Quyết định 316/QD-BTC

MINISTRY OF FINANCE
-------

SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom – Happiness
------------------

No: 316/QĐ-BTC

Hanoi, February 13, 2015

PP.MINISTER
DEPUTY MINISTER




Tran Xuan Ha

NO

Standards

Notes

1

Standard in transfer and document format

Hypertext Transfer Protocol/ Hypertext Transfer Protocol over Secure Socket Layer: HTTP v1.1/HTTPS

Transfer protocol

Document format: XML v1.

Document format language

Encrypting data: XML Encryption Syntax and Processing

XML Encryption

Digital signature: XML Signature Syntax and Processing

XML digital signature

Describing the structure of a document: XML Schema v1. 0

XML document structure

2

Standard in description, access, management and integration of services

Describing web services: WSDL v1.2

Web service description language

Accessing web services: SOAP v1.2

Web service access protocol

Universal Description Discovery and Integration: UDDI v3

Description, discovery and integration of services

3

Standards in service safety

Units may use the following standards depending on the actual requirements of the units

Web services security: WS-Security v1.1

Security for Web Services

Web services policy: WS-Policy v1.5

Management of web service policy

Web services addressing: WS-Addressing v1.0

Description of routing information of web services

Web services reliable messaging: WS-Web Reliable Messaging v1.1

Quality assurance of messaging

NO

Standards

Notes

1

Software Development Tools

Oracle Developer Suite 11g

Integrated development toolkit to deploy applications, including components such as: Oracle Jdeveloper, Oracle Form, Oracle Report, ...

Visual Studio 2010

Development toolkit applied on .NET technology

Rational Application Developer 8.0.4

Support tool for J2EE software development, run on Websphere.

WebSphere Studio Application Developer 5.1

Integrated applied development toolkit of IBM

Eclipse Java Development Tools 3.3

Support tool of Java application development (Open source)

NetBeans 8.0

Programming tools to develop applications using the Java language

Microsoft SharePoint 2010

Software Development, Portal

IBM WebSphere Portal 7.0.1

Software Development, Portal

WebCenter Portal 11g

Software Development, Portal

Eclipse 4.4

Development support tool of Java, PHP, C++, ... application (Open source)

2

Software Development basis

Java Virtual Machine 5.0

Basis for Java programming tool

Java EE 7

Technology basis including the specification of tools, API extended for application development

NET Framework 4.5

Technology basis for the programming tools based on Microsoft

BizTalk 2010 Standard / Enterprize 64 bit

Integrated solutions connected to separate systems towards SOA

Tibco ActiveMatric Lifecycle Governance Framework

SOA administration software basis

3

Database management system

Oracle Database 11g R2

For applications using Oracle database

Microsoft SQL Server 2008 R2

For applications using MS SQL Server database

DB2 9.7

For applications using IBM DB2 database

MySQL 5.1

For applications using MySQL open source database

Posgree 9.3.4

For applications using Posgree open source database

MariaDB 5.5.34

For applications using MariaDB open source database

MongoDB 2.4

For applications using MongoDB open source database

Hadoop 2.2

For applications using Hadoop open source database

4

Analysis, design of database

Enterprise Architect 8.0

Solution analysis of object-oriented design for UML of  Sparx

Power Designer 15.1

Database design software, supporting many tools, many administration system

Microsoft Visio 2010

Tool supporting system analysis and design

UML v2.0 - Unified Modelling Language Version 2.0

Modelized language used for design

IBM Rational Rose Enterprise

Tool used for analysis, design for many types of programming languages such as Java, .Net, PHP

CA Erwin Data Modeler

Support tools for design of database

5

Tool for database mining

SQL Navigator 6.2

Access tools for data mining

Microsoft SQL Server Management Studio

Graphical management tool for SQL Server database mining

SQL Server Business Intelligence Development Studio

Tools for data mining in smart data warehouses

Oracle Business Intelligence EE

Tools for data mining in smart data warehouses

Cognos Business Intelligence

Tools for data mining in smart data warehouses

TIBCO spotfire DecisionSite

Tools for data analysis and mining of real time

TIBCO BusinessWorks Smart Mapper

Support tool for cross-referencing and interpreting data for different data sets

PL/SQL (Procedural Language/Structured Querry Language)

