MHT0074-2020 English PDFUS$179.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. MHT0074-2020: (Regulations for Information Security Protection of Civil Aviation Passenger Service Information System) Status: Valid
Basic dataStandard ID: MH/T 0074-2020 (MH/T0074-2020)Description (Translated English): (Regulations for Information Security Protection of Civil Aviation Passenger Service Information System) Sector / Industry: Civil Aviation Industry Standard (Recommended) Classification of Chinese Standard: L07 Word Count Estimation: 7,772 Date of Issue: 2020-07-20 Date of Implementation: 2020-10-01 Issuing agency(ies): Civil Aviation Administration of China MHT0074-2020: (Regulations for Information Security Protection of Civil Aviation Passenger Service Information System)---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security protect specification for passenger service information system of civil aviation ICS 35.020 Civil Aviation Industry Standard of the People's Republic of China Information Security Protection of Civil Aviation Passenger Service Information System specification 2020-07 -20 released 2020-10 -01 Implementation Issued by Civil Aviation Administration of China ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009 "Guidelines for Standardization Work Part 1.Standard Structure and Compilation". This standard was proposed by the Department of Personnel, Science and Education, Civil Aviation Administration of China. This standard is under the jurisdiction of the China Academy of Civil Aviation Science and Technology. Drafting organizations of this standard. Civil Aviation University of China, Beijing Capital International Airport Co., Ltd., Air Traffic Management of Civil Aviation Administration of China Bureau. The main drafters of this standard. Wang Jing, Zhou Jingxian, Wang Yong, Wang Shuang, Zhang Lizhe, Gu Zhaojun, Yang Rui, Liu Chunbo, Tang Yi, Zhang Libin, Han Yanzheng, Sui Zhu, Liu Chao, Lu Zongping, Chen Baogang. Regulations for Information Security Protection of Civil Aviation Passenger Service Information System1 ScopeThis standard specifies the relevant information security technical requirements and management that the passenger service information system of civil aviation (hereinafter referred to as civil aviation) needs to meet. Management requirements. This standard applies to all stages of the planning, design, development, operation and maintenance of the civil aviation passenger service information system.2 Normative referencesThe following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document. For undated references, the latest version (including all amendments) applies to this document. GB/T 22239-2019 Information Security Technology Network Security Level Protection Basic Requirements GB/T 35273 Information Security Technology Personal Information Security Specification3 Terms and definitionsThe following terms and definitions apply to this standard. 3.1 Civil Aviation Passenger Service Information System Passengers’ information needs to be collected at all stages of the journey of passengers planning, booking and purchasing air tickets, flight and arrival, or according to passengers’ Information related to the information system that provides services to its subjects. The system scope includes the civil aviation passenger service of China Civil Aviation Information Network Co., Ltd. Information system, relevant ticketing and customer management system of each agent, passenger service-related information system of each airline, check-in and departure of each airport And baggage management information system, and various other information systems related to civil aviation passenger travel services. 3.2 Passenger information. Passenger-related information collected or generated during the process of providing information services to passengers by civil aviation passenger service agencies, including. personal identity, Address, contact information, air ticket transactions, civil aviation value-added service transactions and other information. 3.3 Operator The operator is responsible for the operation and management of the civil aviation passenger service information system, and is responsible for the security of the unit's passenger service information system.4 General safety requirementsThe security protection level of the civil aviation passenger service information system should not be lower than the second level, and the network security protection should comply with GB/T 22239-2019. Level of safety requirements. The protection of passenger information by the civil aviation passenger service information system shall comply with the “Network Security Law of the People’s Republic of China” and GB/T 35273. Close requirements.5 Security Management5.1 The operator shall sort out the business chain of the passenger service information system and establish a list of networks, systems, data and assets related to the business chain. 5.2 When major changes such as reconstruction or expansion of the passenger service information system occur, the operator shall update the network, system and asset list. 5.3 When the operator builds, rebuilds, or expands the passenger service information system, he should fully consider the factors of network security, and achieve the same security technical measures. Step planning, simultaneous construction and simultaneous use. 5.4 The operator shall establish a security responsibility system for the passenger service information system, and clarify the relevant security responsible persons, the security roles and security of various personnel Responsibility. 5.5 The operator shall establish a network security plan for the passenger service information system suitable for the unit, and specify the security protection work of the passenger service information system. The goals, safety strategies, organizational structure, management system, implementation rules and resource guarantees, etc. shall be documented and released to relevant personnel. The cyber security plan should be revised regularly.6 Safety protection6.1 The operator shall adopt data exchange security measures to control the data exchange between the civil aviation passenger service information system and other systems. Operator According to the importance of the business carried by the passenger service information system, the passenger service information system shall be managed in different regions and border protection measures shall be deployed. Shi. 6.2 The operator shall establish a computer virus and network intrusion prevention mechanism, and strictly restrict the access and installation of unauthorized software and hardware equipment. 6.3 The operator shall strictly control and audit remote operation and maintenance activities, and keep relevant system network logs for no less than 6 months. day The content of the log should include at least. the date and time, type, subject, object, result and other information of the event. 6.4 The operator shall back up the passenger service information system and database, formulate a backup strategy, specify the backup frequency, and implement it regularly. Ensure that once the passenger service information system is damaged, it can be restored and remedied in time. 6.5 Operators purchase network products and services related to passenger service information systems, especially critical network equipment, network security dedicated Products should comply with laws, administrative regulations and mandatory requirements of relevant national standards. 6.6 The operator shall provide personnel and financial guarantees, and shall, by himself or by entrusting a network security service agency, check the security and availability of the passenger service information system. Existing risks shall be inspected and evaluated regularly, and the discovered problems shall be corrected in time. The content of testing and evaluation includes but not limited to the implementation of cybersecurity system Status, organizational structure, personnel and funding input, education and training, technical protection, risk assessment, emergency response Training situation, implementation of network security level protection work, etc. 6.7 The operator shall formulate its own passenger service information system network security emergency plan. The emergency plan should include provisions to activate the emergency plan Contents, emergency handling procedures, system recovery procedures, incident reporting procedures, post-event education and training, etc. Response to Passenger Service Information System Network The network security emergency plan is regularly reviewed and revised, and emergency drills are organized at least once a year.7 Passenger information security7.1 When collecting passenger information, operators shall formulate passenger information collection strategies and adopt corresponding control mechanisms to ensure that passenger information collection is minimal With the express consent of the passenger, the passenger reserves the right to expressly refuse. 7.2 When collecting passenger information, operators should clearly inform passengers of the purpose, scope and duration of information collection, and the content should be simple enough Clearly, to ensure that passengers can fully understand the relevance of the collected information and the purpose, the scope of application and the reasonableness of the duration. 7.3 The operator shall formulate security strategies and adopt technical measures to ensure the security of passenger information at all stages of use, transmission and storage, and prevent Stop passenger information leakage and illegal unauthorized use. 7.4 Operators should store passenger information collected and generated during operations in my country, and adopt data backup and encryption authentication, etc. Technical measures and other necessary measures to prevent information leakage, damage, and loss. 7.5 When sharing passenger information, operators shall follow passenger privacy protection agreements and relevant national regulatory requirements, and perform passenger information sharing before sharing In impact assessment, it is necessary to establish an appropriate security protection responsibility framework and audit framework through passenger information sharing agreements to ensure passenger information security protection Protective measures can be effectively implemented. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of MHT0074-2020_English be delivered?Answer: Upon your order, we will start to translate MHT0074-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of MHT0074-2020_English with my colleagues?Answer: Yes. The purchased PDF of MHT0074-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
