Powered by Google www.ChineseStandard.net Database: 189759 (14 Apr 2024)

GB/T 22239-2008 (GBT22239-2008)

GB/T 22239-2008_English: PDF (GBT 22239-2008, GBT22239-2008)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 22239-2008English150 Add to Cart 0--9 seconds. Auto-delivery Information security technology -- Baseline for classified protection of information system security Obsolete GB/T 22239-2008

BASIC DATA
Standard ID GB/T 22239-2008 (GB/T22239-2008)
Description (Translated English) Information security technology - Baseline for classified protection of information system security
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 50,598
Date of Issue 2008-06-19
Date of Implementation 2008-11-01
Quoted Standard GB/T 5271.8; GB 17859; GB/T 22240-2008
Drafting Organization Ministry of Public Security Information Security Protection Evaluation Center
Administrative Organization Standardization Technical Committee of the National Information Security
Regulation (derived from) Announcement of Newly Approved National Standards No. 10 of 2008 (total 123)
Proposing organization Ministry of Public Security and the National Information Security Standardization Technical Committee
Issuing agency(ies) Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China; Standardization Administration of China
Summary This standard specifies a different level of information system security protection of the basic protection requirements, including the basic technical requirements and basic management requirements applicable guidance graded security of information systems construction and supervision.

Standards related to: GB/T 22239-2008

GB/T 22239-2008
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology –
Baseline for Classified Protection of Information
System Security
ISSUED ON. JUNE 19, 2008
IMPLEMENTED ON. NOVEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 4 
Introduction ... 5 
1    Scope ... 6 
2    Normative References ... 6 
3    Terms and Definitions ... 6 
4    Overview on Classified Protection of Information System Security ... 7 
4.1    Classification of Information System Security Protection ... 7 
4.2    Levels of Security Protection Ability ... 7 
4.3    Basic Technical Requirements and Basic Management Requirements ... 8 
4.4    Three Types of Basic Technical Requirements ... 8 
5    Basic Requirements of Level I ... 9 
5.1    Technical Requirements ... 9 
5.1.1    Physical Security ... 9 
5.1.2    Network Security ... 10 
5.1.3    Host Security ... 11 
5.1.4    Application Security ... 11 
5.1.5    Data Security and Backup Recovery ... 12 
5.2    Management Requirements ... 12 
5.2.1    Security Management System... 12 
5.2.2    Security Management Setup ... 13 
5.2.3    Personal Security Management ... 13 
5.2.4    System Construction Management ... 14 
5.2.5    System Operation and Maintenance Management ... 16 
6    Basic Requirements of Level II ... 18 
6.1    Technical Requirements ... 18 
6.1.1    Physical Security ... 18 
6.1.2    Network Security ... 20 
6.1.3    Host Security ... 21 
6.1.4    Application Security ... 23 
6.1.5    Data Security and Backup Recovery ... 25 
6.2    Management Requirements ... 25 
6.2.1    Security Management System... 25 
6.2.2    Security Management Setup ... 26 
6.2.3    Personnel Security Management ... 27 
6.2.4    System Construction Management ... 28 
6.2.5    System Operating and Maintenance Management ... 31 
7    Basic Requirements of Level III ... 35 
7.1    Technical Requirements ... 35 
7.1.1    Physical Security ... 35 
7.1.2    Network Security ... 38 
7.1.3    Host Security ... 40 
7.1.4    Application Security ... 43 
7.1.5    Data Security and Backup Recovery ... 46 
7.2    Management Requirements ... 47 
7.2.1    Security Management System... 47 
7.2.2    Security Management Setup ... 48 
7.2.3    Personnel Security Management ... 50 
7.2.4    System Construction Management ... 51 
7.2.5    System Operation and Maintenance Management ... 56 
8    Basic Requirements of Level IV ... 62 
8.1    Technical Requirements ... 62 
8.1.1    Physical Security ... 62 
8.1.2    Network Security ... 65 
8.1.3    Host Security ... 67 
8.1.4    Application Security ... 70 
8.1.5    Data Security and Backup Recovery ... 73 
8.2    Management Requirements ... 75 
8.2.1    Security Management System... 75 
8.2.2    Security Management Setup ... 76 
8.2.3    Personnel Security Management ... 78 
8.2.4    Management of System Construction ... 79 
8.2.5    System Operation and Maintenance Management ... 83 
9    Basic Requirements of Level V ... 91 
Appendix  A  (Normative)  Requirements  about  the  Integral  Security  Protection  Ability  of 
Information System ... 92 
Appendix B (Normative) Selection and Use of Basic Security Requirements ... 94 
Bibliography ... 96 
Foreword
Appendix A and Appendix B of this Standard are normative.
This Standard was proposed by the Ministry of Public Security National Technical
Committee on Information Technology Security of Standardization Administration of
China.
This Standard shall be under the jurisdiction of the National Technical Committee on
Information Technology Security of Standardization Administration of China.
Drafting organization of this Standard. MPS Information Classified Security Protection
Evaluation Center.
Chief drafting staffs of this Standard. Ma Li, Ren Weihong, Li Ming, Yuan Jing, Xie
Chaohai, Qu Jie, Li Sheng, Chen Xuexiu, Zhu Jianping, Huang Hong, Liu Jing, Luo
Zheng and Bi Maning.
Introduction
This Standard was developed according to the national management regulations on
classified protection of information security.
This Standard is one of the series standards for classified protection of information
security.
The series standards associated with this Standard include.
- GB/T 22240-2008 Information Security...
...