Tool for database mining

SAP BusinessObjects Enterprise

Tool of database mining of SAP

6

Web server

Internet Information Service 7.5

For Webserver IIS

Websphere Application Server 7.0

For Webserver Websphere

Oracle Weblogic Server 11g

For Webserver Weblogic

Nginx 1.6

For Webserver Nginx

Google App Engine

Google services providing application development environment on internet based on languages: Java, Python, PHP, Go

Apache 2.4

For Webserver Apache

7

Data Exchange

Oracle Database Link

Data exchange standard

Webservice

Data exchange standard

Oracle Advanced Queuing 11g

For application using Oracle Advanced Queuing

Oracle Data Integrator (ODI) 11g

For application using Oracle Data Integrator

Oracle Service Bus 11g

For application using Oracle Service Bus

Oracle Golden Gate 11g

For application using Golden Gate

Oracle Active Data Guard

For application using Active Data Guard

TIBCO BusinessConnect

Support for secure data exchange

TIBCO Adapters

Connection of packaged applications, database systems and technology

JBoss Enterprise Data Services Platform 5.1

Support for secure data exchange

WebSphere Message Broker 7.0

Support for connection and exchange of different types of data

IBM MQueue

Middleware supporting the exchange of information between applications, systems, and file of IBM

8

Tools for support of management of software development

TortoiseSVN

Sharing and management of source code

Microsoft Developer Network

Development assistance

Microsoft Team Foundation Server 2010

Sharing and management of the life cycle of software, project management, quality inspection, performance, regression testing, ...

Oracle Application Testing Suite 9.1

Software performance testing

HP LoadRunner 9

Software performance testing

Microsoft Project Management Enterprise (Standard)

project management, resources under the model of milestone or waterfall

V-Tools

Tool for program performance test

IBM Rational Software

IBM tools including many administrative functions of lifecycle if application development, performance test, project management, requirements, ...

App Governance Suite

Tools for support of management of software development.

Jmeter 2.11

Open source tools for JMeter performance test.

9

Web browser for application with using interfaces under web forms.

Mozilla Firefox 30.0

Mozilla Web Browser

Internet Explorer 8.0

Microsoft Web browser

Chrome/Chromium 33.0

Google Web browser / Open source

10

Shortcut key

F1: Help

F2: Edit the current record

F3: Copy data on the same column of the above record

F4: Copy the above record

F6: Add a new record

F7: Switch interface to mode of search or display of search screen

F8: Search the data in search mode

F9: Display a list of lookup

F10 or Ctrol + S: Record

Shift + F6: Delete the current record

Ctrol + End: Go to the last record

Ctrol + Home: Go to the first record

Ctrl + P: Print the report, the current record

Ctrol + Q: Close the current window

Down (arrow down): Down a record

Up (arrow up): Up a record

11

Interface

Providing information about the product under the Ministry of Finance

Providing phone number to contact for software support

Standards on character set and encryption for Vietnamese: ISO 6909: 2001

Toolbar for the functionalities of the application

NO

EQUIPMENT, TECHNICAL STANDARDS

A

SERVER, DESKTOP COMPUTER, LAPTOPS, UNINTERRUPTIBLE POWER SUPPLY , PRINTERS

1

Common servers (Not applicable for Blade Server, Unix server)

1.1

Servers applied at Central, Provincial levels

Processor: 02 x processor (06 Core, 15 MB Cache)

Memory: 24 GB, up to: 384 GB

Storage:

- Type and Capacity: SATA or SAS, 2 x 300 GB HDD or 2 x 200 GB SSD

- Support 06 Disk bays

- Hot swap or Hot plug Disk Drivers

RAID Controller:

