GY/T 337-2020 English PDFUS$399.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GY/T 337-2020: (Guidelines for the Classification of Radio and Television Network Security Level Protection) Status: Valid
Basic dataStandard ID: GY/T 337-2020 (GY/T337-2020)Description (Translated English): (Guidelines for the Classification of Radio and Television Network Security Level Protection) Sector / Industry: Radio, Film & TV Industry Standard (Recommended) Word Count Estimation: 16,197 Date of Issue: 2020-11-23 Date of Implementation: 2020-11-23 Regulation (derived from): Broadcasting-TV announcement (2020) No. 82 Issuing agency(ies): State Administration of Radio and Television GY/T 337-2020: (Guidelines for the Classification of Radio and Television Network Security Level Protection)---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Classification guide for classified protection of broadcasting cybersecurity The People's Republic of China Radio, Television and Network Audiovisual Industry Standards Guidelines for the Rating of Security Level Protection of Radio and Television Networks 2020-11-23 release 2020-11-23 implementation Issued by the State Administration of Radio and Television 1 Scope...1 2 Normative references...1 3 Terms and definitions...1 4 Principles and processes of grading...2 4.1 Safety protection level...2 4.2 Grading elements...2 4.3 Rating process...4 5 Determining the target of rating...4 5.1 Information System...4 5.2 Radio and TV network facilities...4 5.3 Data Resources...5 5.4 Classification of protection objects of radio and television network security levels...5 6 Preliminary determination of grade...5 6.1 Determining the object of infringement...5 6.2 Preliminary determination of the security protection level of the grading object...6 7 Expert review...6 8 Approval by the competent authority...6 9 Public security organ filing and review...6 10 Level change...6 Appendix A (Normative) Recommendations on the Classification of Objects for the Security Level Protection of Radio and Television Networks...7 Appendix B (Normative) Recommendations on the security protection level of the security level protection objects of the radio and television network...9 References...12 ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" Drafting. Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This document is under the jurisdiction of the National Radio, Film and Television Standardization Technical Committee (SAC/TC 239). Drafting organizations of this document. State Administration of Radio and Television Supervision Center, China Central Radio and Television Station, Beijing Radio and Television Station, China Cable Vision Network Co., Ltd., Beijing Gehua Cable TV Network Co., Ltd., Beijing Anxin Tianxing Technology Co., Ltd., Beijing Huayunan Information Technology Co., Ltd. The main drafters of this document. Li Yan, Duan Yao, Wang Changming, Cheng Lu, Ju Hongwei, Tang Feng, Bi Jiang, Deng Hui, Zhou Weirong, Huang Meiying, Xiao Guodong, Chai Xiaoyu, Gao Chenguang, Gao Gao, Li Yang, Peng Hailong, Wang Minghao. Guidelines for the Rating of Security Level Protection of Radio and Television Networks1 ScopeThis document describes the grading method and grading of the network security protection level of the relevant level protection objects of radio, television and network audio-visual program services Process. This document is applicable to the relevant grade guarantees of radio, television and online audiovisual program services within the territory of the People’s Republic of China and not involving state secrets. The work of grading the network security protection level of the protected object.2 Normative referencesThe contents of the following documents constitute the indispensable clauses of this document through normative references in the text. Among them, dated reference documents, Only the version corresponding to that date is applicable to this document; for undated references, the latest version (including all amendments) is applicable to this document. GB 17859-1999 Classification criteria for security protection grades of computer information systems GB/T 22240-2020 Information Security Technology Network Security Level Protection Rating Guidelines GB/T 25069-2010 Information Security Technical Terms GB/T 31167-2014 Information Security Technology Cloud Computing Service Security Guidelines3 Terms and definitionsGB 17859-1999, GB/T 22240-2020, GB/T 25069-2010 and GB/T 31167-2014 and the following terms defined And definitions apply to this document. 3.1 Target of classified protection The objects directly affected by the security level protection of radio and television networks. Note. It mainly includes information systems, radio and television network facilities and data resources. [Source. GB/T 22240-2020, 3.2, with modification] 3.2 Information system Applications, services, information technology assets or other information processing components. Note 1.Information systems usually consist of computers or other information terminals and related equipment, and perform information processing or processing in accordance with certain application goals and rules. 程控制。 Process control. Note 2.Typical information systems such as production, broadcasting, integration and other business systems, and operational support, business support, management support and other systems, cloud computing platform/ Systems and systems using mobile internet technology. [Source. GB/T 22240-2020, 3.3, with modification] 3.3 Broadcasting network infrastructure Network equipment and facilities that play a basic supporting role in the information circulation and network operation of radio and television and network audio-visual services. 