Nội dung toàn văn Decision No. 316/QD-BTC 2015 regulation on applcation of information technology in administrative agencies
MINISTRY OF FINANCE | SOCIALIST REPUBLIC OF VIETNAM |
No: 316/QĐ-BTC | Hanoi, February 13, 2015 |
DECISION
PROMULGATING THE REGULATION ON APPLCATION OF INFORMATION TECHNOLOGY IN ADMINISTRATIVE AGENCIES, PUBLIC SERVICE PROVIDERS UNDER THE MINISTRY OF FINANCE
THE MINISTER OF FINANCE
Pursuant to the Government's Decree No. 215/2013/NĐ-CP dated December 23, 2013 defining the functions, tasks, entitlements and organizational structure of the Ministry of Finance;
Pursuant to Circular No. 22/2013 / TT-MIC dated December 23, 2013 of the Ministry of Information and Communication promulgating the List of technical standards on the application of information technology in regulatory agencies;
Pursuant to Circular No. 01/2014 / TT-MIC dated February 20, 2014 of the Ministry of Information and Communications stipulating in detail priority in investment in and procurement of domestically manufactured or provided information technology products and services using state budget funds;
Pursuant to Circular No. 20/2014 / TT-MIC dated May 12, 2014 of the Ministry of Information and Communications defining open-source software products the open source preferred in shopping, use in regulatory agencies, organizations;
At the request of the Director of Department of Informatics and Financial Statistics,
DECISION:
Article 1. Regulations on application of information technology in administrative agencies, public service providers under the ministry of finance is enclosed herewith this Decision.
Article 2. This Decision takes effect from the date of signing; replaces the Minister of Finance’s Decision No. 1895 / QD-BTC dated July 30, 2012 promulgating the regulations on application of information technology in the administrative agencies, public service providers under the Ministry of Finance and the Minister of Finance’s Decision No. 2607 / QD-BTC dated October 18, 2013 on amendments and supplements to the regulations on the application of information technology in the administrative agencies, public service providers under the Ministry of Finance enclosed herewith Decision No. 1895 / QD-BTC dated July 30, 2012.
Article 3. The Chief of the Finance Ministry Office, the Director of Department of Informatics and Financial Statistics, the heads of units affiliated to Ministries shall be responsible for the implementation of this Decision. /.
| PP.MINISTER |
REGULATION
STANDARDS ON THE APPLICATION OF INFORMATION TECHNOLOGY IN THE ADMINISTRATIVE AGENCIES, PUBLIC SERVICE PROVIDERS UNDER THE MINISTRY OF FINANCE
(enclosed herewith the Minister of Finance’s Decision No. 316/QD-BTC dated February 13, 2015)
Article 1. Scope of regulation
This regulation defines the application of information technology (IT) applied uniformly application of information technology in administrative agencies, public service providers under the Ministry of Finance.
Article 2. Regulated entities
This Regulation is applied to the administrative agencies, public service providers under the Ministry of Finance; encourages the Service of Finance in central-affiliated cities and provinces to apply uniform the standards of IT applications under this Regulation.
Article 3. Standard list of application of information technology and application principles
1. For connection standards, data integration standards, information access standards, information safety standards: The Ministry of Information and Communications’ Circular No. 22/2013 / TT-MIC dated December 23, 2013 promulgating the List of technical standards for the application of information technology in regulatory agencies shall be applied.
2. For technical standards applied to web portal in Finance sector: the Ministry of Finance’s Decision No. 3241 / QD-BTC dated December 21, 2009 defining functions and technical standards applied to the web portal in Finance sector shall be applied.
3. For development standards of IT and technical standards of IT products and equipment:
a) For IT software development standards:
- Agencies, units comply with the provisions of Appendix 01 enclosed herewith this Regulation
- For recommendation standards applied in formulation, development of internal software in Finance sector:
In case of new software development: The version of product, tools of formulation and development of internal software issued under this Regulation is the lowest version that may be applied.
In case of software upgrade: In case the software is upgraded with requirement for upgrading infrastructure to ensure compatibility: The version of product, tools of formulation and development of software issued under this Regulation is the lowest version that may be applied; In case the software is upgraded without requirement for upgrading infrastructure to ensure compatibility: The version of product, tools of formulation and development of software lower than this Regulation shall be applied.
