HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (12 Oct 2025)

GB/T 25058-2019 PDF English

US$405.00 · In stock · Download in 9 seconds
GB/T 25058-2019: Information Security Technology - Implementation Guide for Classified Protection of Cybersecurity
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

GB/T 25058: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 25058-2019English405 Add to Cart 0-9 seconds. Auto-delivery Information Security Technology - Implementation Guide for Classified Protection of Cybersecurity Valid
GB/T 25058-2010English360 Add to Cart 0-9 seconds. Auto-delivery Information security technology -- Implementation guide for classified protection of information system Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 25058-2019
      

Similar standards

GB/T 25068.1   GB/T 25064   GB/T 25061   GB/T 25068.4   

GB/T 25058-2019: Information Security Technology - Implementation Guide for Classified Protection of Cybersecurity


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT25058-2019
NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 25058-2010 Information Security Technology - Implementation Guide for Classified Protection of Cybersecurity Issued on. AUGUST 30, 2019 Implemented on. MARCH 1, 2020 Issued by. State Administration for Market Regulation; Standardization Administration of the People’s Republic of China.

Table of Contents

Foreword... 5 1 Scope... 8 2 Normative References... 8 3 Terms and Definitions... 8 4 Overview of Implementation of Classified Protection... 8 5 Rating and Filing of Classified Protection Object... 13 6 Overall Security Planning... 23 7 Security Design and Implementation... 37 8 Security Operation and Maintenance... 51 9 Termination of Rating Objects... 71 Appendix A (normative) Main Processes and the Activities, Input and Output ... 76

1 Scope

This Standard stipulates the process that classified protection object implements cybersecurity protection work. This Standard is applicable to the guidance of the implementation of cybersecurity classified protection work.

2 Normative References

The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB 17859 Classified Criteria for Security Protection of Computer Information System GB/T 22239 Information Security Technology - Baseline for Classified Protection of Cybersecurity GB/T 22240 Information Security Technology - Classification Guide for Classified Protection of Information System Security GB/T 25069 Information Security Technology - Glossary GB/T 28448 Information Security Technology - Evaluation Requirement for Classified Protection of Cybersecurity

3 Terms and Definitions

Terms and definitions defined in GB 17859, GB/T 22239, GB/T 25069 and GB/T 28448 are applicable to this document.

4 Overview of Implementation of Classified Protection

4.1 Fundamental Principles The core of classified security protection is to classify classified protection objects, and carry out construction, management and supervision in accordance with the standards. During the implementation process of classified security protection, the following fundamental principles shall be followed. 4.2 Roles and Responsibilities The various roles and responsibilities involved in the implementation of classified cybersecurity protection to classified protection objects are as follows. 4.3 Basic Procedure of Implementation The basic procedure of implementing classified protection to classified protection objects includes. classified protection object rating and filing stage, overall security planning stage, security design and implementation stage, security operation and maintenance stage, and rating object termination stage, as it is shown in Figure 1.

5 Rating and Filing of Classified Protection Object

5.1 Workflow of Rating and Filing Stage The objective of the classified protection object rating stage is. the operating and using organization determines classified protection object and its security protection level in accordance with relevant national management specifications and rating standards and passes the expert review. If there is a competent department in the operating and using organization, the competent department shall review and approve it, and report to the public security organ for recording review. 5.3 Analysis of Classified Protection Object 5.3.1 Analysis of object importance Activity objective. Through the collection and understanding of information regarding classified protection object, and comprehensive analysis and sorting of the information, analyze organization’s main social functions / functions and effects; determine classified protection object, on which, the main social functions / functions are performed. 5.4 Determination of Security Protection Level 5.4.1 Rating, Review and Approval In accordance with relevant national management specifications and rating standards, determine the security protection level of rating object; review, examine and approve the rating result; guarantee the accuracy of the rating result. 5.4.2 Form rating report Organize documents generated during the rating process; form a report of rating result of classified protection object. Participating roles. competent department; operating and using organization. Activity input. detailed descriptive files of rating objects; rating result. 5.5 Filing of Rating Result Activity objective. In accordance with classified protection management department’s requirements for filing, organize relevant filing materials and submit them to the institution that accepts filing. Participating roles. competent department; operating and using organization; classified protection management department.

