Chapter 1General Sky Bet

Article 1

Sky Bet specificationSky Bet security level protectionManagement, improve Sky Bet security capabilities and levels,Maintaining national Sky Bet、Social stability and public interests，Guarantee and promote Sky Bet construction，According to the "Computer Sky Bet System Security Protection Regulations of the People's Republic of China" and other relevant laws and regulations，Develop these measures。

Article 2

The country has adopted unified Sky Bet security level protection management specifications and technical standards，Organizational Citizen、Legal entities and other organizations implement hierarchical security protection for Sky Bet systems，Supervise the implementation of graded protection work、Management。

Article 3

The public security organs are responsible for the supervision of Sky Bet security level protection、Check、Guidance。The national confidentiality department is responsible for the supervision of confidentiality work in hierarchical protection work、Check、Guidance。The national cryptography management department is responsible for the supervision of cryptography work in hierarchical protection work、Check、Guidance。Matters involving the jurisdiction of other functional departments，Managed by relevant functional departments in accordance with national laws and regulations。State Council Sky Bet Officeand the local Sky Bet leading group office are responsible for the inter-departmental coordination of grade protection work。

Article 4

The Sky Bet system department shall comply with these measures and relevant standards，Supervision、Check、Guide this industry、Sky Bet system operation of this department or region、User unit’s Sky Bet security level protection work。

Article 5

Sky Bet system operations、Users shall comply with these Measures and relevant standards and specifications，Perform obligations and responsibilities for Sky Bet security level protection。

Chapter 2Grade classification and Sky Bet

Article 6

National Sky Bet security level protection adheres to independent grading、Principle of independent protection。The security protection level of Sky Bet systems should be based on the national security of the Sky Bet system、Economic Construction、Importance in social life，National security after the Sky Bet system is destroyed、Social order、Public interest and citizens、Determination of the degree of harm to the legitimate rights and interests of legal persons and other organizations and other factors。

Article 7

The security protection level of Sky Bet systems is divided into the following five levels:

Level 1，After the Sky Bet system is damaged，To the citizens、Cause damage to the legitimate rights and interests of legal persons and other organizations，But without harming national security、Social order and public interests。

Level 2，After the Sky Bet system is damaged，To the citizens、Serious damage to the legitimate rights and interests of legal persons and other organizations，Or cause damage to social order and public interests，But without harming national security。

Level 3，After the Sky Bet system is damaged，It will cause serious damage to social order and public interests，Or cause damage to national security。

Level 4，After the Sky Bet system is damaged，It will cause particularly serious damage to social order and public interests，Or cause serious damage to national security。

Level 5，After the Sky Bet system is damaged，It will cause particularly serious damage to national security。

Article 8

Sky Bet System Operation、Using units shall protect Sky Bet systems in accordance with these measures and relevant technical standards，The relevant national Sky Bet security regulatory authorities supervise and manage their Sky Bet security level protection work。

First level Sky Bet system operation、User units should carry out protection in accordance with relevant national management regulations and technical standards。

Second level Sky Bet system operation、User units should carry out protection in accordance with relevant national management regulations and technical standards。The national Sky Bet security regulatory department provides guidance on the Sky Bet security level protection of this level of Sky Bet system。

Third level Sky Bet system operation、User units should carry out protection in accordance with relevant national management regulations and technical standards。The national Sky Bet security regulatory department supervises the Sky Bet security level protection work of this level of Sky Bet system、Check。

Level 4 Sky Bet System Operations、User units should comply with relevant national management regulations、Technical standards and business-specific needs are protected。The national Sky Bet security regulatory department conducts mandatory supervision of the Sky Bet security level protection of this level of Sky Bet system、Check。

Level 5 Sky Bet System Operations、User units should comply with national management regulations、Protected by technical standards and special business security requirements。The state designates specialized departments to conduct special supervision on the Sky Bet security level protection of this level of Sky Bet system、Check。

Chapter 3Implementation and management of graded Sky Bet

Article 9

Sky Bet System Operation、Using units shall implement level protection work in accordance with the "Implementation Guidelines for Sky Bet System Security Level Protection"。

Article 10

Sky Bet System Operation、Using units shall determine the security protection level of Sky Bet systems in accordance with these Measures and the "Guidelines for Rating Sky Bet System Security Level Protection"。With competent authority，Should be reviewed and approved by the competent department。

The security protection level of Sky Bet systems that are unified across provinces or across the country can be uniformly determined by the competent authorities。

For Sky Bet systems to be determined as level 4 or above，Operations、The user unit or competent department shall request the National Sky Bet Security Protection Level Expert Review Committee for review。

Article 11

After the security protection level of the Sky Bet system is determined，Operations、Using units shall comply with national Sky Bet security level protection management regulations and technical standards，Used in compliance with relevant national regulations，Sky Bet technology products that meet the security protection level requirements of Sky Bet systems，Carry out Sky Bet system security construction or reconstruction work。

Article 12

In the process of Sky Bet system construction，Operations、Using units shall comply with "Guidelines for classifying computer Sky Bet system security protection levels》（GB17859-1999)、"Basic Requirements for Sky Bet System Security Level Protection" and other technical standards，Refer to "Sky Bet Security Technology - General Security Technical Requirements for Sky Bet Systems" (GB/T20271-2006)、"Sky Bet Security Technology Basic Network Security Technical Requirements" (GB/T20270-2006)、"Sky Bet Security Technology - Security Technical Requirements for Operating Systems" (GB/T20272-2006)、"Sky Bet Security Technology - Security Technical Requirements for Database Management Systems" (GB/T20273-2006)、"Sky Bet Security Technology Server Technical Requirements"、"Sky Bet Security Technology - Technical Requirements for Security Level of Terminal Computer Systems" (GA/T671-2006) and other technical standards simultaneously construct Sky Bet security facilities that meet the requirements of this level。

Article 13

Operation and user units should refer to "Sky Bet Security TechnologySky Bet system security management requirements》(GB/T20269-2006）、"Sky Bet Security Technology Sky Bet System Security Engineering Management Requirements" (GB/T20282-2006)、"Basic Requirements for Sky Bet System Security Level Protection" and other management specifications，Develop and implement a safety management system that meets the safety protection level requirements of this system。

Article 14

After the construction of the Sky Bet system is completed，Operations、The user unit or its competent department shall select an evaluation institution that meets the conditions stipulated in these measures，Based on technical standards such as "Sky Bet System Security Level Protection Evaluation Requirements"，Regularly conduct level assessments on the security level of Sky Bet systems。The third-level Sky Bet system should conduct a level assessment at least once a year，The fourth-level Sky Bet system should conduct a level assessment at least once every six months，Level 5 Sky Bet systems should be evaluated based on special security requirements。

Sky Bet System Operation、Using units and their competent departments should regularly review the security status of Sky Bet systems、Self-examination of the implementation of safety protection systems and measures。The third-level Sky Bet system should conduct self-examination at least once a year，The fourth-level Sky Bet system should conduct self-examination at least once every six months，Level 5 Sky Bet systems should conduct self-examination based on special security requirements。

After evaluation or self-examination，The security status of the Sky Bet system does not meet the security protection level requirements，Operations、The user unit should formulate a plan for rectification。

Article 15

A second-level or above Sky Bet system that is already in operation (running) or newly built，Should be after the security protection level is determinedWithin 30 days，Operated by、The user shall go to the local public Sky Bet organ at or above the municipal level to complete the registration procedures。

A unit in Beijing affiliated to the central government，An Sky Bet system that is uniformly networked across provinces or across the country and rated uniformly by the competent authorities，The competent department shall complete the filing procedures with the Ministry of Public Security。Inter-provincial or national unified network-operated Sky Bet systems are operated in various places、Application branch system，Should be filed with the local public security agency at or above the municipal level。

