This standard specifies the basic protection requirements for different security protection levels of information system, including basic technical requirements and basic management requirements, which is suitable for guiding the security development, supervision and management of classified information system.
Foreword i
Introduction ii
1 Scope
2 Normative References
3 Terms and Definitions
4 Overview on Classified Protection of Information System Security
4.1 Classification of Information System Security Protection
4.2 Levels of Security Protection Ability
4.3 Basic Technical Requirements and Basic Management Requirements
4.4 Three Types of Basic Technical Requirements
5 Basic Requirements of Level I
5.1 Technical Requirements
5.1.1 Physical Security
5.1.2 Network Security
5.1.3 Host Security
5.1.4 Application Security
5.1.5 Data Security and Backup Recovery
5.2 Management Requirements
5.2.1 Security Management System
5.2.2 Security Management Setup
5.2.3 Personal Security Management
5.2.4 System Construction Management
5.2.5 System Operation and Maintenance Management
6 Basic Requirements of Level II
6.1 Technical Requirements
6.1.1 Physical Security
6.1.2 Network Security
6.1.3 Host Security
6.1.4 Application Security
6.1.5 Data Security and Backup Recovery
6.2 Management Requirements
6.2.1 Security Management System
6.2.2 Security Management Setup
6.2.3 Personnel Security Management
6.2.4 System Construction Management
6.2.5 System Operating and Maintenance Management
7 Basic Requirements of Level III
7.1 Technical Requirements
7.1.1 Physical Security
7.1.2 Network Security
7.1.3 Host Security
7.1.4 Application Security
7.1.5 Data Security and Backup Recovery
7.2 Management Requirements
7.2.1 Security Management System
7.2.2 Security Management Setup
7.2.3 Personnel Security Management
7.2.4 System Construction Management
7.2.5 System Operation and Maintenance Management
8 Basic Requirements of Level IV
8.1 Technical Requirements
8.1.1 Physical Security
8.1.2 Network Security
8.1.3 Host Security
8.1.4 Application Security
8.1.5 Data Security and Backup Recovery
8.2 Management Requirements
8.2.1 Security Management System
8.2.2 Security Management Setup
8.2.3 Personnel Security Management
8.2.4 Management of System Construction
8.2.5 System Operation and Maintenance Management
9 Basic Requirements of Level V
Appendix A (Normative) Requirements about the Integral Security Protection Ability of Information System
Appendix B (Normative) Selection and Use of Basic Security Requirements
Bibliography