Article 1 In order to ensure the security of key information infrastructure in the autonomous region and maintain network security, these Regulations are formulated in accordance with the Cyber Security Law of the People's Republic of China, the Regulations of the State Council on the Security Protection of Key Information Infrastructure and relevant laws and regulations, combined with the actual situation of the autonomous region. Article 2 These Regulations shall apply to the safety protection, supervision and management of key information infrastructure within the administrative area of the autonomous region. Article 3 The security protection, supervision and management of key information infrastructure in the autonomous region shall adhere to the leadership of the Party and follow the principles of comprehensive coordination, division of responsibilities, legal protection and * * * protection. Article 4 The Cyber Security and Informatization Committee of the Autonomous Region shall lead the security protection of key information infrastructures in the whole region in a unified way, and the cyber security and informatization committees of the states (cities, prefectures) and counties (cities, districts) shall lead the security protection of key information infrastructures within their respective administrative areas. Article 5 As the office of the Network Security and Informatization Committee, the Network Information Division is responsible for coordinating and coordinating the relevant departments such as communication, public security, national security, industry and informatization, confidentiality and password management. Establish and improve the security protection mechanism of key information infrastructure, establish and improve the security protection system of key information infrastructure, and improve the ability of security risk monitoring, prevention and disposal. Article 6 Public security organs shall be responsible for guiding and supervising the security protection of key information infrastructure. Communications, national security, confidentiality, password management and other departments shall, in accordance with the provisions of relevant laws and regulations, be responsible for the security protection, supervision and management of key information infrastructure within their respective responsibilities. Article 7 The competent departments and supervision and management departments of important industries and fields involving key information infrastructure (hereinafter referred to as protection departments) shall guide and supervise the safety protection of key information infrastructure in their own industries and fields. Article 8 Operators of key information infrastructure (hereinafter referred to as operators) shall ensure the safe and stable operation of key information infrastructure in accordance with relevant laws, regulations, the provisions of these Regulations and the requirements of relevant standards. Ninth key information infrastructure protection work to implement the department responsibility system and the operator responsibility system, and included in the annual network security work responsibility system assessment. Article 10 The security protection of key information infrastructure shall implement the network security level protection system, key protection system and security review system, monitor, defend and respond to network security risks and threats from home and abroad, and protect key information infrastructure from attack, invasion, interference and destruction. Eleventh support institutions of higher learning, vocational schools and other education and training institutions and enterprises to carry out education and training related to network security; Take measures to attract and encourage network security professionals to engage in the security protection of key information infrastructure; Incorporate safety management training for operators and technical personnel training into the continuing education system. Article 12 Support the construction and development of network security research institutions and network security service institutions, and encourage network security service institutions to provide technical services such as planning and design, construction and implementation, operation and maintenance, security consultation, security protection, security detection, risk assessment and emergency response of key information infrastructure. Thirteenth network security service institutions shall provide objective and fair risk assessment services in accordance with relevant laws, regulations and industry standards, and bear corresponding legal responsibilities for the network security risk assessment report issued by them. Article 14 The network information department shall, jointly with the public security organs, strengthen the construction and management of network security service institutions, improve the ability level of network security service institutions, and play its role in the security protection of key information infrastructure. Fifteenth autonomous regions should improve the working mechanism of network security in integration of defense and civilian technologies, promote military-civilian cooperation, and ensure the security of key information infrastructure. Sixteenth key information infrastructure network security incidents or threats, operators should report to the competent department of network information, protection departments and public security organs in accordance with the relevant provisions.
In case of major network security incidents such as overall interruption or major functional failure of key information infrastructure, disclosure of important data such as national basic information, and large-scale disclosure of personal information, resulting in greater economic losses, widespread dissemination of illegal information, or discovery of major network security threats, the protection department shall, after receiving the report, promptly report to the National Network Information Department and the the State Council Public Security Department. Article 17 The network information department shall establish a network security information sharing mechanism with relevant departments such as communications, public security, industry and informatization, confidentiality and password management, collect, judge, share and publish information on network security threats, vulnerabilities and incidents in a timely manner, and hold joint meetings regularly to promote the sharing of network security information among relevant departments, protection departments, operators and network security service agencies. Article 18 The network information department shall, jointly with the relevant departments of communications, public security, industry and informatization, establish and improve the security monitoring and information notification system of key information infrastructure, strengthen the capacity building of network security technology, and timely discover, warn and notify network security threats and hidden dangers.
The protection department shall establish and improve the system of network security monitoring, early warning and information notification in this industry and field, guide operators to carry out network security protection capacity building, timely grasp the operation status and security risks of key information infrastructure in this industry and field, judge security monitoring information, and inform relevant operators of security risks and related work information.