Path: Home > GB/T > Page207 > GB/T 40645-2021 Home > Standard_List > GB/T > Page207 > GB/T 40645-2021
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 40645-2021 | English | 439 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology - General requirements for security of internet information services
| Valid |
GB/T 40645-2021
|
PDF similar to GB/T 40645-2021
Basic data | Standard ID | GB/T 40645-2021 (GB/T40645-2021) | | Description (Translated English) | Information security technology - General requirements for security of internet information services | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Word Count Estimation | 22,266 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 40645-2021: Information security technology - General requirements for security of internet information services
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - General requirements for security of internet information services
ICS 35.030
CCSL80
National Standards of People's Republic of China
Information Security Technology
General requirements for Internet information service security
Released on 2021-10-11
2022-05-01 implementation
State Administration of Market Supervision and Administration
Issued by the National Standardization Management Committee
Table of contents
Foreword Ⅰ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Overview 2
5 Safety technical requirements 5
5.1 Information Generation 5
5.2 Information Processing 6
5.3 Information release 6
5.4 Information dissemination 7
5.5 Information storage 7
5.6 Information Destruction 8
6 Security requirements 8
6.1 Management System 8
6.2 Organization and personnel 9
6.3 Business Continuity 10
6.4 Operation and maintenance 11
Appendix A (Normative) Classification of Internet Information Service Security Level 12
Appendix B (informative) General requirements for Internet information service security component package customization example 15
Appendix C (informative) Internet information service security assessment process 17
C.1 Determine the target of assessment 17
C.2 Determine the security level of the assessment object 17
C.3 General requirements for customization 17
C.4 Develop an evaluation form 17
C.5 Implementation Evaluation 17
C.6 Confirmation result 17
Reference 19
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying patents.
This document was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
Drafting organizations of this document. Institute of Information Engineering, Chinese Academy of Sciences, Third Research Institute of Ministry of Public Security, China Electronics Standardization Institute,
China Academy of Information and Communications Technology, the 15th Research Institute of China Electronics Technology Group Corporation, Beijing Institute of Technology, China Information Security Evaluation Center, China
Home Computer Network Emergency Technology Coordination Center, China Internet Network Information Center, National Information Technology Security Research Center, Zhejiang University,
Ministry of Industry and Information Technology Computer and Microelectronics Development Research Center (China Software Evaluation Center), Shaanxi Province Network and Information Security Evaluation Center,
Sichuan Information Security Evaluation Center, Yunnan Information Security Evaluation Center, Hubei University, Beijing Baidu Netcom Technology Co., Ltd., Alibaba
(Beijing) Software Service Co., Ltd., Shenzhen Tencent Computer System Co., Ltd., Hangzhou NetEase Yidun Technology Co., Ltd., Beijing Xiaomi Mobile
Mobile Software Co., Ltd., Hangzhou Funchain Technology Co., Ltd., Wangshen Information Technology (Beijing) Co., Ltd., Beijing Beixinyuan Software Co., Ltd.
Co., Ltd., OPPO Guangdong Mobile Communications Co., Ltd., Hangzhou Fanwei Technology Co., Ltd., Shell Search (Beijing) Technology Co., Ltd., Qi'an
Xin Technology Group Co., Ltd.
The main drafters of this document. Meng Dan, Guo Tao, Zhang Xiaodan, Gu Jian, Zhou Xi, Hu Jingyuan, Han Jizhong, Zhao Yunxia, He Yingrui, Yao Xiangzhen,
Guo Xiaolei, Wei Wei, Huo Shanshan, Suo Yanfeng, Zhang Yuanyuan, Ma Qingdong, Zhou Wei, Wang Yuhang, Di Liqing, Ren Zejun, Lu Honglei, Shi Hongbin, Liu Zongzhen,
Zhang Huaping, Wang Hongbing, Chen Yan, Zhang Haikuo, He Ming, Mi Wei, Chen Jiazhen, Tang Xuehai, Dai Jiao, Lin Junyu, Zhang Chao, Wang Danchen, Zhang Yan, Cai Liang,
Li Wei, Chen Xiaofeng, Zhu Zhuo, Deng Ting, Xue Junli, Chen Hongbo, Gao Rui, Jiang Yi, Li Mingju, Bai Xiaoyuan, Li Min, Wang Shaojie, Wang Ting.
Information Security Technology
General requirements for Internet information service security
1 Scope
This document specifies general security requirements for Internet information services, including security technical requirements and security assurance requirements.
This document is suitable for Internet information service providers to carry out Internet information service security construction and security assessment, including security management systems
Degree and technical safeguard measures.
2 Normative references
The contents of the following documents constitute the indispensable clauses of this document through normative references in the text. Among them, dated quotations
Only the version corresponding to that date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
This document.
GB/T 22239-2019 Information Security Technology Network Security Level Protection Basic Requirements
GB/T 25069 Information Security Technical Terms
GB/T 35273-2020 Information Security Technology Personal Information Security Specification
3 Terms and definitions
The following terms and definitions defined in GB/T 25069 and GB/T 35273-2020 apply to this document.
3.1
Internetinformationservice
Based on relevant technical and functional attributes such as information release, interaction, and dissemination, open scene information provided to the public through the Internet
service.
Note. Common forms of Internet information services include content release, comment evaluation, information sharing, recommendation push, content search, communication group, webcast, etc.
3.2
Information generation
The activities of collecting and editing information for the purpose of providing Internet information services.
3.3
Information processing
The activities of identifying, filtering, grading and categorizing information in accordance with established rules.
3.4
Information release
An activity that uses the Internet to provide information to individuals or organizations in a public setting.
3.5
Information dissemination
The activity of disseminating and spreading information through the Internet.
Price & DeliveryUS$439.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 40645-2021: Information security technology - General requirements for security of internet information services
Status: Valid
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 40645-2021_English be delivered?Answer: Upon your order, we will start to translate GB/T 40645-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 40645-2021_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 40645-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |