1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 25058-2019 English PDF (GBT25058-2019)
GB/T 25058-2019 English PDF (GBT25058-2019)
Regular price
$405.00 USD
Regular price
Sale price
$405.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 25058-2019
Historical versions: GB/T 25058-2019
Preview True-PDF (Reload/Scroll if blank)
GB/T 25058-2019: Information security technology -- Implementation guide for classified protection of cybersecurity
GB/T 25058-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Replacing GB/T 25058-2010
Information Security Technology - Implementation
Guide for Classified Protection of Cybersecurity
ISSUED ON: AUGUST 30, 2019
IMPLEMENTED ON: MARCH 1, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 5
1 Scope ... 8
2 Normative References ... 8
3 Terms and Definitions ... 8
4 Overview of Implementation of Classified Protection ... 8
4.1 Fundamental Principles ... 8
4.2 Roles and Responsibilities ... 9
4.3 Basic Procedure of Implementation ... 11
5 Rating and Filing of Classified Protection Object ... 13
5.1 Workflow of Rating and Filing Stage ... 13
5.2 Industry / Domain Rating Work ... 15
5.3 Analysis of Classified Protection Object ... 16
5.3.1 Analysis of object importance ... 16
5.3.2 Determination of rating object ... 18
5.4 Determination of Security Protection Level ... 20
5.4.1 Rating, Review and Approval ... 20
5.4.2 Form rating report ... 21
5.5 Filing of Rating Result... 22
6 Overall Security Planning ... 23
6.1 Workflow of Overall Security Planning Stage ... 23
6.2 Analysis of Security Demands ... 24
6.2.1 Determination of basic security demands ... 24
6.2.2 Determination of special security demands ... 25
6.2.3 Form security demand analysis report ... 26
6.3 Overall Security Design ... 27
6.3.1 Overall security policy design ... 27
6.3.2 Security technology architecture design ... 27
6.3.3 Overall security management architecture design ... 31
6.3.4 Documentation of design result ... 34
6.4 Security Construction Project Planning ... 34
6.4.1 Determination of security construction objective ... 34
6.4.2 Security construction content planning ... 35
6.4.3 Form security construction project planning ... 36
7 Security Design and Implementation ... 37
7.1 Workflow of Security Design and Implementation Stage ... 37
7.2 Detailed Design of Security Scheme ... 39
7.2.1 Design of technological measure implementation content ... 39
7.2.2 Design of management measure implementation content ... 40
7.2.3 Documentation of design result ... 41
7.3 Implementation of Technological Measures ... 42
7.3.1 Procurement of cybersecurity products or services ... 42
7.3.2 Development of security control ... 43
7.3.3 Security control integration ... 45
7.3.4 Acceptance inspection of system ... 46
7.4 Implementation of Management Measures ... 48
7.4.1 Construction and revision of security management system ... 48
7.4.2 Security management institution and personnel setting ... 49
7.4.3 Security implementation process management ... 50
8 Security Operation and Maintenance ... 51
8.1 Workflow of Security Operation and Maintenance Stage ... 51
8.2 Operation Management and Control ... 54
8.2.1 Determination of operation management responsibilities ... 54
8.2.2 Operation management process control ... 54
8.3 Alteration Management and Control ... 55
8.3.1 Alteration demand and influence analysis ... 55
8.3.2 Alteration process control ... 56
8.4 Security Status Monitoring ... 57
8.4.1 Determination of monitoring objects ... 57
8.4.2 Collection of monitoring object status information ... 58
8.4.3 Monitoring status analysis and report ... 58
8.5 Security Self-inspection and Continuous Improvement ... 59
8.5.1 Self-inspection of security status ... 59
8.5.2 Formulation of improvement scheme ... 60
8.5.3 Implementation of security improvement ... 61
8.6 Management and Monitoring of Service Provider ... 62
8.6.1 Selection of service provider ... 62
8.6.2 Management of service provider ... 63
8.6.3 Monitoring of service provider ... 65
8.7 Level Evaluation ... 66
8.8 Supervision and Inspection... 66
8.9 Emergency Response and Guarantee ... 67
8.9.1 Emergency preparation ... 67
8.9.2 Emergency monitoring and response ... 69
8.9.3 Post-mortem evaluation and improvement ... 70
8.9.4 Emergency guarantee ... 71
9 Termination of Rating Objects ... 71
9.1 Workflow of Rating Object Termination Stage ... 71
9.2 Information Transfer, Temporary Storage and Removal ... 72
9.3 Equipment Migration or Abolishment ... 73
9.4 Removal or Destruction of Storage Media ... 74
Appendix A (normative) Main Processes and the Activities, Input and Output
... 76
Information Security Technology - Implementation
Guide for Classified Protection of Cybersecurity
1 Scope
This Standard stipulates the process that classified protection object implements
cybersecurity protection work.
