Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

JR/T 0071.2-2020 English PDF

Q: How long will the true-PDF of English version of JR/T 0071.2-2020 be delivered?

Upon your order, we will start to translate JR/T 0071.2-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.

Q: Can I share the purchased PDF of JR/T 0071.2-2020_English with my colleagues?

Yes. The purchased PDF of JR/T 0071.2-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Q: Does the price include tax/VAT?

Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Avoidance of Double Taxation Agreements (DTAs) between Singapore and 100+ Countries: https://www.iras.gov.sg/taxes/international-tax

Q: Do you accept my currency other than USD?

Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

US$2389.00 · In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email.
JR/T 0071.2-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 2: Basic Requirements
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
JR/T 0071.2-2020	2389	Add to Cart	10 days	Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 2: Basic Requirements	Valid

Similar standards

GB/T 19584 GB/T 12406 JR/T 0071.3 JR/T 0071.4 JR/T 0071.1

Basic data

Standard ID: JR/T 0071.2-2020 (JR/T0071.2-2020)
Description (Translated English): Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 2: Basic Requirements
Sector / Industry: Finance Industry Standard (Recommended)
Classification of Chinese Standard: A11
Classification of International Standard: 03.060
Word Count Estimation: 109,145
Date of Issue: 2020
Date of Implementation: 2020-11-11
Issuing agency(ies): People's Bank of China

JR/T 0071.2-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 2: Basic Requirements

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Implementation guidelines for classified protection of cybersecurity of financial industry-Part 2.Basic requirements People's Republic of China Financial Industry Standards Replace JR/T 0071-2012 Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry Part 2.Basic requirements 2020-11-11 release 2020-11-11 Implementation Issued by the People's Bank of China 1 Scope...1 2 Normative references...1 3 Terms and definitions...1 4 Abbreviations...6 5 Overview of Network Security Level Protection...6 5.1 Hierarchical protection objects...6 5.2 Different levels of security protection capabilities...7 5.3 General safety requirements and extended safety requirements...7 5.4 Enhanced security requirements for the financial industry...7 6 Cyber Security Assurance Framework...8 6.1 Overview...8 6.2 Technical System...9 6.3 Management system...10 7 Second level safety requirements...11 7.1 General requirements for safety...11 7.2 Cloud computing security extension requirements...22 7.3 Mobile Internet Security Extension Requirements...24 7.4 Requirements for the Security Extension of the Internet of Things...25 8 The third level of safety requirements...27 8.1 General requirements for safety...27 8.2 Cloud Computing Security Expansion Requirements...45 8.3 Mobile Internet Security Extension Requirements...48 8.4 Security Extension Requirements for the Internet of Things...50 9 Level 4 Safety Requirements...53 9.1 General requirements for safety...53 9.2 Cloud computing security extension requirements...72 9.3 Mobile Internet Security Extension Requirements...76 9.4 Security Extension Requirements for the Internet of Things...78 Appendix A (Normative Appendix) About the selection and use of general security requirements, security extension requirements, and enhanced security requirements for the financial industry 81 Appendix B (Normative Appendix) Requirements for the overall safety protection capability of the hierarchical protection objects...86 Appendix C (Normative Appendix) Level protection safety framework and key technology use requirements...87 Appendix D (Informative Appendix) Description of Cloud Computing Application Scenarios...89 Appendix E (Informative Appendix) Description of Mobile Internet Application Scenarios...91 Appendix F (Informative Appendix) Description of IoT Application Scenarios...93 Appendix G (Informative Appendix) Description of Big Data Application Scenarios...94 Appendix H (Informative Appendix) Categories of Sensitive Data and Personal Financial Information...99 References...101

