Chinese Standards Shop Partner of Google-Books Database: 169760 (Nov 16, 2019)
 HOME   Quotation   Tax   Examples Standard-List   Contact-Us   View-Cart
  

JR/T 0071-2012

Chinese Standard: 'JR/T 0071-2012'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusRelated Standard
JR/T 0071-2012English345 Add to Cart 0--15 minutes. Auto immediate delivery. Implementation guide for classified protection of information system of financial industry Valid JR/T 0071-2012
JR/T 0071-2012Chinese39 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

 JR/T 0071-2012 -- Click to view a PDF In 0~10 minutes time, full copy of this English-PDF will be auto-immediately delivered to your email by our cloud-server.  
Detail Information of JR/T 0071-2012; JR/T0071-2012
Description (Translated English): Implementation guide for classified protection of information system of financial industry
Sector / Industry: Finance Industry Standard (Recommended)
Classification of Chinese Standard: A11
Classification of International Standard: 03.060
Word Count Estimation: 120,191
Quoted Standard: GB/T 22239-2008; GB/T 25069; JR/T 0003-2001; JR/T 0013-2004; JR/T 0023-2004; JR/T 0044-2008; JR/T 0055.4-2009
Drafting Organization: ?People's Bank of China Science and Technology Division
Administrative Organization: National Financial Standardization Technical Committee
Regulation (derived from): Industry standard filing Notice 2012 No. 8 (No. 152 overall)
Summary: This standard applies to the system planning and construction departments (business and technology), application development departments, system operation departments, safety management departments, system use departments, internal supervision and auditing departments of financial institutions (including their branches). But also as information security functions of the department to monitor, check and guide the basis. With the addition of content

JR/T 0071-2012
JR
FINANCIAL INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 03.060
A 11
Implementation guide for classified protection of
information system of financial industry
金融行业信息系统信息安全等级保护实施指引
ISSUED ON. JULY 6, 2012
IMPLEMENTED ON. JULY 6, 2012
Issued by. The People's Bank of China
Table of Contents
Foreword ... 4 
Introduction ... 5 
1 Scope ... 6 
2 Normative references ... 6 
3 Terms and definitions ... 8 
3.1 Sensitive data ... 8 
3.2 Risk ... 8 
3.3 Security policy... 8 
3.4 Security requirement... 9 
3.5 Integrity ... 9 
3.6 Availability ... 9 
3.7 Weak password ... 9 
4 Guide Preparation Policy ... 9 
4.1 National requirements of classified protection ... 9 
4.1.1 Basic requirements ... 10 
4.1.2 Design requirements ... 12 
4.2 Guidelines ... 13 
4.2.1 Necessity of defense-in-depth design ... 15 
4.2.2 Significance of the combination between basic requirements and
defense-in-depth design ... 15 
5 Information Security Assurance Framework ... 16 
5.1 General ... 16 
5.2 Technical system ... 18 
5.2.1 Computing environment ... 19 
5.2.2 Zone boundary ... 21 
5.2.3 Communication network ... 22 
5.2.4 Supporting facilities ... 22 
5.3 Management system ... 22 
6 Protection Requirements ... 24 
6.1 Level II requirements ... 24 
6.1.1 Technical requirements ... 24 
6.1.2 Management requirements ... 32 
6.2 Level III requirements ... 48 
6.2.1 Technical requirements ... 48 
6.2.2 Management Requirements ... 65 
6.3 Level IV requirements ... 90 
6.3.1 Technical requirements ... 90 
6.3.2 Management requirements ... 109 
Appendix A (Informative) Implementation Measures for Classified Protection
... 137 
A.1 Network security ... 137 
A.1.1 Level II requirements and measures ... 137 
A.1.2 Level III requirements and measures ... 145 
A.1.3 Level IV requirements and measures ... 158 
A.2 Host security ... 171 
A.2.1 Level II requirements and measures ... 171 
A.2.2 Level III requirements and measures ... 177 
A.2.3 Level IV requirements and measures ... 186 
A.3 Application security ... 196 
A.3.1 Level II requirements and measures ... 196 
A.3.2 Level III requirements and measures ... 201 
A.3.3 Level IV requirements and measures ... 209 
A.4 Data security... 219 
A.4.1 Level II requirements and measures ... 219 
A.4.2 Level III requirements and measures ... 220 
A.4.3 Level IV requirements and measures ... 222 
Appendix B (Informative) Selection of Security Requirements of Financial
Industry and the Use Instructions ... 225 
Bibliography ... 229 
Foreword
This Standard is the first standard of the series "Classified Protection of
Information System for Financial Industry". The structures and names of this
series of standards are as follows.
Implementation Guide for Classified Protection of Information System of
Financial Industry;
Guidance on Assessment of Classified Protection of Information System for
Financial Industry;
Guide for Assessment Service Security of Classified Information Security
Protection of Financial Industry.
This Standard was drafted according to the rules given in GB/T 1.1-2009.
This Standard was proposed by the People's Bank of China.
This Standard shall be under the jurisdiction of the National Technical
Committee on Finance of Standardization Administration of China.
Main drafting organization of this Standard. The Science and Technology
Department of the People's Bank of China.
Drafting organization of this Standard. China Financial Computerization Corp.
Main drafters of this Standard. Wang Yonghong, Wang Xiaoqing, Zhang Yongfu,
Wang Xiaoyan, Wang Haitao, Yang Jian, Bai Zhiyong, Shen Like, Xu Ming, Xu
Ziqiang, Qiu Ningning, Li Fan, Zheng Kaiyi, Chen Guanghui, Zhao Yibin, Yang
Ying, Zhou Qingbin.
This Standard is first-time issued.
Introduction
Important information systems of financial industry are concerned in national
welfare and people's livelihood, and are the principal objects of national
information security protection. National functions for supervising information
security are required to guide and supervise the information security protection
works for their important information and information systems.
Classified protection of information security, a basic system for information
security assurance works, shall be run by the financial industry as one of the
important information system industries. The progressing of classified
protection for financial information security requires supports from a series of
standard systems appropriate to the classified protection of financial industry,
so as to regulate and supervise the operation of the classified protection. In this
regard, the Science and Technology Department of the People's Bank of China
has organized experts and technical personnel in classified security protection,
allowing for the national systems and standards on classified protection of
information security, so as to develop industry standards and implementation
guidelines for the classified protection which are appropriate to the
characteristics of financial industry and are practicable. According to the
information system rating in financial industry, there is no Level V system; Level
I systems are exempted from registration with pu......
Related standard:   JR/T 0065-2019  JR/T 0066.1-2019
   
 
Privacy   ···   Product Quality   ···   About Us   ···   Refund Policy   ···   Fair Trading   ···   Quick Response
Field Test Asia Limited | Taxed in Singapore: 201302277C | Copyright 2012-2019