- Support levels: 0, 1, 5

- 512 MB Cache

I/O port: 01 VGA, 04 USB

Network interface: 02 Gigabit Ethernet Port

Remote Management Port: 01 Port

Operating System Support:

- Microsoft Windows Server

- Linux

Power supply:

- Redundant Power supply

- Input: 200-240V

- Hot-swap or Hot-plug Power Supply

1.2

Server applied at district level

Processor: 01 x processor (06 Core, 15 MB Cache)

Memory: 12 GB, up to: 384 GB

Storage:

- Type and Capacity: SATA or SAS, 2 x 300 GB HDD or 2 x 200 GB SSD

- Support 06 disk bays

- Hot swap or Hot plug Disk Drivers

RAID Controller:

- Support levels: 0, 1, 5

- 512 MB Cache

I/O port: 01 VGA, 04 USB

Network interface: 02 Gigabit Ethernet Port.

Remote Management Port: 01 Port

Operating System Support:

- Microsoft Windows Server

- Linux

Power supply:

- Redundant Power Supply

- Input: 200-240V

- Hot-swap or hot-plug Power Supply

2

Blade Server

2.1

Blade chassis

Form factor: Rack mount

Server bays: Support 4 blade server bays

Power supply:

- Input: 200-240V

- Redundant Power supply

- Hot-plug or hot-swap Power supply

- Support 04 power supply

FAN:

- Hot-plug or hot-swap Fan

- Redundant Fan

Management Module: 01 x Management Module

Interconnect bay or equivalents: 04 bays

Interconnect switch: Ethernet/Fibre Channel/InfiniBand/SAS interconnects

Interconnect switch Support: Ethernet, Fibre Channel, InfiniBand, SAS interconnects

2.2

Blade Server

Form factor: Blade server compatible with the above Blade chassis

Processor: 02 x processor (06 Core, 15 MB Cache)

Memory: 24 GB, up to: 384 GB

Type and Capacity Storage: SATA or SAS, 2 x 300 GB HDD or 2 x 200 GB SSD.

RAID support: 0, 1

Expansion slots: 02 slots

Ethernet NIC: 02 Gigabit Ethernet Port

System Management: Integrated

3

Desktop computers

Processor: 01 Processor (02 Core, 2 MB Cache)

Memory: 02 GB, up to: 08 GB

Storage: 320 GB SATA

I/O port:

- 06 USB

- 01 RJ-45

- 01 VGA

- 01 audio port

- 02 PCI (Support: 01 PCI Express)

Monitor:

- Display type: 17 Inch LCD

- Resolution: Support up to 1280x1024 or 1366x768 or 1440 x 900

Network interface: 01 Gigabit Ethernet Port

Keyboard & optical mouse

Operating System Support: Microsoft Windows 8

Power supply Input: 120-240V

4

Laptops

Processor: 01 Processor (02 Core, 3 MB Cache)

Memory: 02 GB, up to: 08 GB

Storage: SATA, 320GB HDD or 128GB SSD

Network interface:

- Integrated Ethernet: 10/100/1000 Mbps

- Integrated Wireless LAN (b/g/n)

I/O port:

- 03 USB

- 01 RJ-45

- 01 audio port

- 01 AC power

- 01 VGA

Display: 12-15.6 Inch

Battery type: 3-cell

Operating System Support: Microsoft Windows 8

Power supply Input: 110-240V

5

Printers

5.1

A3 Laser printers

Paper size: A3, A4

Processor: 01 Processor

Print quality: 600 x 600 dpi

Print Speed: Up to 15 ppm for A3

Memory: 64 MB

Network interface: Ethernet 10/100 Mbps

Input tray: 1 tray x 250 sheets (A3/A4)