- The version in the regulations is the minimum level, units, systems choose the deployed version in accordance with the facts of the units.
b) For technical standards of IT products, equipment:
- Agencies, units comply with the provisions of Appendix 02 enclosed herewith this Regulation
- Technical standard of equipment issued together with this Regulation is the minimum level. Where necessary, agencies and units may improve the technical standards and add other technical standards as requirement for operation of the units, but must ensure the principle that many manufacturers have IT goods meeting the requirements (including priority over IT products domestically produced under the provisions of the Ministry of Information and Communication’s Circular No. 01/2014 / TT-MIC dated February 20, 2014), together with the proving technical documents. The Heads of the units shall be responsible for their decisions before law and as assigned by the Ministry of Finance.
c) For IT goods, products outside the list provided in Appendix 01 and Appendix 02 enclosed herewith this Regulation: Agencies, units shall actively formulate technical standards of goods and commence the guarantee of professional requirements of the units.
d) This provision shall not be applied to software commenced, package software solutions, overall solutions (including hardware and software).
Article 4. Implementation
1. The heads of administrative agencies, public service providers under the Ministry of Finance shall be responsible for implementation of this Regulation. Where necessary, agencies and units shall issue detailed guidelines for subordinate units on the basis of the contents provided for in this Regulation.
2. Department of financial informatics and statistics shall take charge and cooperate with other agencies, units to annually review and request the Ministry for amendments and supplementation of contents of the Regulations to ensure the conformity with the general actual deployment of the Ministry of Finance.
3. Difficulties that arise during the implementation should be reported to the Ministry of Finance (through the Department of financial informatics and statistics) for consideration and settlement. /.
APPENDIX 01
LIST OF STANDARD SOFTWARE DEVELOPMENT IN INFORMATION TECHNOLOGY IN FINANCE SECTOR
(enclosed herewith Decision No. 316/QD-BTC dated February 13, 2015 of the Minister of Finance)
Integrated technical standards in service-oriented architecture using Web Service
NO | Standards | Notes |
1 | Standard in transfer and document format |
|
| Hypertext Transfer Protocol/ Hypertext Transfer Protocol over Secure Socket Layer: HTTP v1.1/HTTPS | Transfer protocol |
| Document format: XML v1. | Document format language |
| Encrypting data: XML Encryption Syntax and Processing | XML Encryption |
| Digital signature: XML Signature Syntax and Processing | XML digital signature |
| Describing the structure of a document: XML Schema v1. 0 | XML document structure |
2 | Standard in description, access, management and integration of services |
|
| Describing web services: WSDL v1.2 | Web service description language |
| Accessing web services: SOAP v1.2 | Web service access protocol |
| Universal Description Discovery and Integration: UDDI v3 | Description, discovery and integration of services |
3 | Standards in service safety | Units may use the following standards depending on the actual requirements of the units |
| Web services security: WS-Security v1.1 | Security for Web Services |
| Web services policy: WS-Policy v1.5 | Management of web service policy |
| Web services addressing: WS-Addressing v1.0 | Description of routing information of web services |
| Web services reliable messaging: WS-Web Reliable Messaging v1.1 | Quality assurance of messaging |
Recommendation standards applied in software formulation and development in Finance sector
NO | Standards | Notes |
1 | Software Development Tools | |
