HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 22240-2020 PDF English

US$195.00 · In stock · Download in 9 seconds
GB/T 22240-2020: Information security technology - Classification guide for classified protection of cybersecurity
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

GB/T 22240: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 22240-2020English195 Add to Cart 0-9 seconds. Auto-delivery Information security technology - Classification guide for classified protection of cybersecurity Valid
GB/T 22240-2008English150 Add to Cart 0-9 seconds. Auto-delivery Information security technology -- Classification guide for classified protection of information system security Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 22240-2020
      

Similar standards

GB/T 22239   GB/T 22081   GB/T 22080   GB/T 19713   

GB/T 22240-2020: Information security technology - Classification guide for classified protection of cybersecurity


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT22240-2020
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 22240-2008 Information security technology - Classification guide for classified protection of cybersecurity Issued on. APRIL 28, 2020 Implemented on. NOVEMBER 01, 2020 Issued by. State Administration for Market Regulation; Standardization Administration of PRC.

Table of Contents

Foreword... 4 Introduction... 5 1 Scope... 6 2 Normative references... 6 3 Terms and definitions... 6 4 Rating principle and process... 8 4.1 Security protection level... 8 4.2 Rating elements... 9 4.2.1 Overview of rating elements... 9 4.2.2 Infringed objects... 9 4.2.3 Degree of infringement on the object... 9 4.3 Relationship between rating elements and security protection level... 10 4.4 Rating process... 10 5 Determine the rating object... 11 5.1 Information system... 11 5.1.1 Basic characteristics of rating objects... 11 5.1.2 Cloud computing platform/system... 12 5.1.3 Internet of Things... 12 5.1.4 Industrial control system... 12 5.1.5 System using mobile internet technology... 12 5.2 Network infrastructure... 13 5.3 Data resources... 13 6 Determine the security protection level... 13 6.1 Overview of rating methods... 13 6.2 Determine the infringed object... 15 6.3 Determine the degree of infringement on the object... 16 6.3.1 Objective aspects of infringement... 16 6.3.2 Comprehensively determine the degree of infringement... 16 6.4 Preliminary determining level... 18 7 Determine the security protection level... 18 8 Change of level... 19 References... 20

1 Scope

This standard gives a method and procedure for rating the security protection level of classified protection target which does not relate to state secret. This standard is applicable to guide the network operators to carry out the rating work of classified protection target which does not relate to state secret.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB 17859-1999 Classified criteria for security protection of computer information system GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity GB/T 25069 Information security technology - Glossary GB/T 29246-2017 Information technology - Security techniques - Information security management systems - Overview and vocabulary GB/T 31167-2014 Information security technology - Security guide of cloud computing services GB/T 32919-2016 Information security - Industrial control systems - Guidelines for the application of security controls GB/T 35295-2017 Information technology - Big data - Terminology

3 Terms and definitions

The terms and definitions as defined in GB 17859-1999, GB/T 22239-2019, GB/T 25069, GB/T 29246-2017, GB/T 31167-2014, GB/T 32919-2016, GB/T 35295-2017 as well as the following terms and definitions apply to this document. For ease of use, the following repeatedly lists some terms and definitions in the above standards. 3.1 Cybersecurity The capability of preventing attacks, intrusions, interference, destruction, illegal use of the network and accidents, to make the network be in a stable and reliable state of operation, meanwhile, to ensure the integrity, confidentiality and availability of network data, by taking necessary measures. [GB/T 22239-2019, definition 3.1] 3.2 Target of classified protection The object on which the classified protection work of cybersecurity is performed. Note. It mainly includes information systems, network infrastructure and data resources. 3.3 Information system Applications, services, information technology assets or other information processing components. [GB/T 29246-2017, definition 2.39] Note 1.The information system is usually composed of computers or other information terminals and related equipment, meanwhile performs information processing or process control according to certain application goals and rules. Note 2.Typical information systems include office automation systems, cloud computing platforms/systems, Internet of Things, industrial control systems, systems that use mobile internet technology. 3.4 Network infrastructure Network equipment and facilities that provide a basic support for information circulation and network operation. Note. It mainly includes telecommunication networks, radio and television transmission networks, special communication networks for industries or organizations. 3.5 Data resources A collection of data that has or is expected to have value. Note. Most data resources exist in electronic form. 3.6 Object of infringement Social relations as protected by the law that are infringed when the object of classified protection is damaged. Note. Referred to as "object" in this standard.

4 Rating principle and process

4.1 Security protection level According to the importance of the classified protection object in the national security, economic construction, social life, as well as such factors as the degree of infringement to the national security, social order, public interests, legal rights of citizens, legal persons and other organizations once it is damaged, loses function or the data is tempered with, disclosed, lost, destructed, the security protection level of the object of security protection is divided into the following five levels. 4.2 Rating elements 4.2.1 Overview of rating elements The rating elements of the classified protection objects include. a) Infringed objects; b) The degree of infringement on the object. 4.2.2 Infringed objects The infringed objects when the classified protection object is damaged include the following three aspects. 4.2.3 Degree of infringement on the object The degree of infringement on the object is comprehensively determined by the different external manifestations of objective. Since the infringement on the object is achieved by destroying the object of classified protection, the external manifestation of the infringement on the object is the damage to the object of classified protection, which is described by the method of infringement, the consequences of the infringement, the degree of infringement. The degree of infringement on the object after the object of classified protection are damaged can be divided to the following three types. 4.3 Relationship between rating elements and security protection level The relationship between rating elements and security protection levels is as shown in Table 1. 4.4 Rating process The general flow of the rating work of classified protection objects is as shown in Figure 1.

