Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GA 1277.1-2020 English PDF

US$419.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GA 1277.1-2020: Security management requirements for internet interactive service - Part 1: Basic requirements
Status: Valid

GA 1277.1: Historical versions

Standard IDUSDBUY PDFLead-DaysStandard Title (Description)Status
GA 1277.1-2020419 Add to Cart 4 days Security management requirements for internet interactive service - Part 1: Basic requirements Valid
GA 1277-2015439 Add to Cart 3 days Information security technology. Security protection requirements for internet interactive service Obsolete

Similar standards

GB/T 37230   GA/T 1255   GB 13954   GA 1277.6   GA 1277.11   GA 1277.10   

Basic data

Standard ID: GA 1277.1-2020 (GA1277.1-2020)
Description (Translated English): Security management requirements for internet interactive service - Part 1: Basic requirements
Sector / Industry: Public Security (Police) Industry Standard
Classification of Chinese Standard: A90
Classification of International Standard: 35.240
Word Count Estimation: 18,139
Date of Issue: 2020-01-16
Date of Implementation: 2020-03-01
Issuing agency(ies): Ministry of Public Security

GA 1277.1-2020: Security management requirements for internet interactive service - Part 1: Basic requirements


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
(Internet interconnection service security management requirements - Part 1.Basic requirements) ICS 35.240 A90 People's Republic of China Public Safety Industry Standard Replace GA 1277-2015 Internet interactive service security management requirements Part 1.Basic requirements 2020-01-16 released 2020-03-01 Implementation Issued by the Ministry of Public Security of the People's Republic of China

Table of contents

Preface Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Safety management system 2 4.1 System and Regulation 2 4.2 Document Control 2 4.3 Record Control 3 5 Organization 3 5.1 Institutional requirements 3 5.2 Filing 3 5.3 Network and Information Security Organization 3 5.4 Network Security Police Office Work Support 3 6 Personnel safety management 3 6.1 Safety responsibilities and job responsibilities 3 6.2 Verification of key personnel 4 6.3 Safety training 4 6.4 Dismissal of personnel 4 7 Access control management 4 7.1 Access Management 4 7.2 Permission Assignment 4 7.3 Special permissions 4 7.4 Check of permissions 5 8 Safety technical measures 5 8.1 Network and system operation security 5 8.2 Data Security and Backup 5 8.3 Logs and user data records 5 9 Business Security 6 9.1 Safety assessment and reporting 6 9.2 User Management 6 9.3 Prevention and disposal of illegal and harmful information 7 9.4 Prevention of destructive procedures 8 10 Protection of Personal Information 8 10.1 Processing rules 8 10.2 Technical measures 8 10.3 Emergency response to personal information security incidents 8 11 Complaints 9 11.1 Complaint system 9 11.2 Acceptance and processing 9 11.3 Complaint channels 9 11.4 Record retention 9 12 Subcontracting service 9 12.1 Basic requirements 9 12.2 Subcontractor requirements 9 12.3 Items that cannot be subcontracted 9 13 Security Incident Management 9 13.1 Security incident classification 9 13.2 Emergency plan 10 13.3 Handling of Public Emergencies 10 13.4 Technical interface 10 Reference 11