USB cable

Driver and software management with license

Operating System Support: Microsoft Windows 7

Power supply Input: 220-240V

5.2

A4 Laser printers

Paper size: A4

Print quality: 600 x 600 dpi

Print Speed: Up to 25 ppm for A4

Memory: 32 MB RAM

Network interface: Ethernet 10/100 Mbps

Input tray: 1 tray x 250 sheets (A4)

Auto duplex

USB cable

Driver and software management with license

Operating System Support: Microsoft Windows 7

Power supply Input: 220-240V

6

Uninterruptible power supply 

6.1

Uninterruptible power supply for servers

Type: Online technology/Line-interactive

Power Capacity: 2000VA/1400W

Input:

- Voltage range: 160V-276V

- Frequency range: 50Hz

Output:

- Voltage: 220V +/-5%

- Frequency range: 50Hz +/-6%

UPS monitoring and system shutdown software included

Backup time (fulload): 5 minutes

6.2

Uninterruptible Power Supply for desktop computers

Power Capacity: 1000VA/600W or 1000VA/700W

Input:

- Voltage range: 176V-264V

- Frequency range: 50Hz

Output:

- Voltage: 220V +/-10%

- Frequency range: 50Hz +/-1%

Backup time (Halfload): 6 minutes

B

Network devices

1

Switch

1.1

Switch Access

Form factor: Rack

Interface: 24 Gigabit Ethernet ports

Features:

- Switching capacity: 48 Gbps

- Forwarding: 35 Mpps

- MAC table size or equivalents: 8000

Management or console port

Power Supply Input: 220-240V

1.2

Switch Core

Form factor: Rack

Interface: 24 Gigabit Ethernet ports.

Performance:

- Switching Capacity: 88 Gbps

- Forwarding rate/ throughput: 65 Mpps

- 512 MB DRAM

- 128 MB flash memory

Protocol:

- IPv4, IPv6

- IEEE 802.1Q VLAN

- IEEE 802.1d Spanning Tree Protocol

- IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)

- IEEE 802.1s Multiple Spanning Trees.

- IEEE 802.1x Port-Based Network Access Control

- IEEE 802.3ad Link Aggregation Control Protocol (LACP)

Layer 3 routing protocols:

- Static, RIPv1, RIPv2

- Upgradable to advanced IP routing protocols: OSPF

- Upgradable to support IPv6 routing

Management:

- Command line interface (CLI), Web/gui interface.

- SNMP

- Trivial File Transfer Protocol (TFTP) or FTP

- Network Timing Protocol (NTP)

- Management or console port

Power supply:

- Redundant Power Supply

- Input: 220-240V

2

Wireless network devices

2.1

Accesspoint for central, provincial, district levels

Support Standard: Wireless 802.11 a/b/g

Authentication protocol:

- Pre-shared keys

- 802.1x, EAP- PEAP, EAP-FAST, EAP-TLS, EAP-TTSL, EAP-MSCHAPv2

Security Standard: 802.11i, WEP, WPA, WPA2, AES, TKIP

Interface:

- 100/1000 Base-T (RJ45)

- Auto Sensing or equivalents

- Management or console port (can be integrated in ethernet port)

- Wifi-Certified

Power Supply Input: 220-240V

2.2

Accesspoint centralized management system for central, Provincial levels

Requirements for management of system:

- Centralized management tool has graphical user interface

- The location of Accesspoint is allowed to be shown on the map.

Requirements for security:

- Be integrated the IDS or IPS features

- Allow logs

Management of signal frequency:

- The signal frequency of AccessPoint system can be managed.

- Capacity and signal channels of the AccessPoint can be adjusted.

Reporting functions

3

Router

3.1

Router for central and provincial levels

Form factor: Rack mount

Performance (Throutput/Firewall + routing/switching): 200Kpps (1 Packet = 64 byte)

Memory: 256 MB Ram or 256 MB Flash

Interface:

- 04 Network Module slots

- 02 port 10/100/1000 Mbps

Routing protocols:

- Static, RIP v1/v2, IGMP v1/v2/v3, OSPF, BGP

- Generic Routing Encapsulation (GRE)

Internet Protocol: IPv4, IPv6

Management:

- Command line interface (CLI), Web/gui interface.