5 Determine the rating object

5.1 Information system 5.1.1 Basic characteristics of rating objects The information system as a rating object shall have the following basic characteristics. 5.1.2 Cloud computing platform/system In a cloud computing environment, the classified protection objects on the cloud service client side and the cloud computing platform/system on the cloud service provider side must be rated as separate rating objects, meanwhile the cloud computing platform/system is divided into different rating objects according to different service models. 5.1.3 Internet of Things The Internet of Things mainly includes characteristic elements such as perception, network transmission, processing applications. The above elements need to be rated as a whole object; each element is not rated individually. 5.1.4 Industrial control system The industrial control system mainly includes characteristic elements such as field acquisition/execution, field control, process control, production management. Among them, field acquisition/execution, field control, process control and other elements need to be rated as a whole object; each element is not rated separately; production management elements should be rated separately. 5.1.5 System using mobile internet technology The system adopting mobile internet technology mainly includes mobile terminals, mobile applications, wireless networks and other characteristic elements, which can be rated independently as a whole or together with related business systems. Each element is not rated separately. 5.2 Network infrastructure For network infrastructure such as telecommunication networks, radio and television transmission networks, etc., it should be divided into different rating objects according to factors such as the subject of security responsibility, service type or service area. 5.3 Data resources Data resources can be rated independently. When the security responsibility subjects are the same, big data and big data platforms/systems should be rated as a whole object; when the security responsibility subjects are different, big data shall be rated independently.

6 Determine the security protection level

6.1 Overview of rating methods The rating method for rating objects is as follows. For network infrastructure, cloud computing platforms/systems, and other rating objects and data resources having support functions, refer to 6.6. The security of rating objects mainly includes business information security and system service security. The related infringed objects and the degree of infringement on the objects may be different. Therefore, the security protection level is determined by both business information security and system service security. The security protection level of rating object as reflected from the perspective of business information security is called the business information’s security protection level; the security protection level of rating object as reflected from the perspective of system service security is called the system service’s security protection level. The schematic diagram of the rating method flow is as shown in Figure 2. 6.2 Determine the infringed object The infringed objects when the rating object is damaged include national security, social order, public interest, as well as the legitimate rights and interests of citizens, legal persons and other organizations. Matters that infringes national security include the following. Infringement on the legitimate rights and interests of citizens, legal persons and other organizations refers to the damage to the social rights and interests enjoyed by citizens, legal persons and other organizations protected by law. When determining the infringed object, first determine whether it infringes national security, then determine whether it infringes social order or public interest, finally determine whether it infringes the legitimate rights and interests of citizens, legal persons and other organizations. 6.3 Determine the degree of infringement on the object 6.3.1 Objective aspects of infringement From an objective perspective, the infringement of the object is externally manifested as destruction of the rating object; its infringement is manifested as the destruction of business information security and the destruction of system service security. 6.3.2 Comprehensively determine the degree of infringement The degree of infringement is a comprehensive manifestation of the different external manifestations of objective aspects. Therefore, first of all, based on different infringed object and different infringement consequence, respectively determine the degree of infringement. For different consequence of infringement, the method and angle of consideration for determining the degree of infringement may be different. For example, the degree of reduction of business capability as caused by the damage of the system service security may be determined from different aspects such as the area as covered by the rating object service, the number of users or the business volume; whilst the loss of property caused by the destruction of business information security may be determined in terms of direct capital loss and indirect information recovery costs, etc. 6.4 Preliminary determining level According to the infringed object when the business information security is damaged and the degree of infringement on the corresponding object, it may obtain the security protection level of the business information according to Table 2.

7 Determine the security protection level If the security protection level is preliminarily determined

as level 2 or above,the network operator of the rating object shall organize information security experts and business experts to review the rationality of the rating result and issue expert review opinions. If there is an industry competent (supervision) department, the rating result shall also be reported to the industry competent (supervision) department for approval, meanwhile an approval opinion shall be issued.

8 Change of level

When the scope of business information and system service handled by the classified protection object changes, which may lead to the damage of the business information security or system service security, thereby causing change to the infringed object and the degree of infringement on the object, it needs following this standard to re-determine the rating object and the security protection level. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 22240-2020 be delivered?

Answer: The full copy PDF of English version of GB/T 22240-2020 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 22240-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 22240-2020_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 22240-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Question 5: Should I purchase the latest version GB/T 22240-2020?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 22240-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

How to buy and download a true PDF of English version of GB/T 22240-2020?

A step-by-step guide to download PDF of GB/T 22240-2020_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 22240-2020".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9