|
US$1119.00 ยท In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
HJ 729-2014: Security specification of environmental information system
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| HJ 729-2014 | English | 1119 |
Add to Cart
|
7 days [Need to translate]
|
Security specification of environmental information system
| Valid |
HJ 729-2014
|
Standard similar to HJ 729-2014 HJ 511 HJ 945.3 HJ 943 Basic data | Standard ID | HJ 729-2014 (HJ729-2014) | | Description (Translated English) | Security specification of environmental information system | | Sector / Industry | Environmental Protection Industry Standard | | Word Count Estimation | 43,443 | | Date of Issue | 12/25/2014 | | Date of Implementation | 3/1/2015 | | Regulation (derived from) | Ministry of Environmental Protection notice 2014 No. 87 | | Issuing agency(ies) | Ministry of Ecology and Environment | HJ 729-2014: Security specification of environmental information system---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Security specification of environmental information system
National Environmental Protection Standard of the People 's Republic of China
Environmental Information System Security Technical Specification
2014-12-25 release
2015-03-01 Implementation
Ministry of Environmental Protection released
Directory
Preface .ii
1 Scope of application
2 normative reference documents
3 Terms and Definitions
4 protection object .2
5 safety objectives
6 overall safety architecture 3
7 Information security protection method
8 Physical security .7
9 network security .9
10 Host Security 12
11 application safety
12 Data Security and Backup Recovery
System construction
14 system operation and maintenance 21
Appendix A (Normative Appendix) Environmental Information System Terminals and Office Security Requirements
Appendix B (normative) Environmental information systems Different levels of safety requirements
Appendix C (Informative Annex) Examples of Safety Building for Large Environmental Information Systems
Foreword
To implement the "Environmental Protection Law of the People's Republic of China" to promote environmental information work, strengthen and regulate the environmental letter
Safety system construction and management, to ensure the safety of environmental information systems, the development of this standard.
This standard specifies the physical security of the environmental information system, network security, host security, application security, data security and
Backup and recovery, system construction, system operation and maintenance, terminal and office security aspects of security requirements.
Appendix A and Appendix B of this standard are normative and Appendix C is an informative appendix.
This standard is released for the first time.
This standard is organized by the Ministry of Environmental Protection Science and Technology Standards Division.
The main drafting of this standard. the Ministry of Environmental Protection Information Center, Beijing Shenzhou Green UNITA Technology Co., Ltd.
The Environmental Protection Department of this standard approved on December 25,.2014.
This standard is implemented on March 1,.2015.
This standard is explained by the Ministry of Environmental Protection.
Environmental Information System Security Technical Specification
1 Scope of application
This standard specifies the physical security of the environmental information system, network security, host security, application security, data security and backup recovery,
System construction, system operation and maintenance, terminal and office security security requirements.
This standard applies to the national environmental protection business network within the environmental information system planning, design, development, operation and maintenance of the various stages
segment.
2 normative reference documents
The contents of this standard refer to the following documents or their terms. For undated references, the valid version applies to this standard.
Information technology - Glossary GB/T 5271.8-2001
Classification of safety information for computer information systems GB/T 17859-1999
Information security technology - Network - based security - Technical requirements GB/T
Information security technology - Information systems - General safety technical requirements GB/T 20271-2006
Information security - Technical information systems - Safety engineering management requirements GB/T 20282-2006
Information systems - Disaster recovery specification GB/T 20988-2007
Information security - Technical information systems - Physical safety - Technical requirements GB/T
Information system - Security level - Basic requirements for protection GB/T 22239-2008
Information security - Technical information systems - Safety - rating - Guidelines for the protection of grading GB/T 22240-2008
Information security - Technical information system - Level protection - Safety design - Technical requirements GB/T 25070-2010
Code for design of power supply and distribution system GB/T
Code for design of room for electronic information system GB/T 50174-2008
Guide for Environmental Information Standard
3 terms and definitions
GB/T 5271.8-2001 Section VIII. Terms and definitions established in safety, and the following terms and definitions apply to this standard.
3.1 information system information system
The sum of the entire infrastructure, organizational structure, personnel, and components used to collect, process, store, transmit, distribute, and deploy information.
3.2 Information system security information system security
Use reasonable security measures to protect information from information systems that are not accessed by unauthorized users during storage, processing, or transmission, and
To ensure that authorized users can use the system properly.
3.3 confidentiality confidentiality
The nature of the data, indicating the extent to which the data is not provided or not disclosed to an unauthorized person, process, or other entity.
3.4 integrity integrity
To ensure that information and information systems are not intentionally or unintentionally altered or destroyed.
3.5 availability availability
To ensure that information and communication services can be used as expected.
3.6 security domain security domain
A logical range or area where the information units in the same security zone have the same or similar security level or security requirements
The administrator of the security service defines and implements a unified security policy. It is an area that is divided from the point of view of the security policy.
Threatening threat
From outside the information system, through unauthorized access, destruction, disclosure, data modification and/or denial of service to information systems
Any environment or event that causes potential harm.