| Oracle Developer Suite 11g | Integrated development toolkit to deploy applications, including components such as: Oracle Jdeveloper, Oracle Form, Oracle Report, ... |
| Visual Studio 2010 | Development toolkit applied on .NET technology |
| Rational Application Developer 8.0.4 | Support tool for J2EE software development, run on Websphere. |
| WebSphere Studio Application Developer 5.1 | Integrated applied development toolkit of IBM |
| Eclipse Java Development Tools 3.3 | Support tool of Java application development (Open source) |
| NetBeans 8.0 | Programming tools to develop applications using the Java language |
| Microsoft SharePoint 2010 | Software Development, Portal |
| IBM WebSphere Portal 7.0.1 | Software Development, Portal |
| WebCenter Portal 11g | Software Development, Portal |
| Eclipse 4.4 | Development support tool of Java, PHP, C++, ... application (Open source) |
2 | Software Development basis | |
| Java Virtual Machine 5.0 | Basis for Java programming tool |
| Java EE 7 | Technology basis including the specification of tools, API extended for application development |
| NET Framework 4.5 | Technology basis for the programming tools based on Microsoft |
| BizTalk 2010 Standard / Enterprize 64 bit | Integrated solutions connected to separate systems towards SOA |
| Tibco ActiveMatric Lifecycle Governance Framework | SOA administration software basis |
3 | Database management system | |
| Oracle Database 11g R2 | For applications using Oracle database |
| Microsoft SQL Server 2008 R2 | For applications using MS SQL Server database |
| DB2 9.7 | For applications using IBM DB2 database |
| MySQL 5.1 | For applications using MySQL open source database |
| Posgree 9.3.4 | For applications using Posgree open source database |
| MariaDB 5.5.34 | For applications using MariaDB open source database |
| MongoDB 2.4 | For applications using MongoDB open source database |
| Hadoop 2.2 | For applications using Hadoop open source database |
4 | Analysis, design of database | |
| Enterprise Architect 8.0 | Solution analysis of object-oriented design for UML of Sparx |
| Power Designer 15.1 | Database design software, supporting many tools, many administration system |
| Microsoft Visio 2010 | Tool supporting system analysis and design |
| UML v2.0 - Unified Modelling Language Version 2.0 | Modelized language used for design |
| IBM Rational Rose Enterprise | Tool used for analysis, design for many types of programming languages such as Java, .Net, PHP |
| CA Erwin Data Modeler | Support tools for design of database |
5 | Tool for database mining | |
| SQL Navigator 6.2 | Access tools for data mining |
| Microsoft SQL Server Management Studio | Graphical management tool for SQL Server database mining |
| SQL Server Business Intelligence Development Studio | Tools for data mining in smart data warehouses |
| Oracle Business Intelligence EE | Tools for data mining in smart data warehouses |
| Cognos Business Intelligence | Tools for data mining in smart data warehouses |
| TIBCO spotfire DecisionSite | Tools for data analysis and mining of real time |
| TIBCO BusinessWorks Smart Mapper | Support tool for cross-referencing and interpreting data for different data sets |
| PL/SQL (Procedural Language/Structured Querry Language) | Tool for database mining |
| SAP BusinessObjects Enterprise | Tool of database mining of SAP |
6 | Web server | |
| Internet Information Service 7.5 | For Webserver IIS |
| Websphere Application Server 7.0 | For Webserver Websphere |
| Oracle Weblogic Server 11g | For Webserver Weblogic |
| Nginx 1.6 | For Webserver Nginx |
| Google App Engine | Google services providing application development environment on internet based on languages: Java, Python, PHP, Go |
| Apache 2.4 | For Webserver Apache |
7 | Data Exchange | |
| Oracle Database Link | Data exchange standard |
| Webservice | Data exchange standard |
| Oracle Advanced Queuing 11g | For application using Oracle Advanced Queuing |
