【中英文对照版】自然资源领域数据安全管理办法.docx

自然资源部关于印发自然资源领域数据安全管理办法的通知(No.572024oftheMinistryofCommerce)（自然资发（2024）57号）自然资源领域数据安全管理办法AdministrativeMeasuresforDataSecurityintheFieldofNaturalResources制定机关：自然资源部发文字号：自然资发202457号公布日期：2024.03.22施行日期：2024.03.22效力位阶：部门规范性文件法规类别：机关工作综合规定IssuingAuthority：MinistryofNaturalResourcesDocumentNumber：No.57(2024OfMinistryofNaturalResourcesDaIeIssued：03-22-2024EffectiveDale：03-22-20241.evelofAuthority:DepartmentalRegulatoryDocumentsAreaof1.aw：GeneralProvisionsonGovernmentAffairsNoticebytheMinistryofNaturalResourcesofIssuingtheAdministrativeMeasuresforDataSecurityintheFieldofNaturalResources各省、自治区、直辖市自然资源主管部门，新疆生产建设兵团自然资源局，上海市海洋局、福建省海洋与渔业局、山东省海洋局、广西壮族自治区海洋局，国家林业和草原局，中国地质调查局及部其他直属单位，各派出机构，部机关各司局：Departmentsofnaturalresourcesofallprovinces,autonomousregions,andmunicipalitiesdirectlyundertheCentralGovernment,theBureauofNaturalResourcesofXinjiangProductionandConstructionCorps,theShanghaiMunicipalOceanicAdministration,theFujianOceanicandFisheryBureau,theOceanicAdministrationofShandongProvince,theOceanicAdministrationofGuangxiZhuangAutonomousRegion,theNationalForestryandGrasslandAdministration,theChinaGeologicalSurvey,andotherinstitutionsdirectlyundertheMinistryofNaturalResources,alllocaloffices,andalldepartmentsandbureausoftheMinistryofNaturalResources:WiththeapprovalofthenationaldatasecurityworkcoordinationmechanismandconsentbytheleadersoftheMinistryofNaturalResources,theAdministrativeMeasuresforDataSecurityintheFieldofNaturalResourcesareherebyissuedtoyouforyourdiligentcomplianceandimplementationinlightofactualcircumstances.经国家数据安全工作协调机制批准，部领导同意，现将自然资源领域数据安全管理办法印发给你们，请结合实际认真贯彻执行°MinistryofNaturalResourcesMarch22,2024Annex自然资源部2024年3月22日附件AdministrativeMeasuresforDataSecurityintheFieldofNaturalResources自然资源领域数据安全管理办法Chapter I GeneralProvisions第一章总则第一条为规范自然资源领域数据处理活动，加强数据安全管理，保障数据安全，促进数据开发利用，保护个人、组织的合法权益，维护国家安全和发展利益，根据中华人民共和国数据安全法中华人民共和国网络安全法中华人民共和国个人信息保护法中华人民共和国密码法等法律法规，制定本办法。Article1TheseMeasuresaredevelopedinaccordancewiththeDataSecurity1.awofthePeople,sRepublicofChina,theCybersecurity1.awofthePeople'sRepublicofChina,thePersonalInformationProtection1.awofthePeople'sRepublicofChina,theCryptography1.awofthePeople,sRepublicofChina,andotherapplicablelawsandregulationsforthepurposesofregulatingdataprocessinginthefieldofnaturalresources,strengtheningtheadministrationofdatasecurity,guaranteeingdatasecurity,promotingdatadevelopmentandutilization,protectingthelawfulrightsandinterestsofindividualsandorganizations,andsafeguardingnationalsecurityanddevelopmentinterests.Article2Non-ClassifieddataprocessinginthefieldofnaturalresourcescarriedoutwithintheterritoryofthePeople'sRepublicofChinaorintheperformanceofdutiesbythedepartmentsofnaturalresourcesabroadandthesecurityregulationthereofconductedwithintheterritoryofthePeople'sRepublicofChinashallcomplywiththerelevantlaws,regulations,andtherequirementsoftheseMeasures.第二条在中华人民共和国境内开展的，或在境外履行自然资源部门职责过程中开展的自然资源领域非涉密数据处理活动及其安全监管，应当遵守相关法律法规和本办法的要求。