|
US$199.00 ยท In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
MHT4018.7-2012: Technical standards for air traffic management of civil aviation management information system - Part 7: Data Security
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| MH/T 4018.7-2012 | English | 199 |
Add to Cart
|
3 days [Need to translate]
|
Technical standards for air traffic management of civil aviation management information system - Part 7: Data Security
| Valid |
MH/T 4018.7-2012
|
Standard similar to MHT4018.7-2012 MH/T 4038 MH/T 4015 MH/T 4019 Basic data | Standard ID | MH/T 4018.7-2012 (MH/T4018.7-2012) | | Description (Translated English) | Technical standards for air traffic management of civil aviation management information system - Part 7: Data Security | | Sector / Industry | Civil Aviation Industry Standard (Recommended) | | Classification of International Standard | 03.220.50 | | Word Count Estimation | 8,827 | | Date of Issue | 19/1/2012 | | Date of Implementation | 1/5/2012 | | Issuing agency(ies) | Civil Aviation Administration of China | MHT4018.7-2012: Technical standards for air traffic management of civil aviation management information system - Part 7: Data Security
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Technical standards for air traffic management of civil aviation management information system-Part 7.Data Security
ICS 03.220.50
V 54
MH
Civil Aviation Industry Standard of the People's Republic of China
Civil Aviation Air Traffic Management
Management Information System Technical Specifications
Part 7.Data Security
Part 7.Data Security
Released on.2012-01-19
2012-05-01 implementation
Issued by Civil Aviation Administration of China
Foreword
MH/T 4018 "Civil Aviation Air Traffic Management Information System Technical Specifications" is divided into the following parts.
--Part 1 System Data and Interface;
--Part 2 System and Network Security;
--Part 3 System Network and Access;
--Part 4 GNSS integrity monitoring data interface;
--Part 5 Electronic official document exchange interface;
-Part 6 Personnel Data Exchange;
--Part 7 Data Security.
This part is part 7 of MH/T 4018.
This section was drafted in accordance with the rules given in GB/T 1.1-2009.
This part is proposed and interpreted by the Air Traffic Management Bureau of the Civil Aviation Administration of China.
This part was approved by the Aircraft Airworthiness Certification Department of the Civil Aviation Administration of China.
This part is under the jurisdiction of the China Academy of Civil Aviation Science and Technology.
Drafting organizations of this section. Air Traffic Management Bureau of Civil Aviation Administration of China, Chengdu Civil Aviation Management Technology Development Co., Ltd.
The main drafters of this section. Qi Ming, Chen Chaoyong, Li Feng, Xiao Ying, Tang Yi, Duan Peichao, Wang Qiang.
Technical Specifications for Civil Aviation Air Traffic Management Information System
Part 7.Data Security
1 Scope
This part of MH/T 4018 specifies the data transmission and storage of civil aviation air traffic management (hereinafter referred to as air traffic management) management information system.
Data security classification and protection measures during storage and use.
This section applies to the safety management of air traffic management information system data in transmission, storage and use.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 22081-2008 Information Technology Security Technical Information Security Management Practical Rules
GB/T 22239-2008 Information Security Technology Information System Security Level Protection Basic Requirements
3 Terms and definitions
The following terms and definitions defined in GB/T 22239-2008 and GB/T 22081-2008 apply to this document.
3.1
Data security
Security control for data transmission, storage and use process, including data secure storage, data encrypted transmission, data backup and recovery
And other mechanisms.
3.2
Object
The object of the infringement when the data is damaged.
4 Data security rating
4.1 Rating elements
4.1.1 The data security level is determined by two grading elements. the object infringed when the data is damaged and the degree of infringement on the object.
4.1.2 The objects infringed when the data is damaged include.
a) The legitimate rights and interests of citizens, legal persons and other organizations;
b) The legitimate rights and interests of air traffic control units;
c) Social order and public interest.
4.1.3 The degree of infringement on the object is determined by the different external manifestations of objective aspects. The degree of infringement includes.
a) Especially serious violation;
b) Serious violation;
c) General violations.
Refer to 4.2.4.3 for the definition of the degree of infringement.
4.2 Grading method
4.2.1 Grading process
The data security level grading process is.
a) Determine the grading object;
b) Determine the object infringed when the data is damaged;
c) According to different infringed objects, assess the degree of infringement of data security on the object from multiple aspects;
d) Determine the data security level.
4.2.2 Determination of rating objects
The grading object is the data involved in the air traffic management information system that needs to be graded.
4.2.3 Determination of the infringed object
The objects infringed when the rating object is destroyed are.
a) Violation of social order and public interest includes.