3.8 risk risk
The performance is a possibility that is determined by the likelihood of a threat, the adverse effects that can be caused by the threat, and the severity of the impact.
4 protection object
Environmental information system security protection object, including the national environmental protection business within the scope of the network of information networks, business systems, environmental information
And its physical environment, supporting infrastructure and safety equipment and so on.
4.1 Environmental Information Network
Environmental information system security protection network object is the national environmental protection business network within the scope of the various information networks, national environmental protection
Business network, including national, provincial, city, county four, network structure shown in Figure 1.
Figure 1 Schematic diagram of the network structure of the environmental protection business network
4.2 Environmental Information Application System
Environmental information system security protection business object is the environment information system to run various types of environmental business application system, according to HJ 511-2
009, environmental information system according to business application type can be divided into environmental protection core business application system and integrated application system two categories, including.
A) Environmental protection core business applications include environmental monitoring management, pollution monitoring and management, ecological protection management, nuclear safety and radiation
Management, environmental emergency management information system. The role of each system are.
1) Environmental monitoring management information system for the realization of the national environmental quality data (including ambient air, surface water, groundwater,
Sound environment, coastal waters, acid rain, dust storms and other data) management, and covers ecological monitoring, pollution monitoring and other business;
2) pollution control management information system covering pollution control management, environmental monitoring and management and environmental impact assessment and environmental statistics, etc.
business;
3) Ecological protection management information system covers regional ecological environment management, rural environmental protection management, biodiversity conservation and so on
Service
4) Nuclear safety and radiation management information system covers nuclear facilities and materials supervision and management, radioactive source supervision and management, radiation environmental monitoring
management;
5) environmental emergency management information system covering environmental emergency command and dispatch, environmental emergency monitoring and management, environmental emergency decision support,
Environmental emergency site disposal management, environmental emergency assessment after the business.
B) The comprehensive application system of environmental protection includes all kinds of administrative office management information system, environmental protection government website, environmental science and technology management letter
Policy system, environmental policy and regulations management information system, environmental finance and asset management information system and environment foreign affairs management information system
And so on, for the core business applications to provide support and service applications.
4.3 Environmental information
The information object of environmental information system security protection is all kinds of business and office information in environmental information system, among which information type is divided into public
Open information and departmental information, according to different types of information should take different protective measures, of which.
Public information is on the Internet can be fully open to the public environmental information, the protection of public information should ensure the integrity of the information and
Availability.
Departmental information is limited to access to environmental protection departments at all levels, including the work should not be public information, the government's trade secrets, a
Privacy and so on. Department of information is divided into departmental public information and departmental control of two kinds of information, departmental public information to allow all levels of environmental protection departments
Personnel visits, departmental controlled letters need to be authorized to allow environmental protection departments at all levels to access.
5 safety objectives
Environmental Information System Safety objective is to maintain the sustainable availability and reliability of environmental information systems and to provide for the normal operation of national environmental protection
Strong support, protection of environmental information systems in the information network, business systems, environmental information and its physical environment, supporting infrastructure
Facilities and facilities, etc., to prevent illegal attacks and damage from inside and outside.
Environmental information system security construction should be consistent with the relevant requirements of the national information security standards, in accordance with the relevant provisions of national level protection,
Test the international safety standards, and to risk prevention as the core to strengthen the construction of environmental information security. Information on environmental information systems
The issue of confidentiality shall be subject to the relevant provisions of national secrecy.
6 overall safety architecture
Environmental information system security system based on the risk assessment, through the safety management system, the construction of security technology system is not
The same level of protection of objects, different security domain security. Environmental information system security system shown in Figure 2.
Figure 2 environmental information system security system
The construction of safety management system should be carried out in the maintenance and operation phase of information system construction and information system, including safety system, safety organization, person
Security technology system should include physical security, network security, host security, application security, data security and backup recovery,
Safety technology system construction should attach importance to the development of unified support platform, all kinds of security technology and products and centralized security management platform construction.
This standard is based on the basic requirements of the national level protection on the basis of the environmental information system security requirements of the technical requirements, including
Including physical security, network security, host security, application security, data security and backup and recovery, information system construction, information system operation and maintenance
Of the safety requirements, where the terminal and office security according to Appendix A implementation. The environmental information system in the security construction process according to Appendix B phase
Level of security requirements for the implementation of security protection.
7 Information security protection method
7.1 Features of environmental information systems
According to the environmental protection work characteristics, environmental information system has some special safety requirements, in the security construction process should consider the following
Features.
A) to meet the environmental monitoring, environmental statistics, ecological monitoring and other business needs, for the environmental monitoring business information network, system and set
Should consider the safety requirements of mobile monitoring, remote operation and office;
B) More stringent safety technical measures should be implemented in the information systems for nuclear safety and radiation management in the environmental protection business;
C) Emergency enforcement of environmental emergency response to environmental incidents, information systems and facilities for emergency command should strengthen security and security
Set up to enhance business reliability protection;
D) The national environmental protection business network may be interconnected with other information systems, networks and applications according to the needs of the business.