6 Overall Security Planning

6.1 Workflow of Overall Security Planning Stage The objective of the overall security planning stage is. in accordance with the classification of classified protection objects, the rating of classified protection objects and the operations undertaken by classified protection objects, through the analysis, identify the security demands of classified protection objects; design reasonable overall security scheme that satisfies the requirements of classified protection; formulate security implementation scheme, so as to guide the implementation of the subsequent security construction of classified protection objects. 6.2 Analysis of Security Demands 6.2.1 Determination of basic security demands In accordance with the security protection level of classified protection object, put forward the basic security protection demands for security protection object. Participating roles. operating and using organization; cybersecurity service institution. Activity input. detailed descriptive files of classified protection objects; security protection level rating report; other relevant documents of classified protection objects; GB/T 22239; basic industrial requirements. 6.2.2 Determination of special security demands Activity objective. Through the analysis of special protection demands of important assets, adopt the method of demand analysis or risk analysis, determine possible security risks; judge the necessity of implementing special security measures; put forward special security protection demands for classified protection objects. 6.3 Overall Security Design 6.3.1 Overall security policy design Activity objective. Form institutional programmatic security policy files, including the determination of security guide and formulation of security policy, so as to combine the series standard of basic requirements for classified protection, basic industrial requirements and special security protection requirements, construct security technology architecture and security management architecture for institution’s classified protection objects. In terms of newly established classified protection objects, the security protection level shall be clarified in the approval; in accordance with the requirements of corresponding protection level, conduct the overall security policy design. 6.3.2 Security technology architecture design Activity objective. In accordance with GB/T 22239, basic industrial requirements, security demand analysis report, institution’s overall security policy file, put forward security technological measures that classified protection objects need to implement; form a specific security technology architecture for institution’s classified protection objects, so as to guide the specific implementation of classified protection for classified protection objects. 6.3.4 Documentation of design result Activity objective. Document the results of the overall security design work. Finally, form a set of guidance documents that guide cybersecurity work. Participating roles. operating and using organization; cybersecurity service institution. Activity input. security demand analysis report; security technology architecture of classified protection objects; security management architecture of classified protection objects. 6.4 Security Construction Project Planning 6.4.1 Determination of security construction objective Activity objective. In accordance with overall security scheme (constituted of one or multiple files) of classified protection objects, long and mid-term development planning of organization’s informatization construction, and institution’s security construction funds, determine security construction objectives of different stages.

7 Security Design and Implementation

7.1 Workflow of Security Design and Implementation Stage The objective of the security design and implementation stage is. in accordance with the requirements of the overall scheme of classified protection objects, combine security construction project planning of classified protection objects, implement security measures in stages and in steps. 7.2 Detailed Design of Security Scheme 7.2.1 Design of technological measure implementation content Activity objective. In accordance with the objectives and the content of construction, implement security policy, security technology architecture, security measures and requirements that are required to be implemented in the overall security scheme of classified protection objects onto product functions or physical form; put forward products or components that can be implemented, and their specific specifications. In addition, organize product functional characteristics into documents, so that there can be basis for the procurement of cybersecurity products and the development of security control. 7.3 Implementation of Technological Measures 7.3.1 Procurement of cybersecurity products or services Activity objective. In accordance with the specific indicators of products or services in the detailed security design scheme, purchase products or services. In accordance with products, product combinations or service implementation functions, performance and security’s compliance with security design requirements, purchase the required cybersecurity products or services. 7.3.2 Development of security control Activity objective. In terms of some security measures and security functions that cannot be implemented through the procurement of existing cybersecurity products, they shall be implemented through exclusive design and development. The development of security control shall be synchronously designed and implemented with application development of the system. 7.4 Implementation of Management Measures 7.4.1 Construction and revision of security management system Activity objective. In accordance with relevant national policies, standards and specifications on cybersecurity, formulate and revise, and implement behavioral codes and operational procedures of the various stages and links of the construction, development, operation, maintenance, upgrade and transformation of classified protection objects that are matching with the security management of classified protection objects.