3.4 Data resources A collection of data that has or is expected to have value. Note. Data resources mostly exist in electronic form. [Source. GB/T 22240-2020,3.5] 3.5 Object of infringement The social relations that are infringed upon the destruction of the objects of hierarchical protection that are protected by law. Note. Referred to as "object" in this document. [Source. GB/T 22240-2020, 3.6] 3.6 Objective The objective and external manifestations of the infringement on the object, including the method of infringement and the result of the infringement. [Source. GB/T 22240-2020, 3.7]4 Principles and processes of grading4.1 Safety protection level According to the degree of importance of the protection object in national security, economic construction, and social life, and once destroyed or lost function Or after data has been tampered with, leaked, lost, or damaged, it will affect national security, social order, public interest, citizens, legal persons, and other organizations. Factors such as the degree of infringement of the legitimate rights and interests of the people, the level of protection of the objects of protection is divided into the following five levels. a) At the first level, if the objects of hierarchical protection are damaged, it will damage the legal rights and interests of related citizens, legal persons and other organizations, but Do not endanger national security, social order and public interests; b) The second level, after the damage of the hierarchical protection object, it will cause serious damage to the lawful rights and interests of related citizens, legal persons and other organizations Or particularly serious damage, or harm to social order and public interests, but does not endanger national security; c) The third level, after the hierarchical protection object is damaged, it will cause serious harm to social order and public interests, or to national security Cause harm d) At the fourth level, if the objects of hierarchical protection are damaged, they will cause particularly serious harm to social order and public interests, or harm the country. Safety caused serious harm; e) The fifth level, the damage to the object of grade protection will cause particularly serious harm to national security. 4.2 Grading elements 4.2.1 Overview of grading elements The grading elements of graded protection objects include. a) The object of the infringement; b) The degree of infringement on the object. 4.2.2 Infringed object The objects that are infringed when the objects of hierarchical protection are destroyed include the following three aspects. a) The legitimate rights and interests of citizens, legal persons and other organizations; b) Social order and public interest; c) National security. Violation of the legitimate rights and interests of citizens, legal persons and other organizations refers to the social rights enjoyed by citizens, legal persons and other organizations that are protected by law And interests are harmed. Matters that violate social order include the following. -Affect the production order, teaching and research order, medical and health order of state agencies, enterprises, institutions, and social organizations; -Affect the order of activities in public places and the order of public transportation; -Affect the life order of the people; --Other matters affecting social order. Matters that violate the public interest include the following. -Influencing members of society to use public facilities; -Influencing members of society to obtain public data resources; --Influencing social members to receive public services, etc.; --Other matters that affect the public interest. Matters that violate national security include the following. -Affect the stability of the state power and the integrity of territorial sovereignty and maritime rights and interests; -Affect national unity, ethnic unity and social stability; -Affect the national socialist market economic order and cultural strength; --Other matters affecting national security. 4.2.3 Degree of infringement on the object The degree of infringement on the object is comprehensively determined by the different external manifestations of the objective aspects. Because the infringement of the object is through the protection of the class object The destruction of the object is realized, so the violation of the object is externally manifested as the destruction of the hierarchical protection object, through the violation method, the consequences of the violation and the violation Describe the degree. The degree of infringement on the object after the object of hierarchical protection is destroyed is divided into the following three types. a) cause general damage; b) cause serious damage; c) Cause particularly serious damage. The description of the three levels of infringement is as follows. a) General damage. job functions are partially affected, business capabilities are reduced, but the performance of main functions is not affected, and there are minor damages. Legal issues, low property losses, limited social adverse effects, and low damage to other organizations and individuals; b) Severe damage. work functions are severely affected, business capabilities are significantly reduced and the execution of main functions is severely affected. Legal issues, high property losses, large-scale social adverse effects, and high damages to other organizations and individuals; c) Particularly severe damage. work functions are particularly severely affected or incapacitated, business capacity is severely reduced or functions cannot be performed Business, there are extremely serious legal problems, extremely high property losses, large-scale social adverse effects, and other organizations and individuals Causes very high damage. 