Article 16

When going through the registration procedures for Sky Bet system security protection level，Should fill in the "Sky Bet System Security Level Protection Registration Form"，The third-level and above Sky Bet system should also provide the following materials:

(1) Sky Bet topology and description;

(2) System Sky Bet organization and management system;

(3) System Sky Bet protection facility design and implementation plan or reconstruction implementation plan；

(4) List of Sky Bet security products used by the system and their certification、Sales License Certificate；

(5) Technical inspection and evaluation report that meets the system Sky Bet protection level after evaluation；

(6) Expert review opinions on Sky Bet system security protection level;

(7) Opinions of the competent department on reviewing and approving the security protection level of the Sky Bet system。

Article 17

After Sky Bet system registration，Public security organs should review the filing status of Sky Bet systems，For those that meet the requirements for grade protection，Should be from the date of receipt of the filing materialsIssuance of Sky Bet system security level protection registration certificate within 10 working days；Discovered that do not comply with these measures and related standards，The filing unit shall be notified to make corrections within 10 working days from the date of receipt of the filing materials；Incorrect rating found，The filing unit shall be notified within 10 working days from the date of receipt of the filing materials for re-examination and confirmation。

Operations、After the user unit or competent department re-determines the Sky Bet system level，Should be re-filed with the public security organs in accordance with these measures。

Article 18

The public security organ that accepts the filing shall report to the third level、Operation of Level 4 Sky Bet Systems、Check the Sky Bet security level protection work of the use unit。Inspect the third-level Sky Bet system at least once a year，Check the fourth-level Sky Bet system at least once every six months。Inspection of Sky Bet systems operating in a unified network across provinces or across the country，Should be conducted in conjunction with its competent authority。

For the fifth level Sky Bet system，Should be inspected by specialized departments designated by the state。

Public Sky Bet agency、Special departments designated by the state shall inspect the following matters:

(1)Whether Sky Bet system security requirements have changed，Is the original protection level accurate?；

(2)Operations、Use unit safety management Sky Bet、Implementation status of measures；

(3)Operations、Inspection of Sky Bet system security status by user units and their competent departments；

(4)Whether the system Sky Bet level assessment meets the requirements;

（五）Whether the use of Sky Bet security products meets the requirements;

(6)Sky Bet system security rectification situation;

(7)Recording materials and operations、Unit used、Sky Bet system compliance；

(8)Other matters that Sky Bet subject to supervision and inspection.

Article 19

Sky Bet System Operation、Using units should accept public security organs、Safety supervision of specialized departments designated by the state、Check、Guidance，Report the truth to the public security organs、Special departments designated by the state provide the following Sky Bet materials and data files related to Sky Bet security protection:

(1)Changes in Sky Bet system filing matters;

(2)Changes in Sky Bet organizations and personnel;

(3)Changes in Sky Bet security management systems and measures;

(4)Sky Bet system operating status record;

（五）Operations、Regular inspection records of Sky Bet system security status by user units and competent authorities；

(6)Technical evaluation report for grade evaluation of Sky Bet systems;

(7)Changes in the use of Sky Bet security products;

(8)Sky Bet security incident emergency plan，Sky Bet security incident emergency response result report；

(9)Sky Bet system security construction and rectification results report.

Article 20

The public security agency inspected and found that the security protection status of the Sky Bet system did not comply with the relevant management specifications and technical standards for Sky Bet security level protection，Should be reported to operations、The user unit issues a rectification notice。Operations、The user shall comply with the requirements of the rectification notice，Correct according to management regulations and technical standards。After the rectification is completed，The rectification report should be filed with the public security organ。When necessary，The public security organs can organize inspections on the rectification situation。

Article 21

Sky Bet systems at level 3 or above should choose to use Sky Bet security products that meet the following conditions:

(1) Product development、The production unit is owned by Chinese citizens、Invested by legal persons or invested or controlled by the state，Have independent legal personality within the territory Sky Bet People’s Republic of China；

(2) Core Sky Bet of products,Key componentsHas my Sky Bet’s independent intellectual property rights;

