ASEMCONNECT VIETNAM

  List of Vietnam Law

Circular No. 185/2019/TT-BQP dated December 4, 2019 of the Ministry of National Defense on guidelines for provision, management and use of specialized certification services for governmental authorities

Date: 12/4/2019


MINISTRY OF NATIONAL DEFENSE
-------
SOCIALIST REPUBLIC OF VIETNAM
Independence – Freedom – Happiness
----------------
No. 185/2019/TT-BQP
Hanoi, December 4, 2019
 
CIRCULAR
GUIDELINES FOR PROVISION, MANAGEMENT AND USE OF SPECIALIZED CERTIFICATION SERVICES FOR GOVERNMENTAL AUTHORITIES
Pursuant to Law on Cipher dated November 26, 2011;
Pursuant to Decree No. 164/2017/ND-CP dated December 30, 2017 of the Government on functions, tasks, powers, and organizational structure of the Ministry of National Defense;
Pursuant to Decree No. 09/2014/ND-CP dated January 17, 2014 of Government on functions, tasks, powers, and organizational structure of Government Cipher Committee;
Pursuant to Decree No. 130/2018/ND-CP dated September 27, 2018 of Government on elaborating to implementation of Law on E-Transactions regarding digital signatures and digital signature authentication services;
At request of Head of Government Cipher Committee,
Minister of National Defense promulgates Circular providing guidelines for provision, management and use of specialized certification services for governmental authorities.
Chapter I
GENERAL PROVISIONS
Article 1. Scope
This Circular provides guidelines for provision, management and use of specialized certification services for governmental authorities.
Article 2. Regulated entities
This Circular applies to agencies, organizations and individuals involved in provision, management and use of specialized certification services for governmental authorities.
Article 3. Term interpretation
In this Circular, terms below are construed as follows:
1. “Supervisory authority” refers to an agency or organization that is identified as a juridical person with its own stamp and is affiliated to agencies of Communist Party or government, directly supervising subscribers to specialized certification services for governmental authorities.
2. “Certification request” refers to request for new issuance, extension, revision, revocation of digital certificate or restoration of security device.
3. “Information system for registration and management of certification requests” refers to an electronic system assisting registration and management of specialized certification services for governmental authorities on cyber environment.
Article 4. Provider of specialized certification services for governmental authorities
1. Provider of specialized certification services for governmental authorities is Vietnam Government Certification Authority (VGCA) affiliated to The Government Cipher Committee.
2. Contact information:
Vietnam Government Certification Authority.
Address: 23 Nguy Nhu Kom Tum Road, Thanh Xuan District, Ha Noi
Phone/Fax: 024.3773.8668
Email address: ca@bcy.gov.vn
Website: http://ca.gov.vn
ID code for electronic document exchange: 000.05.07.G11
Article 5. Submission and receipt of certification request documents
1. Submission and receipt of documents on certification requests between supervisory authorities and the VGCA shall be conducted in physical form or in electronic form which shall be signed digitally as per the law.
2. Submission and receipt of electronic documents on certification requests between supervisory authorities and the VGCA shall be conducted on the information system for registration and management of certification requests or national electronic document management system.
a) An electronic document on certification request digitally signed as per the law that is submitted or received via the information system for registration and management of certification request or the national electronic document management system is as legitimate as the physical form thereof and replacing submission and receipt of the physical form. 
b) Electronic documents on certification requests not specified in Point a Clause 2 of this Article that are sent and received via the information system for registration and management of certification request or the national electronic document management system are for reference purpose and not replacing submission and receipt of physical form thereof.   In this case, supervisory authorities must provide master registers of the physical documents on certification requests at the time of receiving digital certificates and security devices.
Article 6. Submission and receipt of security devices
Submission and receipt of security devices among subscribers, supervisory authorities and the VGCA shall be performed in person, via cipher organizations or entities providing public postal services as per the law.
Article 7. Submission and receipt of documents on certification requests and security devices within Ministry of National Defense, Ministry of Public Security and Ministry of Foreign Affairs
Submission and receipt of documents on certification requests and security devices between supervisory authorities affiliated to Ministry of National Defense, Ministry of Public Security and Ministry of Foreign Affairs and the VGCA shall be performed via cipher organizations affiliated to Ministry of National Defense, Ministry of Public Security and Ministry of Foreign Affairs.
Chapter II
DOCUMENTS AND FORMS RELATING TO ISSUANCE, MANAGEMENT AND USE OF SPECIALIZED GOVERNMENTAL CERTIFICATION SERVICES
Article 8. Issuance of new digital certificates
1. Issuance of new digital certificates for individuals:
a) Individuals shall send applications for issuance of new digital certificates using Form 01 under Annex attached to this Circular to supervisory authorities;
b) Supervisory authorities shall send applications for issuance of new digital certificates using Form 02 under Annex attached to this Circular to the VGCA.
2. Issuance of new digital certificates for agencies and organizations:
a) Competent individuals of agencies and organizations capable of managing and using seals and assigned by the agencies and organizations to manage digital certificates of the agencies and organizations shall send applications for issuance of digital certificates using Form 03 under Annex attached to this Circular to supervisory authorities;
b) Supervisory authorities shall send applications for issuance of new digital certificates using Form 04 under Annex attached to this Circular to the VGCA.
3. Issuance of new digital certificates for devices, services and software:
