Path: Home > MISC > Page104 > GA/T 1390.2-2017

Price & Delivery

US$789.00 · In stock · Download in 9 seconds
GA/T 1390.2-2017: Information security technology—General requirements for classified protection of cyber security—Part 2: Special security requirements for cloud computing
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

Std ID	Version	USD	Buy	Deliver [PDF] in	Title (Description)
GA/T 1390.2-2017	English	789	Add to Cart	7 days [Need to translate]	Information security technology—General requirements for classified protection of cyber security—Part 2: Special security requirements for cloud computing

GA/T 1390.2-2017: Information security technology—General requirements for classified protection of cyber security—Part 2: Special security requirements for cloud computing

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology-General requirements for classified protection of cyber security-Part 2. Special security requirements for cloud computing ICS 35.40 L80 People's Republic of China public safety industry standards Information Security Technology Network Security Level Protection Basics Requirements Part 2. Cloud Computing Security Extensions Requirements cybersecurity-Part 2.Specialsecurityrequirementsforcloudcomputing 2017-05-08 Posted 2017-05-08 Implementation Ministry of Public Security of People's Republic of China released Directory Foreword V. Introduction Ⅵ 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Cloud Computing Security Overview 2 4.1 cloud computing platform 2 4.2 cloud computing platform rating 3 5 Level 1 safety requirements 3 5.1 Technical Requirements 3 5.1.1 Physical and Environmental Safety 3 5.1.2 Network and Communication Security 3 5.1.2.1 Network Architecture 3 5.1.2.2 Access Control 3 5.1.2.3 intrusion prevention 4 5.1.2.4 Security Audit 4 5.1.3 equipment and computing security 4 5.1.3.1 Identification 4 5.1.3.2 Access Control 4 5.1.3.3 Security Audit 4 5.1.3.4 intrusion prevention 4 5.1.3.5 Resource Control 4 5.1.3.6 Mirroring and Snapshot Protection 4 5.1.4 Application and Data Security 4 5.1.4.1 Security Audit 4 5.1.4.2 Resource Control 5 5.1.4.3 Interface Security 5 5.1.4.4 Data Integrity 5 5.1.4.5 Data Confidentiality 5 5.1.4.6 Data backup and recovery 5 5.1.4.7 Residual Information Protection 5 5.2 Management Requirements 5 5.2.1 Security management agencies and personnel 5 5.2.1.1 Authorization 5 5.2.1.2 Personnel recruitment 5 5.2.2 Safety Construction Management 5 5.2.2.1 test and acceptance 5 5.2.2.2 Cloud service provider choice 5.2.2.3 Supply Chain Management 6 5.2.3 Safe Operation Management 6 5.2.3.1 Environmental Management 5.2.3.2 Monitoring and Audit Management 6 6 Level 2 safety requirements 6 6.1 Technical Requirements 6 6.1.1 Physical and Environmental Safety 6 6.1.2 Network and Communication Security 6 6.1.2.1 Network Architecture 6 6.1.2.2 Access Control 7 6.1.2.3 Intrusion Prevention 7 6.1.2.4 Security Audit 7 6.1.3 Equipment and Computing Security 7 6.1.3.1 Identification 7 6.1.3.2 Access Control 7 6.1.3.3 Security Audit 7 6.1.3.4 Intrusion Prevention 7 6.1.3.5 Resource Control 7 6.1.3.6 Mirroring and Snapshot Protection 7 6.1.4 Application and Data Security 8 6.1.4.1 Security Audit 8 6.1.4.2 Resource Control 8 6.1.4.3 Interface