Sky Bet app
Measures for the protection of information security level
Author:  Release time: 2020-05-07   Views:1431

Chapter 1 General Principles


The first article

is specification Information security level protectionManagement, improve information security guarantee capabilities and levels, Maintain national security、Social stability and public interest,Guarantee and promote informatization construction,According to the "Regulations on the Security Protection of the Computer Information System of the People's Republic of China" and other relevant laws and regulations,Formation of these measures。

Two

The state through formulating a unified information security level protection management specification and technical standards,Organization citizen、Legal person and other organizations implement security protection for information system division,Supervise the implementation of the level of level protection、Management。

Article 3

The supervision of the public security organ is responsible for the protection of information security level、Check、Guidance。State confidentiality work department is responsible for supervision of confidentiality work in the protection work、Check、Guidance。The national password management department is responsible for the supervision of the password work in the level protection work、Check、Guidance。Matters involving the jurisdiction of other functional departments,Manage the relevant functional departments in accordance with the provisions of national laws and regulations。 Informatization Work Office of the State Counciland local information leadership group work agency is responsible for the coordination of level protection work。

Article 4

The competent department of the information system shall be in accordance with these Measures and relevant standards and specifications,Supervise、Check、Guide the industry、Operation of information systems in this department or local area、Protection of information security level of the unit。

Article 5

Operation of the information system、Use unit shall be in accordance with these Measures and its relevant standards,The obligation and responsibility of fulfilling the protection of information security level。


Chapter 2 Level division and protection


Article 6

National Information Security Level Protection Adhere to independent level、Principles of Autonomous Protection。The security protection level of the information system shall be based on the information system in the national security、Economic Construction、The importance in social life,The information system is destroyed for national security、Social order、Public interests and citizens、The degree of hazards of the legitimate rights and interests of the legal person and other organizations determine。

Article 7

The security protection level of the information system is divided into the following 5th level:

Level 1,After the information system is destroyed,Will citizens、Legal rights and interests of legal persons and other organizations cause damage,But it does not damage national security、Social order and public interest。

Level 2,After the information system is destroyed,Will citizens、Legal rights and interests of legal persons and other organizations cause serious damage,or cause damage to social order and public interests,But it does not damage national security。

Level 3,After the information system is destroyed,It will cause serious damage to social order and public interests,or damage to national security。

Level 4,After the information system is destroyed,It will cause particularly serious damage to social order and public interests,or serious damage to national security。

Level 5,After the information system is destroyed,It will cause particularly serious damage to national security。

Article 8

Information System Operation、Use unit to protect the information system in accordance with these Measures and related technical standards,State relevant information security supervision departments supervise and manage their information security level protection。

Operation of the first level information system、Use units shall be protected in accordance with relevant Sky bet app download national management specifications and technical standards。

Second -level information system operation、Use units shall be protected in accordance with relevant Sky bet app download national management specifications and technical standards。National Information Security Supervision Department guides the protection of information security levels of this level of information system。

The third -level information system operation、Use units shall be protected in accordance with relevant Sky bet app download national management specifications and technical standards。The National Information Security Supervision Department supervises the protection of the information security level of this level of information system、Check。

Fourth -level information system operation、Use unit shall be in accordance with relevant Sky bet app download national management specifications、Technical standards and special needs for business protection。National Information Security Supervision Department for compulsory supervision of the protection of information security levels of this level of information system、Check。

Fifth level information system operation、Use unit shall be in accordance with Sky bet app download national management specifications、Technical standards and special security needs for business protection。National designated special departments conduct special supervision on the protection of information security levels of this level、Check。


Chapter 3 Implementation and management of level protection


Article 9

Information System Operation、Use unit shall specifically implement the level protection work in accordance with the "Guidelines for the Protection Implementation of Information System Security Level"。

Article 10

Information System Operation、Use units shall determine the security protection level of the information system in accordance with these Measures and the Guide to Protection of Information System Security Level。There is a competent department,It shall be reviewed and approved by the competent department。

The information system that across the province or the nationwide unified network can be uniformly determined by the competent authority to determine the safety protection level。

For the information system that is identified as the fourth level or above,Operation、Use unit or competent department shall ask the National Information Security Protection Level Expert Review Committee to review。

Article 11

The security protection level of the information system is determined,Operation、Use unit shall be in accordance with national information security level protection management specifications and technical standards,Use the relevant national regulations,Information technology products that meet the needs of information system security protection levels,Carry out information system security construction or reconstruction。

Article 12

During the construction of the information system,Operation、Use unit shall follow " Computer information system security protection level division standard"(GB17859-1999)、"Basic Requirements for the Protection of Information System Security Level" and other technical standards,Refer to the "Technical Requirements for General Security Technology of Information Security Technology Information System" (GB/T20271-2006)、"Information Security Technology Network Basic Security Technology Requirements" (GB/T20270-2006)、"Technical Requirements for Safety Technology Operation Systems of Information Security Technology" (GB/T20272-2006)、"Technical Requirements for the Safety Technical Technical Requirements of Information Security Technology Database Management System" (GB/T20273-2006)、"Information Security Technology Server Technology Requirements"、"Technical Requirements for Safety Level Safety Level of Information Security Technology Terminal Computer System (GA/T671-2006) and other technical standards simultaneously constructing information security facilities that meet the requirements of this level。

Article 13

Operations and use units shall refer to "Information Security Technology Information System Security Management Requirements (GB/T20269-2006)、"Information Security Technology Information System Security Engineering Management Requirements" (GB/T20282-2006)、"Basic Requirements for the Protection of Information System Security Level" and other management specifications,Formulate and implement the safety management system that meets the requirements of the safety protection level of this system。

Article 14

After the construction of the information system is completed,Operation、Use unit or its competent authority shall choose an evaluation agency that meets the requirements of these Measures,According to technical standards such as "Information System Security Level Protection Evaluation Requirements",Regularly carry out level evaluation of the security level status of the information system。The third -level information system should conduct at least once a year evaluation,The fourth -level information system should conduct at least one level evaluation every six months,The fifth -level information system shall conduct a hierarchical evaluation in accordance with special security needs。

Information System Operation、Use unit and its competent authorities shall regularly treat Sky bet app download the security status of the information system、The implementation of the safety protection system and measures is carried out by self -examination。The third -level information system shall be carried out at least once a year,The fourth -level information system shall be carried out at least once every six months,The fifth -level information system should be self -checked in accordance with special security needs。

Evaluation or self -examination,Sky bet app download the security status of the information system does not meet the requirements of the security protection level,Operation、Use unit shall formulate a plan for rectification。

Article 15

Operating (running) or newly -built information system above the second level,It shall be determined by the safety protection levelWithin 30 days,Operating from it、Use the unit to go to the municipal level at or above the municipal level of the city level to go through the filing procedures。

The unit belonging to the central government in Beijing,The information system of its inter -provincial or national unified network operation and a certain level of information system,Standards from the competent department to the Ministry of Public Security for filing procedures。The information system that is across the province or the unified network of the country runs in various places、Application branch system,It should be filed with the public security organs at or above the municipal level of the local district。

Article 16

Check the information system security protection level filing procedures,It should be filled in the "Information System Security Level Protection Form",The information system above the third level should provide the following materials at the same time:

(1) System topology and explanation;

(2) System Security Organization and Management System;

(3) Implementation plan for the design of system safety protection facilities or reconstruction;

(4) The information security product list and authentication used by the system、Sales license certificate;

(5) The technical test evaluation report that meets the system security protection level after evaluation;

(6) Opinions of expert review of the information system security protection level;

(7) Opinions of the competent authority review and approve the security protection level of the information system。

Article 17

Information system after filing,Public security organs shall review the filing of the information system,For the requirements for the protection requirements of the level,It should be from the date of receiving the filing materialIssuing information system security level protection filing certificates within 10 working days; found that it does not meet these measures and relevant standards,It shall notify the filing unit to correct the filing unit within 10 working days from the date of receiving the filing materials;,It shall notify the filing unit to re -review and determine within 10 working days from the date of receiving the filing materials。

Operation、Use unit or competent department to re -determine the information system level,It should be re -filed with the public security organs in accordance with these measures。

