|
US$259.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
MHT0051-2015: Implementation guide to information system security classified protection of civil aviation
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| MH/T 0051-2015 | English | 259 |
Add to Cart
|
3 days [Need to translate]
|
Implementation guide to information system security classified protection of civil aviation
| Valid |
MH/T 0051-2015
|
PDF similar to MHT0051-2015
Basic data | Standard ID | MH/T 0051-2015 (MH/T0051-2015) | | Description (Translated English) | Implementation guide to information system security classified protection of civil aviation | | Sector / Industry | Civil Aviation Industry Standard (Recommended) | | Classification of Chinese Standard | V07 | | Classification of International Standard | 35.020 | | Word Count Estimation | 11,150 | | Date of Issue | 2015-04-08 | | Date of Implementation | 2015-08-01 | | Quoted Standard | GB/T 22239; GB/T 22240; GB/T 28448 | | Regulation (derived from) | ?Civil Aviation Industry Standard Announcement 2015 No.2; Industry Standard Filing Announcement 2016 No.1 (Total No.193) | | Issuing agency(ies) | Civil Aviation Administration of China | | Summary | This standard specifies the object and goal of the civil aviation information system security level protection work, defines the implementation process of the civil aviation information system security level protection, the roles and responsibilities involved, and the main tasks and work of each stage of the implementation of the hierarchical protection Process. This standard applies to civil aviation information system security level protection. | MHT0051-2015: Implementation guide to information system security classified protection of civil aviation
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Implementation guide to information system security classified protection of civil
ICS 35.020
V 07
MH
Civil Aviation Industry Standard of the People's Republic of China
Guidelines for the Implementation of the Security Level Protection of Civil Aviation Information System
aviation
2015 – 04 – 08 released
2015 – 08 – 01 Implementation
Issued by Civil Aviation Administration of China
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by the Department of Personnel, Science and Education, Civil Aviation Administration of China.
This standard was approved by the Aircraft Airworthiness Certification Department of the Civil Aviation Administration of China.
This standard is under the jurisdiction of the China Academy of Civil Aviation Science and Technology.
Drafting organizations of this standard. Civil Aviation University of China, China Civil Aviation Science and Technology Research Institute.
Drafters of this standard. Xie Lixia, Liu Xiaojie, Xiong Yuting, Zhong Anming, Zhao Hongxu, Cheng Xiang, Yang Hongyu, Du Weijun, Wang Xinyuan, Wang
Rush.
Guidelines for the Implementation of the Security Level Protection of Civil Aviation Information System
1 Scope
This standard specifies the objects and objectives of the security level protection of civil aviation information systems, and defines the security of civil aviation information systems, etc.
The implementation process of level protection, the various roles and responsibilities involved, as well as the main tasks and work processes of each stage of level protection implementation.
This standard applies to the security level protection of civil aviation information systems.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 22239 Information system security level protection basic requirements
GB/T 22240 Guidelines for the Classification of Information System Security Protection Levels
GB/T 28448 Information Security Technology Information System Security Level Protection Evaluation Requirements
3 Terms and definitions
3.1
Network and information security
Information security in information interaction activities that rely on the network, as well as the security and reliability of the network and the information system itself, especially the network
And the confidentiality, integrity and availability of the information system, as well as the authenticity, verifiability, non-repudiation and reliability of the information.
[MH/T 0035-2012, definition 3.1]
3.2
Important network and information system of civil aviation
Civil aviation networks and information systems with security protection levels above level two, including civil aviation administrative agencies at all levels, directly affiliated units, and civil aviation
Use the basic network and core business system of air transportation airports, airlines, air traffic control departments and air transportation support units.
[MH/T 0035-2012, definition 3.4]
3.3
Classified security protection
In accordance with the requirements of the information system security protection level, the security protection, technical guarantee and security management of the network and information system are implemented.
3.4
Target of classified security
The specific network and information system directly affected by the information security level protection work.
3.5
Classified security testing and evaluation
The process of determining whether the information system security protection capability meets the basic requirements of the corresponding level.
[GB/T 25058-2010, definition 3.1]
4 Overview of Security Level Protection
4.1 Hierarchical protection objects
The objects of civil aviation information system security level protection are civil aviation networks and information systems.
4.2 Security level protection goals
The goal of security level protection is to divide the security levels of important civil aviation networks and information systems in accordance with the security levels in this standard.
Full-level protection requires planning, construction, operation and maintenance, management and supervision to strengthen the security protection capabilities of civil aviation information systems and ensure that
Ensure its safety and reliability.
5 Information system security level protection implementation process
See Figure 1 for the overall flow of information system security level protection implementation, and refer to Appendix A for the activity flow of each stage of security level protection implementation.
The main tasks of each stage should include.
a) Information system rating. All civil aviation enterprises and institutions shall identify the scope of the information system and conduct information
System analysis and determination of information system security protection level;
b) Information system grade filing. All civil aviation enterprises and institutions should sort out the grade protection reports and filing forms of information systems that need to be filed.
Form complete filing materials and go through filing procedures;
c) Security planning and design. All civil aviation enterprises and institutions shall, in accordance with the basic requirements of the
Overall planning and design of safety protection measures;
d) Safe construction and implementation. All civil aviation enterprises and institutions should select and use the plan in accordance with relevant national regulations based on the approved plan.
Information technology products that meet the requirements of information system security protection levels, and carry out information system security construction and implementation;
e) Security level evaluation. All civil aviation enterprises and institutions should select qualified information security service agencies, according to GB/T 28448
Periodically carry out system security level evaluation and risk assessment on the status of information system security level;
f) System construction and rectification. After the completion of the system evaluation and risk assessment, the system should be rectified and modified according to the content of the report.
