“The Vietnam Dedicated Data Transmission Network for Party and Government Agencies (TSLCD) is identified as a component of the e-Government (CPĐT) and Digital Government (CPS) digital infrastructure. Building and developing digital infrastructure is key to successfully achieving digital transformation.”
00IntroductionThis article is translated from:
Announcement No. 12/2019/TT-BTTTT from the Ministry of Information and Communications: Amendments and supplements to several provisions of Announcement No. 27/2017/TT-BTTTT issued on October 20, 2017 (regarding the management, operation, connection, use, and information security assurance of the dedicated data transmission network for Party and Government agencies)
https://chinhphu.vn/default.aspx?pageid=27160&docid=198315
The new version was released onMay 4, 2023, read more to aid understanding.Abbreviations and Explanations
| Abbreviation | Explanation |
| Mang TSLCD | Dedicated Data Transmission Network for Party and Government Agencies |
| CPDT | e-Government |
| TTDL | Data Center |
| DNVT | Telecommunications Enterprises |
| CQNN | National Institutions |
| BNDP | Ministries, Branches, Localities |
| CBCC | Civil Servants |
| ATTT | Information Security |
| HTTT | Information Systems |
| VPCP | Government Office |
| DNS | Domain Name Resolution Service |
| VPN | Virtual Private Network |
| CPT | Central Post Office |
01Overview
(1) Terminology Explanation
1. Dedicated Data Transmission Network
The Dedicated Data Transmission Network for Party and Government Agencies (referred to as the Dedicated Data Transmission Network or TSLCD Network) is a national important information system used for dedicated data transmission activities of Party and Government agencies. The dedicated data transmission network includes the first-level dedicated data transmission network and the second-level dedicated data transmission network.
2. First-level TSLCD Network
The first-level dedicated data transmission network is directly managed, operated, and maintained by the Central Post Office (CPT), connecting the following institutions:
a) The Office of the Central Committee, central ministries, central directly affiliated Party committees, and central directly affiliated agencies;
b) The Ethnic Council, National Assembly Committees, National Assembly Office, and agencies directly under the National Assembly Standing Committee;
c) The Office of the President;
d) The Government Office, ministries, ministerial-level agencies, and government-affiliated institutions;
e) The Central Committee of the Vietnam Fatherland Front and central-level political-social organizations;
f) The Supreme People’s Court, the Supreme People’s Procuracy, and the State Audit Office;
g) Provincial and municipal Party Committees; provincial/municipal People’s Councils and People’s Committees.
3. Second-level TSLCD Network
The second-level dedicated data transmission network connects the following institutions:
a) Departments under provincial/municipal Party Committees; county/commune/ward Party Committees;
b) County-level and commune-level People’s Councils;
c) Specialized agencies directly under provincial People’s Committees; county-level and commune-level People’s Committees;
d) Provincial and county-level Vietnam Fatherland Front Committees and political-social organizations;
e) High People’s Courts; provincial People’s Courts; county People’s Courts and equivalent agencies;
f) High People’s Procuracies, provincial People’s Procuracies, county People’s Procuracies;
g) Regional branches of the State Audit Office;
h) Other entities as required by Party and Government agencies.
4. Dedicated Internet Access Service
Dedicated Internet access service refers to the use of TSLCD network infrastructure to provide Internet access services for the Office of the Central Committee, the National Assembly Office, the Office of the President, the Government Office, and central Party and Government agencies.
5. Access Gateway
The access gateway of the dedicated data transmission network refers to network devices, security devices, or other similar functional devices that provide connection interfaces between the institutional network and the dedicated data transmission network.
6. Access Units
Units using the TSLCD network include node units accessing the TSLCD network within central and local Party and Government agencies.
(2) Introduction to the Central Post Office
The Central Post Office is a special communication unit under the Ministry of Science and Technology, with main functions including: providing communication security management for Party and Government leadership agencies in confidential and emergency command work, assisting the Minister in performing state management functions and organizing the implementation of relevant laws, while also providing professional communication services to Party and Government agencies and related organizations.
