Path:
Home >
GB/T >
Page208 > GB/T 38249-2019
Price & Delivery
US$359.00 · In stock · Download in 9 secondsGB/T 38249-2019: Information security technology - Security guide of cloud computing services for government website
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 38249-2019 | English | 359 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology - Security guide of cloud computing services for government website
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 38249-2019 (GB/T38249-2019) |
| Description (Translated English) | Information security technology - Security guide of cloud computing services for government website |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.040 |
| Word Count Estimation | 18,154 |
| Date of Issue | 2019-10-18 |
| Date of Implementation | 2020-05-01 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 38249-2019: Information security technology - Security guide of cloud computing services for government website
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology--Security guide of cloud computing services for government website
ICS 35.040
L80
National Standards of People's Republic of China
Information security technology
Government Website Cloud Computing Service Security Guide
Published on.2019-10-18
2020-05-01 implementation
State market supervision and administration
China National Standardization Administration issued
Content
Foreword III
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Overview 1
4.1 Security Role 1
4.2 Cloud Computing Service Lifecycle 2
5 Planning Preparation 2
5.1 Overview 2
5.2 Security Responsibilities 3
5.3 Demand Analysis 3
5.4 Service provider selection 5
5.5 Contract Signing 5
5.6 Cloud Migration Solution 6
6 Deployment Migration 6
6.1 Overview 6
6.2 Security Responsibilities 6
6.3 Cloud Migration Implementation 7
6.4 Cloud Migration Delivery 8
7 Operation Management 9
7.1 Overview 9
7.2 Security Responsibilities 9
7.3 Security 10
7.4 Safety Monitoring 10
7.5 Emergency response 10
7.6 Evaluation Improvement 11
8 service exit 11
8.1 Overview 11
8.2 Security responsibilities 11
8.3 Service Exit Security 12
Reference 13
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents.
This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted. Xi'an Future International Information Co., Ltd., Alibaba Cloud Computing Co., Ltd., China Electronic Technology Standardization Research
Research Institute, Sichuan University, Beijing Information Security Evaluation Center, National Information Technology Security Research Center, Huawei Technologies Co., Ltd., Hangzhou Anhengxin
Technology Co., Ltd., Beijing Anxin Tianxing Technology Co., Ltd., Beijing Jingdong Shangke Information Technology Co., Ltd., Shenxin Service Technology Co., Ltd.
Company, Beijing Times Vision Information Technology Research Institute, China Telecom Group Co., Ltd., Capital Window, Fiberhome Technology Group Co., Ltd., Hangzhou
Dip Technology Co., Ltd., Guangzhou Saibao Certification Center Service Co., Ltd., Northwest University.
The main drafters of this standard. Liu Xianang, Chen Xingyu, Ye Runguo, Wang Wei, Shi Chenxi, Liu Junhe, Bai Feng, Zhang Lei, Zhang Hui, Shi Hui, Shen Xiyu,
Chen Xuexiu, Zhao Zhangjie, Qi Tao, Zhou Jun, Zhong Jinxin, Li Yuan, He Ming, Liu Guowei, Jiang Zhou, Sun Wei, Lu Yi, Zhang Yue, Wang Tao, Li Ruitao, Huang Shaoqing,
Xu Yuna, Pang Siming, Qi Yujie, Jia Siqi, Zhou Liyong, Shang Tao, Zhao Shaomin.
Introduction
In the context of vigorously promoting government websites to choose cloud services, cloud computing has received widespread attention. In the cloud computing service model, in most
While traditional information security issues still exist, there are also some new security risks.
GB/T 31167 proposes the basic requirements for security management of cloud computing services by government departments, and the life cycle of cloud computing services.
Phase safety management and technical requirements.
This standard gives the government website the security responsibility of adopting various participating roles in the cloud computing service, and refines the cloud service provider and cloud service.
The agent's security responsibilities can be used to guide the construction of website security for government agencies that use cloud computing services.
Information security technology
Government Website Cloud Computing Service Security Guide
1 Scope
This standard gives the government website the process of adopting cloud computing services, in the stages of planning preparation, deployment migration, operation management, and service exit.
Safety technical measures and safety management measures.
This standard is applicable to the construction and operation guidance for government websites that use cloud computing services, especially socialized cloud computing services.
2 Normative references
The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article.
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
GB/T 25069 Information Security Technology Terminology
GB/T 31167 Information Security Technology Cloud Computing Service Security Guide
GB/T 31168 Information Security Technology Cloud Computing Service Security Capability Requirements
GB/T 31506-2015 Information Security Technology Government Portal Website System Security Technical Guide
3 Terms and definitions
The following terms and definitions as defined in GB/T 25069 and GB/T 31167 apply to this document.
3.1
Cloud service agent cloudserviceagent
Responsible for supporting or facilitating negotiations between cloud service customers and other cloud service providers.
Note. including website developers, system integrators, security service providers, etc.
3.2
Government website governmentwebsite
A website established by government agencies to publish government information, provide online services, and conduct interactive exchanges.
Note. Includes pages that provide users with presentation and interaction features, applications that generate and process pages, middleware, and more.
4 Overview
4.1 Security role
The process of cloud service customers purchasing and using cloud computing services, the main roles and relationships of participation are shown in Figure 1.
...