1) Affect the normal life order of the public under legal constraints and ethics;
2) Affect the work order of air traffic control management and services;
3) Affect the public's access to the data disclosed by the air traffic management system;
4) Affect the public's acceptance of aviation services;
5) Matters affecting other social order and public interests.
b) Infringement of the interests of air traffic control units includes.
1) Affect the normal business operation of air traffic control units;
2) Affect the reputation of air traffic control units;
3) Other matters affecting the interests of air traffic control units.
c) Infringe upon the legitimate rights and interests of citizens, legal persons and other organizations.
4.2.4 Determination of the degree of infringement
4.2.4.1 The degree of infringement shall be determined according to different infringed objects and consequences of infringement.
4.2.4.2 When judging the degree of infringement.
a) If the infringed object is the legitimate rights and interests of citizens, legal persons or other organizations, the overall interests of the person or the unit should be used as the judgment
Benchmark
b) If the infringed object is the interest of the air traffic control unit, the overall interest of the air traffic control unit or the air traffic control industry should be used as the basis for judgment;
c) If the object of infringement is social order or public interest, the overall interests of the air traffic control industry or the country should be used as the criterion for judgment.
4.2.4.3 The degree of infringement is defined as follows.
a) Particularly serious violations. air traffic control administration, safety management, air traffic control business and operational capabilities are fatally affected or violated, resulting in
Air traffic control business capabilities and operational capabilities have severely declined, and the legitimate rights and interests of citizens, legal persons and other organizations have been seriously affected or infringed,
Greater social impact;
b) Serious violations. severely affect or infringe air traffic control administration, safety management, air traffic control business and operational capabilities, resulting in air traffic control business
Ability and operational capabilities have dropped significantly, the legitimate rights and interests of citizens, legal persons and other organizations have been affected or violated, and the social impact is small;
c) General infringements. affecting or infringing on air traffic control administration, safety management, air traffic control operations and operational capabilities, resulting in operational capabilities and operational capabilities
The ability to operate is slightly reduced, and the legitimate rights and interests of citizens, legal persons, and other organizations are less infringed.
4.2.4.4 Determination of data security level
According to the degree of infringement on the object after the data is destroyed, the data security level includes.
a) Level 3.After data is damaged, the legitimate rights and interests of citizens, legal persons and other organizations or the business and job functions of air traffic control units are affected.
Particularly serious infringement, or serious violation or particularly serious violation of social order and public interest;
b) Level 2.After data is damaged, the legitimate rights and interests of citizens, legal persons and other organizations or the business and work functions of air traffic control units are affected.
Serious violations, or general violations of social order and public interest;
c) Level 1.After data is damaged, the legitimate rights and interests of citizens, legal persons and other organizations or the business and work functions of air traffic control units are affected.
Generally infringe, but not against social order and public interests.
See Table 1 for details.
4.2.5 Rating changes
The data security level should be appropriately changed according to the application environment and the consequences of infringement.
5 Protection measures
5.1 Protection level
The data security protection level is divided into level 3 protection, level 2 protection and level 1 protection. Data with different security levels should be protected at different levels
Measures.
5.2 Level 3 protection
5.2.1 Technical requirements
5.2.1.1 It should be able to authenticate users who use data, and the security requirements for identity authentication should comply with GB/T 22239-2008
The provisions of 7.1.4.1.
5.2.1.2 The access control function shall be provided to control the access to data according to the access policy.
5.2.1.3 A user authorization mechanism shall be provided, and the authorized subject shall configure the access control strategy to strictly restrict the user's default access authority.
5.2.1.4 Users should be granted minimum data access permissions based on business needs.
5.2.1.5 It shall have the function of setting sensitive marks on important information resources.
5.2.1.6 The operation of users on important information resources with sensitive labels shall be strictly controlled in accordance with security policies.
5.2.1.7 The integrity of data communication shall comply with the provisions of 7.1.4.4 in GB/T 22239-2008.
5.2.1.8 The confidentiality of data communication shall comply with the provisions of 7.1.4.5 in GB/T 22239-2008.
5.2.1.9 The integrity of the data shall comply with the provisions of 7.1.5.1 in GB/T 22239-2008.
5.2.1.10 The confidentiality of data shall comply with the provisions of 7.1.5.2 of GB/T 22239-2008.
5.2.1.11 Local data backup and recovery functions shall be provided, and full data backup shall be provided at least once a day. Backup media should be stored off-site.
5.2.1.12 The remote data backup function shall be provided, and the communication network shall be used to transmit the key data in batches to the alternate site.
5.2.1.13 It should be able to provide redundancy for the main data processing and storage equipment.
5.2.1.14 When the data is damaged and the system cannot work normally, it should be able to use the backup data to restore in a relatively quick time. After recovery
The data should ensure the continuity of the system business.