Foreword

JR/T 0071 "Guidelines for the Implementation of Cyber Security Graded Protection in the Financial Industry" is divided into six parts. --Part 1.Basics and terminology; --Part 2.Basic requirements; --Part 3.Job ability requirements and evaluation guidelines; --Part 4.Training Guidelines; --Part 5.Audit requirements; --Part 6.Audit Guidelines. This part is part 2 of JR/T 0071. This part was drafted in accordance with the rules given in GB/T 1.1-2009. This part replaces JR/T 0071-2012 "Guidelines for the Implementation of Information Security Level Protection of Information Systems in the Financial Industry", and is in line with JR/T 0071-2012 In comparison, the main technical changes are as follows. -Added "Overview of Network Security Level Protection" (see Chapter 5); -Modified the "Network Security Assurance Framework" (see Chapter 6, Chapter 5 of the.2012 edition); --Modified the "secure physical environment", "secure communication network", "security" in the "security general requirements" of the "second level security requirements" "Regional Boundary", "Secure Computing Environment", "Security Management Center", "Security Management System", "Security Management Organization", "Security Management Staff" "Safety construction management" and "safe operation and maintenance management" related requirements (see 7.1,.2012 version 6.1); --Added "Cloud Computing Security Extension Requirements", "Mobile Internet Security Extension Requirements", and "Internet of Things Security Requirements" in the "Second Level Security Requirements". Full extension requirements" (see Chapter 7); --Modified the "safe physical environment", "safe communication network" and "safety" in the "safety general requirements" of the "third level safety requirements". "Regional Boundary", "Secure Computing Environment", "Security Management Center", "Security Management System", "Security Management Organization", "Security Management Staff" "Safety construction management" and "safe operation and maintenance management" related requirements (see 8.1,.2012 edition 6.2); --- Added "Cloud Computing Security Extension Requirements", "Mobile Internet Security Extension Requirements", and "Internet of Things Security Requirements" in the "Third Level Security Requirements". Full extension requirements" (see Chapter 8); --Modified the "safe physical environment", "safe communication network", "safety" in the "safety general requirements" of the "fourth level of safety requirements" "Regional Boundary", "Secure Computing Environment", "Security Management Center", "Security Management System", "Security Management Organization", "Security Management Staff" "Safety construction management" and "safe operation and maintenance management" related requirements (see 9.1,.2012 edition 6.3); - Added "Cloud Computing Security Extension Requirements", "Mobile Internet Security Extension Requirements", and "Internet of Things Security Requirements" in "Level 4 Security Requirements". Full extension requirements" (see Chapter 9); -Deleted "Level Protection Implementation Measures" (2012 edition Appendix A); -Revised the "Instructions for the Selection and Use of Security Requirements for the Financial Industry" (see Appendix A, Appendix B of the.2012 edition); --- Added "Requirements on the overall security protection capabilities of hierarchical protected objects" (see Appendix B); --- Added the "level protection security framework and key technology use requirements" (see Appendix C); -Added "Cloud computing application scenario description, security management responsibility subject under different cloud service modes" (see Appendix D); -Added "Mobile Internet Application Scenario Description" (see Appendix E); --- Added "Internet of Things Application Scenario Description" (see Appendix F); -Added "Big Data Application Scenario Description" (see Appendix G); --- Added "sensitive data and personal financial information categories" (see Appendix H). This part was proposed by the People's Bank of China. This part is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC 180). Drafting organizations of this section. the Department of Science and Technology of the People’s Bank of China, the Statistical Information and Risk Monitoring Department of China Banking and Insurance Regulatory Commission, China China Financial Electronics Corporation, Beijing Zhongjin Guosheng Certification Co., Ltd., Bank Card Testing Center, China Ping An Insurance (Group) Co., Ltd. Division, Beijing Tianrongxin Network Security Technology Co., Ltd., Huawei Technologies Co., Ltd., Business Management Department of the People's Bank of China, People's Bank of China Guangzhou Branch, Digital Currency Research Institute of the People's Bank of China, Financial Information Center of the People's Bank of China, Guotai Junan Securities Co., Ltd., China Life Insurance Co., Ltd., People's Insurance Company of China, Industrial and Commercial Bank of China Co., Ltd., Agricultural Bank of China Co., Ltd., Bank of China Co., Ltd., China Construction Bank Co., Ltd., Bank of Communications Co., Ltd., Ant Branch Technology Group Co., Ltd., China Financial Certification Center, AsiaInfo Security Technology Co., Ltd. The main drafters of this section. Li Wei, Chen Liwu, Shen Xiaoyan, Che Zhen, Qu Weimin, Zan Xin, Xia Lei, Fang Yi, Zhang Haiyan, Tang Hui, Li Fan, Wang Haitao, Zhang Lu, Deng Hao, Pan Liyang, Hou Manli, Sun Guodong, Liu Wenjuan, Zhao Fangmeng, Qiao Yuan, Cui Ying, Chen Xuefeng, Ma Cheng Long, Du Wei, Li Ruifeng, Liu Shuyuan, Qu Shaoguang, Gao Qiangyi, Li Bowen, Li Jinhua, Jin Chao, Ren Yongqiang, Zhao Jiang, Yu Jingtao, Hu Shan, Xie Hong, Yang Jian, Li Jianbin, Yu Guoqiang, Xiao Song, Bai Yang, Zhang Yu, Zhao Hua, Xue Jinchuan, Chen Xipeng, Mu Changchun, Di Gang, Lu Yi, He Jun, Yuan Huiping, Chen Kaihui, Guo Songqing, Li Rui, Xiao Pengzhe, Zhao Xu, Zhang Yaofeng, Huang Chunfang, Yang Chen, Wang Yanfeng, Gao Hongying, Chen Xue Xiu, Han Tao, Ye Ning, Yu Guodong, Jiang Zhihui, Li Songtao, Long Feng, Xu Dinghang, Lu Lin, Guo Tao. The previous editions of the standards replaced by this part are as follows. --JR/T 0071-2012.

