Recently, Defan Cloud's low-code suite has obtained the "Information System Security Level-3 Protection Certification" issued by the Ministry of Public Security (hereinafter referred to as "Multiple Protection Level 3").
The certified Defan Cloud low-code suite includes DeCod low-code aPaaS platform, DeFusion integrated iPaaS platform and MDM master data platform.
Defan Cloud DeCod low-code aPaaS platform: It is a platform with no-code + low-code as its core features, driven by models, providing native front-end and back-end development scaffolding to realize complex application customization and expansion, as well as a private domain application market, It can efficiently complete the online processing of enterprise business and accelerate the digital transformation of enterprises.
DeFan Cloud's DeFusion integrated iPaaS platform: quickly realizes enterprise applications and data connections through low-code methods, has rich integration scenarios and components, created the "configurable connector" feature, and has powerful integration and orchestration capabilities as well as API service governance and operation Services can effectively accelerate the digital upgrade of enterprises.
Defan Cloud MDM master data platform: an enterprise-level master data management platform that provides a full lifecycle master data management platform for data modeling, process customization, data quality, system integration and data release management, and realizes the management of master data within the organization. Sharing and utilization can improve the management level of enterprise master data and reduce management costs and operational risks.
It can be seen that Defan Cloud's product system has reached the third-level standard of national information security protection. In the future, the entire product line of Defan will protect the digital operation of more enterprises and escort the information security of enterprises.
What is the third level of insurance?
The national information system level protection certification is an assessment of the information system security level protection status of various institutions by the public security organs in accordance with the national information security protection regulations and related system regulations, in accordance with management norms and technical standards. This is the most authoritative information product security level qualification certification in China.
信息安全保护等级共分为5级,等级越高,安全保护能力越强。其中,得帆获得的“国家信息系统安全等级三级认证”,是地市级以上国家机关、重要企事业单位需要达成的认证,也是国家对非银行机构的最高级认证,由国家信息安全监管部门进行监督、检查,属于“监管级别”。
等保三级有多严格?
国家信息系统等级保护认证的测评内容依据国家信息安全等级保护制度规定,涵盖等级保护安全技术要求的5个层面和安全管理要求的5个层面,对信息系统的物理安全、网络安全、主机安全、应用安全、数据安全及备份恢复、安全管理制度、安全管理机构、人员安全管理、系统建设管理、系统运维管理等十大要素进行检测,总计近300项要求,共涉及测评分类73类。
认证测评项目(部分)
等保三级有哪些要求?
1
网络架构
(1)实现不同云服务客户虚拟网络之间的隔离;
(2)具有根据云服务客户业务需求提供通信传输、边界防护、入侵防范等安全机制的能力;(3)提供开放接口或开放性安全服务,允许云服务客户接入第三方安全产品或在云计算平台选择第三方安全服务。
2
入侵防范
能检测到云服务客户发起的网络攻击行为,并能记录攻击类型、攻击时间、攻击流量等。
3
安全审计
保证云服务商对云服务客户系统和数据的操作可被云服务客户审计。
4
数据完整性和保密性
(1)使用校验技术或密码技术保证虚拟机迁移过程中重要数据的完整性,并在检测到完整性受到破坏时采取必要的恢复措施;
(2)支持云服务客户部署密钥管理解决方案,保证云服务客户自行实现数据的加解密过程。
5
数据备份恢复
(1)提供查询云服务客户数据及备份存储位置的能力;
(2)为云服务客户将业务系统及数据迁移到其他云计算平台和本地系统提供技术手段,并协助完成迁移过程。
得帆高度重视安全建设
在网络安全越来越受重视的今天,提高数据安全建设的整体水平,增加信息系统的安全保护,已经是大势所趋。在企业数字化转型进程中,累计数据资产不断增多,保护数据安全更是重中之重。
作为国内领先的低代码开发平台,得帆在环境、设备、人员管理等方面高度重视系统安全建设,我们做到了:
1
主机和设备安全:
(1)配置安全组策略,仅允许符合规则的通信,默认情况下除允许通信外,受控接口拒绝所有通信;
(2)通过防火墙服务对网络攻击行为进行监测和防护;
(3)在互联网边界处,对进出网络的用户行为、重要安全事件进行审计,包括网络流量日志、安全事件日志等。
2
服务器和终端安全:
(1)针对服务器操作系统和终端操作系统采取了身份鉴别措施;
(2)服务器采用加密方式进行远程管理,鉴别信息非明文传输。
3
系统安全:
(1)数据库启用安全审计功能,审计覆盖到每个用户,对重要的用户行为和重要安全事件进行审计;
(2)云服务客户在运维本地可保存其业务数据的备份。
4
应用安全:
(1)严谨分配登录用户的账户和权限;
(2)用户及后台管理页面采用HTTPS加密传输协议,防止鉴别信息在网络传输过程中被窃听;
(3)提供重要数据的本地数据备份与恢复功能。
5
数据资源安全:
(1)通过HTTPS方式远程管理,保证数据传输保密性;
(2)重要业务数据每天定时进行全量备份。