02
Management and Operation of the TSLCD Network
(1) Management and Operation Regulations
1. The management and operation of the TSLCD network must ensure efficient utilization of network resources, enhancing the quality of information technology applications in Party and Government agencies;
2. The TSLCD network is subject to centralized and unified management and operation, with regular or surprise inspections to assess the security, confidentiality, and high availability during network operation;
3. The TSLCD network must ensure uninterrupted communication (24 hours a day, 7 days a week);
(2) List of Services Provided
1. Basic Services
a) Virtual Private Network (VPN) service;
b) Dedicated leased line service;
c) Dedicated Internet access service;
d) Video conferencing service;
e) Voice service;
f) Other basic services as prescribed by the Ministry of Information and Communications;
2. Value-added Services
a) Voicemail service;
b) Email service;
c) IPTV service;
d) Virtual Private Server (VPS) leasing service;
e) Other value-added services as prescribed by the Ministry of Information and Communications;
3. Additional Services
a) IP voice additional services, including: caller ID display, call waiting, call forwarding, call blocking, speed dial service;
b) Other additional services as prescribed by the Ministry of Information and Communications;
03
Connection and Use of the TSLCD Network
(1) Connection Requirements for First-level TSLCD Network Users
1. Connection Location
To be determined through negotiation between the Central Post Office and the user unit based on technical feasibility.
2. Connection Method
Direct fiber connection to the first-level TSLCD network, complying with relevant technical specifications and mandatory standards prescribed by the Ministry of Information and Communications.
3. IP Address and Routing Parameters
Ensure that IP addresses and routing parameters comply with legal requirements and follow the guidelines set by the Ministry of Information and Communications (Central Post Office) for the TSLCD network.
4. Terminal Equipment Installation
User terminal equipment and internal networks must be installed and connected to the first-level TSLCD network in accordance with telecommunications resource management, telecommunications technical standards, and regulations.
(2) Connection Requirements for Second-level TSLCD Network Users
1. Telecommunications enterprises must ensure the connection between nodes of the second-level TSLCD network based on the usage needs of central municipalities and provincial Party and Government agencies, and implement the connection requirements proposed by the Central Post Office.
2. To ensure interconnection between the first-level and second-level TSLCD networks, telecommunications enterprises must establish relay connections to the first-level TSLCD network.
3. Connection Method
a) Nodes of the second-level TSLCD network must route directly to the centralized equipment of the first-level TSLCD network or to the centralized equipment of the local area network;
b) When connecting to the first-level TSLCD network, nodes of the second-level TSLCD network must route through the centralized equipment of the first-level TSLCD network;
4. IP Address and Routing Parameters
Ensure compliance with legal regulations and the unified provisions of the Ministry of Information and Communications (Central Post Office) for the TSLCD network.
(3) Relay Connection Requirements between First-level and Second-level TSLCD Networks
1. Connection Location
To be determined through negotiation between the Central Post Office and the telecommunications enterprises providing second-level TSLCD network connections, based on technically feasible network connection locations, but must not violate the provisions of Articles 42 and 44 of the Telecommunications Law regarding connections.
2. Connection Method
First-level and second-level TSLCD networks must be directly connected through two separate fiber optic lines in different directions, meeting the information security assurance requirements specified in Clause 2 and Clause 3 of Article 12 of this notice.
3. IP Address and Routing Parameters
Ensure compliance with legal regulations and the unified provisions of the Ministry of Information and Communications (Central Post Office) for the TSLCD network.
(4) Infrastructure Requirements for Telecommunications Enterprises Providing Connections to the Second-level TSLCD Network
1. Enterprises authorized to provide services on the second-level TSLCD network must meet the following conditions:
a) Have networks in administrative units at the district, county, and commune levels under central municipalities;
b) Have sufficient network infrastructure capacity to connect all units of the second-level TSLCD network;
c) Have a professional team to ensure direct monitoring, operation, and troubleshooting of connection nodes, and have lines connecting to the first-level TSLCD network;
d) Be selected by local Party and Government agencies as service providers;
2. Lines connecting to the TSLCD network must ensure transmission security (confidentiality) as prescribed;
3. Services deployed on the second-level TSLCD network must comply with technical standards prescribed by the Ministry of Information and Communications.
4. Telecommunications enterprises must use dedicated routing devices to connect to the first-level TSLCD network and use centralized connection devices to integrate units using the second-level TSLCD network.
(5) Regulations on Data Use, Sharing, and Storage on the TSLCD Network
1. Data use, sharing, and storage on the TSLCD network must comply with the provisions of the “Telecommunications Law”, “Information Technology Law”, “Information Security Law”, and “Archives Management Law”.
2. Data used, shared, and stored through the TSLCD network should be limited to content necessary for the administrative management and business activities of the network user units.
3. Important data transmitted over the TSLCD network must comply with the “Law on State Secrets” and be protected using cryptographic encryption technology.
04
Regulations on Security Assurance for the TSLCD Network
(1) General Regulations on Security Assurance for TSLCD Network Infrastructure
1. Network Partition Design
The network infrastructure should be divided into functional areas according to the corresponding levels, matching the classification of information systems.
2. External Access Control
A management plan for external network access must be established to control and block illegal access from external networks to internal networks.
