Powered by Google www.ChineseStandard.net Database: 189760 (20 Apr 2024)

GB/T 20269-2006 (GBT20269-2006)

GB/T 20269-2006_English: PDF (GBT 20269-2006, GBT20269-2006)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 20269-2006English170 Add to Cart 0--9 seconds. Auto-delivery Information security technology -- Information system security management requirements Valid GB/T 20269-2006

BASIC DATA
Standard ID GB/T 20269-2006 (GB/T20269-2006)
Description (Translated English) Information security technology - Information system security management requirements
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 124,172
Date of Issue 2006-05-31
Date of Implementation 2006-12-01
Quoted Standard GB 17859-1999; GB/T 20271-2006
Drafting Organization Beijing Siyuan Innovative Information Security Information Co., Ltd.
Administrative Organization Standardization Technical Committee of the National Information Security
Regulation (derived from) China Announcement of Newly Approved National Standards No. 7, 2006 (No. 94 overall)
Proposing organization National Safety Standardization Technical Committee
Issuing agency(ies) Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China; Standardization Administration of China
Summary This standard applies to the requirements according to hierarchical management of information systems security. This standard GB 17859-1999 basis of five levels of security protection division, provides the required information system security management requirements for each security level.

Standards related to: GB/T 20269-2006

GB/T 20269-2006
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology -
Information system security management
requirements
Issued on May 31, 2006 Implemented on December 01, 2006
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 5 
Introduction ... 6 
1 Scope ... 8 
2 Normative references ... 8 
3 Terms and definitions ... 8 
4 General requirements of information system security management ... 10 
4.1Content of information system security management ... 10 
4.2 Information system security management principles ... 10 
5 Information system security management elements and the strength ... 12 
5.1 Policy and system ... 12 
5.1.1 Information security management policy ... 12 
5.1.2 Security management rules and regulations ... 16 
5.1.3 Policy and system document management ... 18 
5.2 Organization and personnel management ... 19 
5.2.1 Security management organization ... 19 
5.2.2 Security mechanism centralized management organization ... 21 
5.2.3 Personnel management ... 22 
5.2.4 Education and training ... 25 
5.3 Risk management ... 26 
5.3.1 Risk management requirements and policy ... 26 
5.3.2 Risk analysis and assessment ... 28 
5.3.3 Risk control ... 30 
5.3.4 Decision making based on risks ... 30 
5.3.5 Risk assessment management ... 31 
5.4 Environment and resource management ... 33 
5.4.1 Environment security management ... 33 
5.4.2 Resources management ... 35 
5.5 Operation and maintenance management ... 38 
5.5.1 User management ... 38 
5.5.2 Operation management ... 41 
5.5.3 Operation maintenance management ... 45 
5.5.4 Outsourced service management ... 50 
5.5.5 Assurance Related to Security Mechanism ... 51 
5.5.6 Security centralized management ... 59 
5.6 Business continuity management ... 62 
5.6.1 Backup and recovery ... 62 
5.6.2 Security incident handling ... 63 
5.6.3 Emergency processing ... 65 
5.7 Supervision and inspection management ... 67 
5.7.1 Conforming with legal requirements ... 67 
5.7.2 Compliance inspection ... 68 
5.7.3 Audit and supervision control ... 70 
5.7.4 Responsibility determination ... 71 
5.8 Life cycle management ... 72 
5.8.1 Plan and project approval management ... 72 
5.8.2 Construction process management ... 74 
5.8.3 System startup and stop management ... 77 
6 Information system security management graded requirements ... 78 
6.1 Level-one. User discretionary protection level ... 78 
6.1.1 Management objective and scope ... 78 
6.1.2 Policy and system requirements ... 79 
6.1.3 Organization and personnel management requirements ... 79 
6.1.4 Risk management requirements ... 80 
6.1.5 Environment and resource management requirements ... 80 
6.1.6 Operation and maintenance management requirements ... 81 
6.1.7 Business continuity management requirements ... 82 
6.1.8 Supervision and inspection management requirements ... 82 
6.1.9 Life cycle management requirements ... 83 
6.2 Level-two. System audit protection level ... 83 
6.2.1 Management objective and scope ... 83 
6.2.2 Policy and system requirements ... 84 
6.2.3 Organization and personnel management requirements ... 84 
6.2.4 Risk management requirements ... 85 
6.2.5 Environment and resource management requirements ... 86 
6.2.6 Operation and maintenance management requirements ... 86 
6.2.7 Business continuity management requirements ... 87 
6.2.8 Supervision and inspection management requirements ... 88 
6.2.9 Life cycle management requirements ... 88 
6.3 Level-three. Security label protection level ... 89 
6.3.1 Management objective and scope ... 89 
6.3.2 Policy and system requirements ... 90 
6.3.3 Organization and personnel management requirements ... 90 
6.3.4 Risk management requirements ... 91 
6.3.5 Environment and resource management requirements ... 92 
6.3.6 Operation and maintenance management requirements ... 92 
6.3.7 Business continuity management requirements ... 94 
6.3.8 Supervision and inspection management requirements ... 94 
6.3.9 Life cycle management requirements ... 95 
6.4 Level-four. Structured protection level ... 96 
6.4.1 Management objectives and scope ... 96 
6.4.2 Policy and system requirements ... 96 
6.4.3 Organization and personnel management requirements ... 97 
6.4.4 Risk management requirements ... 97 
6.4.5 Environment and resource management requirements ... 98 
6.4.6 Operation and maintenance management requirements ... 99 
6.4.7 Business continuity management requirements ... 100 
6.4.8 Supervision and inspection management requirements ... 100 
6.4.9 Life cycle management requirements ... 101 
6.5 Level-five. Access verification protection level ... 101 
6.5.1 Management objectives and scope ... 101 
6.5.2 Policy and system requiremen...
...