a) Competent individuals of agencies and organizations capable of managing and using seals and assigned by the agencies and organizations to manage digital certificates of devices, services and software shall send applications for issuance of digital certificates using Form 05 under Annex attached to this Circular to supervisory authorities;
b) Supervisory authorities shall send applications for issuance of new digital certificates using Form 06 under Annex attached to this Circular to the VGCA.
4. After handing security devices over to subscribers, supervisory authorities shall send notice on effective date of digital certificates using Form 13 under Annex attached to this Circular to the VGCA.
Article 9. Extension and revision of digital certificates
1. Subscribers shall send applications for extension and revision of digital certificates using Form 07 under Annex attached to this Circular to supervisory authorities.
2. Supervisory authorities shall send applications for extension and revision of digital certificates using Form 08 under Annex attached to this Circular to the VGCA.
Article 10. Revocation of digital certificates and security devices
1. Revocation of digital certificates:
a) Subscribers shall send applications for revocation of digital certificates using Form 09 under Annex attached to this Circular to supervisory authorities;
b) Supervisory authorities shall send applications for revocation of digital certificates using Form 10 under Annex attached to this Circular to the VGCA.
2. Revocation of security devices:
a) Supervisory authorities are responsible for revoking security devices of expired or revoked digital certificates and transferring to the VGCA. Records of transfer and receipt of security devices of expired or revoked digital certificates shall be made using Form 14 under Annex attached to this Circular;
b)  In case of lost security devices, supervisory authorities must make records of confirmation using Form 15 under Annex attached to this Circular and promptly send to the VGCA.
Article 11. Restoration of security devices
1. Subscribers shall send applications for restoration of security devices using Form 11 under Annex attached to this Circular to supervisory authorities.
2. Supervisory authorities shall send applications for restoration of security devices using Form 12 under Annex attached to this Circular to the VGCA or organizations authorized by the VGCA.
Chapter III
RESPONSIBILITIES OF ORGANIZATIONS AND INDIVIDUALS
Article 12. Responsibilities of agencies of Communist Party and government
Agencies of Communist Party and government are responsible for:
1. developing and promulgating regulations and provisions on management and use of specialized authentication services for governmental authorities within their powers.
2. on a yearly basis, reporting on implementation and use of specialized certification services for governmental authorities of the year and developing plans and demands for use of the following year of subscribers under their management according to guidelines of The Government Cipher Committee.
3. managing, guiding and examining subscribers during implementation, management and use of digital certificates, security devices and specialized certification services for governmental authorities under their management.
4. taking charge and cooperating with the VGCA in organizing training implementation and use of digital certificates, security devices and specialized certification services for governmental authorities.
5. Heads of following agencies and organizations: Office of the Party Central Committee and advisory, assisting agencies affiliated to Central Executive Committee of the Communist Party of Vietnam; Ethnic Minorities Council; boards of National Assembly; Office of the National Assembly; Office of the President; ministries, ministerial agencies, governmental agencies; People’s Supreme Procuracy; Supreme People’s Court; State Audit Office of Vietnam; Party Executive Committees of provinces and central-affiliated cities; People's Councils and People's Committees of provinces and central-affiliated cities and other organizations directed and assigned to affiliated specialized agencies by competent authorities are responsible for implementation of Clauses 1, 2, 3 and 4 of this Article.
Article 13. Responsibilities of Government Cipher Committee
The Government Cipher Committee is responsible for
1. assisting Minister of National Defense in performing state management regarding specialized certification services for governmental authorities; organizing implementation of providing certification, information verification and safety in e-transactions serving agencies of Communist Party and government.
2. cooperating with agencies of Communist Party and government in developing regulations and provisions on management and use of specialized certification services for governmental authorities.
3. providing guidelines and examining relevant organizations and individuals in terms of registration for issuance, management and use of specialized certification services for governmental authorities.
4. cooperating and assisting relevant parties in integrating specialized certification services for governmental authorities in information and technology applications to ensure information safety, verification and security.
5. conducting research and applying technologies relating to certification services in conformity with information and technology applications serving agencies and organizations.
6. taking charge and cooperating with relevant agencies in assigning and ensuring adequate personnel, expenditure and offices to perform tasks, manage, maintain operations and ensure safe and continuous provision of digital certificates, security devices and specialized certification services for governmental authorities according to radical demands of agencies of Communist Party and government.
7. managing and directing the VGCA to ensure efficient provision of digital certificates, security devices and specialized certification services for governmental authorities according to plans and demands of agencies and organizations.
8. assisting Minister of National Defense in monitoring and examining implementation of this Circular.
Article 14. Responsibilities of provider of specialized certification services for governmental authorities
The provider of specialized certification services for governmental authorities is responsible for:
1. ensuring absolute safety of security devices of digital certificates and dealing with issues during provision and management of digital certificates.
2. managing, operating technical infrastructure of certification system and ensuring safety and continuity of provision of certification services.
3. updating and storing information about certification request adequately and accurately as per the law.
