Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20269-2006 English PDF (GBT20269-2006)

GB/T 20269-2006 English PDF (GBT20269-2006)

Regular price $165.00 USD
Regular price Sale price $165.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 20269-2006 to get it for Purchase Approval, Bank TT...

GB/T 20269-2006: Information security technology -- Information system security management requirements

This Standard specifies management requirements of security levels required for information system security based on the division of security levels required by information system security.
GB/T 20269-2006
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology -
Information system security management
requirements
Issued on May 31, 2006 Implemented on December 01, 2006
Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 5
Introduction ... 6
1 Scope ... 8
2 Normative references ... 8
3 Terms and definitions ... 8
4 General requirements of information system security management ... 10 4.1Content of information system security management ... 10
4.2 Information system security management principles ... 10
5 Information system security management elements and the strength ... 12 5.1 Policy and system ... 12
5.1.1 Information security management policy ... 12
5.1.2 Security management rules and regulations ... 16
5.1.3 Policy and system document management ... 18
5.2 Organization and personnel management ... 19
5.2.1 Security management organization ... 19
5.2.2 Security mechanism centralized management organization ... 21
5.2.3 Personnel management ... 22
5.2.4 Education and training ... 25
5.3 Risk management ... 26
5.3.1 Risk management requirements and policy ... 26
5.3.2 Risk analysis and assessment ... 28
5.3.3 Risk control ... 30
5.3.4 Decision making based on risks ... 30
5.3.5 Risk assessment management ... 31
5.4 Environment and resource management ... 33
5.4.1 Environment security management ... 33
5.4.2 Resources management ... 35
5.5 Operation and maintenance management ... 38
5.5.1 User management ... 38
5.5.2 Operation management ... 41
5.5.3 Operation maintenance management ... 45
5.5.4 Outsourced service management ... 50
5.5.5 Assurance Related to Security Mechanism ... 51
5.5.6 Security centralized management ... 59
5.6 Business continuity management ... 62
5.6.1 Backup and recovery ... 62
5.6.2 Security incident handling ... 63
5.6.3 Emergency processing ... 65
5.7 Supervision and inspection management ... 67
5.7.1 Conforming with legal requirements ... 67
5.7.2 Compliance inspection ... 68
5.7.3 Audit and supervision control ... 70
5.7.4 Responsibility determination ... 71
5.8 Life cycle management ... 72
5.8.1 Plan and project approval management ... 72
5.8.2 Construction process management ... 74
5.8.3 System startup and stop management ... 77
6 Information system security management graded requirements ... 78
6.1 Level-one. User discretionary protection level ... 78
6.1.1 Management objective and scope ... 78
6.1.2 Policy and system requirements ... 79
6.1.3 Organization and personnel management requirements ... 79
6.1.4 Risk management requirements ... 80
6.1.5 Environment and resource management requirements ... 80
6.1.6 Operation and maintenance management requirements ... 81
6.1.7 Business continuity management requirements ... 82
6.1.8 Supervision and inspection management requirements ... 82
6.1.9 Life cycle management requirements ... 83
6.2 Level-two. System audit protection level ... 83
6.2.1 Management objective and scope ... 83
6.2.2 Policy and system requirements ... 84
6.2.3 Organization and personnel management requirements ... 84
6.2.4 Risk management requirements ... 85
6.2.5 Environment and resource management requirements ... 86
6.2.6 Operation and maintenance management requirements ... 86
6.2.7 Business continuity management requirements ... 87
6.2.8 Supervision and inspection management requirements ... 88
6.2.9 Life cycle management requirements ... 88
6.3 Level-three. Security label protection level ... 89
6.3.1 Management objective and scope ... 89
6.3.2 Policy and system requirements ... 90
6.3.3 Organization and personnel management requirements ... 90
6.3.4 Risk management requirements ... 91
6.3.5 Environment and resource management requirements ... 92
6.3.6 Operation and maintenance management requirements ... 92
6.3.7 Business continuity management requirements ... 94
6.3.8 Supervision and inspection management requirements ... 94
6.3.9 Life cycle management requirements ... 95
6.4 Level-four. Structured protection level ... 96
6.4.1 Management objectives and scope ... 96
6.4.2 Policy and system requirements ... 96
6.4.3 Organization and personnel management requirements ... 97
6.4.4 Risk management requirements ... 97
6.4.5 Environment and resource management requirements ... 98
6.4.6 Operation and maintenance management requirements ... 99
6.4.7 Business continuity management requirements ... 100
6.4.8 Supervision and inspection management requirements ... 100
6.4.9 Life cycle management requirements ... 101
6.5 Level-five. Access verification protection level ... 101
6.5.1 Management objectives and scope ... 101
6.5.2 Policy and system requiremen...

View full details