Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 22239-2008 English PDF (GBT22239-2008)

GB/T 22239-2008 English PDF (GBT22239-2008)

Regular price $150.00 USD
Regular price Sale price $150.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: 24-hr self-service. Click GB/T 22239-2008
See Chinese contents: GB/T 22239-2008

GB/T 22239-2008: Information security technology -- Baseline for classified protection of information system security

This Standard specifies the basic protection requirements for different security protection levels of information system, including basic technical requirements and basic management requirements, which is suitable for guiding the security development, supervision and management of classified information system.
GB/T 22239-2008
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology ?€?
Baseline for Classified Protection of Information
System Security
ISSUED ON. JUNE 19, 2008
IMPLEMENTED ON. NOVEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the PEOPLE Republic of China;
Standardization Administration of the PEOPLE Republic of China.
Table of Contents
Foreword??...??4
Introduction??...??5
1 Scope??...??6
2 Normative??References??...??6
3 Terms??and??Definitions??...??6
4 Overview??on??Classified??Protection??of??Information??System??Security??...??7 4.1 Classification??of??Information??System??Security??Protection??...??7
4.2 Levels??of??Security??Protection??Ability??...??7
4.3 Basic??Technical??Requirements??and??Basic??Management??Requirements??...??8 4.4 Three??Types??of??Basic??Technical??Requirements??...??8
5 Basic??Requirements??of??Level??I??...??9
5.1 Technical??Requirements??...??9
5.1.1 Physical??Security??...??9
5.1.2 Network??Security??...??10
5.1.3 Host??Security??...??11
5.1.4 Application??Security??...??11
5.1.5 Data??Security??and??Backup??Recovery??...??12
5.2 Management??Requirements??...??12
5.2.1 Security??Management??System...??12
5.2.2 Security??Management??Setup??...??13
5.2.3 Personal??Security??Management??...??13
5.2.4 System??Construction??Management??...??14
5.2.5 System??Operation??and??Maintenance??Management??...??16
6 Basic??Requirements??of??Level??II??...??18
6.1 Technical??Requirements??...??18
6.1.1 Physical??Security??...??18
6.1.2 Network??Security??...??20
6.1.3 Host??Security??...??21
6.1.4 Application??Security??...??23
6.1.5 Data??Security??and??Backup??Recovery??...??25
6.2 Management??Requirements??...??25
6.2.1 Security??Management??System...??25
6.2.2 Security??Management??Setup??...??26
6.2.3 Personnel??Security??Management??...??27
6.2.4 System??Construction??Management??...??28
6.2.5 System??Operating??and??Maintenance??Management??...??31
7 Basic??Requirements??of??Level??III??...??35
7.1 Technical??Requirements??...??35
7.1.1 Physical??Security??...??35
7.1.2 Network??Security??...??38
7.1.3 Host??Security??...??40
7.1.4 Application??Security??...??43
7.1.5 Data??Security??and??Backup??Recovery??...??46
7.2 Management??Requirements??...??47
7.2.1 Security??Management??System...??47
7.2.2 Security??Management??Setup??...??48
7.2.3 Personnel??Security??Management??...??50
7.2.4 System??Construction??Management??...??51
7.2.5 System??Operation??and??Maintenance??Management??...??56
8 Basic??Requirements??of??Level??IV??...??62
8.1 Technical??Requirements??...??62
8.1.1 Physical??Security??...??62
8.1.2 Network??Security??...??65
8.1.3 Host??Security??...??67
8.1.4 Application??Security??...??70
8.1.5 Data??Security??and??Backup??Recovery??...??73
8.2 Management??Requirements??...??75
8.2.1 Security??Management??System...??75
8.2.2 Security??Management??Setup??...??76
8.2.3 Personnel??Security??Management??...??78
8.2.4 Management??of??System??Construction??...??79
8.2.5 System??Operation??and??Maintenance??Management??...??83
9 Basic??Requirements??of??Level??V??...??91
Appendix A (Normative) Requirements about the Integral Security Protection Ability of Information??System??...??92
Appendix??B??(Normative)??Selection??and??Use??of??Basic??Security??Requirements??...??94 Bibliography??...??96
Foreword
Appendix A and Appendix B of this Standard are normative.
This Standard was proposed by the Ministry of Public Security National Technical Committee on Information Technology Security of Standardization Administration of China.
This Standard shall be under the jurisdiction of the National Technical Committee on Information Technology Security of Standardization Administration of China. Drafting organization of this Standard. MPS Information Classified Security Protection Evaluation Center.
Chief drafting staffs of this Standard. Ma Li, Ren Weihong, Li Ming, Yuan Jing, Xie Chaohai, Qu Jie, Li Sheng, Chen Xuexiu, Zhu Jianping, Huang Hong, Liu Jing, Luo Zheng and Bi Maning.
Introduction
This Standard was developed according to the national management regulations on classified protection of information security.
This Standard is one of the series standards for classified protection of information security.
The series standards associated with this Standard include.
- GB/T 22240-2008 Information Security...

View full details