GB/T 37138-2018 English PDFUS$519.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 37138-2018: Implementation guide for cyber security classified protection of electric power information system Status: Valid
Basic dataStandard ID: GB/T 37138-2018 (GB/T37138-2018)Description (Translated English): Implementation guide for cyber security classified protection of electric power information system Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: F07 Classification of International Standard: 35.240.50 Word Count Estimation: 26,215 Date of Issue: 2018-12-28 Date of Implementation: 2019-07-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 37138-2018: Implementation guide for cyber security classified protection of electric power information system---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Implementation guide for cyber security classified protection of electric power information system ICS 35.240.50 F07 National Standards of People's Republic of China Power Information System Security Level Protection Implementation Guide Published on.2018-12-28 2019-07-01 implementation State market supervision and administration China National Standardization Administration issued ContentForeword III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Level Protection Implementation Overview 2 4.1 Basic Principles 2 4.1.1 Structure Priority Principle 2 4.1.2 Joint Protection Principle 2 4.1.3 Security Controllable Principle 2 4.1.4 Stereoscopic Defense Principle 2 4.2 Roles and responsibilities 2 4.2.1 Power Information System Operation Unit 2 4.2.2 Power dispatching agency 3 4.2.3 Power Information System Security Service Agency 3 4.2.4 Power Information System Security Level Evaluation Agency 3 4.2.5 Power Information System Security Product Provider 3 4.2.6 Power Information System Supplier 3 4.2.7 Power Information System Design Unit 4 4.2.8 Administration 4 4.3 Basic activities implemented 4 5 Rating and filing 5 5.1 Process of grading and filing stage 5 5.2 Grading object analysis 5 5.2.1 Analysis of Power Information System 5 5.2.2 Rating object determination 6 5.3 Security protection level determination 7 5.3.1 Rating, review and approval 7 5.3.2 Forming a rating report 7 5.4 Rating results record 7 6 Assessment and evaluation 7 6.1 Process of Assessment and Evaluation 7 6.2 Ratings 9 6.2.1 Evaluation agency selection 9 6.2.2 Assessment preparation 9 6.2.3 Programme preparation 10 6.2.4 On-site assessment 10 6.2.5 Analysis and Reporting 11 6.3 Power Monitoring System Security Protection Assessment 12 6.3.1 Evaluation form selection 12 6.3.2 Evaluation preparation 12 6.3.3 Site assessment 13 6.3.4 Analysis and report preparation 13 7 Safety rectification 14 7.1 Process of safety rectification 14 7.2 Rectification plan development 14 7.3 Security rectification implementation 15 7.4 Safety rectification acceptance 16 8 Return 16 8.1 Process of the power information system return phase 16 8.2 Information Transfer, Staging and Clearance 16 8.3 Equipment Migration or Return 17 8.4 Clearing or Destroying Storage Media 17 Reference 19ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents. This standard was proposed by the National Energy Administration. This standard is under the jurisdiction of the National Electricity Regulatory Standardization Technical Committee (SAC/TC296). This standard was drafted. National Energy Administration Information Center, China Southern Power Grid Corporation, National Power Investment Corporation, China Three Gorges Group Company, Global Energy Internet Research Institute Co., Ltd., Beijing Zhuozhi Netan Technology Co., Ltd., China Electric Power Research Institute Limited Company, State Grid Electric Power Research Institute Co., Ltd., Guodian Nanjing Automation Co., Ltd., China Southern Power Grid Science Research Institute Limited Liability Company, China Software Testing Center. The main drafters of this standard. Liang Jianyong, Hu Hongsheng, Wang Baoxi, Chen Xuehong, Yin Yuqing, Li Huan, Ye Shichao, Tao Wenwei, Wang Jing, Li Shuzhao, Zhang Wei, Mao Wei, Fang Lei, Zhao Ting, Jiao Anchun, Gao Yankun, Yu Xuejun, Li Ling, Liu Yuchen, Wu Guohua, Qin Xuejia, Ding Xiaoyu, Liu Wei, Zhang Min, Yu Baokun, Zhang Wuyi, Xu Aidong, Chen Huajun, Meng Jiaxiao, Zhou Feng, Hao Xin.IntroductionTo standardize the process, content and method of power information system security level protection implementation, strengthen the security management of power information system, and prevent The infringement of the power network system caused by cyber attacks, ensuring the safe and stable operation of the power system, and formulating according to relevant national and industry policies. This standard. In the process of implementing the network security level protection of the power information system, in addition to using this standard, it should also refer to it at different stages. He works on standards for cyber security level protection. Power Information System Security Level Protection Implementation Guide1 ScopeThis standard specifies the basic principles, roles and responsibilities of the implementation of the security level protection of power information systems, as well as grading and filing, evaluation and Basic activities such as assessment, safety rectification, and return shipping. This standard is applicable to the implementation of the safety level protection of power information systems.2 Normative referencesThe following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article. Pieces. For undated references, the latest edition (including all amendments) applies to this document. GB/T 20984 Information Security Technology Information Security Risk Assessment Specification GB/T 22239 Information Security Technology Information System Security Level Protection Basic Requirements GB/T 25058 Information Security Technology Information System Security Level Protection Implementation Guide GB/T 25069 Information Security Technology Terminology3 Terms and definitionsThe following terms and definitions as defined in GB/T 25069 and GB/T 25058 apply to this document. 3.1 Electric power information system electricpowerinformationsystem An information system related to production control and management operations of power companies. Note. According to various factors such as the responsibility unit of the information system, business type and business importance and physical location difference, it can be divided into management information system and power supervision. Control system. 3.2 Management information system managementinformationsystem An information system that supports the management and operation of power companies. Note. Includes portal system, financial management system, human resource management system, etc. 3.3 Power monitoring system electricpowersupervisionandcontrolsystem Computer and network technology-based business systems and smart devices for monitoring and controlling power production and supply processes, and as Basic support for communication and data networks. Note. including power data acquisition and monitoring system, energy management system, substation automation system, converter station computer monitoring system, power plant computer monitoring Systems, distribution automation systems, microcomputer relay protection and safety automation devices, wide-area phasor measurement systems, load control systems, water-conditioning automation systems and Water elevator level dispatching automation system, electric energy metering system, auxiliary control system of real-time power market, power dispatching data network, etc. 3.4 Production control area productioncontrolzone A safety zone consisting of a power monitoring system with data acquisition and control functions, longitudinal connection using a dedicated network or dedicated channels. Note. Generally include control area and non-control area. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 37138-2018_English be delivered?Answer: Upon your order, we will start to translate GB/T 37138-2018_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 37138-2018_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 37138-2018_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