(3) Product development、Production Sky Bet and its main business、Technician has no criminal record；

(4) Product development、The production Sky Bet stated that no loopholes were intentionally left or set、Backdoor、Trojan horses and other programs and functions；

(5) To national Sky Bet、Social order、Public interests do not constitute harm；

(6) For those listed in the Sky Bet security product certification catalog，Should obtain the certification certificate issued by the National Sky Bet Security Product Certification Agency。

Article 22

Sky Bet systems at level 3 or above should be evaluated by a level protection evaluation agency that meets the following conditions:

(1)Incorporated in the territory Sky Bet People’s Republic of China (excluding Hong Kong, Macao and Taiwan)；

(2)Invested by Chinese citizens、Enterprises and institutions invested by Chinese legal persons or Sky Bet-invested (except Hong Kong, Macao and Taiwan)；

(3)Engaged in Sky Bet testing and evaluation work for more than two years，No illegal record；

(4)Staff are limited to Chinese Sky Bet;

（五）The legal person and main business and Sky Bet personnel have no criminal records;

(6)Technical equipment used、Facilities shall comply with the requirements of this Measure for Sky Bet security products；

(7)With complete confidentiality management、Project Management、Quality Management、Safety management Sky Bet such as personnel management, training and education；

(8)For national Sky Bet、Social order、Public interest does not pose a threat。

Article 23

Organization engaged in Sky Bet system security level assessment，Should fulfill the following obligations:

(1) Comply with relevant national laws, regulations and technical standards，Provide Sky Bet、Objective、Fair testing and evaluation service，Guarantee the quality and effectiveness of the evaluation；

(2) Keep state secrets learned during Sky Bet activities、Business secrets and personal privacy，Prevent Sky Bet risks；

(3) Provide safety and confidentiality education to evaluators，Sign a safety and confidentiality agreement with them，Specifies the Sky Bet and confidentiality obligations and legal responsibilities that must be fulfilled，And responsible for inspection and implementation。

Chapter 4Grade protection management of confidential Sky Bet systems

Article 24

Confidential Sky Bet systemShould be based on the basic requirements of national Sky Bet security level protection，In accordance with the management regulations and technical standards for hierarchical protection of confidential Sky Bet systems of the national confidentiality department，Protect based on the actual situation of the system。

Non-confidential Sky Bet systems shall not handle state secret Sky Bet, etc.

Article 25

Confidential Sky Bet systems are processed according to the highest level of confidentiality，Secrets from low to high、Confidential、Three levels of top secret。

Units that construct and use confidential Sky Bet systems should standardize and classify Sky Bet，According to the hierarchical protection and management measures for confidential Sky Bet systemsSky Bet confidentiality standardsBMB17-2006 "Technical Requirements for the Hierarchical Protection of Computer Sky Bet Systems Involving State Secrets" determines the system level。For classified Sky Bet systems containing multiple security domains，Each security domain can determine the protection level separately。

Confidentiality departments and agencies should supervise and guide the construction and use units of confidential Sky Bet systems to be accurate、Properly grade the system。

Article 26

Units that construct and use confidential Sky Bet systems shall grade and construct and use the confidential Sky Bet systems，Report in timeBusiness Sky Bet’s confidential work organization and the confidential work department responsible for Sky Bet approval，And accept the supervision of the confidentiality department、Check、Guidance。

Article 27

Units constructing and using confidential Sky Bet systems shall choose units with relevant integration qualifications to undertake or participate in the design and implementation of confidential Sky Bet systems。

Units that construct and use confidential Sky Bet systems shall follow the hierarchical protection management specifications and technical standards for confidential Sky Bet systems，Follow the secret、Confidential、Different requirements for top secret level three，Design the scheme based on the actual system，Implement hierarchical protection，The level of protection is generally not lower than the third level of national Sky Bet security level protection、Level 4、Level 5。

