What are vtv2 trực tiếp bóng đá hôm nay regulations on vtv2 trực tiếp bóng đá hôm nay basic List of criteria for cyberinformation security for surveillance cameras in Vietnam?

What are vtv2 trực tiếp bóng đá hôm nay regulations on vtv2 trực tiếp bóng đá hôm nay basic List of criteria for cyberinformation security for surveillance cameras in Vietnam?

On May 7, 2024, vtv2 trực tiếp bóng đá hôm nay Minister of Information and Communications issued Decision 724/QD-BTTTT in 2024 regarding vtv2 trực tiếp bóng đá hôm nay basic List of criteria for cyberinformation security for surveillance cameras.

According to vtv2 trực tiếp bóng đá hôm nay Decision, vtv2 trực tiếp bóng đá hôm nay regulations on vtv2 trực tiếp bóng đá hôm nay basic List of criteria for cyberinformation security for surveillance cameras in Vietnam are as follows:

(1) Requirements of Documentation

User manuals should be provided for product usage instructions.

(2) Authentication Management

- Prevention of brute force attacks

+ vtv2 trực tiếp bóng đá hôm nay system shall provide vtv2 trực tiếp bóng đá hôm nay system administration function for changing vtv2 trực tiếp bóng đá hôm nay lockout time, vtv2 trực tiếp bóng đá hôm nay number of failed login attempts, and vtv2 trực tiếp bóng đá hôm nay continuous failed login time period. vtv2 trực tiếp bóng đá hôm nay default setting shall lock out login attempts for 5 minutes after 5 consecutive failed login attempts under 30 seconds.

+ vtv2 trực tiếp bóng đá hôm nay system shall only provide information to users about successful or failed login attempts without disclosing any other information that could be exploited for brute force attacks.

- Secure password management

+ vtv2 trực tiếp bóng đá hôm nay system shall request vtv2 trực tiếp bóng đá hôm nay users to change vtv2 trực tiếp bóng đá hôm nay default password or vtv2 trực tiếp bóng đá hôm nay generated password when using vtv2 trực tiếp bóng đá hôm nay device for vtv2 trực tiếp bóng đá hôm nay first time.

+ vtv2 trực tiếp bóng đá hôm nay system shall have a function to control secure passwords. Generated passwords should meet complexity requirements (minimum length of 8 characters, including uppercase letters, lowercase letters, numbers, and special characters).

+ vtv2 trực tiếp bóng đá hôm nay SHA-256 hash function or higher shall be used.

- Secure default password initialization

vtv2 trực tiếp bóng đá hôm nay default passwords for camera devices and related services (if any) must meet vtv2 trực tiếp bóng đá hôm nay following requirements:

+ vtv2 trực tiếp bóng đá hôm nay password shall include a minimum length of 8 characters, including uppercase letters, lowercase letters, numbers, and special characters.

+ vtv2 trực tiếp bóng đá hôm nay password initialization mechanism shall use a method that generates random values.

+ vtv2 trực tiếp bóng đá hôm nay password initialization mechanism shall not rely on publicly available information (e.g., MAC address, Wi-Fi SSID string, product name, product type, etc.).

+ Each camera device shall have a different default password.

- Authentication Management

+ vtv2 trực tiếp bóng đá hôm nay system shall have authentication functions that allow authentication of different types of entities, such as users or devices, with different authentication values.

+ Passwords stored on vtv2 trực tiếp bóng đá hôm nay camera shall be encrypted.

(3) Vulnerability Management

- Requirements for device vulnerability management systems

Manufacturers must have an online system to receive and disclose information about device vulnerabilities to users.

- Requirements for security vulnerability disclosure information

+ Descriptions of vulnerabilities, classifications, and severity grades shall be provided.

+ Descriptions of affected versions shall be provided.

+ Guidelines for updating and addressing vulnerabilities shall be included.

(4) Management and Implementation of Updates

- Requirements for update management systems

Manufacturers must have an online system to:

+ Disclose information about update versions.

+ Manage and implement updates for camera devices with internet connectivity.

- Requirements for update version information

Update version information should include at least vtv2 trực tiếp bóng đá hôm nay following details:

+ System software version.

+ Safety check code for vtv2 trực tiếp bóng đá hôm nay system software.

+ Descriptions of updated system software information.

- Requirements for internet-based version update functionality

+ Update functionality shall be performed through a secure network connection using secure encryption methods that meet vtv2 trực tiếp bóng đá hôm nay requirements stated in Section 6.1 of this document.