Fully reinforced, improve the security protection measures of the information system;
g) Safe operation and management. During the operation period, the system shall be properly operated, changed, and monitored safely in accordance with the requirements of level protection.
Work related to security incident handling, security audits and inspections;
h) System termination. The residual information in the system should be properly handled to ensure that civil aviation information assets are safely controlled.
6 Information system rating
6.1 Work flow of information system rating stage
The operation and user unit of civil aviation information system shall determine in accordance with the requirements of relevant national management regulations and information system grade protection grading guidelines
The security protection level of the information system. The main work at this stage should include.
a) Information system analysis. the boundaries and scope of the information system should be determined, and an overall description file of the information system should be formed;
b) Security protection level determination. The security protection level of the information system shall be determined in accordance with the requirements of the information system level protection grading guide.
Form a grading report and filing form;
c) Expert review. According to the overall description materials of the information system, the rating report and filing form of the information system, experts should be hired to determine the rating
Accuracy and compliance review.
6.2 Information system analysis
Information about the information system should be collected from the relevant personnel of the information system operation and user unit, and the information should be comprehensively analyzed and sorted.
Form the overall descriptive document of the unit's information system based on the analyzed and sorted content.
6.3 Determination of safety protection level
Information system operators and users shall determine the security protection level of the information system in accordance with the requirements of GB/T 22239 and GB/T 22240.
And review and approve the grading results to ensure the accuracy of the grading results. The documents generated in the grading process should be sorted out to form a fixed
Level report and filing form.
6.4 Expert review
Information system operators and users shall organize experts to review the rating report. After passing the review, it shall be operated and used by the information system
The unit shall file with the public security organs as required.
6.5 Rating audit
Information system operators and users should provide civil aviation administrative agencies with important civil aviation networks and information at or above level three (including level three).
The safety protection rating report and filing materials of the information system, the civil aviation administrative agency should hire experts to review the rating report based on the rating report.
Conduct an audit.
7 Information system level filing
Information system operators and users shall organize relevant filings in accordance with the requirements of the national information security management department for the filing of information systems
And submit the filing materials to the public security organ, and obtain the information system security protection grade filing certificate issued by the public security organ. Record certificate
Minghe materials shall be filed with the civil aviation administration.
8 Safety planning and design
The security of the classified civil aviation information system should be clarified based on the classification of the civil aviation information system and the business conditions carried by the system.
All requirements, design a reasonable safety plan that meets the requirements of grade protection, and formulate a safety implementation plan. Should include. safety requirements analysis,
Safety overall design, safety construction project planning, safety construction content planning, and formation of safety construction project plans.
9 Security construction and implementation
The security strategy and security technology system required to be implemented in the overall information system security plan should be structured according to the construction goals and construction content.
The structure, safety measures and requirements are implemented in the product function or physical form, the products or components that can be realized and their specific specifications are proposed, and the products
Product functional characteristics are organized into technical measures implementation plan. Mainly should include. the detailed design of the safety plan, the content design of the management implementation, and the safety
Implement process management and other parts.
10 Security Level Evaluation
10.1 Selection of Evaluation Institution
Information system operators and users should strictly follow the relevant national and civil aviation regulations to select qualified information security evaluation agencies.
10.2 Evaluation implementation
The information security evaluation agency shall conduct level protection evaluation and risk assessment of information systems in accordance with GB/T 28448.
10.3 Evaluation report submission
After the evaluation, the information security evaluation agency shall submit the evaluation report and risk assessment report to the system operation and user unit.
11 System construction and rectification
11.1 Formulate a rectification plan
According to the evaluation report and risk assessment report, a safety rectification plan that is compatible with the safety protection level should be determined.
11.2 Testing and acceptance
It should be checked whether the system is constructed in strict accordance with the plan and whether the designed function and performance are realized. The implementation of security control is completed
Afterwards, the entire system should be tested for integrated security.
11.3 Document and system revision
After implementing various supplementary safety measures in accordance with the safety rectification plan, relevant technical documents and management systems should be adjusted and revised to ensure information
The integrity and consistency of the security system.
12 Safe operation and management
12.1 Operation management process control
It shall determine and implement the operation management and control, safety status monitoring,
Safety incident handling and emergency plans, safety inspections and continuous improvement processes ensure effective control of the operation process.
12.2 Periodic evaluation
A qualified information security service agency shall conduct regular inspections of the information systems that have completed the level of protection in accordance with GB/T 28448.
Level evaluation to ensure that the security protection measures of the information system meet the security requirements of the corresponding level.
12.3 Supervision and inspection
The administrative agencies at all levels of civil aviation shall categorize the information system, planning and design, construction, implementation and operation management of system operations and users.
Supervise and inspect the process of management and other processes to ensure that they meet the requirements of the corresponding level of information system security protection.
12.4 Continuous improvement
The safety technical measures and management measures of the system shall be partially adjusted or safety level changed based on the results of evaluation and inspection.
13 System termination
According to the relevant national standards, the transfer, temporary storage or removal of information, and the transfer or abandonment of equipment should be implemented during the termination stage of the civil aviation information system.
Clear or destroy storage media.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of MHT0051-2015_English be delivered?Answer: Upon your order, we will start to translate MHT0051-2015_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of MHT0051-2015_English with my colleagues?Answer: Yes. The purchased PDF of MHT0051-2015_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|