3. Internal Outbound Network Control
Measures must be implemented to manage internal network access to external networks and the Internet, ensuring that only legitimate network connections that meet requirements are allowed for external communication.
4. Log Management Plan
A system log storage and management mechanism must be established to track and monitor normal system operation and network security-related activities.
5. Intrusion and Malware Protection
Network intrusion detection and anti-malware solutions must be deployed to achieve early threat detection, response, and blocking, preventing network attacks and system anomalies.
6. Device Security Protection
A protection plan for network devices and security devices must be established to monitor and prevent illegal access or tampering with device configurations and operational status.
(2) Security Assurance Regulations for the TSLCD Network
1. The first-level TSLCD network must meet the requirements specified in Clause 5 of Article 9 of Announcement No. 03/2017/TT-BTTTT issued by the Ministry of Information and Communications on April 24, 2017, and comply with the basic requirements for level 5 information systems as per TCVN 11930:2017.
2. Services deployed on the second-level TSLCD network must comply with technical standards prescribed by the Ministry of Information and Communications and meet the basic requirements for level 3 and above information systems as per TCVN 11930:2017.
3. Regulations on Accessing the TSLCD Network for Information Systems
a) Network Isolation: User units must physically isolate the TSLCD network connection module from the Internet connection module;
b) Security Standards: Access systems must meet the security requirements for classified information systems, and their connection gateways must comply with the security requirements in Appendix 1 of this notice;
c) Data Center: Data centers accessing the TSLCD network must meet the security requirements for classified information systems and the security requirements in Appendix 2 of this notice;
(3) Security Regulations for the TSLCD Network Management Subsystem
1. Network Isolation Requirements: The network management subsystem must be physically isolated from other network subsystems and prohibited from accessing the Internet.
2. Access Management Requirements: A centralized authentication management system for access accounts must be configured, and appropriate operational permissions must be assigned to administrators.
05
Responsibilities of Related Units
(1) Responsibilities of the Central Post Office
1. Overall Planning: Lead the development planning for the TSLCD network.
2. Policy Guidance: Lead the guidance for units to implement the provisions of this notice.
3. Standard Formulation: Collaborate with the Department of Science and Technology to formulate and submit to the Ministry of Information and Communications for promulgation relevant technical standards and regulations on the management, operation, connection, use, and information security of the TSLCD network.
4. System Construction: Lead the formulation of regulations, policy documents, quality indicators, operating procedures, and technical specifications related to connection assurance and information security for the TSLCD network.
5. Security Supervision: Conduct regular or irregular network security inspections and assessments, coordinating the handling of network emergencies.
6. Joint Inspections: Collaborate in conducting supervision and inspection work for the TSLCD network.
7. Emergency Assurance: In emergencies, can mobilize telecommunications enterprises’ infrastructure and capabilities to provide service assurance for urgent information needs of central Party and Government agencies.
8. Regular Reporting: Organize telecommunications enterprises providing connection services for provincial-level TSLCD second-level networks to report network operation status to the Central Post Office and provincial information and communications departments every six months/year.
9. Information Hub: Act as the liaison unit for the Ministry of Information and Communications, receiving reports from provincial and municipal information and communications departments regarding the TSLCD network.
(2) Responsibilities of Units under the Ministry of Information and Communications
1. Telecommunications Bureau
Assist in reviewing the IP address resources, routing parameters of the TSLCD network, as well as technical solutions and network development plans proposed by service providers.
2. Information Security Bureau
a) Collaborate with the Central Post Office to develop, revise, and supplement normative documents and technical guidelines related to information security assurance for the TSLCD network, and organize the implementation of relevant security assurance measures;
b) Assist the Central Post Office in evaluating the information security assurance plans for user units and second-level TSLCD network infrastructure providers when accessing the first-level network and provide feedback;
c) Coordinate and support TSLCD network user units and operation and maintenance units in emergency response to information security incidents;
d) Collaborate in deploying monitoring and early warning plans to prevent risks of illegal intrusion through the Internet when user units’ information systems access the TSLCD network.
3. Inspection Bureau
Lead supervision and inspection work to ensure that the TSLCD network complies with relevant regulations and requirements in management, operation, connection, use, and security protection.
4. Department of Science and Technology
Lead in collaboration with the Central Post Office to formulate and submit to the Ministry of Information and Communications for promulgation relevant technical standards and regulations on the management, operation, connection, use, and information security of the TSLCD network.
(3) Responsibilities of Telecommunications Enterprises Providing Infrastructure and Services for the TSLCD Network
1. Service Announcement: Publicize the service registration points for second-level TSLCD network user units (including technical support, troubleshooting, and complaint handling functions).
2. Contract Norms: Develop and publicize standard contract details, authorizing the nearest service registration point to negotiate and sign contracts with second-level TSLCD network user units.