| Oracle Data Integrator (ODI) 11g | For application using Oracle Data Integrator |
| Oracle Service Bus 11g | For application using Oracle Service Bus |
| Oracle Golden Gate 11g | For application using Golden Gate |
| Oracle Active Data Guard | For application using Active Data Guard |
| TIBCO BusinessConnect | Support for secure data exchange |
| TIBCO Adapters | Connection of packaged applications, database systems and technology |
| JBoss Enterprise Data Services Platform 5.1 | Support for secure data exchange |
| WebSphere Message Broker 7.0 | Support for connection and exchange of different types of data |
| IBM MQueue | Middleware supporting the exchange of information between applications, systems, and file of IBM |
8 | Tools for support of management of software development | |
| TortoiseSVN | Sharing and management of source code |
| Microsoft Developer Network | Development assistance |
| Microsoft Team Foundation Server 2010 | Sharing and management of the life cycle of software, project management, quality inspection, performance, regression testing, ... |
| Oracle Application Testing Suite 9.1 | Software performance testing |
| HP LoadRunner 9 | Software performance testing |
| Microsoft Project Management Enterprise (Standard) | project management, resources under the model of milestone or waterfall |
| V-Tools | Tool for program performance test |
| IBM Rational Software | IBM tools including many administrative functions of lifecycle if application development, performance test, project management, requirements, ... |
| App Governance Suite | Tools for support of management of software development. |
| Jmeter 2.11 | Open source tools for JMeter performance test. |
9 | Web browser for application with using interfaces under web forms. | |
| Mozilla Firefox 30.0 | Mozilla Web Browser |
| Internet Explorer 8.0 | Microsoft Web browser |
| Chrome/Chromium 33.0 | Google Web browser / Open source |
10 | Shortcut key | |
| F1: Help |
|
| F2: Edit the current record |
|
| F3: Copy data on the same column of the above record |
|
| F4: Copy the above record |
|
| F6: Add a new record |
|
| F7: Switch interface to mode of search or display of search screen |
|
| F8: Search the data in search mode |
|
| F9: Display a list of lookup |
|
| F10 or Ctrol + S: Record |
|
| Shift + F6: Delete the current record |
|
| Ctrol + End: Go to the last record |
|
| Ctrol + Home: Go to the first record |
|
| Ctrl + P: Print the report, the current record |
|
| Ctrol + Q: Close the current window |
|
| Down (arrow down): Down a record |
|
| Up (arrow up): Up a record |
|
11 | Interface |
|
| Providing information about the product under the Ministry of Finance |
|
| Providing phone number to contact for software support |
|
| Standards on character set and encryption for Vietnamese: ISO 6909: 2001 |
|
| Toolbar for the functionalities of the application |
|
APPENDIX 02
TECHNICAL STANDARDS, IT EQUIPMENT AND PRODUCTS
(enclosed herewith Decision 316/QĐ-BTC dated January 13, 2015 of the Minister of Finance)
NO | EQUIPMENT, TECHNICAL STANDARDS |
A | SERVER, DESKTOP COMPUTER, LAPTOPS, UNINTERRUPTIBLE POWER SUPPLY , PRINTERS |
1 | Common servers (Not applicable for Blade Server, Unix server) |
1.1 | Servers applied at Central, Provincial levels |
| Processor: 02 x processor (06 Core, 15 MB Cache) |
| Memory: 24 GB, up to: 384 GB |
| Storage: |
- Type and Capacity: SATA or SAS, 2 x 300 GB HDD or 2 x 200 GB SSD | |
- Support 06 Disk bays | |
- Hot swap or Hot plug Disk Drivers | |
| RAID Controller: |
- Support levels: 0, 1, 5 | |
- 512 MB Cache | |
| I/O port: 01 VGA, 04 USB |
| Network interface: 02 Gigabit Ethernet Port |
| Remote Management Port: 01 Port |
| Operating System Support: |
- Microsoft Windows Server | |
- Linux | |
| Power supply: |
- Redundant Power supply | |
- Input: 200-240V | |
- Hot-swap or Hot-plug Power Supply | |
1.2 | Server applied at district level |
