The Regulations on the Security Management of Internet Government Applications, formulated by the Office of the Central Cyber Security and Information Technology Commission, the Office of the Central Institutional Development Commission, the Ministry of Industry and Information Technology, and the Ministry of Public Security, were recently issued. The regulations require that the construction and operation of Internet government applications should take technical measures and other necessary measures in accordance with the provisions of relevant laws and administrative regulations and the mandatory requirements of national standards to prevent risks such as content tampering, paralysis caused by attacks, data theft, and ensure the safe and stable operation of Internet government applications and data security.
The regulations have eight chapters, including general principles, start-up and construction, information security, network and data security, e-mail security, monitoring and early warning and emergency response, supervision and management, and supplementary provisions.
The regulations require that a party and government organ can set up at most one portal website. The name of the Internet government application shall give priority to the name of the entity and the standardized abbreviation. If other names are used, in principle, the name of the region plus the name of the responsibility shall be adopted, and the name of the entity shall be marked in a prominent position.
The regulations point out that organs and institutions should take security and confidentiality prevention and control measures, strictly prohibit the release of state secrets and work secrets, and prevent the risk of disclosure caused by the convergence and association of Internet government application data. It is necessary to strengthen the confidentiality management of the storage, processing and transmission of work secrets of Internet government applications.
According to the regulations, government agencies and institutions should establish and improve the security monitoring capability of Internet government applications, and monitor the operation status of Internet government applications and network security events in real time.
The regulations shall come into force as of July 1, 2024.