This Standard is applicable to the guidance of the implementation of cybersecurity
classified protection work.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB 17859 Classified Criteria for Security Protection of Computer Information System
GB/T 22239 Information Security Technology - Baseline for Classified Protection of
Cybersecurity
GB/T 22240 Information Security Technology - Classification Guide for Classified
Protection of Information System Security
GB/T 25069 Information Security Technology - Glossary
GB/T 28448 Information Security Technology - Evaluation Requirement for Classified
Protection of Cybersecurity
3 Terms and Definitions
Terms and definitions defined in GB 17859, GB/T 22239, GB/T 25069 and GB/T 28448
are applicable to this document.
4 Overview of Implementation of Classified Protection
4.1 Fundamental Principles
The core of classified security protection is to classify classified protection objects, and
carry out construction, management and supervision in accordance with the standards.
protection, take charge of cybersecurity protection and supervision,
management work within the scope of their respective duties.
b) Competent department
Competent department shall, in accordance with national management
specifications and technological standards on classified cybersecurity
protection, take charge of the supervision, inspection and guidance of
classified cybersecurity protection work of the operating and using
organizations of classified protection objects of the industry, the department
or the locality.
c) Operating and using organization
Operating and using organization shall, in accordance with national
management specifications and technological standards on classified
cybersecurity protection, determine the security protection level of its
classified protection objects. If there is a competent department, operating
and using organization shall report to its competent department for review and
approval. In accordance with the security protection level that is already
determined, go through filing procedures at the public security. In accordance
with national management specifications and technological standards on
classified cybersecurity protection, conduct planning and design of security
protection for the classified protection objects. Adopt information technology
products and cybersecurity protects that comply ...
Get QUOTATION in 1-minute: Click GB/T 25058-2019
Historical versions: GB/T 25058-2019
Preview True-PDF (Reload/Scroll if blank)
GB/T 25058-2019: Information security technology -- Implementation guide for classified protection of cybersecurity
GB/T 25058-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Replacing GB/T 25058-2010
Information Security Technology - Implementation
Guide for Classified Protection of Cybersecurity
ISSUED ON: AUGUST 30, 2019
IMPLEMENTED ON: MARCH 1, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 5
1 Scope ... 8
2 Normative References ... 8
3 Terms and Definitions ... 8
4 Overview of Implementation of Classified Protection ... 8
4.1 Fundamental Principles ... 8
4.2 Roles and Responsibilities ... 9
4.3 Basic Procedure of Implementation ... 11
5 Rating and Filing of Classified Protection Object ... 13
5.1 Workflow of Rating and Filing Stage ... 13
5.2 Industry / Domain Rating Work ... 15
5.3 Analysis of Classified Protection Object ... 16
5.3.1 Analysis of object importance ... 16
5.3.2 Determination of rating object ... 18
5.4 Determination of Security Protection Level ... 20
5.4.1 Rating, Review and Approval ... 20
5.4.2 Form rating report ... 21
5.5 Filing of Rating Result... 22
6 Overall Security Planning ... 23
6.1 Workflow of Overall Security Planning Stage ... 23
6.2 Analysis of Security Demands ... 24
6.2.1 Determination of basic security demands ... 24
6.2.2 Determination of special security demands ... 25
6.2.3 Form security demand analysis report ... 26
6.3 Overall Security Design ... 27
6.3.1 Overall security policy design ... 27
6.3.2 Security technology architecture design ... 27
6.3.3 Overall security management architecture design ... 31
6.3.4 Documentation of design result ... 34
6.4 Security Construction Project Planning ... 34
6.4.1 Determination of security construction objective ... 34
6.4.2 Security construction content planning ... 35
6.4.3 Form security construction project planning ... 36
7 Security Design and Implementation ... 37
7.1 Workflow of Security Design and Implementation Stage ... 37
7.2 Detailed Design of Security Scheme ... 39
7.2.1 Design of technological measure implementation content ... 39
7.2.2 Design of management measure implementation content ... 40
7.2.3 Documentation of design result ... 41
7.3 Implementation of Technological Measures ... 42
7.3.1 Procurement of cybersecurity products or services ... 42
7.3.2 Development of security control ... 43
7.3.3 Security control integration ... 45
7.3.4 Acceptance inspection of system ... 46
7.4 Implementation of Management Measures ... 48
7.4.1 Construction and revision of security management system ... 48
7.4.2 Security management institution and personnel setting ... 49
7.4.3 Security implementation process management ... 50
8 Security Operation and Maintenance ... 51
8.1 Workflow of Security Operation and Maintenance Stage ... 51
8.2 Operation Management and Control ... 54
8.2.1 Determination of operation management responsibilities ... 54
