GBZ24294.1-2018 English PDFUS$599.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GBZ24294.1-2018: Information security technology -- Guide of implementation for internet-based-government information security -- Part 1: General Status: Valid GBZ24294.1: Historical versions
Basic dataStandard ID: GB/Z 24294.1-2018 (GB/Z24294.1-2018)Description (Translated English): Information security technology -- Guide of implementation for internet-based-government information security -- Part 1: General Sector / Industry: National Standard Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 30,373 Date of Issue: 2018-03-15 Date of Implementation: 2018-10-01 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China GBZ24294.1-2018: Information security technology -- Guide of implementation for internet-based-government information security -- Part 1: General---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology--Guide of implementation for internet-basede-government information security--Part 1. General ICS 35.040 L80 National Standardization Guidance Technical Document of the People's Republic of China Partially replace GB /Z 24294-2009 Information security technology Internet e-government information security implementation guide Part 1. General e-governmentinformationsecurity-Part 1.General Published on.2018-03-15 2018-10-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China China National Standardization Administration issued ContentForeword III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 Internet-based e-government information security reference model 2 5.1 Safety Reference Model 2 5.2 Security Policy 3 5.3 Identifying security requirements 4 5.4 Safety Design 4 5.5 Security Implementation 4 5.6 Security Assessment 5 6 Based on the Internet e-government information security technology system 5 6.1 Safety Technology System 5 6.2 Public Key Infrastructure 6 6.3 Security Interconnection and Access Control, Border Protection 6 6.4 Regional Security 6 6.5 Terminal Security 6 6.6 Application Security 6 6.7 Security Management 6 6.8 Security Services 6 7 Implementation Principles of the System 6 7.1 On-demand protection principle 6 7.2 Principle of Minimization of Permissions 7 7.3 Information Classification Protection Principle 7 7.4 System Domain Control Principle 7 8 System Implementation Architecture 7 8.1 System Implementation Architecture in Data Centralized Mode 7 8.2 System Implementation Architecture in Data Distribution Storage Mode 8 8.3 System Implementation Architecture in Mobile Office Mode 11 9 Key aspects of system implementation 13 9.1 System Domain Control 13 9.2 Unified Certification Authorization 13 9.3 Access Control and Secure Exchange 14 9.4 Terminal Security Protection 14 10 System Risk Assessment 14 10.1 Customer Interview 14 10.2 Document Information Verification 14 10.3 Analysis of Construction Plan 14 10.4 Programme Implementation Verification 15 10.5 Tool Detection 15 10.6 Assessment Conclusion 15 Appendix A (informative) A city based on the Internet e-government security system configuration example 16 Appendix B (informative appendix) Example of information classification protection based on Internet e-government system in a city 19ForewordGB /Z 24294 "Information Security Technology Based on Internet E-Government Information Security Implementation Guide" is divided into the following sections. --- Part 1. General; --- Part 2. Access Control and Security Exchange; --- Part 3. Identity authentication and authorization management; --- Part 4. Terminal security protection. This part is the first part of GB /Z 24294. This part is drafted in accordance with the rules given in GB/T 1.1-2009. This part replaces GB /Z 24294-2009 "Internet-based e-government information security implementation guide." With GB /Z 24294- Compared to.2009, the main technical changes are as follows. --- Added a reference model based on Internet e-government information security; --- A new revision to the Internet-based e-government information security technology system; --- New recommendations for the implementation of the Internet-based e-government implementation framework; --- New recommendations for access control and secure exchange; --- New recommendations for the new application model of Internet e-government mobile terminals; --- New additions to the specific application of information classification protection; --- New recommendations for identity authentication and authorization management for trust system construction. Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This section drafted by. PLA Information Engineering University, China Electronics Technology Standardization Institute, Beijing Tianrongxin Technology Co., Ltd., Zheng State Xinda Jiean Information Technology Co., Ltd. The main drafters of this section. Chen Xingyuan, Du Xuehui, Sun Wei, Cao Lifeng, Zhang Dongyu, Ren Zhiyu, Xia Chuntao, He Jun, Jing Hongli, Shangguan Xiaoli. The previous versions of the standards replaced by this section are. ---GB /Z 24294-2009.IntroductionThe Internet has become an important information infrastructure, and actively using the Internet to build e-government in China can improve efficiency and expand The coverage of the service can save resources and reduce costs. Using the open Internet to carry out e-government construction, facing computer viruses and networks Security threats and risks such as network attacks, information leakage, and identity spoofing. In order to promote the application of the Internet in China's e-government, the guidance is based on mutual This guideline technical document is specially formulated for the security of networked e-government information. The e-government information security implementation guideline standard based on the Internet e-government information security implementation guide general rules, access Control and security exchange, identity authentication and authorization management, terminal security protection. Implementation of e-government information security based on the Internet The general guideline is based on the overview of Internet e-government information security construction, which can guide government departments to establish e-government information based on the Internet. Security system, build Internet e-government information security technology system; access control and security exchange, identity authentication and authorization management Three specifications for terminal security protection, from the Internet e-government security interconnection and access control, government office and government service security, politics The three key implementation points of terminal security protection are to standardize the construction of Internet-based electronic information security systems. Information security technology Internet e-government information security implementation guide Part 1. General1 ScopeThis part of GB /Z 24294 gives an e-government based on Internet e-government information security reference model. The information security technology system provides guidance on the implementation principles, implementation framework, implementation of key technologies and risk assessment of the system. Structure It is based on the Internet e-government information security assurance framework and the establishment of an e-government information security system based on the Internet. This section applies to organizations that do not have an e-government extranet or a leased communication network. Information security construction of e-government that does not involve state secrets, and information for managers, engineers, and information security product providers Safety construction provides management and technical reference. Involving state secrets, or may involve state secrets after the collection, processing, and transmission of information, Implemented in accordance with national secrecy regulations and standards.2 Normative referencesThe following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article. Pieces. For undated references, the latest edition (including all amendments) applies to this document. GB/T 20984-2007 Information Security Technology Information Security Risk Assessment Specification GB/T 30278-2013 Information Security Technology Government Computer Terminal Core Configuration Specification GB/T 31167-2014 Information Security Technology Cloud Computing Service Security Guide3 Terms and definitionsThe following terms and definitions apply to this document. 3.1 Internal data processing domain insidedataprocessingdomain The administrative office system and its data domain that are only open to government officials. 3.2 Security administration network platform networkplatformforsecuregovernmentaffairs Through the use of commercial cryptography and VPN technology, reasonable configuration of different types of VPN products, based entirely on the Internet, to achieve The low-cost, scalable e-government network built by the municipal/county/township and other party and government departments. 3.3 Security government office platform officeplatformforsecuregovernmentaffairs Security technology such as data domain storage, unified identity authentication, unified authorization management, and information classification protection, and e-government office applications The system is combined to make electronic electronic documents, such as finalization, issuance, stamping, sending, receiving, printing and archiving. In the government office system, the identity is credible, the behavior is controllable, and the system can be managed, creating a safe and controllable Internet e-government office platform. 3.4 Public data processing domain publicdataprocessingdomain The public service system open to the public and the domain in which it is located. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ24294.1-2018_English be delivered?Answer: Upon your order, we will start to translate GBZ24294.1-2018_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GBZ24294.1-2018_English with my colleagues?Answer: Yes. The purchased PDF of GBZ24294.1-2018_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GBZ24294.1-2018?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GBZ24294.1-2018 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