| Processor: 01 x processor (06 Core, 15 MB Cache) |
| Memory: 12 GB, up to: 384 GB |
| Storage: |
- Type and Capacity: SATA or SAS, 2 x 300 GB HDD or 2 x 200 GB SSD | |
- Support 06 disk bays | |
- Hot swap or Hot plug Disk Drivers | |
| RAID Controller: |
- Support levels: 0, 1, 5 | |
- 512 MB Cache | |
| I/O port: 01 VGA, 04 USB |
| Network interface: 02 Gigabit Ethernet Port. |
| Remote Management Port: 01 Port |
| Operating System Support: |
- Microsoft Windows Server | |
- Linux | |
| Power supply: |
- Redundant Power Supply | |
- Input: 200-240V | |
- Hot-swap or hot-plug Power Supply | |
2 | Blade Server |
2.1 | Blade chassis |
| Form factor: Rack mount |
| Server bays: Support 4 blade server bays |
| Power supply: |
- Input: 200-240V | |
- Redundant Power supply | |
- Hot-plug or hot-swap Power supply | |
- Support 04 power supply | |
| FAN: |
- Hot-plug or hot-swap Fan | |
- Redundant Fan | |
| Management Module: 01 x Management Module |
| Interconnect bay or equivalents: 04 bays |
| Interconnect switch: Ethernet/Fibre Channel/InfiniBand/SAS interconnects |
| Interconnect switch Support: Ethernet, Fibre Channel, InfiniBand, SAS interconnects |
2.2 | Blade Server |
| Form factor: Blade server compatible with the above Blade chassis |
| Processor: 02 x processor (06 Core, 15 MB Cache) |
| Memory: 24 GB, up to: 384 GB |
| Type and Capacity Storage: SATA or SAS, 2 x 300 GB HDD or 2 x 200 GB SSD. |
| RAID support: 0, 1 |
| Expansion slots: 02 slots |
| Ethernet NIC: 02 Gigabit Ethernet Port |
| System Management: Integrated |
3 | Desktop computers |
| Processor: 01 Processor (02 Core, 2 MB Cache) |
| Memory: 02 GB, up to: 08 GB |
| Storage: 320 GB SATA |
| I/O port: |
- 06 USB | |
- 01 RJ-45 | |
- 01 VGA | |
- 01 audio port | |
- 02 PCI (Support: 01 PCI Express) | |
| Monitor: |
| - Display type: 17 Inch LCD |
| - Resolution: Support up to 1280x1024 or 1366x768 or 1440 x 900 |
| Network interface: 01 Gigabit Ethernet Port |
| Keyboard & optical mouse |
| Operating System Support: Microsoft Windows 8 |
| Power supply Input: 120-240V |
4 | Laptops |
| Processor: 01 Processor (02 Core, 3 MB Cache) |
| Memory: 02 GB, up to: 08 GB |
| Storage: SATA, 320GB HDD or 128GB SSD |
| Network interface: |
- Integrated Ethernet: 10/100/1000 Mbps | |
- Integrated Wireless LAN (b/g/n) | |
| I/O port: |
- 03 USB | |
- 01 RJ-45 | |
- 01 audio port | |
- 01 AC power | |
- 01 VGA | |
| Display: 12-15.6 Inch |
| Battery type: 3-cell |
| Operating System Support: Microsoft Windows 8 |
| Power supply Input: 110-240V |
5 | Printers |
5.1 | A3 Laser printers |
| Paper size: A3, A4 |
| Processor: 01 Processor |
| Print quality: 600 x 600 dpi |
| Print Speed: Up to 15 ppm for A3 |
| Memory: 64 MB |
| Network interface: Ethernet 10/100 Mbps |
| Input tray: 1 tray x 250 sheets (A3/A4) |
| USB cable |
| Driver and software management with license |
| Operating System Support: Microsoft Windows 7 |
| Power supply Input: 220-240V |
5.2 | A4 Laser printers |
| Paper size: A4 |
| Print quality: 600 x 600 dpi |
| Print Speed: Up to 25 ppm for A4 |
| Memory: 32 MB RAM |
| Network interface: Ethernet 10/100 Mbps |
| Input tray: 1 tray x 250 sheets (A4) |
| Auto duplex |
| USB cable |
| Driver and software management with license |
| Operating System Support: Microsoft Windows 7 |
| Power supply Input: 220-240V |
6 | Uninterruptible power supply |
6.1 | Uninterruptible power supply for servers |
| Type: Online technology/Line-interactive |
| Power Capacity: 2000VA/1400W |
| Input: |
- Voltage range: 160V-276V | |
- Frequency range: 50Hz | |
| Output: |
- Voltage: 220V +/-5% | |
- Frequency range: 50Hz +/-6% | |
| UPS monitoring and system shutdown software included |
| Backup time (fulload): 5 minutes |
6.2 | Uninterruptible Power Supply for desktop computers |
| Power Capacity: 1000VA/600W or 1000VA/700W |
| Input: |
- Voltage range: 176V-264V | |
- Frequency range: 50Hz | |
| Output: |
- Voltage: 220V +/-10% | |