8 Security Operation and Maintenance

8.1 Workflow of Security Operation and Maintenance Stage Security operation and maintenance is a necessary link that ensures the normal operation of classified protection objects during the implementation of classified protection. It involves a lot of content, including the establishment of security operation and maintenance institution, and security operation and maintenance institution; the management of environment, assets, equipment and media; the management of networks and systems; the management of passwords and keys; the management of operation and alterations; security status monitoring and security incident handling; security auditing and security inspection, etc. 8.2 Operation Management and Control 8.2.1 Determination of operation management responsibilities Activity objective. Through the role division of operation management activities or tasks, and the granting of corresponding management authority, determine the specific personnel and responsibilities of security operation management. Roles shall at least be divided into system administrators, security administrators and security auditors. Participating role. operating and using organization. 8.3 Alteration Management and Control 8.3.1 Alteration demand and influence analysis Activity objective. Through the analysis of alteration demands and alteration influence during the operation and operation maintenance process, determine the category of alteration; plan the subsequent activity content. 8.3.2 Alteration process control Activity objective. Ensure that the alteration implementation process is under control during the operation and maintenance. The various alteration content shall be recorded, so as to guarantee that the influence of the alterations on the operation is the minimum. 8.4.1 Determination of monitoring objects Activity objective. Determine factors that might affect the security of classified protection objects, namely, determine the objects of security status monitoring. 8.5 Security Self-inspection and Continuous Improvement 8.5.1 Self-inspection of security status Activity objective. Through self-inspection of the security status of classified protection objects, provide basis and suggestions to the continuous improvement process of classified protection objects; ensure that the security protection capability of classified protection objects satisfies the security requirements of corresponding level. 8.6 Management and Monitoring of Service Provider 8.6.1 Selection of service provider Activity objective. Determine service providers with nationally or industrially stipulated design, evaluation and construction qualifications; lay a foundation for the subsequent management and monitoring. 8.9 Emergency Response and Guarantee 8.9.1 Emergency preparation Activity objective. Establish a perfect emergency organizational system; ensure rapid and well- coordinated emergency rescue work. Through the analysis of the level of security incidents, under a uniform emergency plan, formulate different emergency plans for different security incidents. Through the organization of emergency drill for classified protection objects, the cybersecurity emergency capability can be effectively inspected.

9 Termination of Rating Objects

9.1 Workflow of Rating Object Termination Stage The rating object termination stage is the final link of the implementation process of classified protection. When rating objects are transferred, terminated or abolished, correct handling of sensitive information is critical to ensuring the security of an institution’s information assets. 9.2 Information Transfer, Temporary Storage and Removal Activity objective. In the rating object termination processing process, adopt appropriate measures for information that might be used in other rating objects to securely transfer or temporarily store it to recoverable medium, so as to guarantee continued use in the future. 9.3 Equipment Migration or Abolishment Activity objective. Ensure that after the termination of rating objects, the migrated or abolished equipment does not include sensitive information. The mode of equipment disposal shall comply with the requirements of relevant national departments. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 25058-2019 be delivered?

Answer: The full copy PDF of English version of GB/T 25058-2019 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 25058-2019_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 25058-2019_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 25058-2019 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Question 5: Should I purchase the latest version GB/T 25058-2019?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 25058-2019 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

How to buy and download a true PDF of English version of GB/T 25058-2019?

A step-by-step guide to download PDF of GB/T 25058-2019_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 25058-2019".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9