Circular of the Ministry of Transport on Seeking Public Comments on the Administrative Provisions on the Information Security of the Civil Aviation Network (for Trial Implementation) (Draft for Comment)
Circular of the Ministry of Transport on Seeking Public Comments on the Administrative Provisions on the Information Security of the Civil Aviation Network (for Trial Implementation) (Draft for Comment)
Circular of the Ministry of Transport on Seeking Public Comments on the Administrative Provisions on the Information Security of the Civil Aviation Network (for Trial Implementation) (Draft for Comment)
February 20, 2017
The Civil Aviation Administration of China has drafted the Administrative Provisions on the Information Security of Civil Aviation Network (for Trial Implementation) (Draft for Comment) on the basis of the actual development of civil aviation in China, and hereby issue the same for public comment. The public may provide comments via the following ways and channels:
1. logging on to the official website of the Legislative Affairs Office of the State Council (http://www.chinalaw.gov.cn) and entering the "System for Solicitation of Comments on Draft Laws and Regulations" on the left side of the home page to submit comments.
2. mailing comments to: Policy and Law Division of the Civil Aviation Administration of China, No. 155, Dongsi West Street, Dongcheng District, Beijing (Postal Code: 100710); or
3. e-mailing comments to: jw_feng@caac.gov.cn.
The deadline for receiving comments is March 30, 2017.
Administrative Provisions on the Information Security of the Civil Aviation Network (for Trial Implementation)
Chapter I General Provisions
Article 1 [Purpose and Basis] These Provisions are drafted in accordance with the Civil Aviation Law of the People's Republic of China, the Cyber Security Law of the People's Republic of China, the Work Safety Law of the People's Republic of China and other laws and administrative regulations to enhance the information security management of the civil aviation network, establish and improve the system for guaranteeing the information security of the civil aviation network, and prevent civil aviation network-related information security incidents.
Article 2 [Scope of Application] These Provisions apply to the information security management of the civil aviation ("CA") network within the People's Republic of China. Any external institutions and individuals accessing the CA network information system or using the CA information resources shall abide by the requirements stipulated in these Provisions on system access and information use.
Article 3 [Guidelines and Principles for the Security Management] The CA network information security will be assured by adopting guidelines characterized by active defense and comprehensive prevention, by adhering to principles that guaranteeing of network information security shall be coordinated with the promotion of information technology-based development and that management and technologies shall both be taken into consideration, and by implementing unified coordination, hierarchical management, and division of responsibilities. The network security and the information technology work shall be planned, developed, implemented and advanced in synchronism.
Article 4 [Division of Responsibilities] All CA units shall be primarily responsible for their respective network information security, and their main persons-in-charge shall be the first persons responsible for the network information security of their respective organizations. The CA administration authorities at all levels shall have supervisory and management responsibilities.
Article 5 [Accountability System] The management of CA network information security shall be subject to a security incident accountability system under which any person liable for any network information security incident shall be held accountable according to relevant laws, regulations and rules.
Chapter II Division of Responsibilities and Work
Article 6 [Responsibilities of the CAAC] The Civil Aviation Administration of China ("CAAC") shall be responsible for organizing, guiding and coordinating the network information security work in the whole sector, and shall perform the following responsibilities:
1. To develop strategies and overall plans for the development of network information security in the sector, to draft rules, policies and standards for CA network information security, and to guide all CA units to carry out network information security work pursuant to national laws, regulations and standards on network information security;
2. To organize the construction of important infrastructures for network information security in the sector and to research into and settle major matters concerning network information security in the sector;
3. To organize the check, risk assessment and level-based protection of network information security in the sector, and to carry out network information security training in the sector;
4. To establish the monitoring & warning, information reporting and emergency handling mechanisms for network information security in the sector, to draft emergency plans for the network information security in the sector, to report information on CA network security, and to investigate and handle major network information security incidents in the sector; and
5. To establish institutions and expert teams for the management and evaluation of CA network information security.
Article 7 [Responsibilities of CAAC Regional Administrations] The CAAC regional administrations shall be responsible for the supervision and management of CA network information security within their respective jurisdictions, and shall perform the following responsibilities:
1. To develop the work system for CA network information security within their respective jurisdictions and to guide all the CA units within their respective jurisdictions to carry out network information security work in accordance with the national and the CA network information security laws, regulations, rules and standards;
2. To supervise the network security planning and construction of all the CA units within their respective jurisdictions;
3. To implement an annual check as well as special checks at important protection periods on network information security, and to organize special training on network information security within their respective jurisdictions;
4. To establish emergency mechanisms and report systems for the CA network-related information security incidents within their respective jurisdictions, to report to the CAAC the network information security information of all the CA units within their respective jurisdictions, and to assist the CAAC in investigating and handling the network information security incidents within their respective jurisdictions;
5. To make annual summaries and comments on the network information security work within their respective jurisdictions, and to commend the units and individuals with remarkable achievements in and outstanding contributions to the network information security assurance work; and
6.