- Frequency range: 50Hz +/-1% | |
| Backup time (Halfload): 6 minutes |
B | Network devices |
1 | Switch |
1.1 | Switch Access |
| Form factor: Rack |
| Interface: 24 Gigabit Ethernet ports |
| Features: |
- Switching capacity: 48 Gbps | |
- Forwarding: 35 Mpps | |
- MAC table size or equivalents: 8000 | |
| Management or console port |
| Power Supply Input: 220-240V |
1.2 | Switch Core |
| Form factor: Rack |
| Interface: 24 Gigabit Ethernet ports. |
| Performance: |
- Switching Capacity: 88 Gbps | |
- Forwarding rate/ throughput: 65 Mpps | |
- 512 MB DRAM | |
- 128 MB flash memory | |
| Protocol: |
- IPv4, IPv6 | |
- IEEE 802.1Q VLAN | |
- IEEE 802.1d Spanning Tree Protocol | |
- IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) | |
- IEEE 802.1s Multiple Spanning Trees. | |
- IEEE 802.1x Port-Based Network Access Control | |
- IEEE 802.3ad Link Aggregation Control Protocol (LACP) | |
| Layer 3 routing protocols: |
- Static, RIPv1, RIPv2 | |
- Upgradable to advanced IP routing protocols: OSPF | |
- Upgradable to support IPv6 routing | |
| Management: |
- Command line interface (CLI), Web/gui interface. | |
- SNMP | |
- Trivial File Transfer Protocol (TFTP) or FTP | |
- Network Timing Protocol (NTP) | |
- Management or console port | |
| Power supply: - Redundant Power Supply - Input: 220-240V |
2 | Wireless network devices |
2.1 | Accesspoint for central, provincial, district levels |
| Support Standard: Wireless 802.11 a/b/g |
| Authentication protocol: |
- Pre-shared keys | |
- 802.1x, EAP- PEAP, EAP-FAST, EAP-TLS, EAP-TTSL, EAP-MSCHAPv2 | |
| Security Standard: 802.11i, WEP, WPA, WPA2, AES, TKIP |
| Interface: |
- 100/1000 Base-T (RJ45) | |
- Auto Sensing or equivalents | |
- Management or console port (can be integrated in ethernet port) | |
- Wifi-Certified | |
| Power Supply Input: 220-240V |
2.2 | Accesspoint centralized management system for central, Provincial levels |
| Requirements for management of system: |
- Centralized management tool has graphical user interface | |
- The location of Accesspoint is allowed to be shown on the map. | |
| Requirements for security: |
- Be integrated the IDS or IPS features | |
- Allow logs | |
| Management of signal frequency: |
- The signal frequency of AccessPoint system can be managed. | |
- Capacity and signal channels of the AccessPoint can be adjusted. | |
| Reporting functions |
3 | Router |
3.1 | Router for central and provincial levels |
| Form factor: Rack mount |
| Performance (Throutput/Firewall + routing/switching): 200Kpps (1 Packet = 64 byte) |
| Memory: 256 MB Ram or 256 MB Flash |
| Interface: |
- 04 Network Module slots | |
- 02 port 10/100/1000 Mbps | |
| Routing protocols: |
- Static, RIP v1/v2, IGMP v1/v2/v3, OSPF, BGP | |
- Generic Routing Encapsulation (GRE) | |
| Internet Protocol: IPv4, IPv6 |
| Management: |
- Command line interface (CLI), Web/gui interface. | |
- SNMP v2/v3 | |
- Management or console port | |
| Power Supply Input: 220-240V |
3.2 | Router for district level |
| Performance (Throutput/Firewall + routing/switching): 95 Kpps (1 Packet = 64 byte) |
Memory: 256 MB RAM or 256 MB Flash | |
| Interface: 02 port 10/100 Mbps |
| Routing Protocol: |
- Static, RIPv1/2, OSPF, BGP | |
- Generic Routing Encapsulation (GRE) tunneling | |
| Internet Protocol: Support IPv4 |
| Security support: IPSec VPN: site-to-site and remote access VPN |
| Management: |
- Command line interface (CLI), Web/gui interface. | |
- SNMP | |
- Management or console port | |
| Power Supply Input: 220-240V |
C | SECURITY EQUIPMENT AND PRODUCTS |
1 | Firewall |
1.1 | Firewall for network: |
1.1.1 | Firewall for central level |
| Form factor: Rack |
| Interface: |
- 04 Ethernet port 100/1000 Mbps | |
- Upgradeable to 08 port 100/1000 Mbps | |
- 01 Console port or management port | |
| Performance |
- Firewall throughput: 08 Gbps | |
| Features: |
- Deny of Services protection | |
- Network address translation | |
