"Information System Security Graded Protection Rating Report"
1. Description of XXX Information System
Briefly describe the reasons for identifying the system as a rating object. Explain from three aspects: First, describe the relevant unit or department that is responsible for the security of the information system, explain that the unit or department has the responsibility for information security protection of the information system, and the information system is the grading object of the unit or department; Whether the grading object has the basic elements of the information system, describing the basic elements, system network structure, system boundary and boundary equipment; the third is whether the grading object carries a single or relatively independent business, and describes the business situation .
2. Determination of the security protection level of XXX information system (for the classification method, please refer to the national standard "Guidelines for the Classification of Information System Security Level Protection")
(1) Determination of business information security protection level
1. Description of business information
Describe the main business information handled by the information system, etc.
2. Determination of the infringed object when business information is destroyed
Explain what objects are violated when the information is destroyed, that is, which of the three objects (national security; social order and public interests; legitimate rights and interests of citizens, legal persons and other organizations) are infringed.
3. Determination of the degree of damage to the infringing object after the information is destroyed
Explain to what extent the damage will be caused to the infringing object after the information is destroyed, that is, whether it is general damage, serious damage or particularly serious damage.
4. Determination of business information security level
The business information security level is determined according to the object infringed when the information is destroyed and the degree of infringement.
(2) Determination of system service security protection level
1. System service description
Describe the service scope and service objects of the information system.
2. Determination of infringed objects when system services are damaged
Explain what objects are violated when system services are destroyed, that is, which objects are infringed on among the three objects (national security; social order and public interests; legitimate rights and interests of citizens, legal persons and other organizations).
3. Determination of the degree of damage to the infringing object after the system service is damaged
Explain the degree of damage to the infringing object after the system service is damaged, that is, whether it is general damage, serious damage or particularly serious damage.
4. Determination of system service security level
The security level of the system service is determined according to the object that is violated when the system service is damaged and the degree of the damage.
(3) Determination of safety protection level
信息系统的安全保护等级由业务信息安全等级和系统服务安全等级较高者决定,最终确定XXX系统安全保护等级为第几级。
信息系统名称 |
安全保护等级 |
业务信息安全等级 |
系统服务安全等级 |
XXX信息系统 |
X |
X |
X |