The first level (autonomous protection level), the damage to the object of level protection will cause damage to the lawful rights and interests of citizens, legal persons and other organizations, but does not harm national security, social order and public **** interests;
The second level (guiding protection level), the damage to the object of level protection will cause serious damage to the lawful rights and interests of citizens, legal persons and other organizations, or to the social order and public **** interests, but not to the detriment of national security;
Third level (supervisory protection level), the damage to the object of hierarchical protection will cause particularly serious damage to the lawful rights and interests of citizens, legal persons and other organizations, or serious damage to the social order and public **** interests, or damage to national security;
Fourth level (mandatory protection level), the damage to the object of hierarchical protection will be particularly serious.
Level 4 (mandatory protection level), the level of protection object is damaged, will be particularly serious damage to social order and public **** interests, or serious damage to national security;
Level 5 (exclusive control protection level), the level of protection object is damaged, will be particularly serious damage to national security
Compared with the 1.0 version, the 2.0 in the content of the actual what are the changes?
While 1.0 graded information systems, the 2.0 standard extends the grading to a wider range of systems, including basic information networks, cloud computing platforms, the Internet of Things, industrial control systems, networks using mobile Internet technology, and big data platforms.
Additionally, after the destruction of the system, the legitimate rights and interests of citizens, legal persons and other organizations to cause particularly serious damage to the original maximum of the second level to the current maximum of the third level.
Finally, the Equal Protection 2.0 standard no longer emphasizes autonomous grading but reasonable grading, and the system grading must be reviewed by experts and audited by the competent authorities before it can be filed with the public security authorities, and the grading is more stringent.
SummaryThrough the establishment of a security technology system and security management system, to build a comprehensive network security defense system with the appropriate level of security protection capabilities, to carry out organizational management, mechanism construction, security planning, notification and early warning, emergency response, situational awareness, capacity building, supervision and inspection, technology testing, team building, education and training and financial security. Legal basis: "Chinese People's Republic of China network security law"
Article 21 of the national network security level protection system. Network operators shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations to safeguard the network from interference, damage or unauthorized access, to prevent network data leakage or theft, tampering:
(a) the development of the internal security management system and operating procedures, to determine the person in charge of network security, and the implementation of the responsibility for network security protection;
(b) To take technical measures to prevent computer viruses and network attacks, network intrusion and other hazards to network security behavior;
(c) to take technical measures to monitor and record the network operation status, network security events, and in accordance with the provisions of the retention of the relevant network logs for not less than six months;
(d) to take measures such as data categorization, backup of important data and encryption;
(e) ) Other obligations stipulated by laws and administrative regulations.
Article 31 of the state of public **** communication and information services, energy, transportation, water conservancy, finance, public **** services, e-government and other important industries and fields, as well as other once damaged, loss of functionality or data leakage, may seriously jeopardize the national security, the state's economy and people's livelihood, and the interests of the public **** critical information infrastructure, on the basis of the network security level protection system, the Implement key protection. The State Council shall formulate the specific scope and security protection of critical information infrastructure.
The state encourages network operators other than critical information infrastructure to voluntarily participate in the critical information infrastructure protection system.