- Support the detection methods: Signature base or equivalents, protocol anomaly or equivalents | |
| Internet Protocol: |
- IPv4, RIP, OSPF, BGP, Static route | |
- Support IPv6 | |
| Management: |
- Command line interface (CLI) | |
- SNMP | |
- Web: htttp/https | |
| High Availability: Active/Active or Active/Passive |
| Power supply: - Redundant Power Supply - Input: 220-240V |
1.1.2 | Firewall for provincial level |
| Form factor: Rack |
| Interface: |
| - 04 Ethernet port 100/1000 Mbps |
- Upgradeable to 06 port 100/1000 Mbps | |
- 01 console port or management port | |
| Performance: |
- Firewall throughput: 950 Mbps | |
| Features: |
- Deny of Services protection | |
- Network address translation | |
- Support the detection methods: Signature base or equivalents, protocol anomaly or equivalents | |
| Internet Protocol: |
- IPv4, RIP, OSPF, BGP, Static route | |
- Support IPv6 | |
| Management: Command line interface (CLI); Web/gui interface |
| High Availability: Active/Active or Active/Passive |
| Power Supply Input: 220-240V |
1.1.3 | Firewall for district level |
| Form factor: Rack |
| Interface: |
- 04 Ethernet port 10/100 Mbps | |
- 01 Console port or Management port | |
| Performance: |
- Firewall throughput: 700 Mbps | |
| Features: |
- Deny of Services protection | |
- Network address translation | |
- Support the detection methods: Signature base or equivalents, protocol anomaly or equivalents | |
| Internet Protocol: |
- IPv4, RIP, OSPF, BGP, Static route | |
- Support IPv6 | |
| Management: Command line interface (CLI); Web/gui interface |
| High Availability: Active/Active or Active/Passive |
| Power Supply Input: 220-240V |
1.2 | Firewall applied to central, provincial level |
| Form factor: Rack |
| Interface: |
- 04 Ethernet port 100/1000 Mbps | |
- 01 Console port or Management port | |
| Performance: |
- HTTP request/sec: 32.800 | |
- SSL transactions/sec: 5.000 | |
| Protection: |
| DoS/DDoS protection |
SQL Injection protection | |
Cross-Site Scripting protection | |
| Internet Protocol: IPv4; Support IPv6 |
| Management: |
- Web: http/https | |
- Command line interface (CLI) | |
- SNMP | |
| Power supply: - Redundant Power supply - Input: 220-240V |
2 | Intrusion detection system and intrusion prevention system (IDS/IPS) |
2.1 | IDS/IPS for provincial and central levels: |
| Form factor: Rackmount |
| Performance: |
- IPS/IDS throughput or Inspection throughput or equivalents: 1,5Gbps | |
- Latency: <= 150 ms | |
| Management: |
Command-line interface; Web browser | |
| Interface: |
4 port x 1000Mbps | |
| Feature: |
In-line, real-time protection | |
| Power supply: - Redundant Power Supply. - Input: 220-240V |
2.2 | IDS/IPS for district level: |
| Form factor: Rackmount |
| Performance: |
- IPS/IDS throughput or Inspection throughput or equivalents: 700 Mbps | |
- Latency: <= 1 ms | |
| Management: |
Command-line interface; Web browser | |
| Interface: |
4 port x 1000Mbps | |
| Feature: |
In-line, real-time protection | |
| Power supply Input: 220-240V |
2.3 | Centralized administration equipment for IDS / IPS (for units with many IDS / IPS) |
| Features: |
- Administration via Web browser interface | |
- Administration, policy configuration, updates for remote IPS | |
| Report:
|
- Make reports by under criteria: All attacks, attack Top | |
- Automatic Reports under schedule: Day, week, month | |
- Report format: PDF, HTML, CSV | |
3 | Antivirus software |
3.1 | Antivirus software for servers, desktop computers, laptops |
| - Scan virus in: files, folders, compression file, external storage devices |
| - Scan mode: |
Manual scan | |
Schedule scan | |
| - Protect/prevent/anti: Virus, TrojanSpyware |
| - Automatical update of virus samples |
| - Installation on Windows 7, Windows 8 |
3.2 | Centralized management components for anti-virus software |
| Management features: |
- Automatical update of virus samples | |
- Automatical update of virus samples for client | |
