• Font Size:
  • S
  • M
  • L

Chapter Content

Title:

Reference Guidelines on the Cybersecurity Protection of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.04.19 (Articles 2, 3, 5, 7, 8, 12, 16 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese 
   Chapter 3 Network Equipment Security Management
Article 9    (Network Equipment Management)
  1. The administrator account of a network equipment administrator shall be used by the administrator only and not be a joint account. Principles for the setting of the password of the administrator account shall conform to the organization’s identification verification regulations.
  2. An organization shall limit personnel managing and using network equipment, the relevant equipment, IP, and network segments, or adopt measures such as a one-time password (OTP) or temporary privileged access, and retain records of operation by personnel using said network equipment.
  3. Upon the release of a network equipment service program, a network equipment administrator shall obtain said program and, upon evaluation, update its network equipment service programs.
Article 10    (Management of Network Equipment Rules)
  1. Amendments to network equipment rules (network access rules, firewall rules, etc.) shall be made upon a review of user needs and evaluation of the level of risk to information and communication security, and be documented for reference, in the event of any addition, change, or deletion thereto.
  2. Network equipment rules shall be established granting users the least privilege and using positive lists in principle.
  3. An organization shall review network equipment rules at least once a year, evaluating their adequacy and removing unnecessary provisions.
Article 11    (Network Equipment Logs)
  1. An organization shall keep network equipment logs, comply with internal backup regulations, and perform regular reviews to ensure applicability. Such logs shall be retained for at least six months for reference.
  2. Network equipment logs shall be protected against unauthorized access.
Article 12    (Outsourcing of Network Equipment Management)
    An organization shall follow the Reference Guidelines on the Supply Chain Risk Management of Service Enterprises in Securities and Futures Markets if it is to outsource the maintenance and operation or management of all its network equipment to external contractors.