibility of important data leakage, theft, tampering, destruction, illegal use, etc.; the controllability, transparency, and supply chain security of the products and services to be selected by the government information system; the providers of products and services to be selected by the government information system ( Including system developers) compliance with national laws and regulations, as well as promised responsibilities and obligations; other factors that may endanger the security of government information systems and data.
5. What are the specific contents of the network security review of government information projects? The
network security review mainly examines whether the construction unit takes necessary measures to ensure that the government information system has the performance to support business stability and continuous operation, and to ensure that the network security technical measures are planned, constructed and used simultaneously, and whether the network security management system has been established and perfected regularly. Carry out network security testing and risk assessment to ensure the safety of information system operation and the data security of government information resource sharing and exchange. The specific content of the review includes: the rationality of the design of network security objectives and protection objects; the self-grading status of the network security protection level of the protection objects and the reasons for determining; the current status of network security and risk analysis; the rationality of security planning and security plan design; Whether the security product complies with the relevant regulations of the country and the competent authority on network security management; the rationality of the data security design; the network security funding arrangement plan; the establishment of the network security management system, and other content that needs to be reviewed.
6. When will the network security review be conducted? The network security review is carried out during the approval stage of the informatization project. As an important part of the preliminary demonstration of the government informationization project, the network security review is carried out simultaneously with the preliminary demonstration of the project and the expert technical review, and the review opinions are incorporated into the preliminary demonstration opinions.
Article 12 of the "Ningbo Municipal Administration Informationization Project Construction Management Measures" stipulates that the government affairs informationization project should strengthen the preliminary demonstration and expert technical review. For the government affairs information project plan and other materials submitted by the project construction unit, the Municipal Big Data Bureau organizes the Municipal Economic and Information Bureau, the Municipal Party Committee’s Cyberspace Administration ofPeriod of argumentation.
7. What are the conclusions of the network security review of government information projects?
review conclusions and recommendations include three cases: passed the review, passed the review with conditions, and failed the review. Projects that pass the review with conditions need to take necessary measures to meet the corresponding conditions before they can pass the review; those that fail the network security review cannot enter the project approval process.
8. Under what circumstances will government information projects fail the network security review? If
has any of the following circumstances, it should make an opinion that it will not pass the review: the application materials contain false materials or invalid materials that affect the review; do not comply with national laws and administrative regulations, or have important deficiencies; do not comply with the national network The relevant standards of the security grade protection system; the network security design has serious unreasonable or security risks; the violation of the national, provincial, and municipal infrastructure procedures; the failure to implement the Measures and the review requirements.
9. How to ensure the business secrets and intellectual property rights of the project construction unit during the review process?
Government affairs information project network security review fully respects and strictly protects the intellectual property rights of enterprises. The "Measures" stipulate that relevant agencies and personnel involved in cyber security reviews shall strictly protect the business secrets and intellectual property rights of enterprises, and assume confidentiality obligations for the undisclosed materials submitted by the construction unit and other undisclosed information learned during the review; The unit agrees that it shall not be disclosed to a third party or used for purposes other than review.
· Precision · Color · Back · Gu
◆ "Install the brakes and then go on the road"-Ningbo's three departments jointly issued the "Ningbo Municipal Affairs Information Project Cybersecurity Review Measures"
