The Waiting Guarantee 2.0 policy has been strictly implemented for a period of time, but everyone still has a lot of unclear about the Waiting Guarantee Policy. Many people are asking, how to quickly and accurately determine which level the business system belongs to?
How to quickly and accurately determine which level the business system belongs to?
[Answer]: According to the "Information Security Level Protection Management Measures", you can refer to the level protection grading guide to evaluate the impact on the object when the business system is destroyed from the two aspects of business system security and system service security. A higher grade in terms of:
The legitimate rights and interests of citizens, legal persons and other organizations: 1. General damage: Grade I; 2. Serious damage: Grade II; 3. Particularly serious damage: Grade II;
Social order and public interest: 1. General damage: Level 2; 2. Serious damage: Level 3; 3. Particularly serious damage: Level 4;
National Security: 1. General damage: Level 3; 2. Serious damage: Level 4; 3. Particularly serious damage: Level 5.
Summary of small knowledge about insurance
Do I need to file for the first level of insurance?
[Answer]: According to regulations, the first-level information system is at the level of independent protection, and does not need to be filed with the public security organ, but the information operation and application units should carry out independent protection in accordance with relevant national management norms and technical standards. Applicable to general information systems, which will have certain impact on the rights and interests of citizens, legal persons and other organizations after they are destroyed, but will not endanger national security, social order, economic construction and public interests.
Which one is more demanding, Level 1, Level 2, Level 3?
[Answer]: Among the first class, second class and third class, the third class has the highest requirements, the second class is the second, and the first class has the lowest requirements. Class II is a general system, and the level of supervision and management is the level of guidance and protection; while Class III is an important system/keyword information infrastructure, which belongs to the level of supervision and protection, and should be evaluated at least once a year; class I is the lowest level, no need to participate in the level protection assessment.
Is waiting for insurance 3.0 the same as waiting for the third level?
[Answer]: No. At present, there are only MLPS 1.0 and MLPS 2.0, but there is no MLPS 3.0. MLPS 1.0 and MLPS 2.0 refer to a series of graded protection evaluation standards and regulations, not specific grades of protection; MLB 3.0 is just a term. The third level of protection is the third level of evaluation. The third level of protection belongs to the level of supervision and protection. It means that after the information system is damaged, it will cause serious damage to social order and public interests, or cause damage to national security.
Is the waiting guarantee assessment a safety certification?
[Answer]: First of all, we need to make it clear that the MEP assessment is not a security certification. The quality assurance assessment is not equivalent to the ISO 20000 series of information technology service management certification, nor is it equivalent to the ISO27000 series of information security management system certification. The hierarchical protection system is the system of national information security management and the embodiment of the will of the country. The implementation of the hierarchical protection system meets the compliance requirements of national laws and regulations.