Security 8 6.1.4.4 Data Integrity 8 6.1.4.5 Data Confidentiality 8 6.1.4.6 Data backup and recovery 8 6.1.4.7 Residual Information Protection 8 6.2 Management Requirements 8 6.2.1 Security management agencies and personnel 8 6.2.1.1 Authorization 8 6.2.1.2 Personnel recruitment 8 6.2.2 Safety Construction Management 9 6.2.2.1 Test acceptance 9 6.2.2.2 Cloud service provider choice 6.2.2.3 Supply Chain Management 9 6.2.3 Safe Operation Management 9 6.2.3.1 Environmental Management 9 6.2.3.2 Monitoring and Audit Management 9 7 Level 3 Safety Requirements 9 7.1 Technical Requirements 9 7.1.1 Physical and Environmental Safety 9 7.1.2 Network and Communication Security 10 7.1.2.1 Network Architecture 10 7.1.2.2 Access Control 10 7.1.2.3 Intrusion Prevention 10 7.1.2.4 Security Audit 10 7.1.3 Equipment and Computing Security 10 7.1.3.1 Identification 10 7.1.3.2 Access Control 11 7.1.3.3 Security Audit 11 7.1.3.4 Intrusion Prevention 11 7.1.3.5 Malicious Code Prevention 11 7.1.3.6 Resource Control 11 7.1.3.7 Mirroring and Snapshot Protection 11 7.1.4 Application and Data Security 11 7.1.4.1 Security Audit 11 7.1.4.2 Resource Control 12 7.1.4.3 Interface Security 12 7.1.4.4 Data Integrity 12 7.1.4.5 Data Confidentiality 12 7.1.4.6 Data backup and recovery 12 7.1.4.7 Residual Information Protection 12 7.2 Management Requirements 12 7.2.1 Security management agencies and personnel 12 7.2.1.1 Authorization 12 7.2.1.2 Personnel recruitment 12 7.2.2 Security Construction Management 13 7.2.2.1 Security Program Design 13 7.2.2.2 Test acceptance 13 7.2.2.3 Cloud Service Provider Selection 13 7.2.2.4 Supply Chain Management 13 7.2.3 Safe Operation Management 13 7.2.3.1 Environmental Management 13 7.2.3.2 Configuration Management 13 7.2.3.3 Monitoring and Audit Management 14 Level 4 Safety Requirements 14 8.1 Technical Requirements 8.1.1 Physical and Environmental Safety 14 8.1.2 Network and Communication Security 14 8.1.2.1 Network Architecture 14 8.1.2.2 Access Control 14 8.1.2.3 Intrusion Prevention 15 8.1.2.4 Security Audit 15 8.1.3 Equipment and Computing Security 15 8.1.3.1 Identification 15 8.1.3.2 Access Control 15 8.1.3.3 Security Audit 15 8.1.3.4 Intrusion Prevention 15 8.1.3.5 Malicious Code Prevention 15 8.1.3.6 Resource Control 16 8.1.3.7 Mirroring and Snapshot Protection 16 8.1.4 Application and Data Security 16 8.1.4.1 Security Audit 16 8.1.4.2 Resource Control 16 8.1.4.3 Interface Security 16 8.1.4.4 Data Integrity 16 8.1.4.5 Data Confidentiality 16 8.1.4.6 Data backup and recovery 17 8.1.4.7 Residual Information Protection 17 8.2 Management Requirements 17 8.2.1 Security Management Agency and Personnel 17 8.2.1.1 Authorization 17 8.2.1.2 Personnel Recruitment 17 8.2.2 Security Construction Management 17 8.2.2.1 Security Program Design 17 8.2.2.2 Test Acceptance 17 8.2.2.3 Cloud Provider Selection 17 8.2.2.4 Supply Chain Management 18 8.2.3 Safe Operation Management 18 8.2.3.1 Environmental Management 18 8.2.3.2 Configuration Management 18 8.2.3.3 Monitoring and Audit Management 18 Appendix A (Informative) Cloud Computing Platform Security Threats 19 Appendix B (normative) security management responsibilities of different service models 21 Appendix C (normative) This part of the object is applicable 24 References 25

