HOME Cart(4) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 32920-2023 English PDF

US$549.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 32920-2023: Information security technology - Information security management for inter-sector and inter-organizational communications
Status: Valid

GB/T 32920: Evolution and historical versions

Standard ID	Contents [version]	USD	STEP2	[PDF] delivered in	Standard Title (Description)	Status	PDF
GB/T 32920-2023	English	549	Add to Cart	5 days [Need to translate]	Information security technology - Information security management for inter-sector and inter-organizational communications	Valid	GB/T 32920-2023
GB/T 32920-2016	English	1319	Add to Cart	6 days [Need to translate]	Information technology -- Security techniques -- Information security management for inter-sector and inter-organizational communications	Obsolete	GB/T 32920-2016

PDF similar to GB/T 32920-2023

Standard similar to GB/T 32920-2023

GB/T 32918.5 GB/T 32918.4 GB/T 32918.3 GB/T 32916 GB/T 32914

Basic data

Standard ID	GB/T 32920-2023 (GB/T32920-2023)
Description (Translated English)	Information security technology - Information security management for inter-sector and inter-organizational communications
Sector / Industry	National Standard (Recommended)
Classification of Chinese Standard	L80
Classification of International Standard	35.030
Word Count Estimation	30,327
Date of Issue	2023-05-23
Date of Implementation	2023-12-01
Older Standard (superseded by this standard)	GB/T 32920-2016
Issuing agency(ies)	State Administration for Market Regulation, China National Standardization Administration

GB/T 32920-2023: Information security technology - Information security management for inter-sector and inter-organizational communications

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030 CCSL80 National Standards of People's Republic of China Replacing GB/T 32920-2016 Information Security Technology Information security management for inter-industry and inter-organizational communications communications, IDT) Released on 2023-05-23 Implemented on 2023-12-01 State Administration for Market Regulation Released by the National Standardization Management Committee

Preface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Concept and Interpretation 1 4:1 Overview 1 4:2 Information Sharing Community 1 4:3 Group management 2 4:4 Supporting institutions2 4:5 Inter-industry communication 2 4:6 Compliance 2 4:7 Communication Model 3 5 Information Security Policy 3 5:1 Information Security Management Guidance 3 6 Information Security Organization 4 7 HR Security 4 7:1 Prior to Appointment 4 7:2 Appointment 4 7:3 Termination and change of appointment4 8 Asset Management 4 8:1 Responsibilities regarding assets4 8:2 Information classification 5 8:3 Media handling 5 8:4 Information Exchange Protection 5 9 Access Control 7 10 Password 7 10:1 Password Control 7 11 Physical and Environmental Security 7 12 Operational Security 7 12:1 Operating procedures and responsibilities7 12:2 Malware Prevention 7 12:3 Backup 8 12:4 Logging and Monitoring 8 12:5 Run software control 8 12:6 Vulnerability management in technical aspects 8 12:7 Information system audit considerations 8 13 Communication Security 8 13:1 Network security management 8 13:2 Information Transmission 9 14 System acquisition, development and maintenance 9 15 Supplier Relations 9 15:1 Information Security in Supplier Relationships 9 15:2 Supplier Service Delivery Management 9 16 Information Security Incident Management 10 16:1 Management and improvement of information security incidents 10 17 Information Security Aspects of Business Continuity Management 11 17:1 Continuity of Information Security 11 17:2 Redundancy 11 18 Compliance11 18:1 Compliance with legal and contractual requirements 11 18:2 Information Security Review 12 Appendix A (Informative) Sharing Sensitive Information 13 Appendix B (informative) Building trust in information exchange 16 Appendix C (Informative) Traffic Light Protocol 19 Appendix D (informative) Models for organizing information-sharing communities 20 Reference 24