Article 18

The public security organs that accept the filing shall be the third level、Operation of the fourth -level information system、Check the protection of the information security level of the unit。Check at least once a year for the third -level information system,Check at least once every six months to the fourth -level information system。Check on the information system operating across provinces or nation's unified network,It should be carried out with its competent department。

For the fifth level information system,It should be checked by the special department designated by the state。

Public Security Organ、The special departments designated by the state shall check the following matters:

(1) Whether the security requirements of the information system change,whether the original protection level is accurate;

(2) Operation、Use unit safety management system、The implementation of measures;

​​(3) Operation、The inspection of Sky bet app download the security status of the information system using the unit and its competent department;

(4) Whether the system security level evaluation meets the requirements;

(5) Whether the use of information security products meets the requirements;

(6) Safety rectification of the information system;

(7) File materials and operations、Use unit、The information system is in line;

(8) Other matters that should be supervised and inspected.

Article 19

Information System Operation、Use unit shall accept public security organs、Safety supervision of special departments designated by the state、Check、Guidance,To the public security organs、The special departments designated by the state provide the following information and data files related to information security protection:

(1) Changes in the filing of the information system;

(2) Changes of security organizations and personnel;

​​(3) Information security management system and measures change;

(4) The operating status record of the information system;

(5) Operation、User and competent departments regularly check Sky bet app download the security status of the information system;

(6) Technical assessment report on the level evaluation of the information system;

(7) Changes in the use of information security products;

(8) Emergency plan for information security incidents,Emergency disposal results report of information security incident;

(9) Information system security construction and rectification results report.

Article 20

Public security organs check that the security protection status of the information system does not meet the protection of information security levels related to management specifications and technical standards,It should be operated、Use the unit to issue a rectification notice。Operation、Use unit shall according to the requirements of the rectification notification,Rectification in accordance with management specifications and technical standards。After the rectification is completed,The rectification report shall be filed with the public security organs。When necessary,Public security organs can organize inspections on rectification。

Article 21

The information system above the third level should choose to use information security products that meet the following conditions:

(1) Product development、Production units are by Chinese citizens、Legal person investment or state investment or holding,Independent legal person qualifications in the People's Republic of China;

(2) The core technology of the product, Key componentsWith my country's independent intellectual property rights;

(3) Product development、Production units and its main business、Technical personnel without criminal records;

(4) Product development、The production unit states that there is no intention to leave or set a loophole、Back Door、Trojans and other procedures and functions;

(5) For national security、Social order、Public interests do not constitute a harm;

(6) For the Catalog of Information Security Product Certification Catalog,It should obtain a certification certificate issued by the national information security product certification agency。

Article 22

The information system above the third level should choose a level protection evaluation agency that meets the following conditions for evaluation:

(1) Registered and established in the territory of the People's Republic of China (except Hong Kong, Macao and Taiwan);

(2) Investment by Chinese citizens、Chinese legal person investment or state investment enterprise institutions (except Hong Kong, Macao and Taiwan region);

​​(3) Working and evaluating related testing and evaluation for more than two years,No illegal record;

(4) Staff is limited to Chinese citizens;

(5) Legal person and major business and technical personnel without criminal records;

(6) Technical equipment used、Facilities shall meet the requirements of information security products in these measures;

(7) With complete confidentiality management、Project Management、Quality Management、Safety management systems such as personnel management and training and education;

(8) For national security、Social order、Public interests do not constitute a threat。

Article 23

Agency engaged in information system security level evaluation,The following obligations should be fulfilled:

(1) Comply with relevant national laws and regulations and technical standards,Provide safety、Objective、A fair test and evaluation service,Guarantee the quality and effect of evaluation;

(2) State secrets that are kept in the evaluation activities、Commercial Secrets and Personal Privacy,Prevent evaluation risk;

(3) Safety and confidentiality education for evaluators,Signed a security confidential responsibility letter with it,Study of the security and confidentiality obligations and legal liabilities that should be fulfilled,and responsible for checking and implementation。


Chapter 4 Classification protection management of confidential information system


Article 24

Secret information systemThe basic requirements of the national information security level protection should be,According to the management regulations and technical standards of the graded protection of confidential information systems in accordance with the national confidentiality department,Protecting the actual situation of the system。

Non -secret information systems shall not handle national secret information.

