General
Article 1 The State Grid Corporation information network is an important tool for the State Grid Corporation's production, operation, and management, and is an important guarantee for the safe, stable, economic, and high-quality operation of the power grid. Information network security is an important part of the State Grid Corporation power production safety management system. In order to standardize the operation and management of the information network of the State Grid Corporation, improve the operation and management level of the information network, guarantee the safe, reliable and stable operation of the information network of the State Grid Corporation, and promote the informatization work of the State Grid Corporation, the Regulations are hereby formulated.
Second, this information network refers to the network system and network application system of each unit of the State Grid Corporation system, including the network system, network service system, application system, security system, network storage system, auxiliary system and so on.
Article 3 These regulations apply to the operation and management of the computer information network of the units of the State Grid Corporation system. State Grid Corporation system of power grid operators and information service enterprises of the information network operation and management should be strictly enforced, and based on the preparation of the corresponding operating procedures and operation and management of the implementation of the rules.
Article 4 The regulations and rules issued by each unit on the operation and management of information network shall not contradict the relevant national laws and these regulations.
Article V Citation Standards and Reference Documents:
(1) Regulations of the People's Republic of China on the Protection of Computer Information System Security
(2) Interim Provisions on the Administration of the International Networking of Computer Information Networks of the People's Republic of China
(3) Measures for the Implementation of the Interim Provisions on the Administration of the International Networking of Computer Information Networks of the People's Republic of China
(4) Measures for the Implementation of the Interim Provisions on the Administration of the International Networking of Computer Information Networks of the People's Republic of China
(d) Computer Information Network International Networking Security Protection Management Measures
(e) Computer Information Network International Networking Entrance and Exit Channel Management Measures
(f) China's public computer Internet International Networking Management Measures
(vii) China's public multimedia communications management measures
(h) Interim Regulations on the Networking of Specialized Networks with Public Networks
(h) Interim Regulations on the Networking of Private Networks with Public Networks
(i) The Interim Regulations on the Networking of Private Networks and Public Networks
(xiv) Regulations on the Operation and Management of the Information Network of the State Power Grid Corporation (for Trial Implementation)
Division of Responsibilities
Article 6 Information Network of each unit is the information network within the scope of this unit's management, including: local area network (LAN), wide area network (WAN) interconnected with the subordinate units, and the network application system.
Article 7 The Science and Technology Information Department of the State Grid Corporation is responsible for inspecting, supervising and evaluating the operation and management of the information network of each unit of the State Grid Corporation system. The informationization focal management department of each region, provincial power grid company and local (municipal) power supply company is responsible for implementing the requirements of the higher-level informationization focal management department, and carrying out inspection, supervision and assessment of the operation and management of the information network of the unit and its subordinate units.
Article 8 Each unit shall specify the operation and management department or organization responsible for the daily operation and maintenance of the information network within the scope of management of the unit.
Basic Measures
Section I: Operation Duty
Article 9 The information network of each unit shall be operated 24 hours a day. Each unit shall arrange 5×8 hours on-site duty for personnel with corresponding professional and technical level during the working hours of legal working days. The rest of the time should be arranged for off-site duty, and to ensure that the duty personnel can arrive at the scene in a timely manner when problems arise in the system. Important period should be implemented 7 × 24 hours on-site duty to ensure the normal operation of key application systems.
Article 10 The duty officer shall regularly inspect the information network during his daily duty, and monitor the operation of the information network in real time through effective technical means and measures, record and analyze the system operation data. Once the failure is found, it should be reported and dealt with in time.
Article XI duty officer shall make a good duty log. Duty officer shall conscientiously implement the shift handover system, reporting system for major matters.
Article XII of the units shall set up a special duty telephone, notify the user, and report to the higher network operation and management department for the record. Duty phone should ensure that 7 × 24 hours someone to answer.
Section II Post Responsibility
Article XIII Each unit shall specify the information network operation and management department and have a clear division of departmental duties.
Article XIV The information network operation and management department of each unit shall set up network security, network management, system management, database management, operation duty and other positions equivalent to the size of its network, and shall clarify the division of duties of each position according to the situation of the unit. The relevant technical positions must be undertaken by specialized personnel with the appropriate technical level, and each unit should regularly conduct professional and technical training and assessment.
Article XV of the information network of each unit of network management, system management, network security and other key positions should be implemented in the main, deputy post standby system. When the main post is absent, the deputy post should be able to perform the relevant work in its place.
Section III Management of Work Tickets
Article 16 Work tickets must be filled out for information network operation behaviors involving the following:
(1) Troubleshooting (including system restoration)
(2) Elimination of Defects
(3) System Upgrades and Configuration Changes
(4) System Putting Into Operation and Out of Operation
( (v) Other operations that may have an impact on the operation of the system
The style of the work ticket is shown in Exhibit I.
Article 17 The work ticket shall be applied by the person in charge and issued by the person who complies with the regulations on work ticket issuance. The issuer of the work ticket shall not also be the person in charge of the work (supervisor).
Article 18 The duty of the issuer of the work ticket is to carefully examine all the contents of the work ticket, including the necessity of the work, the safety of the work, the appropriateness of the operation steps filled in the work ticket, the appropriateness of the person in charge of the work (the supervisor) and the operator, and the adequacy of the safety protection and contingency measures, etc. The issuer of the work ticket shall be responsible for the work of the work ticket.
Article 19 The duties of the person in charge of the work (supervisor) are to organize the work correctly and safely, to organize the operator to complete the preparation of safety measures and technical measures before the work, and to strictly execute the work ticket.
Article 20 The duty of the operator is to conscientiously carry out the work specified in the work ticket under the supervision of the person in charge of the work (supervisor).
Article 21 The numbering of the work ticket shall be formulated as a unified specification. The content of the work ticket shall include: number, work content, location, time, person in charge, staff, collaborating units, safety measures, work plans and programs, signatures of approvers, work records, site restoration, operation may have an impact on the system and emergency preparedness. No one shall exceed the authority to fill in the ticket, exceed the authority to sign.
Article 22 All operations must have implementation programs, steps, safety measures, emergency plans, etc.. The operation of the system at least two people on the scene, there is supervision.
Article 23 The work ticket should be filed for long-term preservation for inspection and regular statistics.
Article 24 For the situation that requires urgent treatment, it can be handled first after consulting the relevant leaders, but the work ticket must be reissued afterwards.
Section IV Business Acceptance
Article 25 Each unit shall formulate relevant business acceptance system according to its own business situation, and carry out standardization and process management for information network business, such as wide area network access, metropolitan area network access, local area network access, application system access, and network service.
Article 26 Categorized according to the importance of the business, the frequency of occurrence, etc., and stipulated the acceptance process of different businesses and the commitment to complete the time.
Article 27 The business acceptance process should be clearly stipulated to include application, approval, confirmation, implementation, feedback, archiving, etc., and should clearly define the responsibilities of the positions involved in the process.
Section V Management of Machine Rooms
Article 28 Each unit shall formulate a management system for information network machine rooms, and the safety of the machine rooms shall be the responsibility of the personnel on duty for the operation of the machine rooms, and shall make it clear that the person in charge of the operation and management department shall be the first person responsible for the safety of the machine rooms.
Article 29 Set different security levels for different computer room areas, and for the staff of different positions to give their corresponding access to the computer room.
Article 30 In addition to the operation duty personnel and maintenance personnel, other personnel are not allowed to enter the server room without permission. Foreign visitors to enter the computer room need to obtain prior consent from the relevant departments, led by designated personnel to enter the computer room. Detailed registration of personnel entering and leaving the server room, the relevant registration records should be kept for more than one year.
Article 31 The equipment in the machine room can only be maintained and operated by the engineer in charge, and other personnel are not allowed to operate without authorization.
Article 32 The construction and overhaul of any lines and equipment in the machine room by outsiders must be agreed by the operation management department in advance and carried out under the supervision of the operation management personnel.
Article 33 The machine room should be maintained at a suitable temperature and humidity, and keep the environment clean.
Section VI User Service
Article 34 User Service refers to the maintenance and application service work of terminal equipment for personal office use of employees.
Article 35 The network operation and management department shall set up a user service hotline, and if possible, it can also use online repair, e-mail repair and other means, and make a good maintenance log of statistics.
Article 36 of the statutory workdays should be set up to be responsible for 5 × 8 hours on duty, responsible for user service hotline to answer the phone, online or e-mail repair records view, registration, task distribution, user feedback, archiving statistics and other work.
Article 37 When answering the phone, the duty officer should use civilized language, understand the user failure in detail, make records carefully, and reply in time. Online repair, e-mail repair should be viewed and processed in a timely manner.
Article 38 The on-site service personnel should correct the service consciousness, improve the quality of service, and have good professional ethics. Any operation of the user's computer must obtain the user's consent in advance. Do a good job of confidentiality of information inside the user's computer, do not do things unrelated to work.
Article 39 Reasonable arrangements for spare parts and spare equipment inventory to ensure that failures can be eliminated in a timely manner, without affecting the normal work of users.
Article 40 Troubleshooting includes telephone support and on-site service. The troubleshooting process is shown in the following diagram:
Article 41 In general, it is required to arrive at the site within one hour after receiving the fault report.
Article 42 Regular user satisfaction surveys are conducted to promote the improvement of service quality. Generally required once a year.
Section VII Equipment Management
Article 43 The information network management departments at all levels shall strengthen equipment management, categorize and code the equipment, establish equipment accounts and equipment cards, track the health status of the equipment according to the equipment cards, and establish a standardized equipment history and archive information.
Article 44 For routers, switches, servers, instruments, meters, safety devices, etc. should be managed by special personnel, responsibility to ensure safe and economic operation.
Article 45 equipment categorization
According to the type of equipment, use, media (especially software) and other factors, categorized into the following categories:
(a) network (routers, switches, dial-up servers, fiber-optic transceivers, firewalls, intrusion detection, etc.)
(b) servers (including minicomputers, workstations, PC servers)
p> (iii) personal computers (including portable computers)
(iv) external equipment (printers, scanners, plotters, etc.)
(v) auxiliary equipment (network and server cabinets, air conditioners, UPS, etc.)
(vi) tools (including network tools, general tools, etc.)
(vii) software
(viii) other
Among them, software is subdivided into:
1, system software
2, application software
3, database software
4, tool software
Article 46 Equipment Coding
Equipment coding in accordance with the relevant standards of the coding system.
Article 47 Equipment Acceptance Management
(a) After the arrival of the equipment, the relevant departments should organize the relevant personnel to accept the equipment. Acceptance includes equipment opening acceptance, power test acceptance and equipment integration and operation acceptance.
(ii) equipment arrival acceptance of unpacking including unpacking inventory, check the number of equipment and accessories (accessories), random data, equipment quality identification, acceptance based on the signed contract. Equipment acceptance of unpacking should be submitted to the written acceptance report, and signed by the acceptance of personnel. Acceptance report including equipment arrival list, random data list and equipment quality identification of the contents of the description.
(C) equipment power test acceptance including power test, parameter testing, software testing and other content. Equipment power-up test acceptance, should be in accordance with the requirements of the technical agreement, carefully carry out a variety of parameters of the test, and the installation of the corresponding software test, check whether the performance indicators of the equipment to meet the technical requirements. Equipment power-up test acceptance should be submitted to the written acceptance report, and signed by the acceptance of personnel. Acceptance report includes a list of parameter records, performance indicators, problem list and other content.
(D) equipment integration and operation acceptance should be in accordance with the relevant requirements of the technical agreement for acceptance, to ensure that the equipment is integrated into the system has been running, can achieve qualified technical performance indicators, and the original system does not have a negative impact. Equipment integration and operation acceptance should be submitted to the written acceptance report and technical report, and the organization of expert groups for acceptance, acceptance through the completion report should be submitted.
Article 48 Management of Equipment Ledger
(a) After the acceptance of the equipment on-site installation, the equipment ledger, equipment cards and equipment labels must be established within 30 days, so that the account, card and object are consistent with each other, and the contents of the ledger, cards and labels are consistent with each other. Equipment ledger, equipment card and equipment labeling style as shown in Schedule II, Schedule III and Schedule IV.
(b) Each unit should be reported to the relevant departments on an annual basis to the management of the equipment ledger statistical reports.
Article 49 Equipment Operation Management
(1) The operation and management of all equipment shall be responsible for regular inspection, patrol and maintenance, and make a good duty log and handover records. The equipment should be used reasonably in accordance with the technical requirements for the use of equipment to meet the design requirements.
(ii) fulfill the daily, weekly, monthly, quarterly and annual inspection system, and find problems should be recorded, and according to the severity of the problems occurring in accordance with the relevant provisions of the process.
(C) should establish a perfect operation log, carefully record equipment abnormalities, equipment defects, test data, fault analysis, troubleshooting process and other operating conditions, and do a good job of operation statistics.
Article 50 Overhaul and Maintenance of Equipment
(a) Each unit shall establish and improve the overhaul and maintenance procedures and job responsibility system of equipment.
(b) The equipment formally put into operation shall not be arbitrarily shut down or overhaul. When shutting down or overhauling equipment, a work ticket is required. The impact of large-scale information network disruption must be jointly approved by the relevant departments before shutting down the implementation. Equipment overhaul time more than 8 hours must be included in the monthly overhaul work plan, approved by the competent department before implementation. Replacement of equipment must be included in the maintenance plan, and a week in advance to write a written application for approval by the competent leadership.
(C) and the higher information network interconnection of equipment maintenance, must be approved by the higher information network operation and management department before implementation.
(d) In order to ensure the normal maintenance of the network system, troubleshooting in a timely manner, the information network operation and management department must be equipped with the necessary instruments, meters, tools and spare parts depending on the circumstances.
(e) seriously do a good job in all the overhaul of the preparatory work before the preparation of the equipment overhaul program, make a good record, as fast as possible and accurately complete the overhaul task.
(F) seriously fulfill the maintenance acceptance procedures. Strictly implement the "who overhaul who is responsible for" principle, improve the quality of overhaul to ensure safe operation.
Article 51 of the renovation and renewal of equipment
(a) the renovation and renewal of equipment should be a medium- and long-term plan and annual plan, and seriously organize and implement.
(b) the transformation and renewal of important equipment, must be carried out in advance for technical and economic demonstration, and in accordance with the relevant provisions of the report for approval.
(c) After the acceptance of equipment transformation, equipment change records should be handled.
Section VIII Information Management
Article 52 Information refers to the standards, systems, planning and summaries (including plans), logs, project management documents, equipment ledgers (cards), technical documents, etc., which are closely related to the system construction and system operation, and record the system operation parameters, technical indexes, equipment configurations, program design, Project construction contract and other information documents.
Article 53 The requirements for data management include:
(1) Collecting, organizing, registering, bookmaking, storing, identifying and utilizing the data. Equipment technical data should be complete, correct, uniform and clear. For large equipment, the original random information should be submitted to the archives department for archiving. For important and core equipment, the information should be copied and a variety of ways, different places to save.
(b) equipment and technical information should be managed by a person responsible for data security, to prevent leakage of confidential information.
(C) data management personnel should have the basic quality of file managers, and master a certain degree of professional and technical knowledge and a strong level of computer applications, the management of documents can be clearly categorized, filed accurately.
(d) document storage space to try to ensure that the tight, solid, and in line with the requirements of the seven prevention (fire, dust, rodents, insects, moisture, light, theft), the temperature of the warehouse should be controlled between 14-24 degrees Celsius, the relative humidity should be controlled between 45-65%.
(E) in the construction of the project, by the person in charge of the project or designate a person responsible for collecting and organizing the entire engineering process generated documents, classification, labeling the necessary instructions, in the project acceptance of the whole project within one week after the document information submitted to the document management personnel filing.
Article 54 The archived materials should be in accordance with the natural order of their formation, to maintain the organic links between them, categorized volumes, so that the documents can correctly reflect the construction process of the different systems, and to facilitate the borrowing query.
Article 55 According to the importance of the information and the degree of confidentiality, the important information will be copied and reproduced electronically.
Section IX Account Management
Article 56 The information network accounts include user accounts, application system accounts and super administrator accounts. The opening of user accounts must be for each user, and the opening of accounts for roles or positions is prohibited. The opening of application system accounts shall be based on each application service, avoiding multiple services sharing a common account and avoiding the use of super administrator accounts to run the application system. Application system accounts should be used for internal management of the application system, and super administrator accounts should be used only when necessary.
Article 57 The management of accounts and passwords shall include the specification, protection, use and change of authority of user name and password settings.
Article 58 The establishment of accounts in any system must be approved accordingly in accordance with the process regulations.
Article 59 The password must have sufficient length and complexity and be updated in time. For important passwords, a regular revision system should be established.
Article 60 The password of the super administrator of the system must be kept and modified by special personnel, and the scope of use is strictly limited.
Article 61 Users who have lost or forgotten their passwords must re-apply to the operation management department through the prescribed process.
Article 62 When a user transfers out of a unit, he/she must go to the operation and management department to go through the account cancellation procedures. The administrator must immediately disable their accounts, cancel their accounts and cancel their privileges within the specified time.
Article 63 should be all managers of password management education and password security checks, mainly including Internet passwords and passwords with information dissemination function of the application system.
Network System
Section 1: Access Management of Network User Equipment
Article 64: Network user equipment refers to user terminal equipment such as network workstations, network printers and so on that need to be accessed on the local network.
Article 65 The access of network user equipment shall be made by the person responsible for the equipment to fill in the "Application Form for Access to Network User Equipment" (see Attachment V), and then apply to the information network operation and management department after the approval of the head of the department, and the corresponding system manager shall be in charge of the specific equipment to be accessed to the network after the consent of the information network operation and management department is obtained. The information network operation and management department shall establish the equipment file of network user equipment.
Article 66 The setting or modification of the relevant network parameters of the network user's equipment shall be completed by the corresponding system management personnel or approved by the corresponding system management personnel before operation. Network users shall not change the network configuration parameters privately and shall use the network resources correctly according to the network operation authority, and all kinds of illegal operations are strictly prohibited.
Article 67 The network user equipment is used by a person and is responsible for the daily maintenance and repair to ensure its normal operation, and if any problem occurs, it should notify the duty officer of the information network operation in time.
Article 68 The network user equipment should use genuine software, information network operation and management departments at all levels need to customize their systems.
Article 69 The network user equipment shall be used for daily work, and it is strictly prohibited to use the network user equipment for any purpose other than work. It is strictly prohibited to download illegal programs from the Internet, the private use of proxies, port scanning programs.
Article 70 The disassembly and movement of network subscriber equipment and its components shall be carried out in strict accordance with the requirements for loading and unloading of equipment.
Article 71 Without the approval of the information network operation and management department, no unit or individual shall privately connect to the external network through other communication links such as telephone lines, affecting the security of the entire network.
Article 72 The network user equipment shall stop running unnecessary protocols, services and interfaces, and shall not open irrelevant network services at will.
Article 73 For those who violate the above requirements, the information network operation and management department has the right to disconnect their network connection and take corresponding processes to deal with them.
Section II Network System Backup
Article 74 The configuration of network equipment (routers, switches, etc.) needs to be backed up regularly in both electronic and paper media.
Article 75 Before and after the operation of network configuration changes, system software upgrades and other operations, the backup of equipment configuration should be done.
Article 76 The version management and backup of the system software.
Article 77 Do a good job of timely updating the network topology diagram at this level.
Article 78 Determine the necessary network system recovery installation program.
Section III Network Isolation
For network interconnection, different security areas should be divided according to different security levels. The necessary isolation must be carried out between different security areas. The operational requirements for the isolation point are as follows:
Article 79 Real-time 7×24-hour monitoring must be adopted for the network connection of the isolation point.
Article 80 When there is an abnormal connection in the network, but the system still operates normally, the operation duty personnel must immediately adopt technical means to effectively isolate it, restrict the access and egress of illegal access, and trace its source and notify the information network operation and management department of the unit in which it is located to deal with it.
Article 81 When a large number of abnormal accesses occur at the isolation point, and the system cannot operate normally, the operation management personnel shall cut off the interconnection link between the isolation equipment and the local network, fill in the failure application form and notify the network security management personnel to deal with it. Network security management personnel in accordance with the troubleshooting process until the system can be put into normal operation.
Article 82 The network security management personnel shall regularly access logs of network isolation equipment, event logs and other system audits and statistics, the system's security policy to make the necessary adjustments and the formation of the corresponding reports.
Section IV Management of IP Addresses
Article 83 The IP addresses of all internal nodes on the information network of the State Power Grid must be encoded in accordance with the principles of the IP Address Encoding Norms for the Information Network of the National Electric Power System in order to ensure network interconnection. Networks and nodes that do not comply with the IP address coding specification are not allowed to access the information network and are denied mutual access within the State Power Grid Information Network. If the IP address coding has not been carried out in accordance with the principles of "IP Address Coding Specification for the National Power System Information Network" due to historical reasons, it shall be gradually modified to the uniformly assigned IP address when the network is upgraded and adjusted for optimization.
Article 84 The information network at all levels must regularly report the allocation plan and actual use of IP addresses of the information network at this level to the higher authorities.
Network Service System
Section 1 WWW Service
Article 85 System Security:
(1) The system software and application software of the Web server shall be updated with patches in time.
(ii) Establish a backup system and keep it synchronized with the main system so that it can be put into use in time after the main system fails or is illegally tampered with.