8.2.2 Operation management process control ... 54
8.3 Alteration Management and Control ... 55
8.3.1 Alteration demand and influence analysis ... 55
8.3.2 Alteration process control ... 56
8.4 Security Status Monitoring ... 57
8.4.1 Determination of monitoring objects ... 57
8.4.2 Collection of monitoring object status information ... 58
8.4.3 Monitoring status analysis and report ... 58
8.5 Security Self-inspection and Continuous Improvement ... 59
8.5.1 Self-inspection of security status ... 59
8.5.2 Formulation of improvement scheme ... 60
8.5.3 Implementation of security improvement ... 61
8.6 Management and Monitoring of Service Provider ... 62
8.6.1 Selection of service provider ... 62
8.6.2 Management of service provider ... 63
8.6.3 Monitoring of service provider ... 65
8.7 Level Evaluation ... 66
8.8 Supervision and Inspection... 66
8.9 Emergency Response and Guarantee ... 67
8.9.1 Emergency preparation ... 67
8.9.2 Emergency monitoring and response ... 69
8.9.3 Post-mortem evaluation and improvement ... 70
8.9.4 Emergency guarantee ... 71
9 Termination of Rating Objects ... 71
9.1 Workflow of Rating Object Termination Stage ... 71
9.2 Information Transfer, Temporary Storage and Removal ... 72
9.3 Equipment Migration or Abolishment ... 73
9.4 Removal or Destruction of Storage Media ... 74
Appendix A (normative) Main Processes and the Activities, Input and Output
... 76
Information Security Technology - Implementation
Guide for Classified Protection of Cybersecurity
1 Scope
This Standard stipulates the process that classified protection object implements
cybersecurity protection work.
This Standard is applicable to the guidance of the implementation of cybersecurity
classified protection work.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB 17859 Classified Criteria for Security Protection of Computer Information System
GB/T 22239 Information Security Technology - Baseline for Classified Protection of
Cybersecurity
GB/T 22240 Information Security Technology - Classification Guide for Classified
Protection of Information System Security
GB/T 25069 Information Security Technology - Glossary
GB/T 28448 Information Security Technology - Evaluation Requirement for Classified
Protection of Cybersecurity
3 Terms and Definitions
Terms and definitions defined in GB 17859, GB/T 22239, GB/T 25069 and GB/T 28448
are applicable to this document.
4 Overview of Implementation of Classified Protection
4.1 Fundamental Principles
The core of classified security protection is to classify classified protection objects, and
carry out construction, management and supervision in accordance with the standards.
protection, take charge of cybersecurity protection and supervision,
management work within the scope of their respective duties.
b) Competent department
Competent department shall, in accordance with national management
specifications and technological standards on classified cybersecurity
protection, take charge of the supervision, inspection and guidance of
classified cybersecurity protection work of the operating and using
organizations of classified protection objects of the industry, the department
or the locality.
c) Operating and using organization
Operating and using organization shall, in accordance with national
management specifications and technological standards on classified
cybersecurity protection, determine the security protection level of its
classified protection objects. If there is a competent department, operating
and using organization shall report to its competent department for review and
approval. In accordance with the security protection level that is already
determined, go through filing procedures at the public security. In accordance
with national management specifications and technological standards on
classified cybersecurity protection, conduct planning and design of security
protection for the classified protection objects. Adopt information technology
products and cybersecurity protects that comply ...
Share
![GB/T 25058-2019 Page 1](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.1.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 2](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.2.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 3](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.3.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 4](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.4.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 5](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.5.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 6](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.6.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 7](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.7.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 8](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.8.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 9](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.9.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 10](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.10.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 11](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.11.jpg?v=1697212319&width=1445)
![GB/T 25058-2019 Page 12](http://www.chinesestandard.us/cdn/shop/products/GBT25058-2019EN.12.jpg?v=1697212319&width=1445)