Article 25

The confidential information system is based on the highest level of the processing information,From low to high scores into secrets、confidential、Three levels of secret secrets。

The construction unit of the construction of confidential information system shall be based on the definition of information specifications,According to the management measures and according to the grades protection of the secret information system National Security StandardBMB17-2006 "Technical Sky Bet Requirements for Microdating Protection of Computer Information Systems involved in state secrets" determines the system level。For the secret information system containing multiple security domains,Each safety domain can determine the protection level。

The confidential work department and institution shall supervise and guide the accuracy sky bet login of the construction and use unit of confidential information systems、Reasonable system level。

Article 26

Construction and use units of confidential information systems shall set the level and use of the secret information system,Report in time Business authorityThe confidentiality work agency and the confidential work department responsible for system approval,and accept the supervision of the confidential department、Check、Guidance。

Article 27

The construction unit of the construction of confidential information systems shall choose the design and implementation of the unit with dense qualifications or participating in the secret information system。

Construction and use unit of confidential information systems shall be based on the grading protection management specifications and technical standards of the secret information system,According to the secret、confidential、Different requirements for the third level of the secret,Performing a solution design with the actual combination of the system,Implementation of classification protection,Its protection level is generally not lower than the third level of national information security level protection、Level 4、Level 5 level。

Article 28

Information security confidential products used by confidential information system should be selected in principle.,should pass National Security BureauThe authorized testing agencies based on the test of confidential standards of the country,The product that passed the test will be reviewed and published by the National Confidentiality Bureau。

Article 29

The construction unit of confidential information system construction and use is completed after the implementation of the system project,It should be submitted to the confidential work department for application,System evaluation agencies authorized by the State Confidential Administration in accordance with national confidentiality standardsBMB22-2007 "The Guidelines for the Microdating Protection Evaluation of Computer Information Systems involved in state secrets",Safety and confidentiality evaluation of confidential information system。

The construction unit of confidential information system construction and use unit is before the system is invested,shall be in accordance with the "Regulations on the Management Regulations of the Information Systems involved in state secrets",Apply to the city -level confidentiality work department to apply for system approval,The secret information system can be put into use after approval by approval。The secret information system that has been put into use,Its construction and use units are completed after the system rectification is completed in accordance with the requirements of hierarchical protection.,Should be recorded from the confidential work department。

Article 30

Construction and use unit of confidential information system when applying for system approval or filing,The following materials should be submitted:

(1) System design, implementation plans and review and argumentation opinions;

(2) The qualification material of the system contracting unit;

(3) System construction and engineering supervision reports;

(4) System safety confidentiality test and evaluation report;

(5) System security confidentiality organization and management system;

(6) Other related materials.

Article 31

Secret -related levels of confidential information system、Connection range、Environmental facilities、Main application、Safety confidential management responsible unit changes,Its construction and use unit shall report to the confidential work department responsible for approval。The confidential work department shall be according to the actual situation,Decide whether to re -evaluate and approve it。

Article 32

Construction and use unit of confidential information system shall be based on national confidentiality standardsBMB20-2007 "Specifications for the Management Specification of Information System Hierarchical Protection of State Secrets",Strengthen confidentiality management in the operation of secret information system,Regular risk assessment,Eliminate hidden dangers and vulnerabilities。

Article 33

State and local confidentiality work departments at all levels of confidentiality work departments at all regions、Supervision and Management of Holocating Protection of the Secret Information System of each department,and do the following work:

(1) Guidance、Supervision and inspection of class protection work;

(2) Guide the confidential information sky bet login of the construction and use unit of the confidential information system,Reasonably determine the system protection level;

(3) Participate in the grading protection plan of the secret information system,Guide the construction and use units for the simultaneous planning and design of confidential facilities;

(4) Supervision and management of integrated qualification units of confidential information systems in accordance with the law;

(5) Strict system evaluation and approval,Supervision and inspection of the implementation of the hierarchical protection management system and technical measures sky bet login of the construction and use unit of confidential information system;

(6) Strengthen confidential supervision and inspection in the operation of confidential information system。Secret level、confidential information systems perform at least once every two years of confidential inspection or system evaluation,A confidential inspection or system evaluation of the dense -level information system at least once a year;

