Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

HJ 729-2014 English PDF

Q: How long will the true-PDF of English version of HJ 729-2014 be delivered?

Upon your order, we will start to translate HJ 729-2014_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.

Q: Can I share the purchased PDF of HJ 729-2014_English with my colleagues?

Yes. The purchased PDF of HJ 729-2014_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Q: Does the price include tax/VAT?

Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Avoidance of Double Taxation Agreements (DTAs) between Singapore and 100+ Countries: https://www.iras.gov.sg/taxes/international-tax

Q: Do you accept my currency other than USD?

Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

US$1119.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
HJ 729-2014: Security specification of environmental information system
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
HJ 729-2014	1119	Add to Cart	7 days	Security specification of environmental information system	Valid

Similar standards

HJ 511 HJ 945.3 HJ 943

Basic data

Standard ID: HJ 729-2014 (HJ729-2014)
Description (Translated English): Security specification of environmental information system
Sector / Industry: Environmental Protection Industry Standard
Word Count Estimation: 43,443
Date of Issue: 12/25/2014
Date of Implementation: 3/1/2015
Regulation (derived from): Ministry of Environmental Protection notice 2014 No. 87
Issuing agency(ies): Ministry of Ecology and Environment

HJ 729-2014: Security specification of environmental information system

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Security specification of environmental information system National Environmental Protection Standard of the People 's Republic of China Environmental Information System Security Technical Specification 2014-12-25 release 2015-03-01 Implementation Ministry of Environmental Protection released Directory Preface .ii

1 Scope of application

2 normative reference documents

3 Terms and Definitions

4 protection object .2

5 safety objectives

6 overall safety architecture 3

7 Information security protection method

8 Physical security .7 9 network security .9 10 Host Security 12 11 application safety 12 Data Security and Backup Recovery System construction 14 system operation and maintenance 21 Appendix A (Normative Appendix) Environmental Information System Terminals and Office Security Requirements Appendix B (normative) Environmental information systems Different levels of safety requirements Appendix C (Informative Annex) Examples of Safety Building for Large Environmental Information Systems

Foreword

To implement the "Environmental Protection Law of the People's Republic of China" to promote environmental information work, strengthen and regulate the environmental letter Safety system construction and management, to ensure the safety of environmental information systems, the development of this standard. This standard specifies the physical security of the environmental information system, network security, host security, application security, data security and Backup and recovery, system construction, system operation and maintenance, terminal and office security aspects of security requirements. Appendix A and Appendix B of this standard are normative and Appendix C is an informative appendix. This standard is released for the first time. This standard is organized by the Ministry of Environmental Protection Science and Technology Standards Division. The main drafting of this standard. the Ministry of Environmental Protection Information Center, Beijing Shenzhou Green UNITA Technology Co., Ltd. The Environmental Protection Department of this standard approved on December 25,.2014. This standard is implemented on March 1,.2015. This standard is explained by the Ministry of Environmental Protection. Environmental Information System Security Technical Specification

1 Scope of application

This standard specifies the physical security of the environmental information system, network security, host security, application security, data security and backup recovery, System construction, system operation and maintenance, terminal and office security security requirements. This standard applies to the national environmental protection business network within the environmental information system planning, design, development, operation and maintenance of the various stages segment.

2 normative reference documents

The contents of this standard refer to the following documents or their terms. For undated references, the valid version applies to this standard. Information technology - Glossary GB/T 5271.8-2001 Classification of safety information for computer information systems GB/T 17859-1999 Information security technology - Network - based security - Technical requirements GB/T Information security technology - Information systems - General safety technical requirements GB/T 20271-2006 Information security - Technical information systems - Safety engineering management requirements GB/T 20282-2006 Information systems - Disaster recovery specification GB/T 20988-2007 Information security - Technical information systems - Physical safety - Technical requirements GB/T Information system - Security level - Basic requirements for protection GB/T 22239-2008 Information security - Technical information systems - Safety - rating - Guidelines for the protection of grading GB/T 22240-2008 Information security - Technical information system - Level protection - Safety design - Technical requirements GB/T 25070-2010 Code for design of power supply and distribution system GB/T Code for design of room for electronic information system GB/T 50174-2008 Guide for Environmental Information Standard