Article 28

In principle, Sky Bet security and confidentiality products used in confidential Sky Bet systems should be domestic products，and should passSky Bet Bureau of SecrecyTesting conducted by authorized testing institutions in accordance with relevant national confidentiality standards，Products that pass the test will be reviewed and released by the National Sky Bet Bureau。

Article 29

The construction and use unit of the confidential Sky Bet system after the implementation of the system project，An application should be submitted to the confidentiality department，A system evaluation agency authorized by the State Administration of Secrecy in accordance with national confidentiality standardsBMB22-2007 "Evaluation Guidelines for Classified Protection of Computer Sky Bet Systems Involving State Secrets"，Conduct security and confidentiality assessment on confidential Sky Bet systems。

The unit constructing and using the confidential Sky Bet system before the system is put into use，Should be in accordance with the "Regulations on the Approval and Management of Sky Bet Systems Involving State Secrets"，Apply to the confidentiality department at or above the districted municipal level for system approval，Confidential Sky Bet systems can only be put into use after passing the review and approval。Confidential Sky Bet system that has been put into use，After its construction and user units complete system rectification in accordance with graded protection requirements，Should be filed with the confidentiality department。

Article 30

When units constructing and using confidential Sky Bet systems apply for system approval or filing，The following materials should be submitted:

(1) Sky Bet design, implementation plan and review and demonstration opinions;

(2) Qualification certification materials of the Sky Bet construction unit;

(3) Report on Sky Bet construction and project supervision;

(4) System Sky Bet and confidentiality testing and evaluation report;

(5) System Sky Bet and confidentiality organization structure and management system；

(6) Other Sky Bet materials.

Article 31

Confidential Sky Bet system has a confidentiality level、Connection range、Environmental facilities、Main applications、When the unit responsible for security and confidentiality management changes，The construction and use units shall promptly report to the confidentiality department responsible for approval。Confidentiality work department should base on actual situation，Decide whether to re-evaluate and approve it。

Article 32

Units constructing and using confidential Sky Bet systems shall comply with national confidentiality standardsBMB20-2007 "Specifications for the Hierarchical Protection and Management of Sky Bet Systems Involving State Secrets"，Strengthen confidentiality management in the operation of confidential Sky Bet systems，Perform regular risk assessment，Eliminate leakage risks and loopholes。

Article 33

Confidentiality departments at all levels at the national and local levels monitor each region in accordance with the law、Implement supervision and management of hierarchical protection of confidential Sky Bet systems in various departments，And do the following:

(1) Guidance、Supervise and inspect the development of graded Sky Bet work；

(2) Guide the construction and use units of confidential Sky Bet systems to standardize Sky Bet classification，Reasonably determine the system protection level；

(3) Participate in the demonstration of hierarchical protection plan for confidential Sky Bet systems，Guide construction and user units to carry out simultaneous planning and design of confidential facilities；

(4) Supervise and manage confidential Sky Bet system integration qualification units in accordance with the law；

(5) Strictly carry out system evaluation and approval work，Supervise and inspect the implementation of hierarchical protection management systems and technical measures for units constructing and using confidential Sky Bet systems；

(6) Strengthen confidentiality supervision and inspection in the operation of confidential Sky Bet systems。To the secret level、Confidential Sky Bet systems must undergo a confidentiality inspection or system evaluation at least once every two years，Conduct confidentiality inspection or system evaluation of top-secret Sky Bet systems at least once a year；

(7) Understand the management and use of various types of confidential Sky Bet systems at all levels，Timely discover and investigate various violations and leaks。

Chapter 5Password management for Sky Bet security level protection

Article 34

The national password management department implements classified and hierarchical management of passwords for Sky Bet security level protection。According to the protected object in national security、Social stability、The role and importance of economic construction，Safety protection requirements and confidentiality level of the protected objects，The degree of harm after the protected object is destroyed and the nature of the department using the password, etc.，Determining the level of password protection criteria。

Sky Bet System Operation、The user unit adopts password for level protection，Should comply with the "Sky Bet Security Level Protection Password Management Measures"、"Technical Requirements for Commercial Passwords for Sky Bet Security Level Protection" and other password management regulations and related standards。

