HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (16 Mar 2025)

GB/T 20269-2006 PDF English


Search result: GB/T 20269-2006
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 20269-2006English170 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Information system security management requirements Valid


PDF Preview: GB/T 20269-2006


GB/T 20269-2006: PDF in English (GBT 20269-2006)

GB/T 20269-2006 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Information system security management requirements Issued on May 31, 2006 Implemented on December 01, 2006 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China; Standardization Administration of the People's Republic of China. Table of Contents Foreword ... 5  Introduction ... 6  1 Scope ... 8  2 Normative references ... 8  3 Terms and definitions ... 8  4 General requirements of information system security management ... 10  4.1Content of information system security management ... 10  4.2 Information system security management principles ... 10  5 Information system security management elements and the strength ... 12  5.1 Policy and system ... 12  5.1.1 Information security management policy ... 12  5.1.2 Security management rules and regulations ... 16  5.1.3 Policy and system document management ... 18  5.2 Organization and personnel management ... 19  5.2.1 Security management organization ... 19  5.2.2 Security mechanism centralized management organization ... 21  5.2.3 Personnel management ... 22  5.2.4 Education and training ... 25  5.3 Risk management ... 26  5.3.1 Risk management requirements and policy ... 26  5.3.2 Risk analysis and assessment ... 28  5.3.3 Risk control ... 30  5.3.4 Decision making based on risks ... 30  5.3.5 Risk assessment management ... 31  5.4 Environment and resource management ... 33  5.4.1 Environment security management ... 33  5.4.2 Resources management ... 35  5.5 Operation and maintenance management ... 38  5.5.1 User management ... 38  5.5.2 Operation management ... 41  5.5.3 Operation maintenance management ... 45  5.5.4 Outsourced service management ... 50  5.5.5 Assurance Related to Security Mechanism ... 51  5.5.6 Security centralized management ... 59  5.6 Business continuity management ... 62  5.6.1 Backup and recovery ... 62  5.6.2 Security incident handling ... 63  5.6.3 Emergency processing ... 65  5.7 Supervision and inspection management ... 67  5.7.1 Conforming with legal requirements ... 67  5.7.2 Compliance inspection ... 68  5.7.3 Audit and supervision control ... 70  5.7.4 Responsibility determination ... 71  5.8 Life cycle management ... 72  5.8.1 Plan and project approval management ... 72  5.8.2 Construction process management ... 74  5.8.3 System startup and stop management ... 77  6 Information system security management graded requirements ... 78  6.1 Level-one. User discretionary protection level ... 78  6.1.1 Management objective and scope ... 78  6.1.2 Policy and system requirements ... 79  6.1.3 Organization and personnel management requirements ... 79  6.1.4 Risk management requirements ... 80  6.1.5 Environment and resource management requirements ... 80  6.1.6 Operation and maintenance management requirements ... 81  6.1.7 Business continuity management requirements ... 82  6.1.8 Supervision and inspection management requirements ... 82  6.1.9 Life cycle management requirements ... 83  6.2 Level-two. System audit protection level ... 83  6.2.1 Management objective and scope ... 83  6.2.2 Policy and system requirements ... 84  6.2.3 Organization and personnel management requirements ... 84  6.2.4 Risk management requirements ... 85  6.2.5 Environment and resource management requirements ... 86  6.2.6 Operation and maintenance management requirements ... 86  6.2.7 Business continuity management requirements ... 87  6.2.8 Supervision and inspection management requirements ... 88  6.2.9 Life cycle management requirements ... 88  6.3 Level-three. Security label protection level ... 89  6.3.1 Management objective and scope ... 89  6.3.2 Policy and system requirements ... 90  6.3.3 Organization and personnel management requirements ... 90  6.3.4 Risk management requirements ... 91  6.3.5 Environment and resource management requirements ... 92  6.3.6 Operation and maintenance management requirements ... 92  6.3.7 Business continuity management requirements ... 94  6.3.8 Supervision and inspection management requirements ... 94  6.3.9 Life cycle management requirements ... 95  6.4 Level-four. Structured protection level ... 96  6.4.1 Management objectives and scope ... 96  6.4.2 Policy and system requirements ... 96  6.4.3 Organization and personnel management requirements ... 97  6.4.4 Risk management requirements ... 97  6.4.5 Environment and resource management requirements ... 98  6.4.6 Operation and maintenance management requirements ... 99  6.4.7 Business continuity management requirements ... 100  6.4.8 Supervision and inspection management requirements ... 100  6.4.9 Life cycle management requirements ... 101  6.5 Level-five. Access verification protection level ... 101  6.5.1 Management objectives and scope ... 101  6.5.2 Policy and system requiremen... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.