+ Authentication shall be required before performing updates.

+ New update versions shall be notified when users login and administer vtv2 trực tiếp bóng đá hôm nay devices.

+ vtv2 trực tiếp bóng đá hôm nay system shall have a function to enable automatic installation of patches from vtv2 trực tiếp bóng đá hôm nay manufacturer.

+ vtv2 trực tiếp bóng đá hôm nay system shall have a function to verify vtv2 trực tiếp bóng đá hôm nay integrity of updates, which have vtv2 trực tiếp bóng đá hôm nay manufacturer's digital signature.

(5) Safety Session Management

- Login Session Management

vtv2 trực tiếp bóng đá hôm nay camera device and vtv2 trực tiếp bóng đá hôm nay user interface application have a timeout feature that allows automatic logout after a certain period of time.

- Secure Session Key Generation

Secure session keys are generated for users upon successful login in accordance with vtv2 trực tiếp bóng đá hôm nay following requirements:

+ vtv2 trực tiếp bóng đá hôm nay session key is resistant to brute force attacks.

+ vtv2 trực tiếp bóng đá hôm nay session key is not deterministically generated and includes a random component.

+ vtv2 trực tiếp bóng đá hôm nay session key is not recoverable.

+ There is a function to invalidate or cancel a session login or previous session logins when vtv2 trực tiếp bóng đá hôm nay user logs in again.

(6) Communication Channel Management

- Secure Communication Connection Requirements

+ Encryption methods based on current Vietnamese standards or equivalent international standards are used.

+ vtv2 trực tiếp bóng đá hôm nay encryption method utilizes versions that do not contain publicly disclosed vulnerabilities or weaknesses in network information security announced by domestic or foreign organizations or agencies.

- Secure Access to Device Configuration

+ A secure channel shall be used for device access configuration.

+ Access to device configuration shall be controlled:

i. Grant minimal access privileges (only for configuration and device administration) to authenticated entities.

ii. Deny access to failed authentication entities.

iii. Deny access to entities that have not been authenticated.

+ Deny access to authenticated entities (users and machines) when vtv2 trực tiếp bóng đá hôm nay camera is in vtv2 trực tiếp bóng đá hôm nay initial operational state for:

i. Authenticated entities without sufficient access rights.

ii. Failed authentication entities.

iii. Unauthenticated entities.

Exception: All vtv2 trực tiếp bóng đá hôm nay above requirements do not apply to system services that support camera device operations such as ARP, DHCP, DNS, ICMP, NTP, etc.

(7) Interface Management

- Authentication Information Security

In vtv2 trực tiếp bóng đá hôm nay initial operational state, when vtv2 trực tiếp bóng đá hôm nay user has not been authenticated, vtv2 trực tiếp bóng đá hôm nay network interface of vtv2 trực tiếp bóng đá hôm nay device only provides publicly available information related to device operation and usage.

- Logic and Network Interface Management

+ Logic and network interfaces that are activated when vtv2 trực tiếp bóng đá hôm nay device is in vtv2 trực tiếp bóng đá hôm nay initial operational state must have a purpose description explaining why vtv2 trực tiếp bóng đá hôm nay interface is activated.

+ There is a function to enable or disable interfaces based on vtv2 trực tiếp bóng đá hôm nay description.

- Debug Interface Management

vtv2 trực tiếp bóng đá hôm nay debug interface must be disabled by default.

- Physical Interface Management

+ There is a function to disable physical connection ports when not in use.

+ All unused physical interfaces must be disabled from access in vtv2 trực tiếp bóng đá hôm nay default root installation mode.

(8) User Data Information Security

- Personal Data Protection

vtv2 trực tiếp bóng đá hôm nay camera device and associated services must have features that allow vtv2 trực tiếp bóng đá hôm nay configuration and storage location to be set within Vietnam for processing, storage, and exploitation of data (e.g., on memory cards/peripheral devices, cloud computing services located in Vietnam, etc.) to ensure compliance with Vietnamese laws on personal data protection.

- Data Collection Sensors

vtv2 trực tiếp bóng đá hôm nay user manual (or equivalent publicly available documentation) must list vtv2 trực tiếp bóng đá hôm nay inventory of sensors used by vtv2 trực tiếp bóng đá hôm nay camera device, and describe vtv2 trực tiếp bóng đá hôm nay functions and operating principles of each sensor used by vtv2 trực tiếp bóng đá hôm nay camera device.

