It is a violation of the State Grid Corporation’s Information Network Operation and Management Regulations (Trial)

General Provisions

Article 1 The State Grid Corporation’s information network is produced and produced by the State Grid Corporation of China. It is an important tool for operation and management and an important guarantee for the safety, stability, economy and high-quality operation of the power grid. Information network security is an important part of the power production safety management system of State Grid Corporation of China. In order to standardize the operation and management of the State Grid Corporation's information network, improve the operation and management level of the information network, ensure the safety, reliability, and stable operation of the State Grid Corporation's information network, and promote the informatization work of the State Grid Corporation, these regulations are specially formulated.

Article 2: This information network refers to the network systems and network application systems of various units of the State Grid Corporation of China, including network systems, network service systems, application systems, security systems, network storage systems, auxiliary systems, etc. .

Article 3 This regulation applies to the operation and management of computer information networks in all units of the State Grid Corporation of China system. The information network operation and management work of all power grid operating enterprises and information service enterprises in the State Grid Corporation of China system should strictly implement this procedure, and prepare corresponding operating procedures and operation management implementation details based on this procedure.

Article 4 The relevant information network operation and management procedures and regulations issued by each unit shall not conflict with relevant national laws and these regulations.

Article 5 cited standards and reference documents:

(1) Regulations of the People’s Republic of China on the Security Protection of Computer Information Systems

(2) China Interim Provisions of the People's Republic of China on the Management of International Networking of Computer Information Networks

(3) Implementation Measures for the Interim Provisions of the People's Republic of China on the Management of International Networking of Computer Information Networks

(4) ) Management Measures for the Security Protection of International Networking of Computer Information Networks

(5) Measures for the Management of Entry and Exit Channels for International Networking of Computer Information Networks

(6) Measures for the Management of International Networking of Public Computers in China

(7) China’s Measures for the Administration of Public Multimedia Communications

(8) Interim Provisions on the Networking of Private Networks and Public Networks

(9) Interim Provisions on the Confidentiality Management of Computer Information Systems

(10) Interim Measures for Approval of Communications, Office Automation and Computer Information Systems Involving State Secrets

(11) Guidelines for the Use and Management of Passwords for Secrets-Involving Computer Systems

(12) Regulations on the management of commercial passwords

(13) Regulations on the confidentiality management of international networking of computer information systems

(14) Regulations on the operation and management of the State Grid Corporation’s information network (Trial)

Division of responsibilities

Article 6 The information network of each unit refers to the information network within the management scope of the unit, including: the unit's local area network, the wide area network interconnected with subordinate units, and network application systems .

Article 7 The Science and Technology Information Department of State Grid Corporation of China is responsible for inspecting, supervising and assessing the operation and management of the information network of each unit of the State Grid Corporation of China system. The centralized information management departments of each regional, provincial power grid company, and local (municipal) power supply company are responsible for implementing the requirements of the superior information management department and inspecting, supervising, and assessing the operation and management of the information network of the unit and its subordinate units.

Article 8 Each unit should clarify that the operation management department or agency is responsible for the daily operation, maintenance and other management of the information network within the scope of the unit's management.

Basic Measures

Section 1 Operation Duty

Article 9 The information network of each unit should operate 7×24 hours. Each unit should arrange personnel with corresponding professional and technical levels to be on-site for 5×8 hours during the working hours of statutory working days. Off-site duty should be arranged for the rest of the time, and ensure that the on-duty personnel can rush to the site in time when there is a problem with the system. 7×24-hour on-site duty should be implemented during important periods to ensure the normal operation of key application systems.

Article 10 The duty officer shall conduct regular inspections of the information network during daily duty, monitor the operation of the information network in real time through effective technical means and measures, and record and analyze system operation data. Once a fault is discovered, it should be reported and handled promptly.

Article 11 The duty officer should keep a duty log. Personnel on duty should conscientiously implement the shift handover system and major event reporting system.

Article 12 Each unit should set up a dedicated duty phone to notify users and report it to the superior network operation management department for record. Duty calls should be answered 24 hours a day, 7 days a week.

Section 2 Job Responsibilities

Article 13 Each unit should clearly define the information network operation and management department and have a clear division of responsibilities between departments.

Article 14 The information network operation and management department of each unit should set up positions for network security, network management, system management, database management, operation duty, etc. that are commensurate with the size of its network, and specify each position according to the situation of the unit Division of job responsibilities. Relevant technical positions must be assumed by dedicated personnel with corresponding technical levels, and each unit should provide them with professional technical training and assessment on a regular basis.

