GB/T 39204-2022 English PDFUS$339.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 39204-2022: Information security technology - Cybersecurity requirements for critical information infrastructure protection Status: Valid
Basic dataStandard ID: GB/T 39204-2022 (GB/T39204-2022)Description (Translated English): Information security technology - Cybersecurity requirements for critical information infrastructure protection Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 18,199 Date of Issue: 2022-10-12 Date of Implementation: 2023-05-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 39204-2022: Information security technology - Cybersecurity requirements for critical information infrastructure protection---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology - Cybersecurity requirements for critical information infrastructure protection ICS 35.030 CSSL80 National Standards of People's Republic of China Information Security Technology Critical Information Infrastructure Security Protection Requirements Published on 2022-10-12 2023-05-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration directory Preface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Basic principles of security protection 1 5 Main contents and activities 2 6 Analysis and identification 2 6.1 Service Identification 2 6.2 Asset Identification 2 6.3 Risk identification3 6.4 Significant changes3 7 Safety protection 3 7.1 Network security level protection 3 7.2 Safety management system 3 7.3 Safety Management Agency 3 7.4 Safety Managers 3 7.5 Secure Communication Network 4 7.6 Secure Computing Environment 4 7.7 Safety Construction Management 5 7.8 Security operation and maintenance management 5 7.9 Supply Chain Security Protection 5 7.10 Data Security Protection 6 8 Detection and evaluation6 8.1 System 6 8.2 Method and content 6 9 Monitoring and early warning 7 9.1 Institution 7 9.2 Monitoring 7 9.3 Warning 8 10 Active Defense 8 10.1 Converging exposed surfaces 8 10.2 Attack detection and blocking 8 10.3 Offensive and defensive drills 8 10.4 Threat Intelligence 9 11 Incident handling 9 11.1 Institution 9 11.2 Emergency plans and drills 9 11.3 Response and Disposition 9 11.4 Re-identification 10 Reference 11 forewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" drafted. Please note that some content of this document may be patented. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This document is drafted by. Cybersecurity Coordination Bureau of the Central Cyberspace Administration of China, Cybersecurity and Protection Bureau of the Ministry of Public Security, China Electronic Technology Standardization Research Institute, China Information Security Evaluation Center, National Information Technology Security Research Center, National Computer Network Emergency Technology Handling Coordination Center, Public Security The Third Research Institute of the Ministry of Public Security, the First Research Institute of the Ministry of Public Security, Beijing Saixi Technology Development Co., Ltd., China Information Security Research Institute Co., Ltd., National Industrial Information Security Development Research Center, China Network Security Review Technology and Certification Center, China Internet Network Information Center. The main drafters of this document. Yang Jianjun, Guo Qiquan, Guo Tao, Yao Xiangzhen, Wang Huili, Zhu Guobang, Fan Chunling, Chen Liang, Song Jing, Sun Xiaoli, Zhou Yachao, Sun Jun, Ren Weihong, Li Qiuxiang, Jiang Diansheng, Yuan Jing, Gong Yue, Ren Zejun, Zhang Xinyue, Shangguan Xiaoli, Yang Chen, Wang Fengjiao, Cheng Na, Ma Li, Liu Zhilei, Yu Dongsheng, Chen Cuiyun, Liu Zhiyu, Ren Wang, Wei Jun, Huang Yuanfei, Wang Bo, Wang Jiao, Wang Bingzheng.IntroductionIn order to implement the "Network Security Law of the People's Republic of China" and the "Regulations on the Security Protection of Critical Information Infrastructure" on the protection of critical information infrastructure To implement the requirements of operational security, on the basis of the national network security level protection system, learn from relevant departments in my country to carry out network development in important industries and fields. The mature experience of network security protection work, absorb domestic and foreign measures in the security protection of critical information infrastructure, combined with my country's existing network Safety assurance system and other achievements, from the aspects of analysis and identification, safety protection, detection and evaluation, monitoring and early warning, active defense, incident handling, etc. Critical information infrastructure security protection requirements, take necessary measures to protect critical information infrastructure business continuity, and its important data from being protected Destroy and effectively strengthen the security protection of critical information infrastructure. Information Security Technology Critical Information Infrastructure Security Protection Requirements1 ScopeThis document specifies the analysis and identification of critical information infrastructure, security protection, detection and evaluation, monitoring and early warning, active defense, incident handling, etc. safety requirements. This document is applicable to instruct operators to carry out full life cycle security protection of critical information infrastructure, and can also be used for critical information infrastructure For reference and use by other relevant parties who implement security protection.2 Normative referencesThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to this document. GB/T 20984 Information Security Technology Information Security Risk Assessment Method GB/T 25069 Information Security Technical Terminology3 Terms and DefinitionsThe terms and definitions defined in GB/T 25069 and the following apply to this document. 3.1 Important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government, defense technology and industry domain, and other important matters that may seriously endanger national security, national economy and people’s livelihood, and public interests once they are destroyed, lose their functions, or have data leaked. Network facilities, information systems, etc. 3.2 supply chainsupplychain A family of organizations that ties together multiple resources and processes and establishes a continuous supply relationship based on a service agreement or other purchasing agreement. NOTE. Each of these organizations acts as a buyer, supplier or dual role. 3.3 The key business processes that make up one or more interrelated businesses of an organization.4 Basic principles of security protectionThe security protection of critical information infrastructure should be based on the network security level protection system, implement key protection, and follow the following basics. in principle. ---Overall prevention and control with key business as the core. The security protection of critical information infrastructure aims to protect critical business, One or more networks and information systems involved are systematically designed for security, and an overall security prevention and control system is constructed. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 39204-2022_English be delivered?Answer: Upon your order, we will start to translate GB/T 39204-2022_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 39204-2022_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 39204-2022_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