4. ensuring maintenance of information channels to receive requests for issuance, extension, revision, revocation of digital certificates and restoration of security devices; updating and maintaining 24 hours a day and 7 days a week online databases of digital certificate policies, regulations on issuance, provision, management and use of certification services, digital certificates of the VGCA, lists of valid and revoked digital certificates, and other necessary information.
5. managing, operating, maintaining and instructing agencies and organizations to use the information system for registration and management of certification requests.
Article 15. Responsibilities of supervisory authorities
Supervisory authorities are responsible for:
1. based on demands for information safety and verification during e-transactions serving tasks of agencies and organizations under consideration, confirming documents and being responsible for accuracy of information upon request of issuance, extension, revision, revocation of digital certificates and restoration of security devices for organizations and agencies under their management.
2. receiving and transferring digital certificates and security devices to subscribers as per the law.
3. revoking security devices of organizations and individuals under their management and hand over to the VGCA.
4. updating, managing and storing applications for issuance, extension, revision, revocation of digital certificates and restoration of security devices of subscribers under their management as per the law.
5. examining implementation, management and use of digital certificates, security devices and specialized certification services for governmental authorities under their management.
6. on a regular and irregular basis, reporting on provision, management and use of specialized certification services for governmental authorities at request of competent agencies.
Article 16. Responsibilities of cipher organizations affiliated to Ministry of National Defense, Ministry of Public Security and Ministry of Foreign Affairs
Cipher organizations affiliated to Ministry of National Defense, Ministry of Public Security and Ministry of Foreign Affairs are responsible for:
1. on a yearly basis, acting as advisors for heads of presiding ministries to develop plans and demands for application of specialized certification services for governmental authorities for subscribers under their management to ensure information safety and verification in e-transactions.
2. developing and requesting competent authorities to promulgate regulations and provisions on management and use of specialized authentication services for governmental authorities within their powers.
3. being responsible for accuracy of information in applications for issuance, extension, revision, revocation of digital certificates and restoration of security devices; adoption of Forms 2, 4, 6, 8, 10, 12, 14 and 15 under Annex attached to this Circular for application forms.
4. receiving digital certificates and security devices handed over to supervisory authorities by the VGA.
5. receiving revoked digital certificates and security devices handed over to the VGA by supervisory authorities.
6. updating, managing and storing applications for issuance, extension, revision, revocation of digital certificates and restoration of security devices of subscribers under their management as per the law.
7. taking charge and cooperating with the VGCA in organizing training for subscribers under their management regarding implementation and use of digital certificates, security devices and specialized certification services for governmental authorities.
8. managing, guiding and examining subscribers during implementation, management and use of digital certificates, security devices and specialized certification services for governmental authorities.
9. cooperating with the VGCA in integrating specialized certification services for governmental authorities in information and technology applications to ensure information safety, verification and security.
10. listing, examining and managing issuance, extension, revision, revocation of digital certificates and restoration of security devices of agencies and organizations under management of presiding ministries and reporting to the Government Cipher Committee (via the VGCA) once a year before the 31st of October or irregularly.
Article 17. Responsibilities of subscribers
Subscribers are responsible for:
1. providing information relating to issuance, extension and revision of digital certificates accurately and adequately.
2. receiving digital certificates and security devices handed over by supervisory authorities as per the law.
3. informing supervisory authorities promptly to revoke digital certificates as specified in Clause 1 Article 10 of this Circular.
4. handing security devices over to supervisory authorities as specified in Clause 2 Article 10 of this Circular.
5. requesting restoration of security devices in case security devices are locked as specified in Article 11 of this Circular.
6. using digital certificates for the right purposes and complying with procedures and regulations on management and use of digital signatures, digital certificate, security devices and specialized certification services for governmental authorities.
7. managing security devices as per the law.
Chapter IV
IMPLEMENTATION
Article 18. Entry into force
This Circular enters into force from February 18, 2020 and replaces Circular No. 08/2016/TT-BQP dated February 1, 2016 of Minister of National Defense on provision, management and use of specialized certification services serving agencies of Communist Party, government and socio-political organizations.
Article 19. Responsibilities for implementation
1. Head of Government Cipher Committee, heads of relevant agencies, organizations and persons are responsible for implementation of this Circular./.
2. Difficulties that arise during the implementation of this Circular should be reported to the Government Cipher Committee for consolidation and report to Minister of National Defense./.
  
MINISTER
(Signed and sealed)




General Ngo Xuan Lich
(This translation is for reference only)



 © Vietnam Industry and Trade Information Center ( VITIC)- Ministry of Industry and Trade 
License: No 56/GP-TTDT issued by the Ministry of Information and Communications.
Address: Room 605, 6 th Floor, The Ministry of Industry and Trade's Building, No. 655 Pham Van Dong Street, Bac Tu Liem District - Hanoi.
Tel. : (04)38251312; (04)39341911- Fax: (04)38251312
Websites: http://asemconnectvietnam.gov.vn; http://nhanhieuviet.gov.vn
Email: Asem@vtic.vn; Asemconnectvietnam@gmail.com