Through strict security technology and management measures to ensure that external access to the information system will not be caused by the national environmental protection business network
Adverse effects
E) Environmental information including environmental monitoring, environmental statistics, environmental assessment, basic geographic information, etc. is the environmental protection business base
Should be related to the implementation of data security, to ensure data security.
For the environmental protection business-specific business system security protection, in the implementation of national level protection on the basis of information security should be through the wind
Risk assessment to identify risk factors, to take targeted safety protection measures.
7.2 Environmental information system security construction requirements
The construction of environmental information system shall conform to the requirements of GB/T 22240-2008, correctly classify the environmental information system security level, and according to the grade
Protection of the requirements of the design, construction, operation and maintenance work.
The construction of environmental information system should follow the relevant regulations of GB/T 17859-1999, GB/T 20271-2006 and GB/T 22239-2008
set.
Should be based on the importance of environmental information and different categories, to take different protective measures, the implementation of classification protection; according to the information system and the number
According to the importance of the sub-domain storage, the implementation of sub-domain protection and inter-domain security exchange, the implementation of sub-domain control.
According to the relevant requirements of national level protection, environmental information system does not allow storage, transmission, processing of national secret information.
7.3 Safety construction implementation method
According to the relevant requirements of the level of protection, the implementation of environmental information system security construction method is.
A) determining the safety level of the environmental information system according to the classification rules protected by the information security level;
B) determining the basic safety requirements corresponding to the information system security level, in accordance with the information security level protection requirements;
C) risk and implementation of information systems based on the basic security requirements of the information system and the integration of environmental information systems security technical requirements
The cost of safety protection measures, the customization of safety protection measures, the identification of safety protection measures applicable to specific environmental information systems,
According to the relevant requirements of the specification to complete the planning, design, implementation, acceptance and operation.
7.4 Safety construction implementation process
The implementation process of environmental information system security construction includes grading stage; planning and design stage; implementation, grade evaluation and improvement stage.
7.4.1 The first stage. rating
The grading stage consists of two steps.
A) Information system identification and description
A clear understanding of the environmental information system, according to the need to complex environmental information system can be decomposed into environmental information subsystem, description system and
The composition and boundaries of subsystems.
B) Level determination
Environmental information system information security level protection work implementation industry guidance, territorial management. Ministry of Environmental Protection and subordinate units, the provincial level
Environmental Protection Department (bureau) in accordance with the national information security level protection system requirements, responsible for the region related information system security level protection workers
For guidance and management. In accordance with the "who is in charge, who is responsible, who is operating, who is responsible" to determine the information security responsibility.
The determination of each unit level protection object, the determination of the object and the severity of the infringement, the final grade, etc.
Standard implementation of the process required in GB/T 22240-2008.
The level of security of the environmental information system is determined by two grading elements. the object of the level of protection is infringed and the object
The degree of infestation. The objects to which the protected object is infringed are. the legitimate rights of citizens, legal persons and other organizations;
Social order, public interest; national security three aspects.
The degree of abuse of the object by the objective aspects of the external performance of a comprehensive decision. Because the object of the violation is through the level of protection object
Of the destruction of the realization, therefore, the object of the external manifestations of the object for the protection of the level of protection of the destruction of the way through the harm, harm the consequences and
The degree of damage to be described. The degree to which an object is protected from damage is attributable to the general cause of damage;
Harm; cause serious damage to the three cases.
The relationship between rating factor and environmental information system security level is shown in Table 1.
Table 1 The relationship between the rating factor and the level of security protection
Damage to the object when the business information or system services are damaged
The object of infringing damage is particularly damaging to serious damage
Citizens, legal persons and other organizations of the first level of the second level of the first level
Social order, public interest second level third level fourth level
National Security Level 3 Level 4 Level 5
The security level of the environmental information system as a target is higher by the service information security level and the higher service security level of the system
Decision.
7.4.2 Phase II. Planning and Design
The planning and design phase consists of three steps, namely.
A) Establishment of the information system sub-domain protection framework
Through the environmental information system for security domain division, the protection of object classification, the establishment of environmental information system sub-domain protection framework.
B) Select and adjust safety measures
According to the environmental information system and subsystem security level, select the corresponding level of basic security requirements, and according to the risk assessment results,
Comprehensive balance of security risks and costs, as well as the specific security requirements of the information systems, selection and adjustment of safety measures to determine the environmental information system,
Subsystems and various types of protection objects.
C) safety planning and program design
According to the identified security measures, the development of safety measures to implement the plan, and the development of security technology solutions and security management solutions.
7.4.3 Phase III. implementation, rating assessment ...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of HJ 729-2014_English be delivered?Answer: Upon your order, we will start to translate HJ 729-2014_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of HJ 729-2014_English with my colleagues?Answer: Yes. The purchased PDF of HJ 729-2014_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|