Article 15 The network management, system management, network security and other key positions of the information network of each unit should implement a main and deputy position backup system. When the main post is absent, the deputy post should be able to perform relevant work on his behalf.

Section 3 Work Ticket Management

Article 16 A work ticket must be filled in for information network operations involving the following:

(1) Failure Troubleshooting (including system recovery)

(2) Elimination of defects

(3) System upgrades and configuration changes

(4) System operation and outage

(5) Other operations that may affect system operation

The work ticket format is shown in Appendix 1.

Article 17 A work ticket shall be applied for by a dedicated person and issued by a qualified work ticket issuer. The issuer of the work ticket shall not concurrently serve as the person in charge (supervisor) of the work.

Article 18 The responsibility of the issuer of the work ticket is to carefully review all the contents filled in the work ticket, including reviewing the necessity of the work, whether the work is safe, whether the operation steps filled in the work ticket are appropriate, and the assigned personnel Whether the person in charge of the work (supervisor) and operators are appropriate, whether safety protection and emergency measures are adequate, etc.

Article 19 The responsibility of the person in charge of the work (supervisor) is to organize the work correctly and safely, organize the operators to complete the preparation of safety measures and technical measures before work, and strictly implement the work ticket, etc.

Article 20 The responsibility of the operator is to conscientiously implement the work content stipulated in the work ticket under the supervision of the person in charge of the work (supervisor).

Article 21 The numbering of work tickets should be unified. The content of the work ticket should include: number, work content, location, time, person in charge, staff, collaborating units, safety measures, work plan and program, approver's signature, work records, on-site recovery status, and possible impact of the operation on the system and emergency preparedness, etc. No one is allowed to fill in a ballot or sign beyond their authority.

Article 22 All operations must have implementation plans, steps, safety measures, emergency plans, etc. At least two people should be on site to supervise the operation of the system.

Article 23 Work tickets should be archived and kept for a long time for inspection, and statistics should be made regularly.

Article 24: For situations that require urgent handling, you can handle them first after consulting the relevant leaders, but you must issue a new work ticket afterwards.

Section 4 Business Acceptance

Article 25 Each unit should formulate relevant business acceptance systems based on its own business conditions. For information network services, such as wide area network access, urban Domain network access, LAN access, application system access, network services, etc. are managed in a standardized and process-oriented manner.

Article 26: Classify business according to its importance, frequency of occurrence, etc., and stipulate the acceptance process and promised completion time for different businesses.

Article 27 The business acceptance process should be clearly defined including application, approval, confirmation, implementation, feedback, archiving, etc., and the responsibilities of each position involved in the process should be clearly defined.

Section 5 Computer Room Management

Article 28: Each unit should formulate an information network computer room management system. Computer room safety should be the responsibility of the computer room operation personnel on duty, and it should be clear that the operation management department is responsible Human beings are the first person responsible for the safety of the computer room.

Article 29: Set different security levels for different computer room areas, and give staff at different positions corresponding permissions to enter and exit the computer room.

Article 30 Except for operation personnel and maintenance personnel, other personnel are not allowed to enter the machine room without permission. Outside visitors must obtain prior consent from relevant departments before entering the computer room, and must be led into the computer room by designated personnel. Conduct detailed registration of personnel entering and exiting the computer room, and relevant registration records should be kept for more than one year.

Article 31 The equipment in the computer room can only be maintained and operated by dedicated engineers. Other personnel are not allowed to operate without authorization.

Article 32 The construction and maintenance of any lines and equipment in the computer room by outsiders must obtain the consent of the operation management department in advance and be carried out under the supervision of the operation management personnel.

Article 33 The computer room should maintain appropriate temperature and humidity, and keep the environment clean and tidy.

Section 6 User Services

Article 34 User services refer to the maintenance and application services of employees’ personal office terminal equipment.

Article 35 The network operation management department should set up a user service hotline. If conditions permit, online repair reports, email repair reports, etc. can also be used, and maintenance log statistics should be kept.

Article 36: Special personnel should be assigned to be on duty 5×8 hours on statutory working days, responsible for answering user service hotline calls, checking and registering online or email repair records, task distribution, user feedback, Archiving statistics and other work.

Article 37 When answering the phone, the on-duty personnel should use civilized language, understand the user's fault situation in detail, make careful records, and respond in a timely manner. Online repair reports and email repair reports must be checked and processed in a timely manner.

Article 38 On-site service personnel must correct their service awareness, improve service quality, and have good professional ethics. Any operation on the user's computer must obtain the user's consent in advance. Do a good job in keeping the internal information of users' computers confidential and do not do anything unrelated to work.

Article 39: Reasonably arrange the inventory of spare parts and spare equipment to ensure that faults can be eliminated in time without affecting the normal work of users.

Article 40 Troubleshooting methods include telephone support and on-site service. The troubleshooting process is shown in the figure below:

Article 41 Under normal circumstances, it is required to arrive at the scene within 1 hour after receiving the fault report.

Article 42: Regularly conduct user satisfaction surveys to promote the improvement of service quality. Generally required once a year.

Section 7 Equipment Management

Article 43 Information network management departments at all levels must strengthen equipment management, classify and code equipment, establish equipment ledgers and equipment cards, Track equipment health status based on equipment cards and establish standardized equipment history and file information.

Article 44: Routers, switches, servers, instruments, instruments, safety devices, etc. should be managed by dedicated personnel and assigned responsibilities to ensure safe and economical operation.

Article 45 Equipment Classification

According to the type, purpose, media (especially software) and other factors of the equipment, it is classified into the following categories:

(1) Network (routers, switches, dial-up servers, fiber optic transceivers, firewalls, intrusion detection, etc.)

(2) Servers (including minicomputers, workstations, PC servers)

(3) Personal computers (including portable computers)

(4) Peripheral equipment (printers, scanners, plotters, etc.)

(5) Auxiliary equipment (network and server cabinets) , air conditioners, UPS, etc.)

(6) Tools (including network tools, common tools, etc.)

(7) Software

(8) Others

Among them, software is divided into:

1. System software

2. Application software

3. Database software

4. Tool software

Article 46 Equipment Coding

Equipment coding shall be carried out according to relevant standards of the coding system.

Article 47 Equipment Acceptance Management

(1) After the equipment arrives, the relevant departments should organize relevant personnel to inspect and accept the equipment. The acceptance includes equipment unpacking acceptance, power-on test acceptance and equipment integration operation acceptance.

(2) The unpacking and acceptance of equipment upon arrival includes unpacking and counting, checking the quantity of equipment and accessories (accessories), random information, and equipment quality appraisal. The basis for acceptance shall be the contents of the signed contract. After the equipment is unpacked and accepted, a written acceptance report must be submitted and signed by the acceptance personnel. The acceptance report includes the equipment arrival list, random information list, equipment quality identification instructions, etc.

(3) Equipment power-on test acceptance includes power-on test machine, parameter test, software test, etc. During the power-on test and acceptance of the equipment, various parameters should be carefully tested in accordance with the requirements of the technical agreement, and corresponding software should be installed for testing to check whether the performance indicators of the equipment can meet the technical requirements. After the equipment is powered on and tested for acceptance, a written acceptance report must be submitted and signed by the acceptance personnel. The acceptance report includes parameter record list, performance indicator description, problem list, etc.

(4) The acceptance of equipment integration operation should be carried out in accordance with the relevant requirements of the technical agreement to ensure that the equipment is integrated into the already running system, can achieve qualified technical performance indicators, and does not have a negative impact on the original system . After the equipment integration operation is accepted, a written acceptance report and technical report must be submitted, and an expert group shall be organized to conduct acceptance. After the acceptance is passed, a completion report must be submitted.

Article 48 Equipment Ledger Management

(1) After the on-site installation and acceptance of the equipment, the equipment ledger, equipment card and equipment label must be established within 30 days to ensure that the , cards, and objects are consistent, and the contents of ledgers, cards, and labels are consistent. The equipment ledger, equipment card and equipment label styles are as shown in Appendix 2, Appendix 3 and Appendix 4.

(2) Each unit should submit statistical reports on equipment ledger management to relevant departments on an annual basis.

Article 49 Equipment Operation Management

(1) The operation and management of all equipment should be assigned to the responsible person, with regular inspections, inspections and maintenance, and duty logs and handovers should be completed. Succession records. The equipment should be used rationally according to the technical usage requirements of the equipment to make it meet the design requirements.

(2) Implement daily inspection, weekly inspection, monthly inspection, quarterly inspection and annual inspection system. Any problems found should be recorded and handled according to the relevant procedures according to the severity of the problem.

(3) A complete operating log should be established to carefully record equipment abnormalities, equipment defects, test data, fault analysis, fault handling processes and other operating conditions, and do a good job in operating statistics.

Article 50 Equipment Inspection and Maintenance

(1) Each unit should establish and improve equipment inspection and maintenance procedures and job responsibility systems.

(2) Equipment officially put into operation shall not be deactivated or inspected at will.

When shutting down or overhauling equipment, a work ticket is required. Information network interruptions with a large impact must be jointly approved by relevant departments before they can be shut down. Equipment maintenance time exceeding 8 hours must be included in the monthly maintenance work plan and can only be implemented after approval by the competent department. Replacement of equipment must be included in the maintenance plan, and a written application must be submitted one week in advance for approval by the supervisor.

(3) The maintenance of equipment interconnected with the superior information network must be approved by the superior information network operation management department before it can be implemented.

(4) In order to ensure the normal maintenance of the network system and timely troubleshooting, the information network operation and management department must be equipped with necessary instruments, meters, tools and spare parts depending on the specific situation.

(5) Carefully prepare for various maintenance tasks, prepare equipment maintenance plans, keep records, and complete maintenance tasks as quickly and accurately as possible.

(6) Earnestly carry out the inspection and acceptance procedures. Strictly implement the principle of "whoever performs maintenance is responsible" to improve the quality of maintenance and ensure safe operation.

Article 51 Renovation and Update of Equipment

(1) Renovation and update of equipment should have medium- and long-term plans and annual plans, and be carefully organized and implemented.

(2) To transform and update important equipment, technical and economic demonstration must be conducted in advance and submitted for approval in accordance with relevant regulations.

(3) After the acceptance of equipment modification, equipment change records should be processed.

Section 8 Data Management

Article 52 Data refers to the standards, systems, plans and summaries (including plans), Logs, project management documents, equipment ledgers (cards), technical documents, etc. are documents closely related to system construction and system operation, recording system operating parameters, technical indicators, equipment configuration, scheme design, project construction contracts and other information.

Article 53 Data management requirements include:

(1) Do a good job in collecting, sorting, registering, registering, keeping, appraising, and utilizing data. Equipment technical data should be complete, correct, unified and clear. For large equipment, the original random data should be submitted to the archives department for archiving. For important and core equipment, the data should be copied and saved in multiple ways and in different locations.

(2) Equipment technical data should be managed by dedicated personnel, who should also be responsible for data security and strictly prevent the leakage of confidential information.

(3) Data management personnel should have the basic qualities of archives management personnel, master certain professional and technical knowledge and strong computer application skills, and be able to clearly classify and archive the documents they manage.

(4) The document storage space should be as tight and solid as possible, and comply with the requirements of the seven preventions (fire, dust, rats, insects, moisture, light, and theft). The warehouse temperature should be controlled at 14-24 degrees Celsius. The relative humidity should be controlled between 45-65.

(5) During project construction, the person in charge of the project or the designated person shall be responsible for collecting and organizing the documents generated during the entire project process, classifying them, and marking the necessary instructions. Within one week after the project acceptance Submit all project documents to the document manager for archiving.

Article 54: Archived materials should be kept organically connected according to the natural laws of their formation, classified and filed, so that the documents can correctly reflect the construction process of different systems and facilitate borrowing. Query.

Article 55: Depending on the importance and confidentiality of the data, important data will be copied and electronic data copied.

Section 9 Account Management

Article 56 Information network accounts include user accounts, application system accounts, super administrator accounts, etc. The opening of user accounts must be specific to each user, and it is prohibited to open accounts for roles or positions. The establishment of application system accounts should be based on each application service to avoid multiple services sharing one account and avoid using the super administrator account to run the application system. The application system account should be used for internal management of the application system, and the super administrator account can only be used when necessary.

Article 57 The management of accounts and passwords should include the specification, protection, use and permission changes of user names and passwords.

Article 58 The establishment of an account in any system must be approved in accordance with the procedures.

Article 59 Passwords must be of sufficient length and complexity and updated in a timely manner. For important passwords, a regular modification system should be established.

Article 60 The password of the system super administrator must be kept and modified by a dedicated person, and the scope of use must be strictly limited.

Article 61 If a user loses or forgets his password, he must reapply to the operation management department through the prescribed process.