- Management of information in whole system: | |
Hostname, IP | |
Antivirus software version | |
Connection status of antivirus software with centralized management component | |
Number, type of virus detected, processing results on each computer | |
- United scan schedule for a group or all of the computers in the system | |
- Remote commands for a group or all of the computers in the system in virus scanning | |
| Support the operating system in installation: |
For centralized management component being software, requirement for installation on Windows Server or Linux | |
4 | Tools for vulnerability scanning |
| Vulnerability scanning features: |
- Application scan made by many different web programming languages : ASP, PHP, Java | |
- Web service scan | |
- AJAX application scan | |
- Detection of serious vulnerabilities: Cross-Site Scripting (XSS); Cross Site Request Forgery (XSRF); SQL injections; Malware / Backdoors / Trojan Script; Weak Password | |
| Management features: |
- Allow to customize to scan various parameters and set automated or manual scan schedule | |
- Management of scan history: allow users to retain the scan results and compare between two scans | |
- Classify security vulnerabilities according to risk level, at least at three levels: low, medium, critical / high | |
- Update the new vulnerabilities and risk models | |
| Report: |
- Reports under standards: OWASP / SANS / WASC / ISO 17799/27001 / PCI (Payment Card Industry) | |
- Result showing: description of suspicious contents and remedy instruction | |
- Rendering reported under MS Word or PDF | |
| Support the operating system in installation: |
Installation on Windows server 2008/2012, Windows 7, Windows 8 | |
D | DATA STORAGE DEVICE |
1 | Data storage devices for central level |
| Form factor: Rack mount |
| Host Interface: Fibre channel or FCoE |
| Driver Storage Capacity: 8TB raw |
| Drive Type: Sata/SAS/Fibre channel/SSD |
| Raid support: 4 or 5 |
| Software: Storage management: LUN Creation, LUN Provisioning, Storage Monitor Management |
| Management: |
- Web/gui interface | |
| Operating System Support: |
- Microsoft Windows Server | |
- Linux | |
- VMware | |
| Power supply: |
- Redundant Power supply | |
- Hot-swap or hot-plug Power supply | |
- Input: 220-240V | |
2 | Data storage devices for provincial level |
| Form factor: Rack mount |
| Host Interface: Fibre channel or FCoE |
| Disk Storage Capacity: 05TB raw |
| Drive Type: |
| - Sata/SAS/Fibre channel |
Raid support: 4 or 5 | |
| Software: Storage management: LUN Creation, LUN Provisioning, Storage Monitor Management |
| Management: |
- Web/gui interface | |
| Operating System Support: |
- Microsoft Windows Server | |
- Linux | |
- VMware | |
| Power supply: |
- Redundant Power supply | |
- Hot-swap or hot-plug Power supply | |
- Input: 220-240V | |
3 | SAN Switch device |
| Form factor: Rack mount |
| Interfaces: |
- 16 port 8 Gbps (Fibre Channel or FCoE) | |
- Auto Sensing or equivalents | |
| Performance, Capacity or equivalents: 128 Gbps |
| Management: |
- Web/GUI interface | |
- Management port: RJ45 | |
| Power Supply Input: 220-240V |
Notes:
- Universities, colleges shall apply technical standards at provincial level.
- The Accesspoint centralized administration system (for central, provincial level) in Section B.2.2: in case the Accesspoint centralized administration system has features of user authentication management (authentication protocol: Pre-shared keys ; 802.1x, EAP- PEAP, EAP-FAST, EAP-TLS, EAP-TTSL, EAP-MSCHAPv2), the Accessoint devices defined in Section B.2.1 shall not require such authentication protocol.
------------------------------------------------------------------------------------------------------
This translation is made by LawSoft and for reference purposes only. Its copyright is owned by LawSoft and protected under Clause 2, Article 14 of the Law on Intellectual Property.Your comments are always welcomed