1, network security level protection regulations
2, computer information system security protection classification standard
3, network security level protection implementation guide
4, network security level, care, care and grading guide
5. Basic requirements of network security level protection
6, network security level protection design technical requirements
7, network security level protection evaluation requirements
8, network security level protection evaluation process guide
The first level (self-protection level), after the object of level protection is destroyed, it will harm the legitimate rights and interests of citizens, legal persons and other organizations, but it will not harm national security, social order and public interests.
The second level (level of guidance and protection), after the object of level protection is destroyed, it will cause serious damage to the legitimate rights and interests of citizens, legal persons and other organizations, or damage to social order and public interests, but it will not endanger national security.
The third level (the level of supervision and protection), after the object of level protection is destroyed, it will cause particularly serious damage to the legitimate rights and interests of citizens, legal persons and other organizations, or to social order and public interests, or to national security.
The fourth level (compulsory protection level), after the object of level protection is destroyed, it will cause particularly serious damage to social order and public interests, or to national security.
The fifth level (special control protection level), after the object of level protection is destroyed, it will cause particularly serious damage to national security.
The difference between 1.0 and 2.0:
The object of 1.0 classification is information system, and the object of 2.0 standard classification is extended to: basic information network, cloud computing platform, Internet of Things, industrial control system, network using mobile Internet technology, big data platform and other systems, covering a wider range.
Furthermore, after the system was destroyed, the greatest damage to the legitimate rights and interests of citizens, legal persons and other organizations was changed from the original level 2 to the current level 3.
Finally, the standard of Equal Insurance 2.0 no longer emphasizes independent classification, but emphasizes reasonable classification. The classification of the system must be reviewed by experts and audited by the competent department before it can be filed with the public security organ, and the classification is more strict.
It is concluded that through the establishment of security technology system and security management system, a comprehensive network security defense system with corresponding level of security protection capability will be constructed, and work such as organization management, mechanism construction, security planning, notification and early warning, emergency response, situation awareness, capacity building, supervision and inspection, technical inspection, team building, education and training, and funding guarantee will be carried out. ?
This law is based on the Cyber Security Law of the People's Republic of China.
Article 21 The State implements a network security level protection system. Network operators shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations, protect the network from interference, destruction or unauthorized access, and prevent network data from being leaked, stolen or tampered with:
(a) to develop internal security management system and operating procedures, determine the person in charge of network security, and implement the responsibility of network security protection.
(two) to take technical measures to prevent computer viruses and network attacks, network intrusion and other acts that endanger network security.
(three) to take technical measures to monitor and record the network operation status and network security incidents, and keep the relevant network logs for not less than six months in accordance with the regulations.
(four) take measures such as data classification, important data backup and encryption.
(5) Other obligations stipulated by laws and administrative regulations.
Article 31 On the basis of the network security level protection system, the state gives priority protection to important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government, and other key information infrastructures that may seriously endanger national security, national economy and people's livelihood and public interests. The specific scope of key information infrastructure and security protection measures shall be stipulated by the State Council.
The state encourages network operators outside the key information infrastructure to voluntarily participate in the key information infrastructure protection system.