Foreword

GA/T 1390 "Information Security Technology Network Security Level Protection Basics" has been or is planned to release the following sections. --- Part 1. General requirements for safety; --- Part 2. Cloud computing security extension requirements; --- Part 3. Mobile Internet Security Extension Requirements; --- Part 4. IoT Security Extension Requirements; --- Part 5. Industrial control safety requirements for expansion; --- Part 6. Big Data Security Extensions Requirements. This part of GA/T 1390 Part 2. This section drafted in accordance with GB/T 1.1-2009 given rules. This section proposed by the Ministry of Public Security Cyber Security. This part of the Ministry of Public Security Information System Security Standardization Technical Committee. This part of the drafting unit. Ministry of Public Security Information Security Rating Protection Evaluation Center, National Information Center, Ali Cloud Computing Co., Ltd., Chinese Academy of Sciences Information Engineering Institute, Hangzhou H3C Technologies Co., Ltd., Huawei Technologies Co., Ltd., Venus Information Technology Co., Ltd. The main drafters of this section. Zhang Zhenfeng, Ding Zhaohui, Li Ming, Ren Weihong, Hu Juan, Shen Yongbo, Su Yanfang, Chen Feng, Li Yu, Liu Jing, Chen Xuexiu, Gao Yanan, Chen Chi, Yu Jing, Yao Guofu, Huang Min, Duan Weiheng, Guo Chunmei.

Introduction

GB/T 22239-2008 "Information Security Technology Information System Security Level Protection Requirements" in the protection of information security level The process of work has played a very important role, is widely used in various industries and fields to carry out the construction of information security level protection Change and grade evaluation work, but with the development of information technology, GB/T 22239-2008 in timeliness, ease of use, maneuverability required To further improve. In order to adapt to the mobile Internet, cloud computing, big data, Internet of Things and industrial control and other new technologies, the new application of information security level protection Work to be carried out, the need to GB/T 22239-2008 revised, revised ideas and methods for mobile Internet, cloud computing, big data, Internet of Things and industrial control and other new technologies, new application areas proposed extended security requirements. Information Security Technology Network Security Level Protection Basics Requirements Part 2. Cloud Computing Security Extensions Requirements

1 Scope

This part of GA/T 1390 specifies the security protection of cloud computing platforms and cloud tenant business application systems with different levels of security Claim. This section applies to guide the classification of non-classified cloud computing platform and cloud tenant business application system security construction and supervision and management.

2 Normative references

The following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. Computer Information Systems - Security Protection Classification Guidelines GB/T 22239 Information security technology Information system security level protection basic requirements Information security technology information system security level protection grading guide Information technology - Security terminology Information Security Technology Cloud Computing Service Security Guide Information security technology Cloud computing service security capability requirements

3 Terms and definitions

GB 17859-1999, GB/T 25069-2010 and GB/T 31168-2014 as defined by the following terms and definitions apply to This document. For ease of use, some of the terms and definitions in GB/T 31168-2014 are listed below. 3.1 Cloud computing cloudcomputing Access scalable, flexible pool of physical or virtual shared resources over the network and self-service access and management of resources on demand. [GB/T 31168-2014, Definition 3.1] 3.2 Cloud computing infrastructure cloudcomputinginfrastructure An infrastructure of cloud computing that consists of hardware resources and resource abstraction control components. Note 1. Hardware resources include all physical computing resources including servers (CPUs, memory, etc.), storage components (hard disks, etc.), network components (routers, fire protection Walls, switches, network connections and interfaces, etc.) and other physical computing foundation elements. Resource abstraction control component to physical computing resources for software pumping Like, cloud providers provide and manage access to physical compute resources through these components. Note 2. Rewrite GB/T 31168-2014, the definition of 3.5. 3.3 Cloud computing platform cloudcomputingplatform Cloud service provider cloud computing infrastructure and the collection of service software on it. Remark GB/T 31168-2014, the definition of 3.6. ...