Article 35

Password configuration in Sky Bet system security level protection、Use and management, etc.，Relevant regulations on national password management should be strictly implemented。

Article 36

Sky Bet System Operation、Using units should make full use of cryptographic technology to protect Sky Bet systems。Using passwords to protect Sky Bet and Sky Bet systems involving state secrets，Shingping SutraSky Bet Cryptozoology AdministrationApproval，Password design、Implementation、Use、Operation, maintenance and daily management, etc.，Should be implemented in accordance with relevant national password management regulations and relevant standards；Using passwords to protect Sky Bet and Sky Bet systems that do not involve state secrets，Must comply with "Commercial Password Sky Bet Regulations》Relevant regulations and standards for password classification and hierarchical Sky Bet，The configuration and use of passwords shall be filed with the national password management agency。

Article 37

Using cryptographic technology to carry out system-level protection construction and rectification of Sky Bet systems，Encryption products approved for use or approved for sale by the national encryption management department must be used for security protection，Encryption products imported from abroad or developed without authorization shall not be used；Imported Sky Bet technology products containing encryption functions may not be used without approval。

Article 38

The evaluation of passwords and cryptographic equipment in Sky Bet systems is undertaken by evaluation institutions recognized by the State Cryptozoology Administration，Any other department、Organizations and individuals are not allowed to evaluate and monitor passwords。

Article 39

Password management departments at all levels can regularly or irregularly configure passwords for Sky Bet system level protection work、Check and evaluate the usage and management，Cryptographic configuration of important confidential Sky Bet systems、Inspection and evaluation of use and management at least once every two years。In the process of supervision and inspection，Discover security risks or violate relevant regulations on password management or fail to meet password-related standards，Should be handled in accordance with the relevant provisions of national password management。

Chapter 6Sky Bet liability

Article 40

Level 3 or above Sky Bet system operation、User unit violates the provisions of these regulations，Have one of the following behaviors，By the public security agency、The national security department and the national cryptography management department order them to make corrections within a time limit according to the division of responsibilities；Not corrected within the time limit，Give warning，towardsSuperior competent Sky BetNotification，It is recommended that the directly responsible supervisor and Sky Bet directly responsible personnel be dealt with，And provide timely feedback on the processing results:

(1)Failure to file and approve according to the provisions of these Sky Bet;

(2)Failure to implement safety management Sky Bet and measures in accordance with these regulations;

(3)Failure to conduct system Sky Bet status inspection in accordance with these regulations;

(4)Failure to conduct system Sky Bet technology evaluation in accordance with the provisions of these measures;

（五）Refuse to rectify Sky Bet receiving the rectification notice;

(6)Those who fail to choose and use Sky Bet security products and evaluation institutions in accordance with these regulations；

(7)Failure to truthfully provide Sky Bet documents and supporting materials in accordance with the provisions of these Measures；

(8)Violation of confidentiality Sky Bet regulations;

(9)Violation of password Sky Bet regulations;

（十）Violates other provisions of these Sky Bet.

Violation Sky Bet provisions Sky Bet preceding paragraph，causing serious damage，By relevant departments in accordance with relevant laws、Processed by regulations。

Article 41

The Sky Bet security supervision department and its staff are performing supervision and management duties，Neglect of Duty、Abuse of power、Practice for personal gain，Administrative sanctions in accordance with the law；Constituting a crime，Pursuing criminal responsibility according to law。

Chapter 7Supplementary Sky Bet

Article 42

Operation of operational Sky Bet systems、Using units from the date of implementation of these measuresDetermine the security protection level of the Sky Bet system within 180 days；New Sky Bet system is being designed、Determine the security protection level during the planning stage。

Article 43

referred to in Sky Bet method“Above” includes this number (Sky Bet).

Article 44

These measures will come into effect on the date of promulgation，"Sky Bet Security Level Protection Management Measures (Trial)" (official Chinese characters[2006] No. 7) Sky Bet be abolished at the same time.