m88 live casino and sports betting
National regulations
Critical Information Infrastructure Security Protection Regulations

m88 live casino games

Chapter 1 General Provisions

Article 1 To ensure the security of critical information infrastructure,Maintain network security,According to the "Cybersecurity Law of the People's Republic of China",Enact this Regulation。

Article 2 Critical Information Infrastructure as referred to in these Regulations,refers to public communication and information services、Energy、Transportation、Water Conservancy、Finance、Public Services、E-Government、In important industries and fields such as national defense science and technology industry,and others once compromised、Loss of functionality or data leakage,May seriously endanger national security、National economy and people’s livelihood、Important network facilities in the public interest、Information system, etc.。

Article 3 Under the overall coordination of the national cyberspace department,The public security department of the State Council is responsible for guiding and supervising the security protection of critical information infrastructure。The telecommunications administrative department of the State Council and other relevant departments shall comply with these Regulations and relevant laws、Provisions of administrative regulations,Responsible for the security protection, supervision and management of critical information infrastructure within their respective scope of responsibilities。

Relevant departments of the provincial people's government implement security protection, supervision and management of critical information infrastructure in accordance with their respective responsibilities。

Article 4: The security protection of critical information infrastructure adheres to comprehensive coordination、Division of responsibilities、Protect according to law,Strengthen and implement the main responsibilities of critical information infrastructure operators (hereinafter referred to as operators),Give full play to the role of the government and all aspects of society,Work together to protect the security of critical information infrastructure。

Article 5: The state implements key protection for critical information infrastructure,Take action,Monitoring、Defense、Handling network security risks and threats originating from inside and outside the People’s Republic of China,Protect critical information infrastructure from attacks、Intrusion、Interference and destruction,Punish illegal and criminal activities that endanger the security of critical information infrastructure in accordance with the law。

No individual or organization may carry out illegal intrusion、Interference、Activities that damage critical information infrastructure,Do not compromise the security of critical information infrastructure。

Article 6 Operators shall comply with these regulations and relevant laws、Administrative regulations and mandatory requirements of national standards,On the basis of network security level protection,Take technical protection measures and other necessary measures,Responding to network security incidents,Prevent cyber attacks and illegal and criminal activities,Ensure safe and stable operation of critical information infrastructure,Maintain data integrity、Confidentiality and Availability。

Article 7: To units and individuals that have made outstanding achievements or made outstanding contributions in the security protection of critical information infrastructure,Commendation in accordance with relevant national regulations。

Chapter 2 Critical Information Infrastructure Identification

Article 8 Competent departments of important industries and fields involved in Article 2 of these Regulations、The supervision and management department is the department responsible for the security protection of critical information infrastructure (hereinafter referred to as the protection department)。

Article 9: Protection departments integrate with the industry、Practical in this field,Develop rules for identifying critical information infrastructure,Also reported to the Public Security Department of the State Council for filing。

The following factors should be mainly considered in formulating identification rules:

(1) Network facilities、Information systems, etc. are important to this industry、The importance of key core businesses in this field;

(2) Network facilities、Once the information system is damaged、The degree of harm that may be caused by loss of functionality or data leakage;

(3) Relevant impact on other industries and fields.

Article 10 The protection department is responsible for organizing the certification of this industry according to the certification rules、Critical information infrastructure in this field,Notify the operator of the identification results in a timely manner,And notify the public security department of the State Council。

Article 11 Major changes in critical information infrastructure,Things that may affect the determination result,Operators should report relevant situations to the protection department in a timely manner。The protection department will complete the re-certification within 3 months from the m88 slot machine casinodate m88 slot machine casinoof receipt of the report,Notify the operator of the certification results,And notify the public security department of the State Council。

Chapter 3 Operator Responsibilities and Obligations

Article 12 Security protection measures should be planned simultaneously with critical information infrastructure、Synchronized construction、Synchronized use。

Article 13 Operators should establish and improve a network security protection system and responsibility system,Guarantee manpower、Financial resources、Material investment。The main person in charge of the operator is overall responsible for the security protection of critical information infrastructure,Leading the security protection of critical information infrastructure and handling of major network security incidents,Organize research and solve major network security issues。

Article 14 Operators should set up special safety management agencies,Conduct safety background checks for the heads of specialized safety management agencies and key positions personnel。At the time of review,Public security agency、National security agencies should provide assistance。

