The hottest network security review measures answe

"Network security review measures" Q & A

release of "network security review measures"

recently, the national Internet Information Office, the national development and Reform Commission and other 12 departments jointly issued the "network security review measures" (hereinafter referred to as the "measures"). The relevant person in charge of the state Internet Information Office answered questions about the measures

Q: would you please introduce the background of the measures

answer: key information infrastructure is crucial to national security, economic security, social stability, public health and safety. The purpose of establishing network security review system in China is to find and avoid risks and hazards to the operation of key information infrastructure caused by purchasing products and services as soon as possible, ensure the security of supply chain of key information infrastructure and maintain national security through network security review. The promulgation of the "measures" provides an important institutional guarantee for China to carry out network safety review

Q: what is the legal basis for network security review

answer: network security review is a work carried out in accordance with the national security law and the network security law. Article 59 of the national security law stipulates that the state establishes a system and mechanism for national security review and supervision to conduct national security review on information technology products and services and other major matters and activities that affect or may affect national security. Article 35 of the network security law stipulates that if the operators of key information infrastructure purchase network products and services that may affect national security, they shall pass the national security review organized by the state information technology department in conjunction with the relevant departments of the State Council

Q: what are the main contents of network security review

answer: the network security review focuses on assessing the national security risks that may be brought about by the purchase of network products and services by key information infrastructure operators, including the risks that the key information infrastructure brought about by the use of products and services is illegally filled with physical fibers of wood flour, mixed with PE, PVC and other resins, interfered with or damaged, and important data is stolen, leaked, and damaged; The harm of interruption of product and service supply to the business continuity of key information infrastructure; The security, openness, transparency, diversity of sources of products and services, the reliability of supply channels, and the risk of supply interruption due to political, diplomatic, trade and other factors; Compliance of product and service providers with Chinese laws, administrative regulations and departmental rules; Other factors that may endanger the security of critical information infrastructure and national security

Q: which network operators need to consider applying for network security review when purchasing products and services

answer: if key information infrastructure operators purchase network products and services that affect or may affect national security, they should conduct network security review in accordance with the measures

according to the spirit of the notice on matters related to the security protection of key information infrastructure issued by the central network security and Information Commission, when purchasing network products and services, important network and information system operators in the fields of telecommunications, radio and television, energy, finance, road and waterway transportation, railways, civil aviation, postal services, water conservancy, emergency management, health, social security, national defense science, technology and industry, The application for network safety review should be considered in accordance with the requirements of the measures

ask: when to apply for network safety review

answer: generally, operators of critical information infrastructure should apply for network security review before formally signing contracts with product and service providers. If you apply for network security review after signing the contract, it is suggested to indicate in the contract that the contract can take effect only after the procurement of products and services passes the network security review, so as to avoid losses caused by failure to pass the network security review

ask: is there a time limit for network safety review

answer: usually, the network security review is completed within 45 working days, and it will be extended by 15 working days if the situation is complex

it may take 45 working days or more for the review items to enter the special review procedure

according to the requirements of the measures, the time for supplementary materials is not included in the review time limit

Q: how to ensure the trade secrets and intellectual property rights of key information infrastructure operators and product and service providers during the review process

when the DC power is turned off, pay attention to turn off the main motor. The energy saving of the experimental machine is about 40% - 60% due to the influence of the brush. A: the network safety review fully respects and strictly protects the intellectual property rights of the enterprise. The measures stipulates that the relevant institutions and personnel participating in the network security review shall strictly protect the business secrets and intellectual property rights of enterprises, and undertake the confidentiality obligation for the undisclosed materials submitted by the operators of key information infrastructure, products and service providers, as well as other undisclosed information learned in the review; Without the consent of the information provider, it shall not be disclosed to unrelated parties or used for purposes other than review. If the key information infrastructure operator or product and service provider believes that the reviewer is not objective and impartial, or fails to undertake the obligation of confidentiality for the information learned in the review, it can report to the network security review office or relevant departments

Q: will network security review restrict or discriminate against foreign products and services

answer: the measures clearly stipulates the contents to be reviewed, from which we can see that the purpose of network security review is to maintain national network security, not to restrict or discriminate against foreign products and services

Q: what laws should be borne for violating the provisions of the measures

answer: according to Article 65 of the cybersecurity law, those who should apply for cybersecurity review but fail to do so, or use products and services that fail to pass the cybersecurity review, shall be ordered by the relevant competent departments to stop using them and be fined not less than one time but not more than ten times the purchase amount; The person in charge directly responsible and other direct personnel shall be fined not less than 10000 yuan but not more than 100000 yuan

ask: to whom does the network security review report

answer: according to the measures, the network security review office is located in the national Internet information office. The specific work is entrusted to the China network transformation, which means that the development mode should be transferred from the factor scope type to the quality benefit type, and the safety review technology and certification center should undertake it

under the guidance of the network security review office, China Network Security Review Technology and certification center undertakes the tasks of receiving application materials, conducting formal review of application materials, and organizing specific review work