With the release of Equal Protection 2.0, it also marks that China's network security level protection will enter a brand new stage. So what is equal protection? Network security level protection 2.0 has what characteristics? What is the difference between the equal protection 2.0 and equal protection 1.0? In response to these questions, I will explain in detail.

What is equal protection?

Level protection is our country's basic network security system, basic national policy, but also a complete and perfect network security management system. Following the standards related to level protection to start security construction is now the general requirements of enterprises and institutions, but also the basic requirements of the national key information infrastructure measures to protect.

What are the features of Network Security Level Protection 2.0?

① the basic requirements for level protection, evaluation requirements and security design technical requirements framework statistics, namely: security management center support triple protection structure framework;

② general security requirements + new application security extension requirements, cloud computing, mobile Internet, Internet of Things, industrial control systems, etc. included in the standard specifications;

③ credible verification included in all levels and The main functional requirements of each link.

What's the difference between Equal Assurance 2.0 and Equal Assurance 1.0?

First: name change

The "Basic Requirements for the Security Level Protection of Information Systems" was changed to "Basic Requirements for the Security Level Protection of Networks", which is consistent with the "Cybersecurity Law".

Second: changes in the classification object

The classification object of equal protection 1.0 is the information system, and now 2.0 is more extensive, including: information systems, basic information networks, cloud computing platforms, big data platforms, Internet of Things systems, industrial control systems, and networks using mobile Internet technology.

Third: changes in security requirements

Equal protection 2.0 evolved from a single basic requirement to a general security requirements + new technology security extension requirements, in which the security of the general requirements are regardless of the form of the object of the level of protection must meet the requirements of cloud computing, mobile Internet, Internet of Things and industrial control systems put forward special requirements, called security extension requirements.

① cloud computing security extension requirements include the location of the infrastructure, virtualization security protection, mirroring and snapshot protection, cloud service provider selection and cloud computing environment management.

② Mobile Internet security extended requirements include the geographic location of wireless access points, mobile terminal control, mobile application control, mobile application software procurement and mobile application software development.

③ Internet of Things security extension requirements include physical protection of perception nodes, perception node device security, perception network node device security, perception node management and data fusion processing.

④ Industrial control system security extension requirements include outdoor control equipment protection, industrial control system network architecture security, dial-up use control, wireless use control and control equipment security.

Fourth: changes in the structure of the classification of controls

Equal protection 2.0 still retains the technical and management dimensions.

Technology: from physical security, network security, host security, application security, data security, changed to security physical environment, security communication network, security area boundary, security computing environment, security management center;

Management: there is not much change in the structure, from the security management system, security management organization, personnel security management, system construction management, system operation and maintenance management

Fifth: changes in the content of the work

Equal protection 2.0 not only to further clarify the grading, filing, security construction, level assessment, supervision and inspection of the 1.0 era of the required action, the most important is the security detection, notification of the early warning, the investigation of the case event and other measures will be fully integrated into the level of protection system and to be implemented.