foreword

This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents" drafting: This document replaces GB/T 32920-2016 "Information security management for information technology security technology inter-industry and inter-organizational communication Compared with GB/T 32920-2016, the main technical changes are as follows: a) The Implementation Guidance for Business Continuity Risk Assessments for Members of the Information Sharing Community in Business Continuity and Risk Management was removed (see 4:1 of the:2016 edition); b) Added a description of trust in information sharing groups (see 4:2); c) In the management of information sharing groups, different legal or regulatory environments are added when considering differences among member organizations (see 4:3); d) Deleted the description of conformity assessment (see 4:6 of the:2016 edition); e) Added a description of grading by priority (see 8:2:1); f) "Information Classification" is changed to "Information Classification" (see 8:2:1, 7:2 of the:2016 edition): This document is equivalent to ISO /IEC 27010:2015 "Information security management for information technology security technology inter-industry and inter-organizational communication": reason": The following minimal editorial changes have been made to this document: ---In order to be consistent with my country's technical standard system, the name of the standard is changed to "Information Security Technology for Inter-industry and Inter-Organization Communication Information Security Total Management": Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents: This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260): This document was drafted by: Shandong Institute of Standardization, China Network Security Review Technology and Certification Center, Chongqing Digital City Technology Co:, Ltd: Co:, Ltd:, Shandong Shuguang Information Technology Co:, Ltd:, China Electronics Standardization Research Institute, Xi'an University of Posts and Telecommunications, Shaanxi Provincial Network and Information Security Evaluation Center, Shandong Genzon Information Technology Co:, Ltd:, National Computer Network Emergency Technology Coordination Center, Huawei Technologies Co:, Ltd: Co:, Ltd:, Hangzhou Anheng Information Technology Co:, Ltd:, Changyang Technology (Beijing) Co:, Ltd:, Alibaba Cloud Computing Co:, Ltd:, Shandong Province Market Supervision and Monitoring Center, Qingdao Zhongsheng Information Technology Co:, Ltd:, Qingdao Computing Technology Research Institute of Xidian University, Jining City Standard Information Technology Center, Ju County Government Service Center, Zhongan Information Technology Service Co:, Ltd:, Jinan Times Confidence Information Security Evaluation Co:, Ltd:, Tongzhi Weiye Software Co:, Ltd:, Wanlian Index (Qingdao) Information Technology Co:, Ltd:, Zhejiang Hippo Steward Network Technology Co:, Ltd:, Beijing Chen Guangrongxin Technology Co:, Ltd:, Shandong Luruan Digital Technology Co:, Ltd:, Shandong Hetong Information Technology Co:, Ltd:, Fangyuan Logo Certification Group Mission Shandong Co:, Ltd:, Shandong Tengxiang Product Quality Inspection Co:, Ltd:, Shenzhen University, OPPO Guangdong Mobile Communication Co:, Ltd: The main drafters of this document: Wang Shuguang, Gong Wei, Zhu Fengxue, Fan Bo, Wei Jun, Zhang Yong, Li Dan, You Lili, Zhao Yanjun, Zhou Weiguang, Gu Liwang, Wang Wenlei, Song Lihua, Shao Meng, Liang Wei, Zhao Hua, Yuan Yipeng, Xu Liqian, Wan Yiping, Zhang Jiancheng, Xu Zhiguo, Qin Yang, Hu Xinlei, Yang Xiangdong, Yang Rui, Deng Xiangwu, Liu Zhiqiang, Wang Dong, Wang Jiandong, Zhang Zhiwei, Zheng Wei, Zhang Hongyan, Li Yongfa, Xu Yanxia, Cheng Yan, Dai Honggang, Qin Feng, Meng Fangang, Wang Yongqi, Jia Qingjia, He Guangfeng, Zhang Zhilong, Xue Nianming, Li Xun, Geng Zhe, Zhang Shuzhen, Cui Hao, Liu Weili, Li Teng: The release status of previous versions of this document and the documents it replaces are as follows: ---First published as GB/T 32920-2016 in:2016; --- This is the first revision:

Introduction

This document is a supplement to GB/T 22080-2016 and GB/T 22081-2016 for use in information sharing communities: in this document Supplement with guide: GB/T 22080-2016 and GB/T 22081-2016 adopt a common approach to deal with information exchange between organizations: when the organization When exchanging sensitive information1), it can be achieved by establishing an information sharing community (although there is competition among group members, they are Mutual trust means trusting that the other party will take security controls on the shared sensitive information) trusting the recipient: Mutual trust among members of an information sharing group is the prerequisite for the effective operation of the group: On the one hand, the sender of information needs to trust the receiver not to leak On the other hand, the information receiver trusts the accuracy of the information provided by the initiator based on the qualification of the initiator: above two This aspect needs to be supported by clear and effective security policies and practices from the information sharing community: To achieve the above goals, members of the information sharing community need Establish a common security management system that covers shared information, that is, the information security management system (ISMS) of the information sharing community: For the sharing of sensitive information between different groups in the industry, since the information originator cannot know all the receivers, at this time, the group can Trust is established between it and its information sharing protocol for information sharing: 1) The information that the industry or organization considers may cause loss of interests but cannot become a state secret is sensitive information: Information Security Technology Information security management for inter-industry and inter-organizational communications

1 Scope

This document provides supplementary guidance to the Information Security Management System (ISMS) family of standards for implementing information security management in an information-sharing community: This document provides controls and guidance for initiating, implementing, maintaining and improving information security for inter-industry and inter-organizational communications: it as provides guidance and general principles on how to use established messaging and other technical methods to meet specified requirements: This document applies to all forms of sensitive information exchange, public and private, domestic and international, within the same sector or between sectors share with: In particular, this document may apply to the exchange and sharing of information related to the supply, maintenance and protection of organizational or national critical infrastructure: Enjoy: This document is intended to support the building of trust in the exchange and sharing of sensitive information, thereby facilitating the international development of the information sharing community:

2 Normative references

The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document: GB/T 22080-2016 Information Technology Security Technology Information Security Management System Requirements (ISO /IEC 27001:2013, IDT) GB/T 22081-2016 Information Technology Security Technology Information Security Control Practice Guidelines (ISO /IEC 27002:2013, IDT) GB/T 29246-2017 Information Technology Security Technical Information Security Management System Overview and Vocabulary (ISO /IEC 27000: 2016, IDT) Note: There is no technical difference between the referenced content of GB/T 29246-2017 and the referenced content of ISO /IEC 27000:2014:

3 Terms and Definitions

The terms and definitions defined in GB/T 29246-2017 apply to this document:

4 Concept and Interpretation

4:1 Overview Chapters 5 to 18 of this document give guidance on information security management systems (ISMS) for inter-industry and inter-organizational communication: The controls defined in GB/T 22081-2016 include controls on the exchange of information between organizations, as well as controls on the general distribution of publicly available information: system: However, when sharing sensitive information within an organization's community that is only publicly available to members of the community, it is often required that the information be Specific individuals within the group are available or have security requirements such as anonymization of information: In order to meet the above requirements, this document is included in GB/T 22080- On the basis of:2016 and GB/T 22081-2016, additional controls are defined, and additional guidance and interpretation are provided: This document contains four appendices: Appendix A presents the potential benefits of sharing sensitive information between organizations; Appendix B presents information sharing Guidelines for group members to assess the credibility of information; Appendix C gives the traffic light protocol (a mechanism widely used in information sharing groups) restrictions, used to represent permitted distribution of information); Appendix D gives some examples of models for organizing information-sharing communities: 4:2 Information sharing groups have common interests or specific relationships (such as members of a group belonging to a particular industry, or members of a group sharing the same geographic location or

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 32920-2023_English be delivered?

Answer: Upon your order, we will start to translate GB/T 32920-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 32920-2023_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 32920-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GB/T 32920-2023?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 32920-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.