Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 22239-2008 English PDF (GBT22239-2008)

GB/T 22239-2008 English PDF (GBT22239-2008)

Regular price $150.00 USD
Regular price Sale price $150.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.Newer version: (Replacing this standard) GB/T 22239-2019
Get QUOTATION in 1-minute: Click GB/T 22239-2008
Historical versions: GB/T 22239-2008
Preview True-PDF (Reload/Scroll if blank)

GB/T 22239-2008: Information security technology -- Baseline for classified protection of information system security
GB/T 22239-2008
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology –
Baseline for Classified Protection of Information
System Security
ISSUED ON. JUNE 19, 2008
IMPLEMENTED ON. NOVEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 4 
Introduction ... 5 
1    Scope ... 6 
2    Normative References ... 6 
3    Terms and Definitions ... 6 
4    Overview on Classified Protection of Information System Security ... 7 
4.1    Classification of Information System Security Protection ... 7 
4.2    Levels of Security Protection Ability ... 7 
4.3    Basic Technical Requirements and Basic Management Requirements ... 8 
4.4    Three Types of Basic Technical Requirements ... 8 
5    Basic Requirements of Level I ... 9 
5.1    Technical Requirements ... 9 
5.1.1    Physical Security ... 9 
5.1.2    Network Security ... 10 
5.1.3    Host Security ... 11 
5.1.4    Application Security ... 11 
5.1.5    Data Security and Backup Recovery ... 12 
5.2    Management Requirements ... 12 
5.2.1    Security Management System... 12 
5.2.2    Security Management Setup ... 13 
5.2.3    Personal Security Management ... 13 
5.2.4    System Construction Management ... 14 
5.2.5    System Operation and Maintenance Management ... 16 
6    Basic Requirements of Level II ... 18 
6.1    Technical Requirements ... 18 
6.1.1    Physical Security ... 18 
6.1.2    Network Security ... 20 
6.1.3    Host Security ... 21 
6.1.4    Application Security ... 23 
6.1.5    Data Security and Backup Recovery ... 25 
6.2    Management Requirements ... 25 
6.2.1    Security Management System... 25 
6.2.2    Security Management Setup ... 26 
6.2.3    Personnel Security Management ... 27 
6.2.4    System Construction Management ... 28 
6.2.5    System Operating and Maintenance Management ... 31 
7    Basic Requirements of Level III ... 35 
7.1    Technical Requirements ... 35 
7.1.1    Physical Security ... 35 
7.1.2    Network Security ... 38 
7.1.3    Host Security ... 40 
7.1.4    Application Security ... 43 
7.1.5    Data Security and Backup Recovery ... 46 
7.2    Management Requirements ... 47 
7.2.1    Security Management System... 47 
7.2.2    Security Management Setup ... 48 
7.2.3    Personnel Security Management ... 50 
7.2.4    System Construction Management ... 51 
7.2.5    System Operation and Maintenance Management ... 56 
8    Basic Requirements of Level IV ... 62 
8.1    Technical Requirements ... 62 
8.1.1    Physical Security ... 62 
8.1.2    Network Security ... 65 
8.1.3    Host Security ... 67 
8.1.4    Application Security ... 70 
8.1.5    Data Security and Backup Recovery ... 73 
8.2    Management Requirements ... 75 
8.2.1    Security Management System... 75 
8.2.2    Security Management Setup ... 76 
8.2.3    Personnel Security Management ... 78 
8.2.4    Management of System Construction ... 79 
8.2.5    System Operation and Maintenance Management ... 83 
9    Basic Requirements of Level V ... 91 
Appendix  A  (Normative)  Requirements  about  the  Integral  Security  Protection  Ability  of 
Information System ... 92 
Appendix B (Normative) Selection and Use of Basic Security Requirements ... 94 
Bibliography ... 96 
Foreword
Appendix A and Appendix B of this Standard are normative.
This Standard was proposed by the Ministry of Public Security National Technical
Committee on Information Technology Security of Standardization Administration of
China.
This Standard shall be under the jurisdiction of the National Technical Committee on
Information Technology Security of Standardization Administration of China.
Drafting organization of this Standard. MPS Information Classified Security Protection
Evaluation Center.
Chief drafting staffs of this Standard. Ma Li, Ren Weihong, Li Ming, Yuan Jing, Xie
Chaohai, Qu Jie, Li Sheng, Chen Xuexiu, Zhu Jianping, Huang Hong, Liu Jing, Luo
Zheng and Bi Maning.
Introduction
This Standard was developed according to the national management regulations on
classified protection of information security.
This Standard is one of the series standards for classified protection of information
security.
The series standards associated with this Standard include.
- GB/T 22240-2008 Information Security...

View full details