Article3ForthepurposesoftheseMeasures,datainthefieldofnaturalresourcesmeansdatacollectedandgeneratedduringactivitiesconcerningnaturalresources,mainlyincludingbasicgeographicinformationandremotesensingimagesandothergeographicinformationanddata,surveyandmonitoringdataofnaturalresourcessuchasland,minerals,forests,grasslands,water,wetlands,andseaareasandislands;dataonterritorialspatialplanning,suchasoverallplanning,detailedplanning,andspecialplanning;anddataonusecontrol,assetmanagement,cultivatedlandprotection,ecologicalrestoration,development,andutilization,andrealestateregistration.第三条本办法所称自然资源领域数据，是指在开展自然资源活动中收集和产生的数据，主要包括基础地理信息、遥感影像等地理信息数据，土地、矿产、森林、草原、水、湿地、海域海岛等自然资源调查监测数据，总体规划、详细规划、专项规划等国土空间规划数据，用途管制、资产管理、耕地保护、生态修复、开发利用、不动产登记等自然资源管理数据。ForthepurposesoftheseMeasures,udataprocessorsinthefieldofnaturalresourcesn(udataprocessorsn)meansvariousentitiesinthenaturalresourcesindustrythatcarryoutdataprocessingactivitiesinthefieldofnaturalresources.本办法所称自然资源领域数据处理者（以下简称数据处理者），是指开展自然资源领域数据处理活动的自然资源行业各类单位。本办法所称数据安全，是指通过采取必要措施，确保数据处于有效保护和合法利用的状态，以及具备ForthepurposesoftheseMeasures,udatasecuritynmeansthatnecessarymeasuresaretakentoensurethestateofeffectiveprotectionandlawfulutilizationofdataandhavethecapabilitytosafeguardthecontinuingstateofsecurity.保障持续安全状态的能力。第四条在国家数据安全工作协调机制统筹协调下，自然资源部承担自然资源行业、领域数据安全监管职责，负责督促指导各省、自治区、直辖市自然资源主管部门、海洋主管部门（以下统称地方行业监管部门）开展数据安全监管。国家林业和草原局具体承担森林草原、湿地荒漠等数据安全监管职责，参照本办法制定具体制度。地方行业监管部门分别负责对本地区自然资源领域数据处理活动和安全保护进行监督管理。自然资源部、国家林业和草原局及地方行业监管部门统称为行业监管部门。行业监管部门将数据安全纳入党委（党组）国家安全责任制，按照“谁管业务，谁管数据，谁管数据安全”原则，落实本行业本地区本领域数据安全指导监管责任。Article4Undertheoverallcoordinationofthenationaldatasecurityworkcoordinationmechanism,theMinistryofNaturalResourcesshallundertakethedutiesofregulationofdatasecurityintheindustryandfieldofnaturalresources,andberesponsibleforurginganddirectingdepartmentsofnaturalresourcesandmarinedepartmentsofprovinces,autonomousregions,andmunicipalitiesdirectlyundertheCentralGovernment(hereinaftercollectivelyreferredtoasuIocaIindustryregulatorydepartments")toregulatedatasecurity.TheNationalForestryandGrasslandAdministrationshallspecificallyundertakethedutiesofregulatingthesecurityofdataconcerningforests,grassland,wetlands,anddeserts,anddevelopspecificruleswithreferencetotheseMeasures.1.ocalindustryregulatorydepartmentsshallberespectivelyresponsibleforthesupervisionandadministrationofdataprocessingactivitiesandsecurityprotectioninthefieldofnaturalresourceswithintheirrespectiveregions.TheMinistryofNaturalResources,theNationalForestryandGrasslandAdministration,andlocalindustryregulatorydepartmentsarecollectivelyreferredtoasindustryregulatoryauthorities.IndustryregulatoryauthoritiesshallincludedatasecurityinthenationalsecurityresponsibilitysystemofPartycommittees(leadingPartymembers*group),andfulfilltheresponsibilitiesfordatasecurityguidanceandregulationintheirrespectiveindustries,regions,andfieldsaccordingtotheprincipleofuwhoeverinchargeofbusinessshallbeinchargeofdataanddatasecurity.