3. Quality Assurance: Ensure service quality and availability for second-level TSLCD network connection nodes in all provinces and cities.
4. Compliance Requirements: Strictly comply with the connection regulations, network quality, and information security assurance regulations issued by the Ministry of Information and Communications for the TSLCD network.
5. Emergency Response: Cooperate with the Central Post Office to mobilize enterprise infrastructure and resources to ensure urgent communication needs as required by central Party agencies.
6. Redundant Deployment: Implement equipment redundancy plans and personnel backup mechanisms to ensure the continuous and secure operation of TSLCD network infrastructure.
7. Supervision Cooperation: Report TSLCD network service status to the Central Post Office and accept its supervision and inspection of second-level network services and troubleshooting.
8. Regular Reporting: Submit local TSLCD network operation reports to the Central Post Office and provincial information and communications departments by June 15 and December 15 each year.
(4) Responsibilities of Provincial and Municipal Information and Communications Departments
1. Planning and Construction: Develop development plans for the second-level TSLCD network in their respective regions.
2. Supervision and Guidance: Guide relevant organizations, individuals, and telecommunications enterprises to comply with regulations on security and information assurance for the second-level TSLCD network.
3. Law Enforcement Inspection: Lead inspections and handling of violations related to the use, sharing, storage of information, and information security of the second-level TSLCD network within their authority.
4. Policy Recommendations: Provide decision-making recommendations for provincial governments regarding the management, operation, and use of the second-level TSLCD network in their regions.
5. Promotion and Training:
a) Promote and disseminate the provisions of this notice to local Party and Government agencies, guiding them to effectively manage and use the second-level TSLCD network.
b) When it is necessary to supplement or change the connection nodes of the second-level TSLCD network, provincial and municipal information and communications departments must submit a written request to the Ministry of Information and Communications (Central Post Office).
6. Annual Reporting: By December 15 each year, submit reports to the Ministry of Information and Communications (Central Post Office) according to the template specified in Appendix 3 of this notice.
(5) Responsibilities of TSLCD Network User Units
1. Manage, develop, and protect the access ports of the TSLCD network within user units according to the provisions of Appendix 1 of this notice.
2. Ensure that the content and information transmitted through the TSLCD network comply with legal regulations.
3. Do not arbitrarily change the connections and network parameters of TSLCD network-related devices that are outside their authority, to avoid resource conflicts and affect the operation of the TSLCD network.
4. In case of faults, promptly report to authorized personnel for handling.
5. Responsible for the following related matters:
a) Manage the firewall system for the TSLCD network in their unit;
b) Manage VPN users established on the TSLCD network platform (if any);
c) Manage the domain name of their unit;
d) Manage the Internet connection policy of their unit through the TSLCD network;
e) Manage access permissions, monitor, and prevent information security risks when their unit’s information systems connect to the TSLCD network and external networks;
f) Record faults and errors related to TSLCD network connections, information security, and confidentiality; in case of severe faults beyond their unit’s handling capacity, immediately notify the Central Post Office (for the first-level TSLCD network) or the nearest service registration point of the service provider (for the second-level TSLCD network) for timely coordination and resolution.
g) Develop an emergency response plan for information security incidents.
6. Register with the Government Cipher Committee to use digital signature authentication services to ensure information security on the TSLCD network.
7. If planning to conduct internal system upgrades or maintenance that may affect the TSLCD network, notify the Central Post Office (for the first-level TSLCD network) or the nearest service registration point of the service provider (for the second-level TSLCD network) at least 5 working days in advance to ensure compliance with the overall planning requirements of the TSLCD network.
8. Ensure compliance with regulations on the management, operation, and use of the TSLCD network; develop internal regulations regarding the use of the TSLCD network.
9. Collaborate with the Central Post Office to develop plans for integrating their unit’s information systems with the TSLCD network.
10. By December 15 each year, the information technology departments of central Party agencies must submit work reports to the Ministry of Information and Communications (Central Post Office) according to the template specified in Appendix 3 of this notice.
06
Timeline
2017
On October 20, 2017, Announcement No. 27/2017/TT-BTTTT from the Ministry of Information and Communications regarding the management, operation, connection, use, and information security assurance of the dedicated data transmission network for Party and Government agencies was issued.
2019
On November 5, 2019, Announcement No. 12/2019/TT-BTTTT from the Ministry of Information and Communications regarding amendments and supplements to Announcement No. 27/2017/TT-BTTTT was issued.
2023
On April 5, 2023, the Government of Vietnam issued Decision No. 08/2023/QĐ-TTg regarding the “Dedicated Data Transmission Network for Party and Government Agencies” (latest version).