3 terms and definitions

GB/T 5271.8-2001 Section VIII. Terms and definitions established in safety, and the following terms and definitions apply to this standard. 3.1 information system information system The sum of the entire infrastructure, organizational structure, personnel, and components used to collect, process, store, transmit, distribute, and deploy information. 3.2 Information system security information system security Use reasonable security measures to protect information from information systems that are not accessed by unauthorized users during storage, processing, or transmission, and To ensure that authorized users can use the system properly. 3.3 confidentiality confidentiality The nature of the data, indicating the extent to which the data is not provided or not disclosed to an unauthorized person, process, or other entity. 3.4 integrity integrity To ensure that information and information systems are not intentionally or unintentionally altered or destroyed. 3.5 availability availability To ensure that information and communication services can be used as expected. 3.6 security domain security domain A logical range or area where the information units in the same security zone have the same or similar security level or security requirements The administrator of the security service defines and implements a unified security policy. It is an area that is divided from the point of view of the security policy. Threatening threat From outside the information system, through unauthorized access, destruction, disclosure, data modification and/or denial of service to information systems Any environment or event that causes potential harm. 3.8 risk risk The performance is a possibility that is determined by the likelihood of a threat, the adverse effects that can be caused by the threat, and the severity of the impact.

4 protection object

Environmental information system security protection object, including the national environmental protection business within the scope of the network of information networks, business systems, environmental information And its physical environment, supporting infrastructure and safety equipment and so on. 4.1 Environmental Information Network Environmental information system security protection network object is the national environmental protection business network within the scope of the various information networks, national environmental protection Business network, including national, provincial, city, county four, network structure shown in Figure 1. Figure 1 Schematic diagram of the network structure of the environmental protection business network 4.2 Environmental Information Application System Environmental information system security protection business object is the environment information system to run various types of environmental business application system, according to HJ 511-2 009, environmental information system according to business application type can be divided into environmental protection core business application system and integrated application system two categories, including. A) Environmental protection core business applications include environmental monitoring management, pollution monitoring and management, ecological protection management, nuclear safety and radiation Management, environmental emergency management information system. The role of each system are. 1) Environmental monitoring management information system for the realization of the national environmental quality data (including ambient air, surface water, groundwater, Sound environment, coastal waters, acid rain, dust storms and other data) management, and covers ecological monitoring, pollution monitoring and other business; 2) pollution control management information system covering pollution control management, environmental monitoring and management and environmental impact assessment and environmental statistics, etc. business; 3) Ecological protection management information system covers regional ecological environment management, rural environmental protection management, biodiversity conservation and so on Service 4) Nuclear safety and radiation management information system covers nuclear facilities and materials supervision and management, radioactive source supervision and management, radiation environmental monitoring management; 5) environmental emergency management information system covering environmental emergency command and dispatch, environmental emergency monitoring and management, environmental emergency decision support, Environmental emergency site disposal management, environmental emergency assessment after the business. B) The comprehensive application system of environmental protection includes all kinds of administrative office management information system, environmental protection government website, environmental science and technology management letter Policy system, environmental policy and regulations management information system, environmental finance and asset management information system and environment foreign affairs management information system And so on, for the core business applications to provide support and service applications. 4.3 Environmental information The information object of environmental information system security protection is all kinds of business and office information in environmental information system, among which information type is divided into public Open information and departmental information, according to different types of information should take different protective measures, of which. Public information is on the Internet can be fully open to the public environmental information, the protection of public information should ensure the integrity of the information and Availability. Departmental information is limited to access to environmental protection departments at all levels, including the work should not be public information, the government's trade secrets, a Privacy and so on. Department of information is divided into departmental public information and departmental control of two kinds of information, departmental public information to allow all levels of environmental protection departments Personnel visits, departmental controlled letters need to be authorized to allow environmental protection departments at all levels to access.

5 safety objectives

Environmental Information System Safety objective is to maintain the sustainable availability and reliability of environmental information systems and to provide for the normal operation of national environmental protection Strong support, protection of environmental information systems in the information network, business systems, environmental information and its physical environment, supporting infrastructure Facilities and facilities, etc., to prevent illegal attacks and damage from inside and outside. Environmental information system security construction should be consistent with the relevant requirements of the national information security standards, in accordance with the relevant provisions of national level protection, Test the international safety standards, and to risk prevention as the core to strengthen the construction of environmental information security. Information on environmental information systems The issue of confidentiality shall be subject to the relevant provisions of national secrecy.