Article 62 When users are transferred out of the unit, they must go to the operations management department to complete the account cancellation procedures. Administrators must immediately disable their accounts, log out of their accounts and revoke their permissions within the specified time.

Article 63 Password management education and password security inspections should be conducted for all management personnel, mainly including Internet passwords and passwords for application systems with information release functions.

Network System

Section 1 Access Management of Network User Equipment

Article 64 Network user equipment refers to the network that needs to be accessed on the local network User terminal equipment such as workstations and network printers.

Article 65: For access to network user equipment, the person in charge of the equipment should fill in the "Network User Equipment Access Application Form" (see Appendix 5), and the department leader must approve it before submitting it to the information network. The operation management department submits an application, and after obtaining the consent of the information network operation management department, the corresponding system managers will be responsible for connecting specific equipment to the network. The information network operation management department should establish equipment files of network user equipment.

Article 66 The setting or modification of relevant network parameters of network user equipment must be completed by the corresponding system administrator or can only be operated after obtaining the approval of the corresponding system administrator. Network users are not allowed to change network configuration parameters without permission, and should use network resources correctly according to network operation permissions. All illegal operations are strictly prohibited.

Article 67: Each network user equipment is used by a dedicated person who is responsible for daily maintenance and upkeep to ensure its normal operation. If any problem occurs, the information network operation personnel on duty should be notified in a timely manner.

Article 68: All network user equipment should use genuine software, and information network operation and management departments at all levels need to customize their systems.

Article 69: Each network user equipment is used for daily work. It is strictly prohibited to use network user equipment for any purpose other than work. It is strictly prohibited to download illegal programs from the Internet, and it is strictly prohibited to use proxies and port scanners without permission.

Article 70 Disassembly and movement of network user equipment and its components should be carried out in strict accordance with the equipment loading and unloading requirements.

Article 71 Without the approval of the information network operation and management department, no unit or individual may privately connect to the external network through telephone lines and other communication links, affecting the security of the entire network.

Article 72 Network user equipment should stop running unnecessary protocols, services and interfaces, and should not open irrelevant network services at will.

Article 73 For those who violate the above requirements, the information network operation and management department has the right to disconnect their network connections and adopt corresponding procedures to deal with them.

Section 2 Network System Backup

Article 74 The configuration of network equipment (routers, switches, etc.) requires regular backup of electronic media and paper media.

Article 75 Before and after operations such as network configuration changes and system software upgrades, device configurations should be backed up.

Article 76: Do a good job in version management and backup of system software.

Article 77: Timely update the network topology structure diagram at this level.

Article 78 Determine the necessary network system recovery and installation plan.

Section 3 Network Isolation

For network interconnection, different security areas should be divided according to different security levels. Necessary isolation must be carried out between different security areas.

The operational requirements for the isolation point are as follows:

Article 79 The network connection of the isolation point must be monitored in real time 24/7.

Article 80: When an abnormal connection occurs on the network, but the system can still operate normally, the operation personnel must immediately use technical means to effectively isolate it, limit illegal access, and trace its source. , notify the information network operation management department of the unit where they work for processing.

Article 81 When a large number of abnormal access occurs at the isolation point and the system cannot operate normally, the operation management personnel must cut off the interconnection link between the isolation device and the local network, fill out a fault application form and notify the network security management personnel to handle. Network security managers follow the troubleshooting process until the system can be put into normal operation.

Article 82 Network security managers should regularly audit and collect statistics on access logs, event logs and other systems of network isolation devices, make necessary adjustments to the system's security policies and form corresponding reports.

Section 4 Management of IP Addresses

Article 83 The IP addresses of all internal nodes on the State Grid Information Network must be in accordance with the "National Electric Power System Information Network IP Address Coding Specification" Encoding based on principles to ensure network interconnection. Networks and nodes that do not comply with IP address coding specifications are not allowed to access the information network, and are denied mutual access within the State Grid Information Network. Due to historical reasons, if the IP address has not been coded according to the principles of the "National Electric Power System Information Network IP Address Coding Specification", it should be gradually modified to a uniformly assigned IP address during network upgrades, optimization and adjustments.

Article 84 Information networks at all levels must regularly report the IP address allocation plan and actual usage of the information network at this level to the superior department.

Network Service System

Section 1 WWW Service

Article 85 System Security:

(1) Web Server System software and application software should be updated with patches in a timely manner.

(2) Establish a backup system and keep it synchronized with the main system so that it can be put into use in time after the main system fails or is illegally tampered with.