Article 15: Specialized security management agencies are specifically responsible for the security protection of critical information infrastructure of the unit,Perform the following duties:

(1) Establish and improve network security management、Evaluation and assessment system,Develop a security protection plan for critical information infrastructure;

(2) Organizing and promoting the construction of network security protection capabilities,Carry out network security monitoring、Detection and Risk Assessment;

(3) In accordance with national and industry network security incident emergency plans,Develop the unit’s emergency plan,Carry out regular emergency drills,Handling network security incidents;

(4) Identification of key network security positions,Organize and carry out network security work assessment,Propose rewards and punishments;

(5) Organizing network security education and training;

(6) Fulfill personal information and data security protection responsibilities,Establish and improve personal information and data security protection system;

(7) Design of critical information infrastructure、Construction、Run、Implement safety management for maintenance and other services;

(8) Report network security incidents and important matters in accordance with regulations。

Article 16 Operators shall ensure the operating funds of specialized safety management agencies、Equip corresponding personnel,Decision-making related to network security and informatization should involve the participation of personnel from specialized security management agencies。

Article 17 Operators shall conduct network security inspections and risk assessments on critical information infrastructure at least once a year by themselves or entrust network security service agencies,Promptly rectify discovered security issues,And report the situation in accordance with the requirements of the protection work department。

Article 18 When a major network security incident occurs or a major network security threat is discovered in critical information infrastructure,Operators shall report to the protection department in accordance with relevant regulations、Public Security Agency Report。

The entire critical information infrastructure is interrupted or a major functional failure occurs、National basic information and other important data leaked、Large-scale personal information leakage、Causing large economic losses、When illegal information is widely disseminated and other particularly major network security incidents occur, or when a particularly major network security threat is discovered,The protection department should receive the report,Report to the national cyberspace department in a timely manner、Report from the Public Security Department of the State Council。

Article 19 Operators should give priority to purchasing safe and trustworthy network products and services;Procurement of network products and services that may affect national security,Should pass security review in accordance with national network security regulations。

Article 20 Operators purchase network products and services,Should sign security and confidentiality agreements with network product and service providers in accordance with relevant national regulations,Clear the provider’s technical support and security confidentiality obligations and responsibilities,And supervise the fulfillment of obligations and responsibilities。

Article 21 Merger of operators、Separation、Dissolution, etc.,Should be reported to the protection department in a timely manner,And dispose of critical information infrastructure in accordance with the requirements of the protection department,Keep it safe。

Chapter 4 Guarantee and Promotion

Article 22 The protection department shall formulate regulations for this industry、Security planning for critical information infrastructure in this field,Clear protection goals、Basic requirements、Work tasks、Specific measures。

Article 23: The national cybersecurity and informatization department shall coordinate and coordinate relevant departments to establish a network security information sharing mechanism,Timely summary、Research and Judgment、Share、Post cybersecurity threats、Vulnerability、Events and other information,Promote relevant departments、Protection Department、Cybersecurity information sharing between operators and network security service agencies。

Article 24 Protection departments should establish and improve their own industry、Critical information infrastructure network security monitoring and m88 live casino and sports m88 com live casino registerbettingearly warning system in this field,Know the industry in time、Operation status of critical information infrastructure in this field、Security situation,Early warning of network security threats and hidden dangers,Guide on safety precautions。

Article 25 The protection department shall comply with the requirements of the national network security incident emergency plan,Establish and improve this industry、Cyber ​​security incident emergency plan in this field,Organize regular emergency drills;Guide operators to respond to network security incidents,And organize and provide technical support and assistance as needed。

Article 26 The protection department shall regularly organize and carry out activities in this industry、Network security inspection and detection of critical information infrastructure in this field,Guide and supervise operators to rectify potential safety hazards in a timely manner、Improving security measures。

Article 27 The national cyberspace department shall coordinate with the public security department of the State Council、The protection department conducts network security inspections and tests on critical information infrastructure,Propose improvement measures。

Relevant departments are conducting network security inspections on critical information infrastructure,Coordination should be strengthened、Information communication,Avoid unnecessary checks and cross-repeated checks。No fees may be charged for inspection work,The inspected unit shall not be required to purchase designated brands or produce designated products、Products and services of sales units。

Article 28 Operators’ critical information infrastructure network security inspection and testing work carried out by the protection department,And the police、National Security、Confidential administration、Password management and other relevant departments shall cooperate with the critical information infrastructure network security inspections carried out in accordance with the law。

Article 29 In the security protection of critical information infrastructure,National Cyberspace Administration and Telecommunications Competent Department of the State Council、The public security department of the State Council and others shall respond to the needs of the protection work department,Provide timely technical support and assistance。

Article 30 Internet Information Department、Public security agency、Protection work department and other relevant departments,Information obtained by network security service agencies and their staff in the security protection of critical information infrastructure,Can only be used to maintain network security,And strictly follow relevant laws、Requirements of administrative regulations to ensure information security,No disclosure、Sell or illegally provide to others。

Article 31 Without permission from the national cyberspace department、Approval or protection department of the public security department of the State Council、Operator authorization,No individual or organization is allowed to conduct vulnerability detection on critical information infrastructure、Penetration testing and other activities that may affect or endanger the security of critical information infrastructure。Perform vulnerability detection on basic telecommunications networks、Penetration testing and other activities,Should be reported to the telecommunications department of the State Council in advance。

Article 32: The state takes measures,Prioritize energy security、Secure operation of telecommunications and other critical information infrastructure。

Energy、The telecommunications industry should take measures,Provide key guarantees for the safe operation of critical information infrastructure in other industries and fields。

Article 33 Public Security Bureau、National security agencies strengthen the security and protection of critical information infrastructure in accordance with their respective responsibilities and laws,Prevent and crack down on illegal and criminal activities targeting and using critical information infrastructure。

Article 34: The state formulates and improves security standards for critical information infrastructure,Guidance、Standardize the security protection of critical information infrastructure。

Article 35: The state takes measures,Encourage network security professionals to engage in the security protection of critical information infrastructure;Operator safety management personnel、Safety technician training is incorporated into the national continuing education system。

Article 36 The state supports technological innovation and industrial development of critical information infrastructure security protection,Organize forces to implement technical research on critical information infrastructure security。

Article 37 The state strengthens the construction and management of network security service institutions,Develop management requirements and strengthen supervision and guidance,Continuously improve the capabilities of service organizations,Make full use of its role in the security protection of critical information infrastructure。

Article 38: The state strengthens military-civilian integration of network security,Military-civilian collaboration to protect critical information infrastructure security。

Chapter 5 Legal Liability

Article 39 The operator has one of the following circumstances,The relevant competent authorities shall order corrections according to their duties,Give warning;Refuse to correct or cause consequences such as endangering network security,A fine of not less than 100,000 yuan but not more than 1 million yuan,A fine of not less than RMB 10,000 but not more than RMB 100,000 shall be imposed on the directly responsible person in charge:

(1) Major changes in critical information infrastructure,Failure to report relevant situations to the protection department in a timely manner when it may affect the determination result;

(2) Security protection measures are not planned simultaneously with critical information infrastructure、Synchronized construction、For synchronization use;

(3) Failure to establish and improve the network security protection system m88 com live casino registerm88 online bettingand responsibility system;

(4) No special safety management organization is set up;

(5) Failure to conduct safety background checks on the heads of specialized safety management agencies and personnel in key positions;

(6) Making decisions related to network security and informatization without the participation of personnel from specialized security management agencies;

(7) The specialized safety management agency fails to perform its duties as stipulated in Article 15 of these Regulations;

(8) Failure to conduct network security inspections and risk assessments on critical information infrastructure at least once a year,Failed to rectify discovered security issues in a timely manner,Or failing to report the situation as required by the protection department;

(9) Purchasing network products and services,Failure to sign security and confidentiality agreements with network product and service providers in accordance with relevant national regulations;

(10) Merger occurs、Separation、Dissolution, etc.,Failed to report to the protection department in time,Or failure to dispose of critical information infrastructure in accordance with the requirements of the protection department。

Article 40: When operators encounter major network security incidents or discover major network security threats in critical information infrastructure,Failed to report to the protection department in accordance with relevant regulations、Reported by the public security agency,By conservation work department、The public security organs order corrections according to their duties,Give warning;Refuse to correct or cause consequences such as endangering network security,A fine of not less than 100,000 yuan but not more than 1 million yuan,A fine of not less than RMB 10,000 but not more than RMB 100,000 shall be imposed on the directly responsible person in charge。

Article 41 Operators purchase network products and services that may affect national security,Failure to conduct security review in accordance with national network security regulations,The relevant competent authorities such as the national cybersecurity and informatization department shall order corrections according to their duties,A fine of not less than 1 time but not more than 10 times the purchase amount,A fine of not less than RMB 10,000 but not more than RMB 100,000 shall be imposed on the directly responsible person in charge and other directly responsible personnel。

Article 42 Operators’ critical information infrastructure network security inspection and testing work carried out by protection departments,And the police、National Security、Confidential administration、Failure to cooperate with the critical information infrastructure network security inspection carried out by relevant departments such as password management in accordance with the law,Ordered to make corrections by the relevant competent authorities;Refuse to correct,A fine of not less than 50,000 yuan but not more than 500,000 yuan,A fine of not less than RMB 10,000 but not more than RMB 100,000 shall be imposed on the directly responsible person in charge and other directly responsible personnel;Serious circumstances,Pursue corresponding legal responsibilities according to law。

Article 43 Illegal Trespass、Interference、Damage critical information infrastructure,Activities that endanger their safety do not constitute a crime,In accordance with the relevant provisions of the "Cybersecurity Law of the People's Republic of China",Illegal gains shall be confiscated by the public security organs,Detention for not more than 5 days,A fine of not less than 50,000 yuan but not more than 500,000 yuan may be imposed;The plot is serious,Detention for not less than 5 days but not more than 15 days,A fine of not less than 100,000 yuan but not more than 1 million yuan may be imposed。

The unit commits the acts mentioned in the preceding paragraph,Illegal gains shall be confiscated by the public security organs,A fine of not less than 100,000 yuan but not more than 1 million yuan,The directly responsible person in charge and other directly responsible personnel shall be punished in accordance with the provisions of the preceding paragraph。

Violation of Article 5, Paragraph 2 and Article 31 of these Regulations,Persons punished by public security management,Not allowed to work in key positions of network security management and network operations within 5 years;Persons subject to criminal punishment,May not engage in key positions in network security management and network operations for life。

Article 44 Internet Information Department、Public security agency、The protection department and other relevant departments and their staff failed to perform their duties of security protection and supervision and management of critical information infrastructure or neglected their duties、Abuse of power、Practice for personal gain,The directly responsible person in charge and other directly responsible personnel shall be punished in accordance with the law。

Article 45 Public Security Organs、Protection departments and other relevant departments charge fees for conducting network security inspections of critical information infrastructure,Or require the inspected unit to purchase designated brands or designated production、Sales unit’s products and services,Ordered by the superior authority to make corrections,Refund of fees collected;Serious circumstances,The directly responsible person in charge and other directly responsible personnel shall be punished in accordance with the law。

Article 46 Internet Information Department、Public security agency、Protection work department and other relevant departments、Cybersecurity service agencies and their staff will use the information obtained during the security protection of critical information infrastructure for other purposes,Or leaked、For Sale、Illegally provided to others,The directly responsible person in charge and other directly responsible personnel shall be punished in accordance with the law。

Article 47 Major and particularly major network security incidents in critical information infrastructure,An accident determined to be responsible after investigation,Except that the operator’s responsibility should be identified and held accountable in accordance with the law,The responsibilities of relevant network security service agencies and relevant departments should also be identified,Dereliction of duty、Dereliction of duty and other illegal acts,Pursuing responsibility according to law。

Article 48 The operator of e-government critical information infrastructure fails to perform the network security protection obligations stipulated in these regulations,Processed in accordance with the relevant provisions of the "Cybersecurity Law of the People's Republic of China"。

Article 49 Violation m88 online sports betting appof the provisions of these m88 live casino and sports bettingregulations,Causing harm to others,Bear civil liability according to law。

Violation of these regulations,Constituting violations of public security management,Public security management penalties in accordance with the law;Constituting a crime,Pursuing criminal responsibility according to law。

Chapter 6 Supplementary Provisions

Article 50 Storage、Security protection of critical information infrastructure that handles state secret information,Should also comply with confidentiality laws、Provisions of administrative regulations。

Password use and management in critical information infrastructure,Should also comply with relevant laws、Provisions of administrative regulations。

Article 51 These regulations will come into effect on September 1, 2021。

Previous article:Internet User Account Information Management Regulations

Next article:Cybersecurity Law of the People's Republic of China