(7) Understand the management and use of various levels of confidential information systems at all levels,Timely discover and investigate various violations and illegal acts and leaks。


Chapter 5 Password management of information security level protection


Article 34

National Password Management Department implements a classification and grading management of information security level protection。Depending on the protected object in national security、Social Stability、The role and importance of economic construction,Safety protection requirements and degree of confidentiality of the protected object,The degree of harm after being destroyed and the nature of the password use department,Determine the level protection criteria of the password。

Information System Operation、Use the unit to use password for level protection,It should be followed by the "Administrative Measures for the Protection Password of Information Security Level"、"Technical Requirements for Information Security Level Protection Commercial Password Technical Requirements" and other password management regulations and related standards。

Article 35

Information System Security Level Protection of Passwords、Use and manage, etc.,The relevant provisions of the State Password Management shall strictly enforce the relevant regulations of national password management。

Article 36

Information System Operation、Use unit shall make full use of password technology to protect the information system。Use passwords to protect information and information systems involving state secrets,Should be reported National Password AdministrationApproval,Design of Password、Implement、Use、Operating maintenance and daily management,It shall be implemented in accordance with the relevant regulations and relevant standards of national password management and relevant standards; use passwords to protect the information and information system that does not involve national secrets,Must follow " Regulations on the management of commercial passwords"and password classification classification protection related regulations and relevant standards,The use of the password shall be filed with the national password management agency。

Article 37

Using password technology,It is necessary,Decipher products that are not introduced or developed by foreign abroad; imported information technology products containing encrypted functions shall not be used without approval。

Article 38

The evaluation of the password and password device in the information system shall be borne by the evaluation agency recognized by the State Code Administration,Any other departments、Units and individuals must not evaluate and monitor the password。

Article 39

Password management departments at all levels can regularly or irregular passwords in information system level protection work、Use and manage the situation for inspection and evaluation,The password for the important secret information system is equipped with、Use and manage at least once every two years of inspection and evaluation。During the supervision and inspection process,Finding hidden safety hazards or violating relevant regulations of password management or failure to meet the requirements of the password,Should be dealt with in accordance with the relevant regulations of the national password management。


Chapter 6 Legal liability


Article 40

The third level of information system operation、Use unit violations of these Measures,There is one of the following behaviors,from the public security organs、National Security Work Department and the State Password Work Management Department shall order it to make corrections within a time division of labor;,Give warning,And to it superior authorityNotification,It is recommended to deal with the person in charge and other directly responsible sky bet login persons who are directly responsible for,and timely feedback processing results:

(1) Those who have not been filed and approved in accordance with the provisions of these Measures;

(2) Those who have not implemented the safety management system and measures in accordance with these Measures;

​​(3) If the system security status is not checked in accordance with the provisions of these Measures;

(4) Those who have not carried out system security technical evaluations in accordance with these Measures;

(5) After receiving the notice of rectification, refuse to rectify;

(6) Those who have not selected information security products and evaluation agencies in accordance with these Measures;

(7) Those who have not provided relevant documents and proof materials in accordance with these Measures;

(8) In violation of confidentiality management regulations;

(9) illegal password management regulations;

(10) other regulations in violation of these measures.

Violation of the previous paragraph regulations,What caused serious damage,The relevant departments are in accordance with relevant laws、Regulations to deal with it。

Article 41

Information Security Supervision Department and their staff are in the performance of supervision and management,Attention、Abuse of power、徇 徇,Give administrative sanctions in accordance with the law;,Criminal responsibility for investigation in accordance with the law。

Chapter 7 Attachment

Article 42

Operation of the running information system、From the date of implementation of the unit from these MeasuresDetermine the security protection level of the information system within 180 days; the new information system is designed、Determine the safety protection level during the planning stage。

Article 43

This Measures referred to"above" contains the standard (level).

Article 44

These measures are implemented from the date of release,"Measures for the Protection of Information Safety Level (Trial)"[2006] No. 7) abolished at the same time.
Friendship link The Ministry of Industry and Information Technology of the People's Republic of China    The People's Republic of China Network Information Office    Product information retrieval system of higher education publishing house     Jiangsu Provincial Department of Education    China Higher Vocational College Education Network    Chinese University MOOC    More>>
Sky bet app download