Chinese Standards Shop Partner of Google-Books Database: 169760 (Nov 9, 2019)
 HOME   Quotation   Tax   Examples Standard-List   Contact-Us   View-Cart
  

JR/T 0072-2012

Chinese Standard: 'JR/T 0072-2012'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusRelated Standard
JR/T 0072-2012English2450 Add to Cart 0--15 minutes. Auto immediate delivery. Testing and evaluation guide for classified protection of information system of financial industry Valid JR/T 0072-2012
JR/T 0072-2012ChineseRFQ ASK <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

 JR/T 0072-2012 -- Click to view a PDF In 0~10 minutes time, full copy of this English-PDF will be auto-immediately delivered to your email by our cloud-server.  
Detail Information of JR/T 0072-2012; JR/T0072-2012
Description (Translated English): Testing and evaluation guide for classified protection of information system of financial industry
Sector / Industry: Finance Industry Standard (Recommended)
Classification of Chinese Standard: A11
Classification of International Standard: 03.060
Word Count Estimation: 590,585
Quoted Standard: GB/T 22239-2008; JR/T 0003-2001; JR/T 0013-2004; JR/T 0011-2004; JR/T 0023-2004; JR/T 0026-2006; JR/T 0044-2008; JR/T 0055.4-2009
Drafting Organization: ?People's Bank of China Science and Technology Division
Administrative Organization: National Financial Standardization Technical Committee
Regulation (derived from): Industry standard filing Notice 2012 No. 8 (No. 152 overall)
Summary: This standard stipulates the financial industry to the information system security level protection evaluation evaluation requirements, including the second level information system, the third pole information system and the fourth quarter information system security evaluation evaluation unit evaluation requirements and information system overall evaluation requirements, etc. The According to the financial industry information system grading situation, there is no five-level system, and the system does not need to go to the public security organs for the record, not as the focus of evaluation. This standard omits the specific content requirements for unit evaluation of the first quarter information system and the fifth level information system. This standard is applicable to the safety evaluation and evaluation of the information security level of the information system for the self-evaluation (such as the secondary information system) and the information security evaluation service organization (into the third and fourth level information systems).

JR/T 0072-2012
JR
ICS 03.060
A 11
INDUSTRY STANDARDS OF
THE PEOPLE’S REPUBLIC OF CHINA
Testing and Evaluation Guide for Classified
Protection of Information System of Financial
Industry
金融行业信息系统信息安全等级保护测评指南
ISSUED ON. JULY 06, 2012
IMPLEMENTED ON. JULY 06, 2012
Issued by. THE PEOPLE'S BANK OF CHINA
How to BUY & immediately GET a full-copy of this standard?
2. Search --> Add to Cart --> Checkout (3-steps);
3. No action is required - Full-copy of this standard will be automatically &
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 6 
Introduction ... 7 
1 Scope ... 8 
2 Normative references ... 8 
3 Overview ... 9 
3.1 Evaluation contents ... 9 
3.2 Evaluation object ... 10 
3.3 Evaluation index ... 10 
3.4 Evaluation method ... 10 
3.4.1 Field evaluation method ... 11 
3.4.2 Risk analysis method ... 11 
3.5 Class-evaluation risk ... 12 
3.5.1 Verification evaluation that impacts normal operation of system ... 12 
3.5.2 Tool evaluation that impacts normal operation of system ... 12 
3.5.3 Sensitive information leakage ... 12 
4 Class-evaluation process ... 12 
4.1 Evaluation preparation ... 12 
4.2 Program preparation ... 13 
4.3 Field evaluation activity ... 13 
4.4 Analysis and report preparation activity ... 13 
5 Evaluation preparation ... 13 
5.1 Project initiation ... 13 
5.2 Information collection and analysis ... 14 
5.3 Tools and forms preparation ... 14 
6 Evaluation program ... 14 
6.1 Determination of evaluation object ... 14 
6.2 Determination of evaluation indexes ... 15 
6.2.1 Types of security control indicators of second-level information
system. ... 16 
6.2.2 Types of security control indicators of third-level information system.
... 16 
6.2.3 Types of security control indicators of fourth-level information
system. ... 17 
6.3 Determination of evaluation tool’s access-point ... 17 
6.4 Determination of unit-evaluation content ... 18 
6.5 Evaluation program preparation ... 18 
7 Field evaluation ... 19 
7.1 Unit-evaluation ... 19 
7.1.1 Unit-evaluation for second-level information system ... 19 
7.1.1.1 Security technology evaluation ... 19 
7.1.1.1.1 Physical security ... 19 
7.1.1.1.2 Network security ... 30 
7.1.1.1.3 Host security ... 37 
7.1.1.1.4 Application security ... 45 
7.1.1.1.5 Data security and backup recovery ... 53 
7.1.1.2 Security management evaluation ... 57 
7.1.1.2.1 Security management system ... 57 
7.1.1.2.2 Security management institution ... 60 
7.1.1.2.3 Personnel security management ... 65 
7.1.1.2.4 System construction management ... 70 
7.1.1.2.5 System operation-maintenance management ... 80 
7.1.2 Unit-evaluation for third-level information system... 97 
7.1.2.1 Security technology evaluation ... 97 
7.1.2.1.1 Physical security ... 97 
7.1.2.1.2 Network security ... 113 
7.1.2.1.3 Host security ... 123 
7.1.2.1.4 Application security ... 136 
7.1.2.1.5 Data security and backup recovery ... 148 
7.1.2.2 Security management evaluation ... 153 
7.1.2.2.1 Security management system ... 153 
7.1.2.2.2 Security management mechanism ... 156 
7.1.2.2.3 Personnel security management ... 165 
7.1.2.2.4 System construction management ... 171 
7.1.2.2.5 System operation management ... 186 
7.1.3 Unit-evaluation for fourth-level information system ... 210 
7.1.3.1 Security technology evaluation ... 210 
7.1.3.1.1 Physical security ... 210 
7.1.3.1.2 Network security ... 228 
7.1.3.1.3 Host security ... 240 
7.1.3.1.4 Application security ... 254 
7.1.1.1.5 Data security and backup recovery ... 268 
7.1.3.2 Security management evaluation ... 274 
7.1.3.2.1 Security management system ... 274 
7.1.3.2.2 Security management institution ... 278 
7.1.3.2.3 Staff security management ... 287 
7.1.3.2.......
Related standard:   JR/T 0065-2019  JR/T 0066.1-2019
   
 
Privacy   ···   Product Quality   ···   About Us   ···   Refund Policy   ···   Fair Trading   ···   Quick Response
Field Test Asia Limited | Taxed in Singapore: 201302277C | Copyright 2012-2019