......
February 20, 2017
The Civil Aviation Administration of China has drafted the Administrative Provisions on the Information Security of Civil Aviation Network (for Trial Implementation) (Draft for Comment) on the basis of the actual development of civil aviation in China, and hereby issue the same for public comment. The public may provide comments via the following ways and channels:
1. logging on to the official website of the Legislative Affairs Office of the State Council (http://www.chinalaw.gov.cn) and entering the "System for Solicitation of Comments on Draft Laws and Regulations" on the left side of the home page to submit comments.
2. mailing comments to: Policy and Law Division of the Civil Aviation Administration of China, No. 155, Dongsi West Street, Dongcheng District, Beijing (Postal Code: 100710); or
3. e-mailing comments to: jw_feng@caac.gov.cn.
The deadline for receiving comments is March 30, 2017.
Administrative Provisions on the Information Security of the Civil Aviation Network (for Trial Implementation)
Chapter I General Provisions
Article 1 [Purpose and Basis] These Provisions are drafted in accordance with the Civil Aviation Law of the People's Republic of China, the Cyber Security Law of the People's Republic of China, the Work Safety Law of the People's Republic of China and other laws and administrative regulations to enhance the information security management of the civil aviation network, establish and improve the system for guaranteeing the information security of the civil aviation network, and prevent civil aviation network-related information security incidents.
Article 2 [Scope of Application] These Provisions apply to the information security management of the civil aviation ("CA") network within the People's Republic of China. Any external institutions and individuals accessing the CA network information system or using the CA information resources shall abide by the requirements stipulated in these Provisions on system access and information use.
Article 3 [Guidelines and Principles for the Security Management] The CA network information security will be assured by adopting guidelines characterized by active defense and comprehensive prevention, by adhering to principles that guaranteeing of network information security shall be coordinated with the promotion of information technology-based development and that management and technologies shall both be taken into consideration, and by implementing unified coordination, hierarchical management, and division of responsibilities. The network security and the information technology work shall be planned, developed, implemented and advanced in synchronism.
Article 4 [Division of Responsibilities] All CA units shall be primarily responsible for their respective network information security, and their main persons-in-charge shall be the first persons responsible for the network information security of their respective organizations. The CA administration authorities at all levels shall have supervisory and management responsibilities.
Article 5 [Accountability System] The management of CA network information security shall be subject to a security incident accountability system under which any person liable for any network information security incident shall be held accountable according to relevant laws, regulations and rules.
Chapter II Division of Responsibilities and Work
Article 6 [Responsibilities of the CAAC] The Civil Aviation Administration of China ("CAAC") shall be responsible for organizing, guiding and coordinating the network information security work in the whole sector, and shall perform the following responsibilities:
1. To develop strategies and overall plans for the development of network information security in the sector, to draft rules, policies and standards for CA network information security, and to guide all CA units to carry out network information security work pursuant to national laws, regulations and standards on network information security;
2. To organize the construction of important infrastructures for network information security in the sector and to research into and settle major matters concerning network information security in the sector;
3. To organize the check, risk assessment and level-based protection of network information security in the sector, and to carry out network information security training in the sector;
4. To establish the monitoring & warning, information reporting and emergency handling mechanisms for network information security in the sector, to draft emergency plans for the network information security in the sector, to report information on CA network security, and to investigate and handle major network information security incidents in the sector; and
5. To establish institutions and expert teams for the management and evaluation of CA network information security.
Article 7 [Responsibilities of CAAC Regional Administrations] The CAAC regional administrations shall be responsible for the supervision and management of CA network information security within their respective jurisdictions, and shall perform the following responsibilities:
1. To develop the work system for CA network information security within their respective jurisdictions and to guide all the CA units within their respective jurisdictions to carry out network information security work in accordance with the national and the CA network information security laws, regulations, rules and standards;
2. To supervise the network security planning and construction of all the CA units within their respective jurisdictions;
3. To implement an annual check as well as special checks at important protection periods on network information security, and to organize special training on network information security within their respective jurisdictions;
4. To establish emergency mechanisms and report systems for the CA network-related information security incidents within their respective jurisdictions, to report to the CAAC the network information security information of all the CA units within their respective jurisdictions, and to assist the CAAC in investigating and handling the network information security incidents within their respective jurisdictions;
5. To make annual summaries and comments on the network information security work within their respective jurisdictions, and to commend the units and individuals with remarkable achievements in and outstanding contributions to the network information security assurance work; and
6.
......