- SNMP v2/v3

- Management or console port

Power Supply Input: 220-240V

3.2

Router for district level

Performance (Throutput/Firewall + routing/switching): 95 Kpps (1 Packet = 64 byte)

Memory: 256 MB RAM or 256 MB Flash

Interface: 02 port 10/100 Mbps

Routing Protocol:

- Static, RIPv1/2, OSPF, BGP

- Generic Routing Encapsulation (GRE) tunneling

Internet Protocol: Support IPv4

Security support: IPSec VPN: site-to-site and remote access VPN

Management:

- Command line interface (CLI), Web/gui interface.

- SNMP

- Management or console port

Power Supply Input: 220-240V

C

SECURITY EQUIPMENT AND PRODUCTS

1

Firewall

1.1

Firewall for network:

1.1.1

Firewall for central level

Form factor: Rack

Interface:

- 04 Ethernet port 100/1000 Mbps

- Upgradeable to 08 port 100/1000 Mbps

- 01 Console port or management port

Performance

- Firewall throughput: 08 Gbps

Features:

- Deny of Services protection

- Network address translation

- Support the detection methods: Signature base or equivalents, protocol anomaly or equivalents

Internet Protocol:

- IPv4, RIP, OSPF, BGP, Static route

- Support IPv6

Management:

- Command line interface (CLI)

- SNMP

- Web: htttp/https

High Availability: Active/Active or Active/Passive

Power supply:

- Redundant Power Supply

- Input: 220-240V

1.1.2

Firewall for provincial level

Form factor: Rack

Interface:

- 04 Ethernet port 100/1000 Mbps

- Upgradeable to 06 port 100/1000 Mbps

- 01 console port or management port

Performance:

- Firewall throughput: 950 Mbps

Features:

- Deny of Services protection

- Network address translation

- Support the detection methods: Signature base or equivalents, protocol anomaly or equivalents

Internet Protocol:

- IPv4, RIP, OSPF, BGP, Static route

- Support IPv6

Management: Command line interface (CLI); Web/gui interface

High Availability: Active/Active or Active/Passive

Power Supply Input: 220-240V

1.1.3

Firewall for district level

Form factor: Rack

Interface:

- 04 Ethernet port 10/100 Mbps

- 01 Console port or Management port

Performance:

- Firewall throughput: 700 Mbps

Features:

- Deny of Services protection

- Network address translation

- Support the detection methods: Signature base or equivalents, protocol anomaly or equivalents

Internet Protocol:

- IPv4, RIP, OSPF, BGP, Static route

- Support IPv6

Management: Command line interface (CLI); Web/gui interface

High Availability: Active/Active or Active/Passive

Power Supply Input: 220-240V

1.2

Firewall applied to central, provincial level

Form factor: Rack

Interface:

- 04 Ethernet port 100/1000 Mbps

- 01 Console port or Management port

Performance:

- HTTP request/sec: 32.800

- SSL transactions/sec: 5.000

Protection:

DoS/DDoS protection

SQL Injection protection

Cross-Site Scripting protection

Internet Protocol: IPv4; Support IPv6

Management:

- Web: http/https

- Command line interface (CLI)

- SNMP

Power supply:

- Redundant Power supply

- Input: 220-240V

2

Intrusion detection system and intrusion prevention system (IDS/IPS)

2.1

IDS/IPS for provincial and central levels:

Form factor: Rackmount

Performance:

- IPS/IDS throughput or Inspection throughput or equivalents: 1,5Gbps

- Latency: <= 150 ms

Management:

Command-line interface; Web browser

Interface:

4 port x 1000Mbps

Feature:

In-line, real-time protection

Power supply:

- Redundant Power Supply.