第五条自然资源部、国家林业和草原局推进自然资源领域数据开发利用和数据安全标准体系建设，组织开展相关标准制修订及推广应用。Article5TheMinistryofNaturalResourcesandtheNationalForestryandGrasslandAdministrationshallpromotethedevelopmentandutilizationofdatainthefieldofnaturalresourcesandtheconstructionofthedatasecuritystandardsystem,andorganizethedevelopment,revision,promotion,andapplicationofrelevantstandards.第六条鼓励自然资源领域数据依法共享开放和开发利用，支持数据创新应用。积极构建数据开发利用和安全产业协调共进的发展模式，不断提升数据安全保障能力，维护国家安全、社会稳定、组织和个人权益。Article6Thelegalsharing,opening,development,andutilizationofdatainthefieldofnaturalresourcesareencouragedandtheinnovativeapplicationofdataissupported.Adevelopmentmodelfeaturingthecoordinationandadvancementofdatadevelopmentandutilizationandthesecurityindustryshallbeactivelybuilt,datasecurityprotectioncapabilitiesshallbecontinuouslyenhanced,andnationalsecurity,socialstability,andtherightsandinterestsoforganizationsandindividualsshallbesafeguarded.第七条支持开展经常性的自然资源领域数据安全宣传教育。采取多种方式培养数据开发利用技术和数据安全专业人才，促进人才交流。Article7Regularpublicityandeducationondatasecurityinthefieldofnaturalresourcesshallbesupported.Professionalsindatadevelopmentandutilizationtechnologyanddatasecurityshallbecultivatedbyvariousmeans,andtheexchangeoftalentsshallbepromoted.第二章数据分类分级管理第八条自然资源部组织制定自然资源领域数据分类分级、重要数据和核心数据识别认定、数据安全保护等标准规范，指导开展数据分类分级管理工作，编制行业重要数据和核心数据目录并实施动态管理。国家林业和草原Chapter II ClassifiedandGradedDataManagementArticle8TheMinistryofNaturalResourcesshallorganizethedevelopmentofstandardsandspecificationsfordataclassificationandgrading,identificationanddeterminationofimportantdataandcoredata,andgradeddataprotection,amongothers,inthefieldofnaturalresources,guideclassifiedandgradeddatamanagement,compilethecatalogsofimportantdataandcoredataintheindustry,andconductdynamicmanagement.TheNationalForestryandGrasslandAdministrationshall,inaccordancewith局按照自然资源领域数据分类分级标准规范，结合工作需要编制林草领域数据安全标准规范，指导开展林草数据分类分级工作，编制林草重要数据和核心数据目录并实施动态管理。thestandardsandspecificationsfordataclassificationandgradinginthefieldofnaturalresourcesandinlightofworkneeds,developthestandardsandspecificationsfordatasecurityinthefieldofforestryandgrassland,guidetheclassificationandgradingofforestryandgrasslanddata,preparethecatalogsofimportantandcoreforestryandgrasslanddata,andcarryoutdynamicmanagement.地方行业监管部门按照自然资源领域数据分类分级标准规范，分别组织开展本地区自然资源领域数据分类分级管理及重要数据和核心数据识别审核工作，编制本地区自然资源领域重要数据和核心数据目录，并上报自然资源部，目录发生变化的，应及时上报更新。Thelocalindustryregulatorydepartmentshallorganizetheclassifiedandgradedmanagementofdatainthefieldofnaturalresourcesandtheidentificationandreviewofimportantandcoredatawithinitsregion,determinethespecificcatalogofimportantdataandcoredatawithinitsregion,andsubmitittotheMinistryofNaturalResources.Anychangeinthecatalogshallbereportedandupdatedinatimelymanner.数据处理者应当定期按照自然资源领域数据分类分级标准规范梳理填报重要数据和核心数据目录。Dataprocessorsshallregularlyreviewandenterthecatalogofimportantdataandcoredataaccordingtothestandardsandregulationsfortheclassificationandgradingofdatainthefieldofnaturalresources.第九条根据行业特点和业务应用，自然资源领域数据分类类别包括但不限于地理信息、自然资源调查监测、国土空间规划、自然资源管理等，具体参照自然资源领域数据分类分级标准规范。