Security departments at all levels and security agencies of central and state organs are in charge of the security of computer information systems in their respective regions and departments. Chapter II Security System Article 4 When planning and building a computer information system, corresponding security facilities shall be planned and implemented simultaneously. Article 5 The development, installation and use of computer information systems must meet the confidentiality requirements. Article 6 Computer information systems shall take effective security measures and be equipped with qualified special security equipment to prevent leakage and theft. The security measures taken shall meet the confidentiality requirements of the information processed. Article 7 Computer information system networking shall adopt technical measures such as system access control, data protection, system security monitoring and management. Article 8 Access to computer information systems shall be controlled according to the authority, and unauthorized operations shall not be conducted. Databases that have not taken technical security and confidentiality measures shall not be networked. Chapter III Confidential Information Article 9 The collection, storage, processing, transmission, use and destruction of confidential information and data must abide by the confidentiality provisions. Article 10 The classified information stored, processed, transmitted and output by a computer information system shall have corresponding classification marks, and the classification marks shall not be separated from the text. Article 11 Computer information systems connected with international networks shall not store, process or transmit state secret information. Chapter IV Confidential Media Article 12 Computer media storing state secret information shall be marked with the highest confidentiality level of the stored information, and shall be managed according to the files with corresponding confidentiality levels.
State secret information stored in computer information systems should be protected. Article 13 Computer media storing state secret information shall not be used with reduced security. No longer used media should be destroyed in time. Article 14 The maintenance of computer media storing state secret information shall ensure that the stored state secret information is not leaked. Fifteenth confidential documents printed by computer information system should be managed according to the corresponding confidential documents. Chapter V Confidential Places Article 16 Confidential information processing places shall, in accordance with relevant state regulations, keep a corresponding safe distance from the residences of overseas institutions and personnel. Seventeenth confidential information processing sites should be set up according to the confidentiality level and the relevant provisions of the control area, without the approval of the management authority, irrelevant personnel are not allowed to enter. Eighteenth confidential information processing sites should be regularly or according to the need for security technical inspection. Nineteenth computer information systems should take corresponding security measures to prevent the leakage of electromagnetic information. Article 20 Other physical security requirements of computer information systems shall conform to the relevant national security standards. Chapter VI System Management Article 21 The leadership responsibility system shall be implemented in the security management of computer information systems. The leader in charge of the unit that uses the computer information system is responsible for the security work of the computer information system of the unit, and designates relevant institutions and personnel to undertake it specifically.
The security institutions of all units shall assist the leaders of their own units in guiding, coordinating, supervising and inspecting the security work of computer information systems. Article 22 Users of computer information systems shall formulate corresponding management systems according to the classification and importance of the information processed by the system. Twenty-third security departments at all levels shall, in accordance with the relevant provisions and standards, conduct safety technical inspections of computer information systems in the region. Twenty-fourth computer information system security management personnel should undergo strict assessment, regular assessment, and maintain relative stability. Twenty-fifth units of the security agencies to deal with computer information system staff pre-job safety training, and regular safety education and inspection. Twenty-sixth any unit or individual shall take remedial measures in time after discovering the leakage of computer information system, and report to the superior in time according to relevant regulations. Chapter VII Awards and Penalties Article 27 Units and personnel who have made remarkable achievements in the security of computer information systems shall be rewarded. Twenty-eighth in violation of the provisions, the security department and the security agency shall order it to stop using it, make rectification within a time limit, and use it only after the inspection and acceptance by the security department and the security agency. Twenty-ninth in violation of these regulations, the disclosure of state secrets shall be handled in accordance with the "People's Republic of China (PRC) Law on Guarding State Secrets" and its implementation measures, and the responsibility of the unit leaders shall be investigated. Chapter VIII Supplementary Provisions Article 30 The security of military computer information systems shall be implemented in accordance with the relevant regulations of the military. Article 31 These Provisions shall come into force as of the date of promulgation.