Foreword

GA 1277 "Internet Interactive Service Security Management Requirements" is planned to be divided into multiple parts, including basic requirements and specific service types. Claim. The following parts are currently planned to be released. ---Part 1.Basic requirements; ---Part 2.Microblogging service; ---Part 3.Audio and video chat room service; ---Part 4.Instant messaging service; ---Part 5.Forum services; ---Part 6.Mobile application software publishing platform; ---Part 7.Cloud services; ---Part 8.E-commerce platform; ---Part 9.Search Service; ---Part 10.Internet car-hailing service; ---Part 11.Internet short-term housing services; This part is part 1 of GA 1277. This section was drafted in accordance with the rules given in GB/T 1.1-2009. This part replaces GA 1277-2015 "Information Security Technology Internet Interactive Service Security Protection Requirements", and GA 1277- The main technical changes compared to.2015 are as follows. ---Modified the standard name, from "Information Security Technology Internet Interactive Service Security Protection Requirements" to "Internet Interactive Service Security Management Requirements, and divided into multiple parts, this part is ``Part 1.Basic Requirements'' (see cover, cover of the.2015 edition); ---Modified the definition of "interactive Internet service" in "3 terms and definitions", and added "personal information" and "personnel in key positions" The definition of "personal information security incident" (see 3.1, 3.4, 3.5, 3.6, 3.1 in the.2015 edition); --- Revised "4.1 System and Regulations", added a safety responsibility system, information inspection system, safety incident monitoring, early warning, notification and Emergency response system, etc., and at the same time complete the content of "8.1 Operating Procedures" and place it in 4.1.1 (see 4.1, 4.1.3, and 4.1.1, 4.1.3, 8.1 of the.2015 edition); --- Modify "5 Institutional Requirements" to "5 Organizational Institutions", and "5.1 Legal Liability" to "5.1 Institutional Requirements" (see Chapter 5, 5.1, Chapter 5, 5.1 of the.2015 edition); ---Added the content of "5.2 Filing" (see 5.2); --- Modified "8 Network and Operation Security" to "8 Security Technical Measures", the original "8.2 Network and Host System Security" was modified to "8.1 Network and system operation security" and its content has been added (see Chapter 8, 8.1, Chapter 8, 8.2 of the.2015 edition); ---Modified "8.3 backup" to "8.2 data security and backup", and added its content (see 8.2, 8.3 in the.2015 edition); ---Modified "8.4 Security Audit" to "8.3 Log and User Data Record", and modified its content, such as combining the log and notes Separation of information in the booklet (see 8.3, 8.4 in the.2015 edition); --- Modified "9 application security" to "9 business security" (see Chapter 9, Chapter 9 of the.2015 edition); ---Added the effective verification method of user's real identity information based on biometrics [see 9.2.2a)]; ---Added technical measures for filtering illegal and harmful information [see 9.3.4)]; ---Modified the relevant content of "10.2 Technical Measures" (see 10.2, 10.2 of the.2015 edition); --- Modify "10.3 Handling of Personal Information Leakage Incidents" to "10.3 Handling of Personal Information Security Incidents", and modify the specific Content (see 10.3, 10.3 of the.2015 edition). This part was proposed by the Cyber Security Bureau of the Ministry of Public Security. This part is under the jurisdiction of the Information System Security Standardization Technical Committee of the Ministry of Public Security. This section was drafted. Cyber Security Bureau of the Ministry of Public Security, the Third Research Institute of the Ministry of Public Security. The main drafters of this section. Jin Bo, Chen Yan, Chen Feiyan, Gao Shuang, Deng Qi, He Yingrui, Wang Qinghua, Gu Wei, Chen Changsong. The previous releases of GA 1277.1 are as follows. ---GA 1277-2015. Internet interactive service security management requirements Part 1.Basic requirements

1 Scope

This part of GA 1277 specifies the security management requirements for Internet interactive services. This section applies to Internet interactive service providers to implement Internet security management systems and security technical measures.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 20985.1-2017 Information Technology Security Technology Information Security Incident Management Part 1.Principles of Incident Management GB/Z 20986-2007 Information Security Technology Information Security Incident Classification and Classification Guidelines GB/T 22239 Information Security Technology Network Security Level Protection Basic Requirements GB/T 35273-2020 Information Security Technology Personal Information Security Specification GA 1278-2015 Information Security Technology Internet Service Security Assessment Basic Procedures and Requirements

3 Terms and definitions

GB/T 22239, GB/T 20985.1-2017, GB/Z 20986-2007, GB/T 35273-2020 and GA 1278-2015 The defined and the following terms and definitions apply to this document. For ease of use, some terms and definitions in GB/T 35273-2020 are listed repeatedly below. 3.1 Internet interactive service Through the Internet, provide users with information to the public and related services based on information interaction. Note 1.Interactive forms include text, pictures, audio and video, etc. Note 2.Including but not limited to forums, communities, post bars, text or audio and video chat rooms, microblogs, blogs, instant messaging, e-commerce platforms, search, Internet appointments Internet information services such as cars, Internet short-term rentals, mobile downloads, shared storage, third-party payment, and cloud services. 3.2 Illegal and harmful information Violating national laws and regulations, endangering national security, honor and interests, public safety, social ethics, public order and good customs, and the personal and property security of citizens Information about legal rights and interests. 3.3 Destructive program Have the functions of computer information system or the unauthorized acquisition, deletion, addition, modification, interference, storage, processing and transmission of data Destruction and other functions of the program. ......
Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GA 1277.1-2020_English be delivered?

Answer: Upon your order, we will start to translate GA 1277.1-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GA 1277.1-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GA 1277.1-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GA 1277.1-2020?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GA 1277.1-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.