Article9Accordingtoindustrialcharacteristicsandbusinessapplications,thecategoriesofdatainthefieldofnaturalresourcesshallincludebutnotbelimitedtogeographicinformation,surveyandmonitoringofnaturalresources,territorialspaceplanning,andmanagementofnaturalresources,andthespecificstandardsfortheclassificationandgradingofdatainthefieldofnaturalresourcesshallapply.通过对自然资源领域数据Throughacomprehensiveanalysisoftheimportance,重要性、精度、规模、安全风险，以及数据价值、可用性、可共享性、可开放性等进行综合分析，判断数据遭到篡改、破坏、泄露或者非法获取、非法利用后的影响对象、影响accuracy,scale,andsecurityrisksofdatainthefieldofnaturalresources,aswellasdatavalue,availability,sharability,andopenness,amongothers,theaffectedobjects,degreeofeffects,andscopeofeffectsafterdataaretamperedwith,destroyed,divulged,orillegallyobtainedorusedshallbeclassifiedintogeneraldata,importantdata,andcoredata.数据处理者可在此基础上细分数据的类别和一般数据级别。第十条核心数据是指对领域、群体、区域具有较高覆盖度或达到较高精度、较大规模、一定深度的重要数据，一旦被非法使用或共享，可能直接影响政治安全。核心数据主要包括关系国家安全重点领域的数据，关系国民经济命脉、重要民生和重大公共利益的数据，经国家有关部门评估确定的其他数据。重要数据是指特定领域、特定群体、特定区域或达到一定精度和规模，一旦被泄露或篡改、损毁，可能直接危害国家安全、经济运行、社会稳定、公共健康和安全的数据。程度、影响范围进行分级，分为一般数据、重要数据、核心数据。Onthisbasis,dataprocessorscansubdividethecategoriesofdataandlevelsofgeneraldata.Article10uCoredata,*meansimportantdatawithahighcoverageofafield,group,orregionorahighlevelofaccuracy,alargescale,oracertaindepth,which,onceillegallyusedorshared,maydirectlyaffectpoliticalsecurity.Coredatamainlyincludedatarelatingtokeyfieldsofnationalsecurity,datarelatingtolifelinesofthenationaleconomy,importantaspectsofpeople'slivelihood,ormaterialpublicinterest,aswellasotherdatadetermineduponassessmentbytherelevantdepartmentsofthestate."Importantdatanmeansthedatacoveringaspecificfield,specificgroup,orspecificregionorwithcertainaccuracyandscale,which,oncedivulged,tamperedwith,ordestroyed,maydirectlyendangernationalsecurity,economicoperation,socialstability,orpublichealthandsecurity.Generaldatameansdataotherthanimportantandcoredata.一般数据是指除重要数据、核心数据以外的其他数据。Incombinationwiththecharacteristicsofdatainthefieldofnaturalresources,thosemeetingtwoormorefollowingreferenceindicatorsareimportantdata.结合自然资源领域数据特点，满足以下两项（含）以上参考指标的为重要数据。(1) DatageneratedfromsupportingtheperformanceofutwoUnificationnduties(theuniformexerciseofdutiesoftheownersofnaturalresourceassetsownedbythewholepeopleandtheuniformexerciseofdutiesofterritorialspaceusecontrolandecologicalprotectionandrestoration)grantedbytheCentralCommitteeoftheCommunistPartyofChinaandtheStateCouncil,whichareirreplaceableanduniqueforanindustry,andwillhaveasignificantimpactonservicerecipientsnationwideintheeventofanydatafalsification,leakage,serviceinterruption,oranyothersecurityincidentthatwillaffecttheperformanceofdutiesbythedepartmentofnaturalresources.（一）支撑党中央和国务院赋予的“两统一”职责产生的具有不可替代性和行业唯一性的，一旦发生数据篡改、泄露或服务中断等安全事故，将影响自然资源部门履行职责，对全国范围内服务对象产生重要影响的数据。(2) Dataarerelatedtothenationaleconomyandimportantaspectsofthepeople'slivelihood,providesupportforotherindustriesandfieldswithbasicdataofnaturalresources,andhaveamaterialimpactonotherindustriesandfieldsincaseofanydatasecurityincident.