4.2.4 The relationship between grading elements and safety protection levels See Table 1 for the relationship between grading elements and safety protection levels. 4.3 Rating process The grading process of grading protection objects is as follows. a) Determine the grading object; b) Initially determine the grade; c) Expert review; d) Approval by the competent authority; e) Record and review by public security organs. The security protection level is preliminarily determined as the second and above level protection object, and its network operator organizes an expert evaluation based on this document. Review, approval by the competent authority, and record review, and finally determine its safety protection level. The safety protection level is initially determined as the first level protection Target, its network operator can refer to this document to determine the final security protection level on its own, without expert review, approval and preparation by the competent authority Case review.5 Determine the rating object5.1 Information System 5.1.1 Basic characteristics of the grading object The information system that is the target of grading should have the following basic characteristics. a) Have a definite main security responsibility subject; b) To carry relatively independent business applications; c) Contain multiple resources that are related to each other. 5.1.2 Cloud computing platform/system In the cloud computing environment, for units that build public clouds, the business system on the cloud service client side and the cloud computing platform on the cloud service provider side must be separate As a separate grading object, the cloud computing platform/system is divided into different grading objects according to different service modes. Rent public cloud services The business system that it uses running on the cloud computing platform will be graded. Units using private cloud, according to the business system carried The highest level of the private cloud is rated, and the business system running on the private cloud can be independently rated; if the private cloud carries a single business System, and the private cloud and business system are operated and maintained by the same security responsible entity, and can be combined and rated. 5.1.3 Systems using mobile internet technology The system using mobile internet technology mainly includes characteristic elements such as mobile terminals, mobile applications, and wireless networks. Establish a grade or grade together with the related business system, and each element is not graded separately. 5.2 Radio and television network facilities Network facilities such as radio and television transmission networks should be divided into different types according to factors such as the subject of security responsibility, business type, or service area. The rating object. When the subject of security responsibility is the same, the cross-regional private network can be rated as a whole object; when the subject of security responsibility is not At the same time, it needs to be divided into several grading objects according to the main body of security responsibility and service area. 5.3 Data Resources Data resources can be graded individually. When the subjects of security responsibility are the same, big data and big data platforms/systems should be defined as a whole object. Level; when the security responsibility subjects are different, big data and big data platforms/systems should be independently rated. 5.4 Classification of protection objects of radio and television network security levels According to the actual situation of the radio and television industry, in accordance with the basic characteristics of the grading object, comprehensively consider the responsible unit, business type and industry The importance of services and other factors, the security level protection objects of the radio and television network are classified according to the type of organization and the type of business carried, and should be used Recommendations in Appendix A. For relatively large network facilities and information systems, in order to reflect the principle of hierarchical protection and optimizing the allocation of information security resources, the It is divided into multiple rating objects. If the responsibility boundaries of the hierarchical protection objects are consistent and the business relevance is relatively large, multiple departments in Appendix A can also be The system is merged into one level protection object for grading.6 Preliminary determination of grade6.1 Determine the subject of infringement 6.1.1 Objects that are infringed when the rating object is destroyed The security of grading objects mainly includes business information security and system service security. The security protection level is determined by business information security and system... ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GY/T 337-2020_English be delivered?Answer: Upon your order, we will start to translate GY/T 337-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GY/T 337-2020_English with my colleagues?Answer: Yes. The purchased PDF of GY/T 337-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
