The difference between Equal Insurance 1.0 and Equal Insurance 2.0
Equal Insurance 2.0 will be officially implemented on December 1, 2019, which is quite different from the equivalent of Equal Insurance 1.0. The differences between the two will be introduced in several aspects below.
Standard name change
GB/T 22239-2008 "Information Security Technology Information System Security Level Protection Basic Requirements" changed to
GB/T 22239-2019 "Information Security Technology Network Security Level Protection Basic Requirements"
GB/T 25070-2019 "Information Security Technology Technical requirements for cyber security grade protection security design"
GB/T 28448-2019 "Information security technology network security grade protection evaluation requirements"
Change of protection objects
and other guarantees 1.0 Most of the objects are units within the system, and most of the participants are computers. Information system, and the protection object of 2.0 has expanded to the whole society, covering all regions, units, departments, enterprises, and institutions. It has also risen to cyberspace security. In addition to computer information systems, it also includes network security systems, cloud computing, Internet of things, industrial control systems, big data security, etc.
Standard content changes.
Security requirements: Equal Guarantee 2.0 includes general security requirements and security extension requirements. In all aspects, the application of trusted computing technology is more prominent, forming a "one center, triple protection" defense system.
Equal Guarantee 2.0 is also formulated based on the "Cyber Security Law of the People's Republic of China", and proposes general security requirements for common security protection needs, and individual security for new technologies and new applications such as cloud computing, Internet of Things, mobile Internet, industrial control and big data. The protection requirements put forward security expansion requirements and form a new basic requirement standard for network security level protection.
Equal Warranty 1.0: Basic Requirements for Information System Security Level Protection
Equal Warranty 2.0: General Security Requirements
Cloud Computing Security Expansion Requirements
Mobile Internet Security Expansion Requirements
IoT Security Expansion Requirements
Industrial control system security expansion requirements
General security requirements include: secure physical environment, secure communication network, secure area boundary, secure computing environment, security management system, security management organization, security management personnel, security recommendation management, and security operation and maintenance management
One center, triple protection: the
formation of a triple protection system structure supported by "secure communication network", "secure area boundary", "secure computing environment" and "security management center".
Work connotation changes
and other guarantee 2.0 work connotation changes: add evaluation activities security management, network service management, product service procurement and use management, technical maintenance management, monitoring and early warning and information notification management, data and information security protection requirements, emergency response requirements, etc. It further clarified the work requirements for network rating and review, filing and review, rating evaluation, safety construction rectification, and self-inspection.