US$1219.00 ยท In stock Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email. GA/T 708-2007: Information security technology--Architecture framework of security classification protection for information system
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
GA/T 708-2007 | English | 1219 |
Add to Cart
|
7 days [Need to translate]
|
Information security technology--Architecture framework of security classification protection for information system
| |
GA/T 708-2007
|
PDF similar to GA/T 708-2007
Standard similar to GA/T 708-2007 GB 4943.1 GB 4943.21 GB 4793.1
Basic data Standard ID | GA/T 708-2007 (GA/T708-2007) | Description (Translated English) | Information security technology--Architecture framework of security classification protection for information system | Sector / Industry | Public Security (Police) Industry Standard (Recommended) | Classification of Chinese Standard | L09 | Classification of International Standard | 35.020 | Word Count Estimation | 38,319 | Date of Issue | 2007-08-13 | Date of Implementation | 2007-10-01 | Quoted Standard | GB 17859-1999 | Issuing agency(ies) | Ministry of Public Security | Summary | This standard specifies the system framework for the implementation of security level protection of information systems from a technical point of view in accordance with the requirements of information security level protection. This standard applies to technical activities and related management activities for the implementation of security level protection of information systems according to the requirements of the five levels of security protection stipulated in the information system security level protection. |
GA/T 708-2007: Information security technology--Architecture framework of security classification protection for information system ---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology--Architecture framework of security classification protection for information system
ICS 35.020
L09
People's Republic of China Public Safety Industry Standard
Information security technology
Information System Security Level Protection System Framework
Released on.2007-08-13
2007-10-01 implementation
Ministry of Public Security
Content
Foreword III
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Information System Security Level Protection System Introduction 2
4.1 Composition of the information system security level protection system 2
4.2 Information System Security Level Protection System Overview 2
5 Information system security level protection laws and regulations and policy basis 3
5.1 Classification of laws, regulations and policies 3
5.2 Existing Policies and Regulations for Information System Security Level Protection 3
6 Information System Security Level Protection Standard System 3
6.1 Classification of Standards 3
6.2 Specific composition of the standard 4
6.2.1 Basic Standard 4
6.2.2 System Design Guide Standard 4
6.2.3 System Implementation Guidance Standard 4
6.2.4 Requirement class standard 4
6.2.5 Inspection/Assessment Standards 5
6.2.6 Implementation guidance plan 6 for each application area
6.3 Contents of the standard 6
6.4 The role of various standards and the preparation requirements 7
6.4.1 Basic Standard 7
6.4.2 System Design Guide Class Standard 7
6.4.3 Requirement Class Standard 8
6.4.4 Inspection/Assessment Standards 9
6.4.5 Implementation guidance standard 11
6.4.6 Implementation guidance programme 11 for each application area
7 Information System Security Level Protection Management System 11
7.1 Information System Security Engineering Management 11
7.1.1 Target 11
7.1.2 Content 11
7.1.3 Engineering Management Grade Requirements 12
7.2 Security System Operation Management 13
7.2.1 Target 13
7.2.2 Content 13
7.2.3 Operation management classification requirements 15
7.3 Information System Security Supervision, Inspection and Management 16
8 Information System Security Level Protection Technology System 16
8.1 Basic attributes of information system security 16
8.2 Composition and relationship of information system security 16
8.3 Security level of information systems 17
8.3.1 Five security levels 17
8.3.2 Determination of the level of safety protection 20
8.4 Information System Security Level Protection Basic Framework 21
8.4.1 Information System Security Protection Framework 21
8.4.2 Basic principles and methods of information system security level protection 22
8.5 Information System Security Level Protection Basic Technology 24
8.5.1 Identification and identification techniques 24
8.5.2 Access Control Technology 24
8.5.3 Integrity protection techniques for storing and transmitting data 25
8.5.4 Confidentiality protection techniques for storing and transmitting data 25
8.5.5 Boundary isolation and protection techniques 25
8.5.6 System security operation and availability protection technology 25
8.5.7 Cryptography 26
8.6 Information System Security Level Protection Support Platform 26
8.6.1 Information System Password Infrastructure Platform 26
8.6.2 Information System Application Security Support Platform Design 26
8.6.3 Information System Disaster Backup and Recovery Platform 27
8.6.4 Information System Security Incident Emergency Response and Management Platform 27
8.6.5 Information System Security Management Platform 28
8.7 Hierarchical Security Information System Construction Techniques 29
Appendix A (informative) Basic Concept Description 30
A. 1 Business Application Software System and Its Subsystem 30
A. 2 Information system and its subsystems 30
A. 3 About Security Domain 30
Appendix B (informative) Method for implementing level protection 31
B. 1 Full system same security level security protection 31
B. 2 points system different security level security protection 31
B. 3 virtual system different security level security protection 31
Reference 33
Foreword
Appendix A and Appendix B of this standard are informative annexes.