（二）涉及国民经济和重要民生的，为其他行业、领域提供自然资源基础数据支撑的，一旦发生数据安全事故会对其他行业、领域造成重要影响的数据。（三）覆盖多个省份甚至全国，规模大、精度高，且极具敏感性、重要性的数据。(3) Datawithalargescale,highaccuracy,sensitivity,andimportance,coveringmultipleprovincesandeventhewholecountry.(4) Datathatdirectlyaffectthenormaloperationandserviceofnationalcriticalinformationinfrastructure.（四）直接影响国家关键信息基础设施正常运行服务的数据。(5) Datathatendangernationalsecurity,nationaleconomiccompetitiveness,publicacceptanceofpublicservices,citizens'livingconditionsandstableworkingandlivingenvironment,citizens'lifeandpropertysafety,andotherlawfulinterests,andcausesocialpanic,amongothers.（五）危害国家安全、国家经济竞争力、危害公众接受公共服务、危害公民生存条件和安定工作生活环境、危害公民的生命财产安全和其他合法利益、导致社会恐慌等的数据。(6) Otherimportantdataonnaturalresourcesprescribedbylaws,regulations,andregulatorydocumentsofthestate.（六）我国法律法规及规范性文件规定的其他自然资源重要数据。Coredatameansthedatathatcomplywithimportantdataindicators,arerelatedtothelifelineofthenationaleconomy,importantaspectsofpeople'slivelihood,materialpublicinterest,andaffectpoliticalsecurity.符合重要数据指标，且关系国家经济命脉、重要民生和重大公共利益、影响政治安全的数据为核心数据。第十一条自然资源部所属的数据处理者应当将本单位重要数据和核心数据目录向自然资源部报备，国家林业和草原局所属的数据处理者应当将本单位重要数据和核心数据目录向国家林业和草原局报备，其他数据处理者应当将本单位重要数据和核心数据目录向本地区行业监管部门报备。报备内容包括但不限于数据类别、级别、规模、精度、来Article11DataprocessorsaffiliatedtotheMinistryofNaturalResourcesshallfiletheircatalogsofimportantdataandcoredatawiththeMinistryofNaturalResourcesforrecordation.DataprocessorsaffiliatedtotheNationalForestryandGrasslandAdministrationshallfiletheircatalogsofimportantdataandcoredatawiththeNationalForestryandGrasslandAdministrationforrecordation.Anyotherdataprocessorshallfileitscatalogofimportantdataandcoredatawiththelocalindustryregulatorydepartmentforrecordation.Thefiledcontentshallincludebutnotbelimitedtobasicinformationsuchasdatacategory,level,scale,accuracy,source,carrier,scopeofuse,externalsharing,cross-bordertransmission,security,andinformationonresponsibleentities,excludingthecontentofdata.源、载体、使用范围、对外共享、跨境传输、安全情况及责任单位情况等，不包括数据内容本身。地方行业监管部门应当在数据处理者提交报备申请后的二十个工作日内完成审核工作，报备内容符合要求的，报自然资源部审核认定，自然资源部接到申请后二十个工作日完成重要数据认定，核心数据须报国家数据安全工作协调机制认定；不符合要求的应当及时反馈申请单位并说明理由。申请单位应当在收到反馈后的十五个工作日内再次提交申请。报备内容发生重大变化的，数据处理者应当在发生变化的三个月内履行变更手续Q重大变化是指数据内容发生变化导致原有级别不再适用的，或某类重要数据和核心数据规模变化30%以上的，等等。第三章数据全生命周期安全管理第十二条数据处理者应当对数据处理活动安全负主体责任，对各类数据实行分级防护，不同级Thelocalindustryregulatorydepartmentshallcompletetheexaminationwithin20workingdaysfromthesubmissionoftherecordationapplicationbythedataprocessor,ifthefiledcontentsatisfiestherequirements,submitthesametotheMinistryofNaturalResourcesforreviewanddetermination.TheMinistryofNaturalResourcesshallcompletethedeterminationofimportantdatawithin20workingdaysuponreceiptoftheapplication,andreportcoredatatothenationaldatasecurityworkcoordinationmechanismfordetermination;iftherequirementsarenotmet,theMinistryofNaturalResourcesshallpromptlygivefeedbackandexplainthereasonstherefortotheapplicant.Theapplicantshallresubmittherecordationapplicationwithin15workingdaysofreceivingthefeedback.Ifthereisanymajorchan