Level protection system Level 3 compliance
National information security level protection system Level 3 compliance
1 tertiary basic requirements
1.1 technical requirements for
physical security 1.1.1
select the physical location of 1.1.1.1 (G3)
this requirement include :
A) the engine room and office space should be selected with shock , building the wind and rain, etc. capacity;
B) located in the room space to avoid high-rise buildings or basements, and the lower water wall or equipment.
1.1.1.2 Physical Access Control (G3)
this requirement comprising :
A) the room entrance should arrange special duty control personnel to identify and record entry;
B) for an entering person visiting room and should be subject to the application approval process, and limits and monitoring its activities;
C) room split region to deal with the physical isolation provided between the management means, and regional, or arranged to deliver security critical areas before
loading and transition region ;
D) arranged to be an important area of electronic access system, control, discrimination and personnel record entry.
1.1.1.3 Anti-theft and anti-sabotage (G3)
this requirement comprising :
A) the device should be placed in the main room;
B) or the device should be fixed to the main components, and clearly marked set of difficult to remove;
C) should the communication cable laid in the shelter, or may be laid underground pipeline;
D) classification identifier to respond medium, stored in the media library or archives;
E) should use optical, electrical, and other technical rooms provided burglar alarm system;
F) room set up to deal with monitoring alarm system.
1.1.1.4 lightning (G3)
This requirement comprising :
A) means lightning equipment room to be provided;
B) should be set lightning protector, prevent lightning;
C) room should be provided mains earth.
7.1.1.5 fire (G3)
this requirement comprising :
A) should be set to automatic fire engine room fire protection system, it can automatically detect a fire, alarm, and automatic fire extinguishing;
B) of the working room and the room and related auxiliary rooms should have a refractory grade building materials;
c) the engine room fire protection measures should be taken to isolate the area, with other devices will be important to isolate.
1.1.1.6 water and moisture (G3)
this requirement include :
A) installation of water pipes shall not pass through the engine room under the roof and floor;
b) should take measures to prevent rain water through the engine room windows, roof and wall penetration;
c) measures should be taken transfer of the engine room to prevent penetration of water vapor condensation and the underground water;
D) should be installed on the water-sensitive element or instrumentation, for detection and alarm room waterproofing.
1.1.1.7 Anti-static (G3)
this requirement comprising :
A) a main equipment should be grounded anti-static measures necessary;
B) with anti-static equipment room floor.
1.1.1.8 Control of temperature and humidity (G3)
room temperature should be set, and humidity-conditioning the room temperature, changes in humidity in the range of operation of the device of permitted.
1.1.1.9 Power supply (A3)
This requirement comprising :
a) should be arranged on the supply line regulator room and overvoltage protection equipment;
B) should provide short-term backup power supply to meet the normal operation of at least the main equipment required in the case of power failure;
C) should be set parallel or redundant the power supply cabling to the computer system;
D) should be established standby power supply.
1.1.1.10 electromagnetic protection (S3)
This requirement comprising :
A) should be employed to prevent external electromagnetic interference grounding interference and parasitic coupling device;
B) and a power line communication cable laying should be isolated to avoid interference;
C) device address key and electromagnetic shielding magnetic media embodiments.
1.1.2 Security
1.1.2.1 Security architecture (G3)
this requirement comprising :
A) should ensure the service processing capability of the primary network device includes a redundant space to meet the business needs of the peak;
B) should meet the guaranteed bandwidth for each part of the network peak business needs;
C) should establish secure routing control access path between the service terminal and the service server;
D) should draw the network topology consistent with the current operating conditions;
E) should work according to the functions of various departments, the importance and the importance of information and other factors involved, divided into different subnets or network segments,
and in accordance with the principles of ease of management and control for the subnet network address assignment section ;
f) should avoid significant network deployment in network boundary and is directly connected to the external information system, taken between important segments and other segments
reliable technical isolation means ;
G) shall be in accordance with the order of importance of business services to specify the bandwidth allocation priority, to ensure that when congestion occurs in the network priority to the protection of
important host.
1.1.2.2 Access Control (G3)
this requirement comprising :
A) should be deployed at the network boundary access control device, to enable access control;
B) should provide explicit permission / denial to the ability to access data stream according to the session state information, control particle size of the port level;
C) out of the network respond to the information content of the filter, to realize the application layer HTTP, FTP, TELNET, SMTP, POP3