scope
This standard specifies the general security requirements and security extension requirements for the protection objects of the first level to the fourth level of network security level protection.
This standard is applicable to guide the security construction and supervision and management of classified non-secret-related objects.
Note: The fifth-level protection object is a very important supervision and management object, which has special management mode and safety requirements, so it will not be
described in this standard
Normative references
The following documents are indispensable for the application of this document. For dated references, only the dated version applies to this document. For
undated references, the latest version (including all amendments) applies to this document.
GB 17859 Criteria for Classification of Computer Information System Security Protection Levels
GB/T 22240 Information Security Technology Information System Security Level Protection Grading Guidelines
GB/T 25069 Information Security Technical Terms
GB/T 31167—2014 Information Security Technology Cloud Computing Service Security Guidelines GB/T
31168—2014 Information Security Technology Cloud Computing Service Security Capability Requirements
GB/T 32919—2016 Information Security Technology Industrial Control System Security Control Application Guidelines
Terms and Definitions
The following terms and definitions defined in GB 17859, GB/T 22240, GB/T 25069, GB/T 31167-2014, GB/T 31168-2014 and GB/T 32919-2016
apply to this document.
For ease of use, some terms and definitions in GB/T 31167-2014, GB/T 31168-2014 and GB/T 32919-2016 are repeated below .
cybersecuritycybersecurity
By taking necessary measures to prevent attacks, intrusions, interference, destruction, illegal use and accidents on the network, the network is in a state of stable and
reliable operation, and the ability to guarantee the integrity, confidentiality and availability of network data.
security protection ability security protection ability
The degree to which threats can be defended against, security incidents discovered, and the previous state restored after compromise.
cloud computing cloud computing
Access scalable and flexible physical or virtual shared resource pools through the network, and self-service acquisition and management of resources on demand.
Note: Examples of resources include servers, operating systems, networks, software, applications, and storage devices.
[GB/T 31167—2014, definition 3.1]
2
cloud service provider cloud service provider
Provider of cloud computing services.
Note: Cloud service providers manage, operate, and support computing infrastructure and software for cloud computing, and deliver cloud computing resources through the network.
[GB/T 31167-2014, definition 3.3]
cloud service customer
A party that establishes a business relationship with a cloud service provider using cloud computing services.
[GB/T 31168-2014, definition 3.4]
cloud computing platform/system cloud computing platform/system
A collection of cloud computing infrastructure and service software on it provided by cloud service providers.
virtual machine monitor hypervisor
An intermediate software layer that runs between the underlying physical server and the operating system, allowing multiple operating systems and applications to share hardware.
Host host machine
A physical server running a virtual machine monitor.
mobile internet mobile communication
The process of connecting a mobile terminal to a wired network using wireless communication technology.
mobile terminalmobile device
Terminal equipment used in mobile services, including general-purpose terminals such as smart phones, tablet computers, and personal computers, and special-purpose terminal equipment.
wireless access device
A communication device that uses wireless communication technology to connect a mobile terminal to a wired network.
wireless access gateway
It is a device deployed between the wireless network and the wired network to provide security protection for the wired network.
mobile application software mobile application
Application software developed for mobile terminals.
mobile device management system mobile device management system
Special software for mobile terminal equipment management, application management and content management, including client software and server software.
internet of things (IoT)
A system formed by connecting sensing node devices through a network such as the Internet.
Perception node device sensor node
A device that collects information and/or performs operations on objects or the environment, and can communicate with a network.
Perception gateway node device sensor layer gateway
A device that summarizes, properly processes or fuses data collected by sensing nodes, and forwards it.
industrial control system industrial control system
Industrial Control System (ICS) is a general term that includes many types of control systems used in industrial production, including Supervisory Control and Data
Acquisition Systems (SCADA), Distributed Control Systems (DCS) and other smaller control systems such as Programmable logic controllers (PLCs)
are now widely used in industrial sectors and critical infrastructure.
References
Information Security Technology -
Basic Requirements for Network Security Level Protection Add link description