6 overall safety architecture

Environmental information system security system based on the risk assessment, through the safety management system, the construction of security technology system is not The same level of protection of objects, different security domain security. Environmental information system security system shown in Figure 2. Figure 2 environmental information system security system The construction of safety management system should be carried out in the maintenance and operation phase of information system construction and information system, including safety system, safety organization, person Security technology system should include physical security, network security, host security, application security, data security and backup recovery, Safety technology system construction should attach importance to the development of unified support platform, all kinds of security technology and products and centralized security management platform construction. This standard is based on the basic requirements of the national level protection on the basis of the environmental information system security requirements of the technical requirements, including Including physical security, network security, host security, application security, data security and backup and recovery, information system construction, information system operation and maintenance Of the safety requirements, where the terminal and office security according to Appendix A implementation. The environmental information system in the security construction process according to Appendix B phase Level of security requirements for the implementation of security protection.

7 Information security protection method

7.1 Features of environmental information systems According to the environmental protection work characteristics, environmental information system has some special safety requirements, in the security construction process should consider the following Features. A) to meet the environmental monitoring, environmental statistics, ecological monitoring and other business needs, for the environmental monitoring business information network, system and set Should consider the safety requirements of mobile monitoring, remote operation and office; B) More stringent safety technical measures should be implemented in the information systems for nuclear safety and radiation management in the environmental protection business; C) Emergency enforcement of environmental emergency response to environmental incidents, information systems and facilities for emergency command should strengthen security and security Set up to enhance business reliability protection; D) The national environmental protection business network may be interconnected with other information systems, networks and applications according to the needs of the business. Through strict security technology and management measures to ensure that external access to the information system will not be caused by the national environmental protection business network Adverse effects E) Environmental information including environmental monitoring, environmental statistics, environmental assessment, basic geographic information, etc. is the environmental protection business base Should be related to the implementation of data security, to ensure data security. For the environmental protection business-specific business system security protection, in the implementation of national level protection on the basis of information security should be through the wind Risk assessment to identify risk factors, to take targeted safety protection measures. 7.2 Environmental information system security construction requirements The construction of environmental information system shall conform to the requirements of GB/T 22240-2008, correctly classify the environmental information system security level, and according to the grade Protection of the requirements of the design, construction, operation and maintenance work. The construction of environmental information system should follow the relevant regulations of GB/T 17859-1999, GB/T 20271-2006 and GB/T 22239-2008 set. Should be based on the importance of environmental information and different categories, to take different protective measures, the implementation of classification protection; according to the information system and the number According to the importance of the sub-domain storage, the implementation of sub-domain protection and inter-domain security exchange, the implementation of sub-domain control. According to the relevant requirements of national level protection, environmental information system does not allow storage, transmission, processing of national secret information. 7.3 Safety construction implementation method According to the relevant requirements of the level of protection, the implementation of environmental information system security construction method is. A) determining the safety level of the environmental information system according to the classification rules protected by the information security level; B) determining the basic safety requirements corresponding to the information system security level, in accordance with the information security level protection requirements; C) risk and implementation of information systems based on the basic security requirements of the information system and the integration of environmental information systems security technical requirements The cost of safety protection measures, the customization of safety protection measures, the identification of safety protection measures applicable to specific environmental information systems, According to the relevant requirements of the specification to complete the planning, design, implementation, acceptance and operation. 7.4 Safety construction implementation process The implementation process of environmental information system security construction includes grading stage; planning and design stage; implementation, grade evaluation and improvement stage. 7.4.1 The first stage. rating The grading stage consists of two steps. A) Information system identification and description A clear understanding of the environmental information system, according to the need to complex environmental information system can be decomposed into environmental information subsystem, description system and The composition and boundaries of subsystems. B) Level determination Environmental information system information security level protection work implementation industry guidance, territorial management. Ministry of Environmental Protection and subordinate units, the provincial level Environmental Protection Department (bureau) in accordance with the national information security level protection system requirements, responsible for the region related information system security level protection workers For guidance and management. In accordance with the "who is in charge, who is responsible, who is operating, who is responsible" to determine the information security responsibility. The determination of each unit level protection object, the determination of the object and the severity of the infringement, the final grade, etc. Standard implementation of the process required in GB/T 22240-2008. The level of security of the environmental information system is determined by two grading elements. the object of the level of protection is infringed and the object The degree of infestation. The objects to which the protected object is infringed are. the legitimate rights of citizens, legal persons and other organizations; Social order, public interest; national security three aspects. The degree of abuse of the object by the objective aspects of the external......

Image

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of HJ 729-2014_English be delivered?

Answer: Upon your order, we will start to translate HJ 729-2014_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of HJ 729-2014_English with my colleagues?

Answer: Yes. The purchased PDF of HJ 729-2014_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.