Powered by Google-Search & Google-Books www.ChineseStandard.net Database: 169760 (May 8, 2021)
HOME   Quotation   Tax   Examples Standard-List   Contact-Us   Cart

JR/T 0071-2012 (JRT 0071-2012)

Chinese Standard: 'JR/T 0071-2012'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)Related StandardStatusGoogle Book
JR/T 0071-2012English160 Add to Cart 0--10 minutes. Auto-delivered. Implementation guide for classified protection of information system of financial industry JR/T 0071-2012 Obsolete JR/T 0071-2012
JR/T 0071-2012Chinese79 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

  In 0~10 minutes time, full copy of this English-PDF will be auto-delivered to your email. See samples for translation quality.  

Standard ID JR/T 0071-2012 (JR/T0071-2012)
Description (Translated English) Implementation guide for classified protection of information system of financial industry
Sector / Industry Finance Industry Standard (Recommended)
Classification of Chinese Standard A11
Classification of International Standard 03.060
Word Count Estimation 120,171
Quoted Standard GB/T 22239-2008; GB/T 25069; JR/T 0003-2001; JR/T 0013-2004; JR/T 0023-2004; JR/T 0044-2008; JR/T 0055.4-2009
Drafting Organization ?People's Bank of China Science and Technology Division
Administrative Organization National Financial Standardization Technical Committee
Regulation (derived from) Industry standard filing Notice 2012 No. 8 (No. 152 overall)
Summary This standard applies to the system planning and construction departments (business and technology), application development departments, system operation departments, safety management departments, system use departments, internal supervision and auditing departments of financial institutions (including their branches). But also as information security functions of the department to monitor, check and guide the basis. With the addition of content

JR/T 0071-2012
ICS 03.060
A 11
Implementation guide for classified protection of
information system of financial industry
Issued by. The People's Bank of China
Table of Contents
Foreword ... 4 
Introduction ... 5 
1 Scope ... 6 
2 Normative references ... 6 
3 Terms and definitions ... 8 
3.1 Sensitive data ... 8 
3.2 Risk ... 8 
3.3 Security policy... 8 
3.4 Security requirement... 9 
3.5 Integrity ... 9 
3.6 Availability ... 9 
3.7 Weak password ... 9 
4 Guide Preparation Policy ... 9 
4.1 National requirements of classified protection ... 9 
4.1.1 Basic requirements ... 10 
4.1.2 Design requirements ... 12 
4.2 Guidelines ... 13 
4.2.1 Necessity of defense-in-depth design ... 15 
4.2.2 Significance of the combination between basic requirements and
defense-in-depth design ... 15 
5 Information Security Assurance Framework ... 16 
5.1 General ... 16 
5.2 Technical system ... 18 
5.2.1 Computing environment ... 19 
5.2.2 Zone boundary ... 21 
5.2.3 Communication network ... 22 
5.2.4 Supporting facilities ... 22 
5.3 Management system ... 22 
6 Protection Requirements ... 24 
6.1 Level II requirements ... 24 
6.1.1 Technical requirements ... 24 
6.1.2 Management requirements ... 32 
6.2 Level III requirements ... 48 
6.2.1 Technical requirements ... 48 
6.2.2 Management Requirements ... 65 
6.3 Level IV requirements ... 90 
6.3.1 Technical requirements ... 90 
6.3.2 Management requirements ... 109 
Appendix A (Informative) Implementation Measures for Classified Protection
... 137 
A.1 Network security ... 137 
A.1.1 Level II requirements and measures ... 137 
A.1.2 Level III requirements and measures ... 145 
A.1.3 Level IV requirements and measures ... 158 
A.2 Host security ... 171 
A.2.1 Level II requirements and measures ... 171 
A.2.2 Level III requirements and measures ... 177 
A.2.3 Level IV requirements and measures ... 186 
A.3 Application security ... 196 
A.3.1 Level II requirements and measures ... 196 
A.3.2 Level III requirements and measures ... 201 
A.3.3 Level IV requirements and measures ... 209 
A.4 Data security... 219 
A.4.1 Level II requirements and measures ... 219 
A.4.2 Level III requirements and measures ... 220 
A.4.3 Level IV requirements and measures ... 222 
Appendix B (Informative) Selection of Security Requirements of Financial
Industry and the Use Instructions ... 225 
Bibliography ... 229 
This Standard is the first standard of the series "Classified Protection of
Information System for Financial Industry". The structures and names of this
series of standards are as follows.
Implementation Guide for Classified Protection of Information System of
Financial Industry;
Guidance on Assessment of Classified Protection of Information System for
Financial Industry;
Guide for Assessment Service Security of Classified Information Security
Protection of Financial Industry.
This Standard was drafted according to the rules given in GB/T 1.1-2009.
This Standard was proposed by the People's Bank of China.
This Standard shall be under the jurisdiction of the National Technical
Committee on Finance of Standardization Administration of China.
Main drafting organization of this Standard. The Science and Technology
Department of the People's Bank of China.
Drafting organization of this Standard. China Financial Computerization Corp.
Main drafters of this Standard. Wang Yonghong, Wang Xiaoqing, Zhang Yongfu,
Wang Xiaoyan, Wang Haitao, Yang Jian, Bai Zhiyong, Shen Like, Xu Ming, Xu
Ziqiang, Qiu Ningning, Li Fan, Zheng Kaiyi, Chen Guanghui, Zhao Yibin, Yang
Ying, Zhou Qingbin.
This Standard is first-time issued.
Important information systems of financial industry are concerned in national
welfare and people's livelihood, and are the principal objects of national
information security protection. National functions for supervising information
security are required to guide and supervise the information security protection
works for their important information and information systems.
Classified protection of information security, a basic system for information
security assurance works, shall be run by the financial industry as one of the
important information system industries. The progressing of classified
protection for financial information security requires supports from a series of
standard systems appropriate to the classified protection of financial industry,
so as to regulate and supervise the operation of the classified protection. In this
regard, the Science and Technology Department of the People's Bank of China
has organized experts and technical personnel in classified security protection,
allowing for the national systems and standards on classified protection of
information security, so as to develop industry standards and implementation
guidelines for the classified protection which are appropriate to the
characteristics of financial industry and are practicable. According to the
information system rating in financial industry, there is no Level V system; Level
I systems are exempted from registration with pu......
Related standard: JR/T 0068-2020    JR/T 0065-2019
Related PDF sample: JR/T 0072-2012    JR/T 0073-2012