(iii) The system must have a certain level of security strength to prevent unauthorized users from accessing the system and to protect the content of the site from infringement. The identity of users and workstations should be authenticated before uploading data.
(d) The system should have a home page access control function that can prohibit certain users from accessing it by setting the domain name or IP address.
(e) Monitoring function to monitor the performance of the system and the use of the site, and according to the monitoring situation on the server performance adjustment and troubleshooting.
(F) has a log multiple recording capabilities, including the number of site visits, errors, services provided, tracking and listening and real-time performance metrics.
Article 86 Information Maintenance:
(a) The website information should be regularly maintained and updated in a timely manner, especially news and other information should be updated at any time to ensure the timeliness of the news information, the accuracy of important information, so that the online information is rich, true, timely and effective. The update cycle varies according to the content, and large columns should be updated to show the last revision date on the web page.
(ii) Regularly verify whether the links are valid, whether the CGI script is valid, whether the HTML is valid, to ensure the normal function of the system.
(iii) Develop new content and add new sections as needed.
Article 87 Review of Internet Information
(1) In order to ensure the truthfulness, completeness, reliability, accuracy, security and confidentiality of the information on the Internet, it is necessary to set up a strict and perfect information grading and review system to review the information on the Internet. For different types and levels of information should be reviewed by the relevant departments as appropriate. Significant information should be reviewed by the relevant leaders. Specific review process according to the unit's situation to determine their own.
(b) The information dissemination department should establish a comprehensive information dissemination registration system, and establish an effective workflow of information collection, review, storage, transmission, backup, monitoring, processing, and reporting.
(C) the release of information on the website, we must strictly implement the "Chinese People's *** and the State Secrets Law", "Chinese People's *** and the State Regulations on the Safeguard and Protection of Computer Information Systems", the Ministry of Public Security, "Computer Information Network International Networking Security Protection Management Measures", the State Secrecy Bureau of the "Interim Provisions for the Confidentiality Management of Computer Information Systems," and other laws, regulations, and provisions.
(D) in the website public information resources to comply with the relevant provisions of confidentiality, in accordance with the "who published, who is responsible for" principle, the unit, the department of information security confidentiality. Publishing units should be responsible for the authenticity and legitimacy of the information.
(E) the internal website of the collection of information on the Internet, the scope of the release should be consistent with the unit, the scope of the management of the department and the scope of business, in principle, shall not exceed the unit, the scope of the management of the department and the scope of business to collect and publish information.
(F) The English version of the home page information must be translated accurately, true and reliable.
(vii) Laws and regulations involving copyrights, trademarks, logos, multimedia data types and software should be observed, and information without the permission of the copyright holder should not be used.
Article 88 Management of electronic bulletin
(a) the units of the corporate website should be cautious about interactive information services (BBS, message boards, chat rooms, etc.). Engaged in Internet information services, to carry out electronic bulletin services, should be in the provinces, autonomous regions, municipalities directly under the Central Telecommunications Administration or the Ministry of Information Industry to apply for operating Internet information services license or for non-operating Internet information services for the record, a special application or special record.
(ii) the opening of the above services, to strictly implement the "Internet electronic bulletin service management regulations", to designate special management, close monitoring, found that the problem, and immediately deal with and report to the relevant departments in accordance with the provisions of the report.
(C) interactive columns should have identification and registration functions, and has the ability to save more than 90 days of the system network operating logs and user log records.
Section II e-mail services
Article 89 The e-mail system must have a high degree of reliability. Where conditions permit, it should be configured as a dual-machine hot standby. If redundant hardware is not available, there must be a failure recovery plan that can be implemented quickly. Redundancy must be transparent to user access.
Article 90 Anti-virus measures must be taken to prevent the spread of viruses through e-mail.
Article 91 The mail system should have anti-relay and anti-spam features.
Article 92 The space size of user mailboxes should be limited to prevent abuse of system resources.
Article 93 The mail system shall have certain mail filtering functions, and can automatically delete mails containing certain specific words or email addresses. The administrator should update the mail filtering rules once the bad mail source is found.
Article 94 The mail system should be run with non-Root privileges.
Article 95 All units shall establish strict procedures for applying for changes in e-mail accounts.
Article 96 The administrator of the mail system must abide by the relevant laws and regulations and professional ethics, and maintain the privacy and security of the enterprise and individual users.