Notice concerning Issues in the Implementation of the “Computer Information Network International Interconnection Security Protection Management Rules”

Posted on Updated on

All provincial, autonomous region and municipal Public Security offices and bureaus, the Xinjiang Production-Construction Corps Public Security Bureau:

With the approval of the State Council, the Ministry of Public Security promulgated and implemented the “Computer Information Network International Interconnection Security Protection Management Rules” (hereafter simply named “Rules”) on 30 December 1997. The implementation of the said “Rules” has had an important function in strengthening the security protection work for international interconnection of computer information networks, but various localities have, during the process of implementation, also reflected a number of problems where provisions were insufficiently clear and concrete, punishment was difficult to implement, etc. In order to implement the said “Rules” even better, hereby, the following is notified in relation to issues in the implementation of the “Rules”:

I, Concerning the issues of “security protection management systems”

“Security protection management systems” as in Article 10, Paragraph 1 and Article 11, Paragraph 1 of the “Rules” mainly includes: (1) information dissemination examination, verification and registration systems; (2) information supervision, preservation, deletion and back-up systems; (3) virus monitor and network security leak monitor systems; (4) systems to report unlawful files and assist in investigation and prosecution; (5) account use registration and operational power management systems; (6) security management personnel post work systems; (7) security education and training systems; (8) other management systems related to security protection.

II, Concerning the issue of “technological security protection measures”

“Technological security protection measures” as in Article 10, Paragraph 2 and “security protection technology measures” as in Article 21, Paragraph II of the “Rules” mainly includes (1) having functions to preserve a daily record of system network operations for three months or more and a daily record of users’ usage, of which the content includes IP address allocation and use, the beginning and ending times and corresponding IP addresses of the distributor of interactive information, the person safeguarding the main page, the mailbox user and dial-up user surfing, interactive column information, etc.; (2) having functions for security auditing and warnings; (3) where e-mail service is set up, having functions for identity registration, distinction and confirmation; (5) computer virus prevention functions; (6) other technological measures to protect information and system network security.

III, Concerning the issue of “information, materials and data documents necessary for security protection management”

“Information, materials and data documents related to security protection management” as in Article 8 of the Rules and “information, materials and data documents necessary for security protection management” mainly include: (1) the situation of users’ registration, use and modification (including account numbers, IP and e-mail addresses, etc.); (2) the situation of IP address allocation, use and modification; (3) the situation of webpage column setup and modification and the responsible persons for columns; (4) the situation of network service function installation; (5) other information related to security protection.

IV, concerning the issue of “preserving relevant original records”

“Relevant original records” as in Article 10, Paragraph 6 of the “Rules” refers to the time of appearance or occurrence online, all relevant data recorded and stored by computers, including times, content (such as images, text, audio, etc.), source (for example original IP addresses, e-mail addresses, etc.), and daily system network operation records, daily user usage records, etc.

V, Concerning the issue of implementation of the administrative punishment of “cessation of machines for rectification”

For a punishment decision of “cessation of machines for rectification” made according to the “Rules”, the implementation measures that may be adopted include: (1) ceasing computer information system operation; (2) ceasing a part of computer information system functions; (3) freezing users’ network accounts; (4) other effective implementation measures.

After all localities receive this Notice, they must publish its content to society in a suitable manner, and implement it in integration with reality. Please timely report important problems encountered during work to the Ministry.

Ministry of Public Security of the People’s Republic of China.

13 February 2000

 

关于执行《计算机信息网络国际联网安全保护管理办法》中有关问题的通知

 

各省、自治区、直辖市公安厅、局,新疆生产建设兵团公安局:

经国务院批准,公安部于1997年12月30日发布实施了《计算机信息网络国际联网安全保护管理办法》(以下简称《办法》)。该《办 法》的实施,对于加强计算机信息网络国际联网安全保护工作发挥了重要作用,但各地在执行过程中也反映出部分规定不够明确和具体、处罚难以操作等问题。为了更好地实施该《办法》,现将执行《办法》中的有关问题通知如下:

一、 关于”安全保护管理制度”问题

《办法》第十条第一项和第二十一条第一项中的”安全保护管理制度”主要包括:(1)信息发布审核、登记制度;(2)信息监视、保存、清 除和备份制度;(3)病毒检测和网络安全漏洞检测制度;(4)违法案件报告和协助查处制度;(5)账号使用登记和操作权限管理制度;(6)安全管理人员岗 位工作职责;(7)安全教育和培训制度;(8)其他与安全保护相关的管理制度。

二、 关于”安全保护技术措施”问题

《办法》第十条第二项中的”安全保护技术措施”和第二十一条第二项中的”安全技术保护措施”主要包括:(1)具有保存3个月以上系统网 络运行日志和用户使用日志记录功能,内容包括IP地址分配及使用情况,交互式信息发布者、主页维护者、邮箱使用者和拨号用户上网的起止时间和对应IP地 址,交互式栏目的信息等;(2)具有安全审计或预警功能;(3)开设邮件服务的,具有身份登记和识别确认功能;(5)计算机病毒防护功能;(6)其他保护 信息和系统网络安全的技术措施。

三、 关于”安全保护管理所需信息、资料及数据文件”问题

《办法》第八条中的”有关安全保护的信息、资料及数据文件”和第二十一条第四项中的”安全保护管理所需信息、资料及数据文件”主要包 括:(1)用户注册登记、使用与变更情况(含用户账号、IP与EMAIL地址等);(2)IP地址分配、使用及变更情况;(3)网页栏目设置与变更及栏目 负责人情况;(4)网络服务功能设置情况;(5)与安全保护相关的其他信息。

四、 关于”保留有关原始记录”问题

《办法》第十条第十条第六项中的”有关原始记录”是指有关信息或行为在网上出现或发生时,计算机记录、存贮的所有相关数据,包括时间、内容(如图像、文字、声音等)、来源(如源IP地址、EMAIL地址等)及系统网络运行日志、用户使用日志等。

五、 关于”停机整顿”处罚的执行问题

按照《办法》规定作出”停机整顿”的处罚决定,可采取的执行措施包括:(1)停止计算机信息系统运行;(2)停止部分计算机信息系统功能;(3)冻结用户联网账号;(4)其他有效执行措施。

各地接到本通知后,要以适当的形式将其内容向社会公布,并结合实际贯彻落实。工作中遇到的重要问题,请及时报部。

中华人民共和国公安部

二零零零年二月十三日

One thought on “Notice concerning Issues in the Implementation of the “Computer Information Network International Interconnection Security Protection Management Rules”

    Latest Updates | China Copyright and Media said:
    April 20, 2013 at 9:45 am

    […] Notice concerning Issues in the Implementation of the “Computer Information Network International … (2000) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s