Introduction

The level of cyber security protection is a basic system for the national cyber security assurance work. Important systems in the financial industry are related to the national economy and the people’s livelihood. It is the key protection object of national network security, so it needs a series of grade protection standard systems suitable for the financial industry as the support to standardize and Guide the implementation of hierarchical protection in the financial industry. With the widespread application of new technologies such as cloud computing, mobile internet, Internet of Things, and big data, the Golden Financial institutions are continuing to promote the transformation of IT architecture in accordance with their own development needs. In order to adapt to new technologies, new applications and new architectures The development of the industry's cyber security level protection work is now revising JR/T 0071.The revised JR/T 0071 is based on national cyber security Level protection related requirements, provide methodology, specific construction measures and technical guidance for the financial industry’s network security construction, and improve the financial industry The industrial network security level protection system is better adapted to the application of new technologies in the financial industry. Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry Part 2.Basic requirements

1 Scope

This part regulates the network security assurance framework of the financial industry and the security requirements corresponding to different security levels. This part is applicable to guide financial institutions, evaluation institutions, and financial industry cybersecurity level protection authorities to implement cybersecurity levels Protection work.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document. For undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 22239-2019 Information Security Technology Network Security Level Protection Basic Requirements GB/T 22240-2020 Information Security Technology Network Security Level Protection Rating Guidelines GB/T 25070-2019 Information Security Technology, Cyber Security Level Protection Security Design Technical Requirements GB/T 31167-2014 Information Security Technology Cloud Computing Service Security Guidelines GB/T 31168-2014 Information Security Technology Cloud Computing Service Security Capability Requirements GB/T 32400-2015 Information Technology Cloud Computing Overview and Vocabulary GM/T 0054-2018 Information system password application basic requirements JR/T 0171-2020 Personal Financial Information Protection Technical Specification

3 Terms and definitions

The following terms and definitions apply to this document. 3.1 Cybersecurity By taking necessary measures to prevent attacks, intrusions, interference, sabotage, illegal use, and accidents on the network, make the network in The state of stable and reliable operation, and the ability to ensure the integrity, confidentiality, and availability of network data. [GB/T 22239-2019, definition 3.1] 3.2 Classified system A system that has determined the level of security protection. Note 1.The grading system is divided into the first-level, second-level, third-level, fourth-level and fifth-level systems. Note 2.Rewrite GB/T 25070-2019, definition 3.2. 3.3 Security protection ability The degree to which it can resist threats, detect security incidents, and restore the previous state after being damaged. [GB/T 22239-2019, definition 3.2] 3.4 Security environment of classified system The grading system is composed of a secure computing environment, a secure area boundary, a secure communication network, and/or a security management center. Protected environment. [GB/T 25070-2019, definition 3.3] 3.5 Security computing environment Relevant components that store, process and implement security policies for the information of the grading system. [GB/T 25070-2019, definition 3.4] 3.6 Security area boundary The boundary of the secure computing environment of the grading system, as well as the connection between the secure computing environment and the secure communication network, and the implementation of security policies Related parts. [GB/T 25070-2019, definition 3.5] 3.7 Security communication network Related components for information transmission and implementation of security strategies between the secure computing environments of the rating system. [GB/T 25070-2019, definition 3.6] 3.8 Security management center Implement unified management of the security strategy of the grading system and the security computing environment, the security zone boundary and the security mechanism on the secure communication network Platform or area. [GB/T 25070-2019, definition 3.7] 3.9 Security management center for cross classified system Implementation of unified management of the security strategy for interconnection between the same or different levels of grading systems and the security mechanism on the security interconnection components Platform or area... ......

Image

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of JR/T 0071.2-2020_English be delivered?

Answer: Upon your order, we will start to translate JR/T 0071.2-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of JR/T 0071.2-2020_English with my colleagues?

Answer: Yes. The purchased PDF of JR/T 0071.2-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.