(3) The system must have a certain level of security to prevent unauthorized users from accessing the system and protect the content of the site from infringement. The identities of users and workstations should be authenticated before uploading data.

(4) The system should have a homepage access control function that can prohibit access by certain users by setting domain names or IP addresses.

(5) It has a monitoring function, monitors the performance of the system and the usage of the site, and adjusts the server performance and diagnoses faults based on the monitoring situation.

(6) It has multiple log recording functions, including the number of site visits, error conditions, services provided, tracking and monitoring, and real-time performance measurement.

Article 86 Information Maintenance:

(1) Website information should be regularly maintained and updated in a timely manner, especially news and other information, to ensure the timeliness and timeliness of news information. The accuracy of important information makes online information rich, true, timely and effective. The update cycle varies depending on the content. After a large column is updated, the last revision date should be displayed on the web page.

(2) Regularly verify whether the link, CGI script, and HTML are valid to ensure the normal functioning of the system.

(3) Develop new content and add new columns as needed.

Article 87 Audit of Internet Information

(1) In order to ensure the authenticity, integrity, reliability, accuracy, security and confidentiality of Internet information, it is necessary to Establish a strict and complete information classification review system to review online information. Different types and levels of information should be reviewed by dedicated personnel from relevant departments as appropriate. Important information should be reviewed by relevant leaders. The specific review process will be determined based on the circumstances of the unit.

(2) The information release department must establish a complete information release registration system and establish an effective work flow for information collection, review, storage, transmission, backup, monitoring, processing, and reporting.

(3) When publishing information on the website, it is necessary to strictly implement the Law of the People's Republic of China on Safeguarding State Secrets, the Regulations of the People's Republic of China on Security Protection of Computer Information Systems, and the Ministry of Public Security's Laws, regulations and provisions such as the "Measures for the Security Protection and Management of International Networking of Computer Information Networks" and the "Interim Provisions on the Security Management of Computer Information Systems" by the State Administration of Secrecy.

(4) The information resources disclosed on the website must comply with relevant confidentiality regulations, and in accordance with the principle of "whoever publishes, who is responsible", the information security of this unit and department must be kept confidential. The issuing unit shall be responsible for the authenticity and legality of the information.

(5) The scope of collection and release of online information on internal websites should be consistent with the management scope and business scope of the unit and department. In principle, the collection and release of information on the internal website should not exceed the management scope and business scope of the unit and department. Post information.

(6) The English version of the information on the homepage must be accurately translated, authentic and reliable.

(7) Laws and regulations involving copyrights, trademarks, logos, multimedia data types and software should be observed, and information without the permission of the copyright owner should not be used.

Article 88 Electronic Announcement Management

(1) All corporate websites must treat interactive information services (BBS, message boards, chat rooms, etc.) with caution. Those engaged in Internet information services and intending to carry out electronic announcement services shall submit a special application or special application when applying for a commercial Internet information service license or filing for a non-commercial Internet information service to the telecommunications management agency of the province, autonomous region, or municipality directly under the Central Government or the Ministry of Information Industry. Filing.

(2) When opening the above-mentioned services, the "Internet Electronic Announcement Service Management Regulations" must be strictly implemented, and special personnel must be designated to manage and monitor closely. If problems are found, they should be dealt with immediately and reported to the relevant departments in accordance with regulations.

(3) The interactive column should have identity recognition and registration functions, and have the function of saving system network operation logs and user usage logs for more than 90 days.

Section 2 Email Service

Article 89 The email system must have high reliability. If conditions permit, it should be configured as dual-machine hot standby. If redundant hardware is not available, a failure recovery plan must be implemented quickly. Redundancy must be transparent to user access.

Article 90 Anti-virus measures must be taken to prevent viruses from spreading through emails.

Article 91 The mail system should have anti-relay, anti-spam and other functions.

Article 92: Limits should be set on the space size of user mailboxes to prevent abuse of system resources.

Article 93 The email system should have a certain email filtering function and be able to automatically delete emails containing certain specific words or email addresses. Once bad email sources are discovered, administrators should promptly update email filtering rules.

Article 94 The mail system should be run with non-Root permissions.

Article 95: Each unit should establish strict procedures for applying for changes in email accounts.

Article 96 Email system administrators must abide by relevant legal regulations and professional ethics, and maintain the privacy and security of the enterprise and individual users.