GB/T 35274-2023 English PDFUS$499.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 35274-2023: Information security technology - Security capability requirements for big data services Status: Valid GB/T 35274: Historical versions
Basic dataStandard ID: GB/T 35274-2023 (GB/T35274-2023)Description (Translated English): Information security technology - Security capability requirements for big data services Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 26,283 Date of Issue: 2023-08-06 Date of Implementation: 2024-03-01 Older Standard (superseded by this standard): GB/T 35274-2017 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 35274-2023: Information security technology - Security capability requirements for big data services---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS 35.030 CCSL80 National Standards of People's Republic of China Replace GB/T 35274-2017 Information security technology Big data service security capability requirements Published on 2023-08-06 2024-03-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration Committee Table of contentsPreface III 1 Scope 1 2 Normative reference documents 1 3 Terms and Definitions 1 4 Overview 3 5 Big data organization management security capabilities 4 5.1 Policies and Procedures 4 5.2 Organization and personnel5 5.3 Asset Management 6 6 Big data processing security capabilities7 6.1 Data collection7 6.2 Data storage 8 6.3 Data usage 9 6.4 Data processing 10 6.5 Data transmission 12 6.6 Data provision12 6.7 Data disclosure13 6.8 Data destruction14 7 Big data service security risk management capabilities14 7.1 Risk identification14 7.2 Security protection15 7.3 Security monitoring17 7.4 Safety Check 18 7.5 Security response 18 7.6 Safe recovery 20 Reference 21ForewordThis document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents" Drafting. This document replaces GB/T 35274-2017 "Information Security Technology Big Data Service Security Capability Requirements" and is consistent with GB/T 35274- Compared with.2017, in addition to structural adjustments and editorial changes, the main technical changes are as follows. a) Deleted 5 data life cycle, data services, data exchange, data sharing and important data (see Chapter 3 of the.2017 edition) Terms and definitions, adding data processing, data security, data protection, data collection, data storage, data use, data processing, 11 terms and definitions of data transmission, data provision, data disclosure and data destruction (see Chapter 3), revised big data platform, Big data applications, big data systems, big data users, big data services, big data service providers and data supply chains (see section Chapter 3, Chapter 3 of the.2017 edition) Description of 7 terms and definitions; b) The overall requirements (see 4.1 of the.2017 version) and requirement classification (see 4.2 of the.2017 version) are deleted, and the overall content of the standard is revised. sorted out (see Chapter 4, 4.3 of the.2017 edition); c) Deleted service planning and management (see 5.4 of the.2017 version), data supply chain management (see 5.5 of the.2017 version) and compliance Management (see 5.6 of the.2017 edition), the policies and procedures, organization and personnel, and asset management security capability requirements have been modified (see 5.1, 5.2, 5.3,.2017 version of 5.1, 5.3, 5.2); d) Reorganized and changed data activity security for data collection, data transmission, data storage, data processing, data exchange and data destruction Requirements, data collection, storage, use, processing, transmission, provision, disclosure in accordance with the requirements of the Data Security Law and the Personal Information Protection Law The data processing process and destruction clarifies the big data processing security capability requirements of big data service providers (see Chapter 6,.2017 Chapter 6 of the annual edition); e) Added "big data service security risk management capabilities", from risk identification, security protection, security monitoring, security inspection, security impact The response and security recovery link stipulates the data security risk management capabilities of big data service providers in the operation of big data systems. (See Chapter 7); f) Deleted in Appendix A (see Appendix A of the.2017 version). Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents. This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260). This document was drafted by. Tsinghua University, Peking University, China Electronics Technology Standardization Institute, China Cyber Security Review Technology and Certification Center, China Information Security Evaluation Center, National Computer Network Emergency Technology Coordination Center, Sangfor Technology Co., Ltd., Zhejiang Ant Small and Micro Financial Services Group Co., Ltd., Beijing Kuaishou Technology Co., Ltd., Alibaba (China) Co., Ltd., Tencent Cloud Computing (Beijing) Beijing) Co., Ltd., Institute of Information Engineering, Chinese Academy of Sciences, Huakong Qingjiao Information Technology (Beijing) Co., Ltd., Beijing Tianrongxin Network Security Quan Technology Co., Ltd., Beijing Volcano Engine Technology Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Shanghai Guanan Information Technology Co., Ltd. Ltd., Huawei Technologies Co., Ltd., Beijing Qihu Technology Co., Ltd., Venus Information Technology Group Co., Ltd., China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology), Beijing Shuanxing Technology Co., Ltd., Shanghai Fuyuan Technology Service Co., Ltd. Co., Ltd., Hangzhou Shiping Information Technology Co., Ltd., Beijing Xinan Century Technology Co., Ltd., Lenovo (Beijing) Co., Ltd., Hangzhou Anheng Information Technology Co., Ltd., Chengdu Guardian Information Industry Co., Ltd., Shanghai 30 Guardian Information Security Co., Ltd., Shaanxi Province Information Engineering Research Institute, Shanghai SenseTime Intelligent Technology Co., Ltd., Beijing Shenzhou Green Alliance Technology Co., Ltd., Beijing Baidu Netcom Technology Co., Ltd. Company, Zhejiang Dahua Technology Co., Ltd., and Beijing Tengyun Tianxia Technology Co., Ltd. The main drafters of this document. Ye Xiaojun, Xie Anming, Wu Di, Wang Jianmin, Zhao Yinghua, Xu Yujia, Liu Xiangang, Chen Xingshu, Zhao Yunwei, Song Botao, Bai Xiaoyuan, Luo Hongwei, Chen Chi, Jin Chen, Ye Runguo, Chen Xing, Zha Haiping, Xie Jiang, Liu Yuhong, Li Jiaojiao, Zhang Yajing, Lan Anna, Li Shiqi, Hu Ying, Jin Tao, Min Jinghua, Wang Yongxia, Ge Xiaoyu, Zhang Yi, Du Jing, Zhou Runsong, Chen Hongyun, Yang Baolei, Ding Guohui, Wu Gao, Wang Yalu, Xu Hao, Wang Haitang, Zhang Yu, Ma Hongxia, Liu Yuling, Wang Qinglei, Weng Huihui, Pan Zhengtai, Ge Mengying. The previous versions of this document and the documents it replaces are as follows. ---First published as GB/T 35274-2017 in.2017; ---This is the first revision. Information security technology Big data service security capability requirements1 ScopeThis document stipulates the big data service security capability requirements of big data service providers, including big data organizational management security capabilities, big data According to the requirements of processing security capabilities and big data service security risk management capabilities. This document is applicable to guide the construction of big data service security capabilities of big data service providers, and is also applicable to third-party organizations’ use of big data security capabilities. Evaluate the service provider’s big data service security capabilities.2 Normative reference documentsThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to this document. GB/T 5271 (all parts) Information technology vocabulary GB/T 25069-2022 Information security technical terms GB/T 35273-2020 Information Security Technology Personal Information Security Specifications GB/T 35295-2017 Information technology big data terminology3 Terms and definitionsGB/T 5271 (all parts), GB/T 25069-2022, GB/T 35273-2020 and GB/T 35295-2017 and the following terms and definitions apply to this document. 3.1 big databigdata It has the characteristics of huge volume, diverse sources, extremely fast generation, adaptable to change, etc., and is difficult to be effectively processed by traditional data architecture. Data from large datasets. [Source. GB/T 35295-2017,2.1.1] 3.2 data handlingdatahandling System execution of data operations to achieve specific purposes of data collection, storage, use, processing, transmission, provision, disclosure, destruction, etc. Activity. Note. Data operations include mathematical operations or logical operations on data, merging or classifying data, text operations, storage, retrieval, display or printing, and data mining. Analysis, data visualization, etc. [Source. GB/T 5271.1-2000,01.01.06, with modifications] 3.3 data collectiondatacollection According to specific purposes and requirements, select and obtain data from one or more data sources, and clean, identify, load, etc. the data. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 35274-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 35274-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 35274-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 35274-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 35274-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 35274-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