This standard is proposed and managed by the Information System Security Standardization Technical Committee of the Ministry of Public Security.
This standard was drafted. Beijing Jiangnan Tianan Technology Co., Ltd., Beijing Siyuan Xinchuang Information Security Information Co., Ltd.
The main drafters of this standard. Ji Zengrui, Wang Zhiqiang, Chen Guanzhi, Jing Yuyuan, Song Jianping.
Introduction
Information System Security Level Protection Information created and used by countries, societies, groups and individuals through three major functions and five links
The system implements the necessary security protection hierarchically.
The three major functions to achieve information system security level protection are.
---Prevention and protection functions. from the physical, network, system, application and management components to achieve overall prevention and protection;
--- Supervision and inspection functions. the self-inspection of each unit is combined with the supervision and inspection of government functional departments, from the technical and management aspects,
Ensure that the security of the information system meets the requirements for determining the level of security;
---Response and Disposal Function. The information system owner should have the ability to respond quickly and dispose of the security incidents of the system and discover
When major problems are raised, they can be promptly reported to the competent authorities and communicate with relevant units.
The five links to achieve information system security level protection are.
---Policy and regulations. Establish a sound information security level protection policy and regulations, establish a special management organization, and clearly implement
Procedures and methods.
---Standardization of technology and management links. the development of information system security level protection technology and management standards in line with national conditions, and according to the standard
Seek to implement safety management and conduct research and development of safety technologies and products.
--- System construction process control link. According to the requirements of who is responsible for the responsibility, the security information system construction process is fully controlled
And through the strict testing and evaluation of the testing organization to ensure that the constructed safety information system meets the required safety requirements.
--- System operation process control link. According to the requirements of who operates and who is responsible, the operation process of the safety information system is fully controlled.
And through the supervision and inspection of functional departments to ensure that the safety information system in operation meets the designed safety requirements.
--- System supervision and inspection links. Information security related functional departments, in accordance with laws, regulations and standards, develop and improve information security supervision
Rules and regulations, carry out special management of information security level protection. Supervise the implementation of the safety level protection responsibility system, supervision and inspection
Investigate and guide the construction and management of the information system security level protection of the departments and units of the information system, and the security technology products.
Implement supervision and implement supervision over safety inspection agencies. Establish non-profit coverage of national security level protection law enforcement inspection
With the inspection support system, use the unified standard to inspect, test and evaluate the operational safety information system to ensure its actual operation.
The security during the process meets the design goals.
This standard is a description of the various components of the information system security level and their relationship, first of all to the information system security level
The main content of the components of the protection and their interrelationships are briefly explained, and then the main content of each component is compared in more detail.
instruction of.
Information security technology
Information System Security Level Protection System Framework
1 Scope
This standard specifies the system for implementing security level protection for information systems from a technical perspective in accordance with the requirements of information security level protection.
frame.
This standard applies to the implementation of the security system according to the requirements of the five security protection levels specified in the information system security level protection.
Level protection The technical activities carried out and their associated management activities.
2 Normative references
The terms in the following documents become the terms of this standard by reference to this standard. All dated references, followed by all
Modifications (not including errata content) or revisions do not apply to this standard, however, parties to agreements based on this standard are encouraged to study
Is it possible to use the latest version of these files? For undated references, the latest edition applies to this standard.
GB 17859-1999 Computer Information System Security Protection Level Division Guidelines
3 Terms and definitions
The following terms and definitions established in GB 17859-1999 apply to this standard.
3.1
Systematic approach to design and implementation of information security products, information security technologies and management measures with appropriate security strength/grade
Now, according to the requirements of the information system security level protection, there is an information system with primary/secondary/third/fourth/five security.
3.2
Abbreviation for Information System Security Subsystem. The security subsystem of an information system is composed of all security devices in the information system.
system. In GB 17859-1999, the overall protection of the system is referred to as TCB (Trusted Computing Base). Information security here
The title of the system is to emphasize that the security of the information system should be designed in a systematic way.
3.3
An information product with a defined security strength/grade for building a secure information system. Information security products are divided into information technology security products
Product and information security products. Information technology security products are products that are supplemented by corresponding security technologies and mechanisms for information technology products.
(such as secure routers); information security products are information security products developed specifically to enhance the security of information systems (such as fire protection)
wall).
3.4
Consisting of one or more computer systems (hosts/servers) to store and process data information in an information system.
A computing environment with a clear purpose and a clear boundary. A local computing environment can consist of one computer system or multiple computers
The system consists of a LAN connection.
3.5
A local computing environment with a defined level of security protection.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 708-2007_English be delivered?Answer: Upon your order, we will start to translate GA/T 708-2007_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GA/T 708-2007_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 708-2007_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|