- Input: 220-240V

2.2

IDS/IPS for district level:

Form factor: Rackmount

Performance:

- IPS/IDS throughput or Inspection throughput or equivalents: 700 Mbps

- Latency: <= 1 ms

Management:

Command-line interface; Web browser

Interface:

4 port x 1000Mbps

Feature:

In-line, real-time protection

Power supply Input: 220-240V

2.3

Centralized administration equipment for IDS / IPS (for units with many IDS / IPS)

Features:

- Administration via Web browser interface

- Administration, policy configuration, updates for remote IPS

Report:

- Make reports by under criteria: All attacks, attack Top

- Automatic Reports under schedule: Day, week, month

- Report format: PDF, HTML, CSV

3

Antivirus software

3.1

Antivirus software for servers, desktop computers, laptops

- Scan virus in: files, folders, compression file, external storage devices

- Scan mode:

Manual scan

Schedule scan

- Protect/prevent/anti: Virus, TrojanSpyware

- Automatical update of virus samples

- Installation on Windows 7, Windows 8

3.2

Centralized management components for anti-virus software

Management features:

- Automatical update of virus samples

- Automatical update of virus samples for client

- Management of information in whole system:

Hostname, IP

Antivirus software version

Connection status of antivirus software with centralized management component

Number, type of virus detected, processing results on each computer

- United scan schedule for a group or all of the computers in the system

- Remote commands for a group or all of the computers in the system in virus scanning

Support the operating system in installation:

For centralized management component being software, requirement for installation on Windows Server or Linux

4

Tools for vulnerability scanning

Vulnerability scanning features:

- Application scan made by many different web programming languages ​​: ASP, PHP, Java

- Web service scan

- AJAX application scan

- Detection of serious vulnerabilities: Cross-Site Scripting (XSS); Cross Site Request Forgery (XSRF); SQL injections; Malware / Backdoors / Trojan Script; Weak Password

Management features:

- Allow to customize to scan various parameters and set automated or manual scan schedule

- Management of scan history: allow users to retain the scan results and compare between two scans

- Classify security vulnerabilities according to risk level, at least at three levels: low, medium, critical / high

- Update the new vulnerabilities and risk models

Report:

- Reports under standards: OWASP / SANS / WASC / ISO 17799/27001 / PCI (Payment Card Industry)

- Result showing: description of suspicious contents and remedy instruction

- Rendering reported under MS Word or PDF

Support the operating system in installation:

Installation on Windows server 2008/2012, Windows 7, Windows 8

D

DATA STORAGE DEVICE

1

Data storage devices for central level

Form factor: Rack mount

Host Interface: Fibre channel or FCoE

Driver Storage Capacity: 8TB raw

Drive Type: Sata/SAS/Fibre channel/SSD

Raid support: 4 or 5

Software: Storage management: LUN Creation, LUN Provisioning, Storage Monitor Management

Management:

- Web/gui interface

Operating System Support:

- Microsoft Windows Server

- Linux

- VMware

Power supply:

- Redundant Power supply

- Hot-swap or hot-plug Power supply

- Input: 220-240V

2

Data storage devices for provincial level

Form factor: Rack mount

Host Interface: Fibre channel or FCoE

Disk Storage Capacity: 05TB raw

Drive Type:

- Sata/SAS/Fibre channel

Raid support: 4 or 5

Software: Storage management: LUN Creation, LUN Provisioning, Storage Monitor Management

Management:

- Web/gui interface

Operating System Support:

- Microsoft Windows Server

- Linux

- VMware

Power supply:

- Redundant Power supply

- Hot-swap or hot-plug Power supply

- Input: 220-240V

3

SAN Switch device

Form factor: Rack mount

Interfaces:

- 16 port 8 Gbps (Fibre Channel or FCoE)

- Auto Sensing or equivalents

Performance, Capacity or equivalents: 128 Gbps

Management:

- Web/GUI interface

- Management port: RJ45

Power Supply Input: 220-240V