HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GB/T 37988-2019 PDF English

US$910.00 · In stock · Download in 9 seconds
GB/T 37988-2019: Information security technology - Data security capability maturity model
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 37988-2019English910 Add to Cart 0-9 seconds. Auto-delivery Information security technology - Data security capability maturity model Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 37988-2019
      

Similar standards

GB/T 37985   GB/T 37973   GB/T 37956   GB/T 37980   

GB/T 37988-2019: Information security technology - Data security capability maturity model

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT37988-2019
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Data security capability maturity model Issued on. AUGUST 30, 2019 Implemented on. MARCH 01, 2020 Issued by. State Administration for Market Regulation; Standardization Administration of PRC.

Table of Contents

Foreword... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions... 5 4 Abbreviations... 8 5 DSMM architecture... 9 5.1 Maturity Model Architecture... 9 5.2 Security capability dimensions... 10 5.3 Capacity maturity level dimension... 11 5.4 Data security process dimension... 14 6 Data collection security... 16 6.1 PA01 data classification and grading... 16 6.2 PA02 Data collection security management... 18 6.3 PA03 Data source authentication and recording... 21 6.4 PA04 Data quality management... 23 7 Data transmission security... 25 7.1 PA05 data transmission encryption... 25 7.2 PA06 Network availability management... 28 8 Data storage security... 29 8.1 PA07 storage media security... 29 8.2 PA08 Logic storage security... 31 8.3 PA09 Data backup and recovery... 34 9 Data processing security... 38 9.1 PA10 data desensitization... 38 9.2 PA11 Data analysis security... 41 9.3 Proper use of PA12 data... 44 9.4 PA13 Data processing environment security... 46 9.5 PA14 Data import and export security... 49 10 Data exchange security... 52 10.1 PA15 Data sharing security... 52 10.2 PA16 Data release security... 55 10.3 PA17 Data interface security... 57 11 Data destruction security... 59 11.1 PA18 Data destruction and disposal... 59 11.2 Destruction and disposal of PA19 storage media... 61 12 Generic security... 64 12.1 PA20 Data security policy planning... 64 12.2 PA21 Organization and personnel management... 67 12.3 PA22 Compliance management... 72 12.4 PA23 Data asset management... 76 12.5 PA24 Data supply chain security... 78 12.6 PA25 Metadata management... 81 12.7 PA26 Terminal data security... 83 12.8 PA27 Monitoring and audit... 85 12.9 PA28 Authentication and access control... 88 12.10 PA29 Requirement analysis... 91 12.11 PA30 Security incident response... 93 Appendix A (Informative) Description of capability maturity level and GP... 96 A.1 Overview... 96 A.2 Capability maturity level 1 - Informal execution... 96 A.3 Capability maturity level 2 - Plan tracking... 97 A.4 Capability maturity level 3 - Fully defined... 99 A.5 Capability maturity level 4 - Quantitative control... 101 A.6 Capability maturity level 5 - Continuous improvement... 102 Appendix B (Informative) Reference method for evaluation of capability maturity level... 104 Appendix C (Informative) Assessment process of capability maturity level AND model usage method... 105 C.1 Assessment process of capability maturity level... 105 C.2 How to use the capability maturity model... 107 References... 109

Foreword

This standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This standard was proposed by AND shall be under the jurisdiction of the National Information Security Standardization Technical Committee (SAC/TC 260). Drafting organizations of this standard. Alibaba (Beijing) Software Service Co., Ltd., China Electronics Standardization Institute, China Information Security Evaluation Center, Beijing Qi'anxin Technology Co., Ltd., Lenovo (Beijing) Co., Ltd., the Third Research Institute of the Ministry of Public Security, Tsinghua University, China Cyber Security Review Technology and Certification Center, Software Research Institute of Chinese Academy of Sciences, China Mobile Communications Corporation, Alibaba Cloud Computing Co., Ltd., Beijing Tianrongxin Technology Co., Ltd., Institute of Information Engineering, Chinese Academy of Sciences, Shaanxi Province Information Engineering Research Institute, Northwest University, Inspur Electronic Information Industry Co., Ltd., Beijing Yihualu Information Technology Co., Ltd., New H3C Technology Co., Ltd., Qinzhi Digital Technology Co., Ltd., Beijing Digital Certification Co., Ltd., Venus Star Information Technology Group Co., Ltd., Hisense Group Co., Ltd., Yinchuan Big Data Industry Development Service Center, Nanjing Zhongxin Saike Technology Co., Ltd., Beijing Weibu Online Technology Co., Ltd., Shanghai Guanan Information Technology Co., Ltd., Huawei Technology Co., Ltd., Sanliu Zero Technology Co., Ltd., China Power Great Wall Internet System Application Co., Ltd. The main drafters of this standard. Zhu Hongru, Liu Xiangang, Hu Ying, Jia Xuefei, Bai Xiaoyuan, Ye Xiaojun, Li Kepeng, Pan Liang, Xue Yong, Xie Anming, Mei Jingting, Jin Tao, Ye Runguo, Sun Mingliang, Zhang Yuguang, Xu Yujia, Du Yuejin, Chen Caifang, Ke Yan, Zhang Yudong, Xu Yuqing, Zhang Shichang, Song Lingwei, Min Jinghua, Zheng Xinhua, Miao Guangsheng, Liu Yuling, Pan Zhengtai, Zhang Ruiqing, Ren Weihong, Ren Lanfang, Cai Xiaodan, Chang Ling, Zhao Bei, Zhang Dajiang, Tang Hailong, Sun Xiaojun, Li Zheng, Sun Qian, Zhao Jiang, Ma Hongxia, Lu Jin, Wang Chuan, Du Qingfeng, Xue Kun, Especially, Wang Wei, Zhang Yi, He Jun, Zhang Xing. Information security technology - Data security capability maturity model

1 Scope

This standard provides the maturity model architecture of the organization's data security capabilities; specifies the maturity level requirements for data collection security, data transmission security, data storage security, data processing security, data exchange security, data destruction security, general security.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) is applicable to this standard. GB/T 25069-2010 Information security technology - Glossary

3 Terms and definitions

The terms and definitions as defined in GB/T 25069-2010 and GB/T 29246- 2017, as well as the following terms and definitions apply to this document.

4 Abbreviations

The following abbreviations apply to this document.

5 DSMM architecture

Through the quantification of the security capabilities of each data security process of the organization, it evaluates the realization capability of each security process.

6 Data collection security

The data security capability requirements for this level are described as follows. Technical tools.

7 Data transmission security

The data security capabilities of this level are described as follows. Organizational construction. No mature and stable data transmission security and key management mechanisms have been established in any business; The data security capability requirements for this level are described as follows. Technical tools.

8 Data storage security

The data security capability requirements for this level are described as follows. Technical tools. The data security capability requirements for this level are described as follows.

9 Data processing security

The data security capability requirements for this level are described as follows. Technical tools. By adopting appropriate security control measures in the data analysis process, prevent the security risks of the leakage of valuable information and personal privacy, in the data mining and analysis process. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 37988-2019 be delivered?

Answer: The full copy PDF of English version of GB/T 37988-2019 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 37988-2019_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 37988-2019_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 37988-2019 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 37988-2019?

A step-by-step guide to download PDF of GB/T 37988-2019_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 37988-2019".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9