Powered by Google www.ChineseStandard.net Database: 189759 (21 Jul 2024)

GB/T 22239-2008 PDF in English


GB/T 22239-2008 (GB/T22239-2008, GBT 22239-2008, GBT22239-2008)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 22239-2008English150 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Baseline for classified protection of information system security Obsolete
GB/T 22239-2019English485 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Baseline for classified protection of cybersecurity Valid
Newer version: GB/T 22239-2019
PDF Preview

Standards related to: GB/T 22239-2008

GB/T 22239-2008: PDF in English (GBT 22239-2008)

GB/T 22239-2008
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology –
Baseline for Classified Protection of Information
System Security
ISSUED ON. JUNE 19, 2008
IMPLEMENTED ON. NOVEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 4 
Introduction ... 5 
1    Scope ... 6 
2    Normative References ... 6 
3    Terms and Definitions ... 6 
4    Overview on Classified Protection of Information System Security ... 7 
4.1    Classification of Information System Security Protection ... 7 
4.2    Levels of Security Protection Ability ... 7 
4.3    Basic Technical Requirements and Basic Management Requirements ... 8 
4.4    Three Types of Basic Technical Requirements ... 8 
5    Basic Requirements of Level I ... 9 
5.1    Technical Requirements ... 9 
5.1.1    Physical Security ... 9 
5.1.2    Network Security ... 10 
5.1.3    Host Security ... 11 
5.1.4    Application Security ... 11 
5.1.5    Data Security and Backup Recovery ... 12 
5.2    Management Requirements ... 12 
5.2.1    Security Management System... 12 
5.2.2    Security Management Setup ... 13 
5.2.3    Personal Security Management ... 13 
5.2.4    System Construction Management ... 14 
5.2.5    System Operation and Maintenance Management ... 16 
6    Basic Requirements of Level II ... 18 
6.1    Technical Requirements ... 18 
6.1.1    Physical Security ... 18 
6.1.2    Network Security ... 20 
6.1.3    Host Security ... 21 
6.1.4    Application Security ... 23 
6.1.5    Data Security and Backup Recovery ... 25 
6.2    Management Requirements ... 25 
6.2.1    Security Management System... 25 
6.2.2    Security Management Setup ... 26 
6.2.3    Personnel Security Management ... 27 
6.2.4    System Construction Management ... 28 
6.2.5    System Operating and Maintenance Management ... 31 
7    Basic Requirements of Level III ... 35 
7.1    Technical Requirements ... 35 
7.1.1    Physical Security ... 35 
7.1.2    Network Security ... 38 
7.1.3    Host Security ... 40 
7.1.4    Application Security ... 43 
7.1.5    Data Security and Backup Recovery ... 46 
7.2    Management Requirements ... 47 
7.2.1    Security Management System... 47 
7.2.2    Security Management Setup ... 48 
7.2.3    Personnel Security Management ... 50 
7.2.4    System Construction Management ... 51 
7.2.5    System Operation and Maintenance Management ... 56 
8    Basic Requirements of Level IV ... 62 
8.1    Technical Requirements ... 62 
8.1.1    Physical Security ... 62 
8.1.2    Network Security ... 65 
8.1.3    Host Security ... 67 
8.1.4    Application Security ... 70 
8.1.5    Data Security and Backup Recovery ... 73 
8.2    Management Requirements ... 75 
8.2.1    Security Management System... 75 
8.2.2    Security Management Setup ... 76 
8.2.3    Personnel Security Management ... 78 
8.2.4    Management of System Construction ... 79 
8.2.5    System Operation and Maintenance Management ... 83 
9    Basic Requirements of Level V ... 91 
Appendix  A  (Normative)  Requirements  about  the  Integral  Security  Protection  Ability  of 
Information System ... 92 
Appendix B (Normative) Selection and Use of Basic Security Requirements ... 94 
Bibliography ... 96 
Foreword
Appendix A and Appendix B of this Standard are normative.
This Standard was proposed by the Ministry of Public Security National Technical
Committee on Information Technology Security of Standardization Administration of
China.
This Standard shall be under the jurisdiction of the National Technical Committee on
Information Technology Security of Standardization Administration of China.
Drafting organization of this Standard. MPS Information Classified Security Protection
Evaluation Center.
Chief drafting staffs of this Standard. Ma Li, Ren Weihong, Li Ming, Yuan Jing, Xie
Chaohai, Qu Jie, Li Sheng, Chen Xuexiu, Zhu Jianping, Huang Hong, Liu Jing, Luo
Zheng and Bi Maning.
Introduction
This Standard was developed according to the national management regulations on
classified protection of information security.
This Standard is one of the series standards for classified protection of information
security.
The series standards associated with this Standard include.
- GB/T 22240-2008 Information Security...
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.