5.2.1.15 The medium for backing up data should comply with the provisions of 10.5.1 f) in GB/T 22081-2008.
5.2.1.16 The recovery of backup data shall comply with the provisions of 10.5.1 g) in GB/T 22081-2008.
5.2.2 Management requirements
5.2.2.1 The system security management regulations shall include the relevant content of data management.
5.2.2.2 Data operation procedures for data management personnel and operators shall be formulated.
5.2.2.3 The media management specifications shall be established in accordance with 7.2.5.3 of GB/T 22239-2008.
5.2.2.4 Waste media should be treated in accordance with 10.7.2 of GB/T 22081-2008.
5.2.2.5 The backup and recovery management specifications shall be established in accordance with 7.2.5.11 in GB/T 22239-2008.
5.2.2.6 A data security emergency plan shall be established in accordance with 7.2.5.13 in GB/T 22239-2008.
5.2.2.7 It should be ensured that sufficient resources are provided for the implementation of the emergency plan.
5.2.2.8 Data security emergency plan training and drills shall be carried out regularly every year.
5.2.2.9 The content of the emergency plan shall be reviewed regularly every year and updated according to the actual situation.
5.3 Level 2 protection
5.3.1 Technical requirements
5.3.1.1 It should be able to authenticate users who use data, and the security requirements for identity authentication should comply with GB/T 22239-2008
The provisions of 6.1.4.1.
5.3.1.2 The access control function shall be provided to control the access to data according to the access policy.
5.3.1.3 A user authorization mechanism shall be provided, and the authorized subject shall configure the access control strategy to strictly restrict the user's default access authority.
5.3.1.4 Users should be granted minimum data access permissions based on business needs.
5.3.1.5 The integrity of data communication shall comply with the provisions of 6.1.4.4 in GB/T 22239-2008.
5.3.1.6 The confidentiality of data communication shall comply with the provisions of 6.1.4.5 of GB/T 22239-2008.
5.3.1.7 The integrity of the data shall comply with the provisions of 6.1.5.1 of GB/T 22239-2008.
5.3.1.8 The confidentiality of data shall comply with the provisions of 6.1.5.2 of GB/T 22239-2008.
5.3.1.9 It should be able to back up and restore important data.
5.3.1.10 It should be able to provide redundancy for key data processing and storage equipment.
5.3.1.11 When the data is damaged and the system cannot work normally, the backup data should be able to restore the main functions of the system.
5.3.2 Management requirements
5.3.2.1 The system security management regulations shall include the relevant content of data management.
5.3.2.2 Data operation procedures for data management personnel and operators shall be formulated.
5.3.2.3 The media management specifications shall be established in accordance with 6.2.5.3 of GB/T 22239-2008.
5.3.2.4 Waste media should be treated in accordance with 10.7.2 of GB/T 22081-2008.
5.3.2.5 The backup and recovery management specifications shall be established in accordance with 6.2.5.10 in GB/T 22239-2008.
5.3.2.6 A data security emergency plan shall be established in accordance with 6.2.5.12 in GB/T 22239-2008.
5.3.2.7 The data security emergency plan training shall be conducted regularly every year.
5.4 Level 1 protection
5.4.1 Technical requirements
5.4.1.1 It should be able to authenticate users who use data, and the security requirements for identity authentication should comply with GB/T 22239-2008.
The provisions of 5.1.4.1.
5.4.1.2 An access control function shall be provided to control the access of user groups and (or) users to user data.
5.4.1.3 A user authorization mechanism shall be provided, and the authorized subject shall configure the access control strategy to strictly restrict the user's default access authority.
5.4.1.4 The integrity of data communication shall comply with the provisions of 5.1.4.3 in GB/T 22239-2008.
5.4.1.5 The integrity of the data shall comply with the provisions of 5.1.5.1 in GB/T 22239-2008.
5.4.1.6 It should be able to backup and restore important data.
5.4.1.7 When the data is damaged and the system cannot work normally, the backup data should be able to restore the main functions of the system.
5.4.2 Management requirements
5.4.2.1 The system security management regulations shall include the relevant content of data management.
5.4.2.2 The media management specifications shall be established in accordance with 5.2.5.3 of GB/T 22239-2008.
5.4.2.3 The backup and recovery management specifications shall be established in accordance with 5.2.5.8 in GB/T 22239-2008.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of MHT4018.7-2012_English be delivered?Answer: Upon your order, we will start to translate MHT4018.7-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of MHT4018.7-2012_English with my colleagues?Answer: Yes. The purchased PDF of MHT4018.7-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|