- Personal Data Protection Notifications

During device initialization, setup, and configuration, there must be an interface that notifies users of vtv2 trực tiếp bóng đá hôm nay storage and processing location (country) of vtv2 trực tiếp bóng đá hôm nay data collected by vtv2 trực tiếp bóng đá hôm nay camera device and associated services.

- Erasing Data on vtv2 trực tiếp bóng đá hôm nay Camera Device

+ There is a function that allows users to delete collected and stored data on vtv2 trực tiếp bóng đá hôm nay camera device.

+ There is a function to notify users of vtv2 trực tiếp bóng đá hôm nay successful/failed deletion of data on vtv2 trực tiếp bóng đá hôm nay device when performing vtv2 trực tiếp bóng đá hôm nay deletion function.

+ There is a function to obtain user consent before deleting data.

- Erasing Data on Associated Services

+ There is a function that allows users to delete stored data on associated services.

+ There is a function to notify users of vtv2 trực tiếp bóng đá hôm nay successful/failed deletion of data on associated services when performing vtv2 trực tiếp bóng đá hôm nay deletion function.

+ There is a function that allows users to set an automatic data deletion time on associated services. vtv2 trực tiếp bóng đá hôm nay deletion time can be set by vtv2 trực tiếp bóng đá hôm nay user on vtv2 trực tiếp bóng đá hôm nay camera or follow vtv2 trực tiếp bóng đá hôm nay manufacturer's default time.

+ There is a function to obtain user consent before deleting data.

(9) Application Security

vtv2 trực tiếp bóng đá hôm nay camera device must have vtv2 trực tiếp bóng đá hôm nay following features:

+ Validate input data entered by users or through vtv2 trực tiếp bóng đá hôm nay programming interface.

+ Prevent vtv2 trực tiếp bóng đá hôm nay processing of input data that violates predefined filter conditions set by vtv2 trực tiếp bóng đá hôm nay manufacturer.

+ Validate data to prevent attacks on vtv2 trực tiếp bóng đá hôm nay device interface. Such attacks include, but are not limited to: SQL Injection, OS Command Injection, XPath Injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF).

(10) Ability to Recover System to Normal State after Incidents

In vtv2 trực tiếp bóng đá hôm nay event of a non-hardware-related error requiring a device reboot, vtv2 trực tiếp bóng đá hôm nay device ensures normal operation in vtv2 trực tiếp bóng đá hôm nay next boot.

What are vtv2 trực tiếp bóng đá hôm nay regulations on vtv2 trực tiếp bóng đá hôm nay basic List of criteria for cyberinformation security for surveillance cameras in Vietnam? - image from vtv2 trực tiếp bóng đá hôm nay internet

What is cyberinformation security according to vtv2 trực tiếp bóng đá hôm nay law in Vietnam?

According to Clause 1, Article 3 of Law on Cyberinformation Security 2015, vtv2 trực tiếp bóng đá hôm nay definition of cyberinformation security is as follows:

Cyberinformation security means vtv2 trực tiếp bóng đá hôm nay protection of information and information systems in cyberspace from being illegally accessed, utilized, disclosed, interrupted, altered or sabotaged in order to ensure vtv2 trực tiếp bóng đá hôm nay integrity, confidentiality and usability of information.

What are grades of network information system security in Vietnam?

According to Article 21 of vtv2 trực tiếp bóng đá hôm nay Law on Cyberinformation Security 2015, vtv2 trực tiếp bóng đá hôm nay classification of grades of network information system security is as follows:

- Grade 1: vtv2 trực tiếp bóng đá hôm nay Grade at which damage would harm vtv2 trực tiếp bóng đá hôm nay lawful rights and interests of organizations or individuals but will not harm public interests, social order and safety or national defense and security.

- Grade 2: vtv2 trực tiếp bóng đá hôm nay Grade at which damage would seriously harm lawful rights and interests of organizations or individuals or will harm public interests but will not harm social order and safety or national defense and security.

- Grade 3: vtv2 trực tiếp bóng đá hôm nay Grade at which damage would seriously harm production, public interests and social order and safety or will harm national defense and security.

- Grade 4: vtv2 trực tiếp bóng đá hôm nay Grade at which damage would cause extremely serious harm to public interests and social order and safety or will seriously harm national defense and security.

- Grade 5: vtv2 trực tiếp bóng đá hôm nay Grade at which damage would cause extremely serious harm to national defense and security.

- vtv2 trực tiếp bóng đá hôm nay classification of grades of network information system security is intended to apply management and technical measures to protect vtv2 trực tiếp bóng đá hôm nay information system according to its appropriate grade.

Best regards!