| Notice by the General Office of the China Banking and Insurance Regulatory Commission of Strengthening the Administration of Wireless Network Security | | 中国银保监会办公厅关于加强无线网络安全管理的通知 |
| (No. 50 [2018] of the General Office of the China Banking and Insurance Regulatory Commission) | | (银保监办发[2018]50号) |
| All local offices of the former China Banking Regulatory Commission (“former CBRC”); all local offices of the former China Insurance Regulatory Commission (“former CIRC”); all policy banks, large-scale banks, and joint-stock banks; Postal Savings Bank of China; foreign-funded banks; financial assets management companies; all insurance group (holding) companies, insurance companies, insurance assets management companies, and professional insurance intermediary institutions: | | 各银监局,各保监局,各政策性银行、大型银行、股份制银行,邮储银行,外资银行,金融资产管理公司,各保险集团(控股)公司、保险公司、保险资产管理公司、保险专业中介机构: |
| In recent years, wireless network technology has developed rapidly, and has been widely applied in banking and insurance institutions' business services, mobile office affairs handling, Internet access and other fields. However, due to the problems of lack of line connection control and irregular management, risks of wireless network information interception, illegal intrusion, fake and fraud have been on the rise recently. For the purposes of strengthening risk prevention and ensuring the security of the network and information systems of the banking and insurance industries, you are hereby notified of the following matters on strengthening the administration of wireless network security: | | 近年来,无线网络技术发展较快,在银行保险机构的业务服务、移动办公和互联网接入等领域得到广泛应用,但由于缺乏线路连接控制及管理不规范问题,无线网络信息截取、非法入侵、伪冒诈骗等风险近期呈上升态势。为加强风险防范,确保银行业和保险业网络和信息系统安全,现就加强无线网络安全管理有关事项通知如下: |
| I. For the purposes of this Notice, “wireless networks” means the networks that use radio waves as the information transmission medium to realize data transmission by using wireless communication technology, including wireless local area network (“WLAN”) of the banking and insurance institutions and the dedicated mobile communication networks used thereby. The main types of wireless networks include: | | 一、本通知所指无线网络,指以无线电波为信息传输媒介,运用无线通讯技术实现数据传输的网络,包括银行保险机构的无线局域网(简称“WLAN”)和其使用的专用移动通讯网。主要无线网络类型包括: |
| 1. Mobile communication networks that use the dedicated mobile communication networks such as 3G/4G provided by operators to support the off-bank financial equipment, mobile business terminals and other equipment in connecting to the internal communication networks of the banking and insurance institutions or support the network communication among the business premises (hereinafter referred to as “private mobile communication networks”). | | (一)利用运营商提供的3G/4G等专用移动通讯网,支持离行金融机具、移动业务终端等设备连接银行保险机构内部通讯网络,或经营场所间网络通讯的移动通讯网络(简称“移动通讯专网”)。 |
| 2. A wireless local area network connecting to the internal communication networks of the banking and insurance institutions to support business operation, handling of office affairs, development testing, and training, among others (hereinafter referred to as “Intranet WLAN”). | | (二)接入银行保险机构内部通讯网络,支持业务经营、办公、开发测试、培训等的无线局域网络(简称“内网WLAN”)。 |
| 3. A wireless local area network providing Internet services to clients or employees of the banking and insurance institutions (hereinafter referred to as “Internet WLAN”), including self-built Internet WLANs and Internet WLANs leased from operators, among others. | | (三) 为银行保险机构客户或员工提供互联网服务的无线局域网络(简称“互联网WLAN”),包括自建、租用运营商的互联网WLAN等。 |
| II. Banking and insurance institutions shall fully understand the security risks of wireless networks. In the construction of wireless networks, safety technical measures shall be concurrently advanced under the principles of “synchronous planning, synchronous construction, and synchronous use,” private construction and unauthorized use of wireless networks shall be strictly prohibited, and unregulated wireless networks shall be eliminated. Overseas branch offices shall also comply with the regulatory requirements, laws and regulations of the countries and regions where they are located. | | 二、银行保险机构应充分认识无线网络安全风险,在无线网络建设中安全技术措施应遵循“同步规划、同步建设、同步使用”的原则同步推进,严格禁止私搭乱建和未经授权使用无线网络,杜绝不符合规范的无线网络。境外分支机构还应遵守所在国家和地区的监管要求和法律规定。 |
| III. Banking and insurance institutions shall designate the functional departments for the administration of wireless network security, establish wireless network administration systems and technical security specifications, develop the approval and recordation administration rules for wireless networks under the principles of “whoever is in charge shall be responsible, and whoever operates shall be responsible,” and strictly administer the use needs, access rights and users' behaviors. | | 三、银行保险机构应明确对无线网络安全管理的职能部门,建立无线网络管理制度和技术安全规范,要按照“谁主管谁负责、谁运营谁负责”的原则,建立无线网络的审批备案管理制度,对使用需求、访问权限和用户行为进行严格管理。 |
| IV. Banking and insurance institutions shall incorporate the administration of wireless network security into the scope of routine information technology risk assessment, inspection and audit, and inspect and assess the compliance, security and administration effectiveness of the use of wireless networks by the departments at all levels. | | 四、银行保险机构应将无线网络安全管理纳入日常信息科技风险评估、检查及审计范围,检查和评估各级部门无线网络使用的合规性、安全性、管理有效性。 |
| V. Banking and insurance institutions shall take the following measures to control the wireless network security risks. | | 五、银行保险机构应釆取以下措施,控制无线网络安全风险。 |
1. The wireless networks of the banking and insurance institutions shall be divided into independent network segments or virtual local area networks for security isolation and access control to prevent unauthorized access. The “Internet WLAN” shall be strictly isolated from the internal network and its communication with the internal networks shall be controlled through technical measures.
...... | | (一) 银行保险机构的无线网络应划分独立网段或虚拟局域网,进行安全隔离和访问控制,防止非授权访问。“互联网WLAN”应与内部网络实施严格隔离,并通过技术措施控制与内部网络的通讯。
...... |
|
Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.
1. To become a premium member, please call 400-810-8266 Ext. 171.
2. Binding to the account with access to this database.
3. Apply for a trial account.
4. To get instant access to a document, you can Pay Amount 【¥400.00】 for your single purchase. | |
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
|
| | | |
| | | |