Level of protection development
More than two decades, China's level of computer protection system has been developed to improve and get a real practice in the implementation of various industries, it has an important role in guiding the country's network information security. Today, the level of protection of 2.0 times, based on the development and application of information technology and network security posture, and continuously enrich the connotation of the system, expanding the scope of protection, improve the regulatory measures to gradually improve network security protection system of policies, standards and support system.
And other level security protection 1.0 : In 1994, the State Council promulgated the " Computer Information System Security Protection Ordinance People's Republic of China ", the implementation of the provisions of the computer information system security protection
And other insurance 2.0 : October 10, 2016, the fifth national information security protection technology National Congress, Ministry of Public Security Network Security Protection Agency Guoqi ACFTU workers pointed out that "the state of network security protection system put forward new requirements, grade protection system It has entered the 2.0 era. "
The following detailed look at the development process:
Grade protection 1.0 times:
In 1994, the State Council promulgated the " Computer Information System Security Protection Ordinance People's Republic of China ", the implementation of the provisions of the computer information system security protection.
In 2003, the Central Committee and State Council issued a " National Informatization Leading Group on strengthening information security work " (in Ban Fa [2003] No. 27) clearly states that "the implementation of information security protection."
From 2004 to 2006, the Ministry of Public Security jointly carried out 65,117 units of four ministries involved, and grade level of protection of basic research pilot protection Total 115 319 information system, lay the foundation for a comprehensive level of protection to carry out the work.
In June 2007, four departments jointly issued " Information security level of protection and management measures ."
In July 2007, four departments jointly issued the " Notice on the country's major information system security protection grading work ."
2007 July 20, held an important national information system security protection grading work arrangements thematic television and telephone conference, marking the information security level protection system officially began.
April 2010, Ministry of Public Security issued "on promoting the construction of evaluation system for the protection of security level information and carry out evaluation work level," and proposed milestones level of protection.
December 2010, Ministry of Public Security and the State-owned Assets Supervision and Administration Commission of the State Council jointly issued the "Notice on further promoting the central corporate information security protection work," which requires the central enterprises to implement level protection.
Grade Protection 2.0:
October 10, 2016, the fifth national information security protection technology National Congress, Ministry of Public Security Network Security Protection Agency Guoqi ACFTU workers pointed out that "the state of network security protection system put forward new requirements, grade protection system has entered the 2.0 era . "
November 7, 2016, " People's Republic of China Network Security Act " formally promulgated, 21 clear "national implementation of network security protection system ......"
To " GB17859 computer information system security protection classification criteria ", " GB / T22239-2008 information security technology information system security level protection of fundamental requirements ," Paul 1.0 standard level of protection on behalf of a series of supporting standards, commonly called and so on.
In 2013, the National Information Security Standardization Technical Committee authorized WG5- Information Security Evaluation Working Group started the research level of protection the new standards.
Grade protection 2.0 times:
January 2017 to February, the National Information Security Standardization Technical Committee issued a "network security protection essential requirements" series of standards, "network security protection assessment requirements" series of standards "draft."
May 2017, the State Ministry of Public Security "GA / T 1389-2017 network security protection rating guide", "GA / T 1390.2-2017 level of network security to protect the basic requirements - Part 2: Security in the cloud expansion requirements" and 4 public safety industry standard level of protection.
Future Prospects
Rise to the legal level of protection
"People's Republic of China Network Security Law" Article 21 states that "national implementation of network security protection system" requiring "network operator shall, in accordance network security protection system requirements to fulfill security obligations"; Article 31 provides that "the key for the country information infrastructure, on the basis of network security protection system, based on special protection. "
Object level protection will continue to expand
With cloud computing, mobile Internet, big data, networking, artificial intelligence and other new technologies are emerging, the concept of computer information systems can not cover all, especially to bring the value of big data highlights the rapid development of the Internet, such as protection of the protected object extension will continue to expand.
Level protection will continue to expand contents
In grading, filing, construction rectification, classified evaluation and supervision and inspection provisions of the action on the basis of 2.0 times the risk assessment, safety monitoring, early warning bulletin, the case of incident investigation, data protection, disaster recovery, emergency response, self-control, supply chain safe and effective evaluation, assessment and other comprehensive management of these closely related to network security measures will be fully integrated into the system and level of protection to be implemented.
Level protection system will be a major upgrade
2.0 era, the authorities will continue to develop a range of policies, regulations and technical standards, the formation of the smooth functioning of the working mechanism, on the basis of the existing system, establish and improve the level of protection policy system, standard system, evaluation system, technology, service system, key technology research system, education and training system and so on.