English
One-stop MLPS expert
POWERTIME
What is Classified Protection?

Concept

Cybersecurity classified protection refers to carrying out multilevel protection and supervision over network system (including information systems, data, applications, services), and implementing level-to-level administration for the network security products used in network, and responding to and resolving network security events and incidents.

Cybersecurity classified protection refers to carrying out multilevel protection and supervision over network system (including information systems, data, applications, services), and implementing level-to-level administration for the network security products used in network, and responding to and resolving network security events and incidents.

Five levels of the Classified Protection

GB 17859-1999 Criteria for Classification of Security Protection of Computer Information Systems defined the five system levels.

GB 17859-1999 Criteria for Classification of Security Protection of Computer Information Systems defined the five system levels.

Why to do Classified Protection?
  • Required by State laws

    State laws and regulations and industry supervision policies are all seeking to carry out the classified protection works For example, the Cybersecurity Law and the Administration Measures for the Classified Protection of Information Security clearly stipulate the operating and using unit of information systems shall, in accordance with the requirements of the cybersecurity classified protection system, fulfill the obligations of security protection, and if refused to perform, will be punished accordingly

  • Required by customers

    When providing business services to external customers, the information system operating unit needs to demonstrate the information system security commitment to customers and stakeholders through classified protection evaluation, and enhance the confidence of customers, partners and stakeholders  

  • Self-security requirement

    The operating and using unit can discover the hidden security problems and deficiencies in the system by carrying out classified protection work, and improve the security protection ability of the system through security rectification, so as to reduce the risk of being attacked

How to do Classified Protection?
  • Classifying and Registration

    Help enterprises to file the classifying materials, and submit the materials to the cybersecurity organs of all cities for registration

  • Consultation and Pre-evaluation

    Carry out systematic research and investigation, conduct pre-evaluation, issue the Gap Analysis and the Rectification Plan

  • Constrcution and Rectification

    According to the gap analysis and relative risk assessment, carry out rectification plan and enhance system security

  • Formal Evaluation

    After the rectification has been completed, the system will be re-evaluated in all aspects, and then issue the qualified evaluation report

  • Supervision and Inspection

    Continuously improve and optimize system, and carry out annual supervision and inspection according to relative requirements of laws

Industries needing to carry out Classified Protection
  • Government departments at all levels

  • E-government

  • Industrial and commercial taxation

  • Public security

  • Land and resources

  • Public utilities

  • Transportation

  • Education

  • Medical and health

  • Railway and so on

  • Finance

  • electricity

  • petroleum and petrochemical

  • coal and so on

  • Central enterprises

  • Manufacturing

  • Tobacco

  • High-tech electronics

  • Fast consumer goods

  • Retail industries and so on

  • Internet

  • E-commerce

  • Cloud computing

  • Big data

Notes on the construction of Classified Protection

Classification objects
  • Basic Information Network

    Telecommunication network, radio and television transmission network, Internet and other basic information network should be classified into different classification objects according to service type, service area and security responsibility subject

  • Internet of Things

    Includes perception, network transmission, and processing applications The above elements should be classified as a whole, and the elements should not be classified separately

  • Industrial Control System

    Factors such as on-site collection execution, on-site control and process control should be classified as a whole, while production management elements should be classified separately

  • Cloud Computing Platform

    Divided into the service provider and the tenant, should be classified as classification objects respectively; for large cloud computing platforms, the cloud computing infrastructure and related ancillary service systems should be classified into different classification objects

  • Network Using Mobile Interconnection Technology

    Factors such as mobile terminal, mobile application, wireless network and related cable network business system should be classified as a whole

  • Big data

    In addition to the same platform and application of the security responsibility subject should be classified as a whole, others should be separately classified

How to determine the level
Object of InfringemntDegree of Infringement

General damagSerious damageEspecially serious damage
Legal interests of the enterprises'
legal person and other organizations
Level ILevel IILevel III
Social order, public interestsLevel IILevel IIILevel IV
State securityLevel IIILevel IVLevel V
Object of InfringemntDegree of Infringement

General damagSerious damageEspecially serious damage
Legal interests of the enterprises'
legal person and other organizations
Level ILevel IILevel III
Social order, public interestsLevel IILevel IIILevel IV
State securityLevel IIILevel IVLevel V
POWERTIME-MLPS and IT Audit All rights reserved ICP:13008575
Free calls

返回
顶部