HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

JR/T 0071.1-2020 (JR/T 0071-2012) PDF English

US$160.00 · In stock · Download in 9 seconds
JR/T 0071-2012: Implementation guide for classified protection of information system of financial industry
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Obsolete

JR/T 0071: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
JR/T 0071.1-2020English479 Add to Cart 4 days Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 1: Fundamentals and vocabulary Valid
JR/T 0071-2012English160 Add to Cart 0-9 seconds. Auto-delivery Implementation guide for classified protection of information system of financial industry Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: JR/T 0071-2012
      

Similar standards

GB/T 19584   GB/T 12406   JR/T 0067   

JR/T 0071-2012: Implementation guide for classified protection of information system of financial industry


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/JRT0071-2012
JR FINANCIAL INDUSTRY STANDARD ICS 03.060 A 11 Implementation guide for classified protection of information system of financial industry Issued on: JULY 6, 2012 Implemented on: JULY 6, 2012 Issued by. The People's Bank of China

Table of Contents

Foreword... 4 Introduction... 5 1 Scope... 6 2 Normative references... 6 3 Terms and definitions... 8 3.1 Sensitive data... 8 3.2 Risk... 8 3.3 Security policy... 8 3.4 Security requirement... 9 3.5 Integrity... 9 3.6 Availability... 9 3.7 Weak password... 9 4 Guide Preparation Policy... 9 4.1 National requirements of classified protection... 9 4.1.1 Basic requirements... 10 4.1.2 Design requirements... 12 4.2 Guidelines... 13 4.2.1 Necessity of defense-in-depth design... 15 4.2.2 Significance of the combination between basic requirements and defense-in-depth design... 15 5 Information Security Assurance Framework... 16 5.1 General... 16 5.2 Technical system... 18 5.2.1 Computing environment... 19 5.2.2 Zone boundary... 21 5.2.3 Communication network... 22 5.2.4 Supporting facilities... 22 5.3 Management system... 22 6 Protection Requirements... 24 6.1 Level II requirements... 24 6.1.1 Technical requirements... 24 6.1.2 Management requirements... 32 6.2 Level III requirements... 48 6.2.1 Technical requirements... 48 6.2.2 Management Requirements... 65 6.3 Level IV requirements... 90 6.3.1 Technical requirements... 90 6.3.2 Management requirements... 109 Appendix A (Informative) Implementation Measures for Classified Protection ... 137 A.1 Network security... 137 A.1.1 Level II requirements and measures... 137 A.1.2 Level III requirements and measures... 145 A.1.3 Level IV requirements and measures... 158 A.2 Host security... 171 A.2.1 Level II requirements and measures... 171 A.2.2 Level III requirements and measures... 177 A.2.3 Level IV requirements and measures... 186 A.3 Application security... 196 A.3.1 Level II requirements and measures... 196 A.3.2 Level III requirements and measures... 201 A.3.3 Level IV requirements and measures... 209 A.4 Data security... 219 A.4.1 Level II requirements and measures... 219 A.4.2 Level III requirements and measures... 220 A.4.3 Level IV requirements and measures... 222 Appendix B (Informative) Selection of Security Requirements of Financial Industry and the Use Instructions... 225 Bibliography... 229

Foreword

This Standard is the first standard of the series "Classified Protection of Information System for Financial Industry". The structures and names of this series of standards are as follows. Implementation Guide for Classified Protection of Information System of Financial Industry; Guidance on Assessment of Classified Protection of Information System for Financial Industry; Guide for Assessment Service Security of Classified Information Security Protection of Financial Industry. This Standard was drafted according to the rules given in GB/T 1.1-2009. This Standard was proposed by the People's Bank of China. This Standard shall be under the jurisdiction of the National Technical Committee on Finance of Standardization Administration of China. Main drafting organization of this Standard. The Science and Technology Department of the People's Bank of China. Drafting organization of this Standard. China Financial Computerization Corp. Main drafters of this Standard. Wang Yonghong, Wang Xiaoqing, Zhang Yongfu, Wang Xiaoyan, Wang Haitao, Yang Jian, Bai Zhiyong, Shen Like, Xu Ming, Xu Ziqiang, Qiu Ningning, Li Fan, Zheng Kaiyi, Chen Guanghui, Zhao Yibin, Yang Ying, Zhou Qingbin. This Standard is first-time issued.

Introduction

Important information systems of financial industry are concerned in national welfare and people's livelihood, and are the principal objects of national information security protection. National functions for supervising information security are required to guide and supervise the information security protection works for their important information and information systems. Classified protection of information security, a basic system for information security assurance works, shall be run by the financial industry as one of the important information system industries. The progressing of classified protection for financial information security requires supports from a series of standard systems appropriate to the classified protection of financial industry, so as to regulate and supervise the operation of the classified protection. In this regard, the Science and Technology Department of the People's Bank of China has organized experts and technical personnel in classified security protection, allowing for the national systems and standards on classified protection of information security, so as to develop industry standards and implementation guidelines for the classified protection which are appropriate to the characteristics of financial industry and are practicable. According to the information system rating in financial industry, there is no Level V system; Level I systems are exempted from registration with public security authority and are not regarded as the key assessment objects. This Standard has deleted the requirements of the specific contents of organization assessment for Level I and V information systems. In this document, those which are in bold type and marked as Class F are the security requirements added according to the service characteristics of financial industry, and those which are in bold type but not marked as Class F are the requirements enhanced for the required in "Baseline for Classified Protection of Information System Security" (GB/T 22239-2008). Implementation... ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.