1
/
su
8
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GA/T 1389-2017 English PDF (GAT1389-2017)
GA/T 1389-2017 English PDF (GAT1389-2017)
Prezzo di listino
$190.00 USD
Prezzo di listino
Prezzo scontato
$190.00 USD
Prezzo unitario
/
per
Spese di spedizione calcolate al check-out.
Impossibile caricare la disponibilità di ritiro
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GA/T 1389-2017
Historical versions: GA/T 1389-2017
Preview True-PDF (Reload/Scroll if blank)
GA/T 1389-2017: Information security technology—Guidelines for grading of classified protection of cyber security
GA/T 1389-2017
PUBLIC SECURITY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.40
L 80
Information Security Technology - Guidelines for
Grading of Classified Protection of Cyber Security
ISSUED ON: MAY 8, 2017
IMPLEMENTED ON: MAY 8, 2017
Issued by: The Ministry of Public Security of the People’s Republic of
China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 5
4 Principle and Process of Grading ... 6
5 Determination of Target of Grading ... 10
6 Preliminary Determination of Grade of Security Protection ... 12
7 Expert Review ... 16
8 Competent Department’s Review ... 16
9 Public Security Organ’s Recording and Review ... 16
10 Grade Variation ... 16
Appendix A (informative) Requirements for Grading of Classified Protection
Targets under Various Grades ... 17
Appendix B (informative) Process of Grading Methods ... 18
Bibliography ... 19
Information Security Technology - Guidelines for
Grading of Classified Protection of Cyber Security
1 Scope
This Standard stipulates the grading method and grading process for classified
protection of cyber security.
This Standard is applicable to the guidance of the grading of the target of classified
protection.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB 17859-1999 Classified Criteria for Security protection of Computer Information
System
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
What is defined in GB 17859-1999 and GB/T 25069-2010, and the following terms and
definitions are applicable to this document.
3.1 Target of Classified Protection
Target of classified protection refers to the object of cyber security classified protection
work, which mainly includes basic information network, information system (such as:
industrial control system, cloud computing platform, Internet of Things, information
system using mobile Internet technology and other information systems) and big data,
etc.
3.2 Basic Information Network
Basic information network refers to information networks that play a basic supporting
role for information circulation and the operation of information system, including
telecommunication network, broadcast and television transmission network, the
Internet, private business network and other network facilities.
c) Grade-3: after the target of classified protection is damaged, it would cause
extremely severe damage to the legitimate rights and interests of citizens,
juridical persons and other organizations, or cause severe damage to the
social order and public interests, or cause damage to the national security;
d) Grade-4: after the target of classified protection is damaged, it would cause
extremely severe damage to the social order and public interests, or cause
severe damage to the national security;
e) Grade-5: after the target of classified protection is damaged, it would cause
extremely severe damage to the national security.
4.2 Grading Elements
4.2.1 An overview of grading elements
The grade of the target of classified protection is determined by two grading elements:
a) The object being infringed;
b) The degree of infringement on the object.
4.2.2 The object being infringed
When the target of classified protection is damaged, the object being infringed includes
the following three aspects:
a) Legitimate rights and interests of citizens, juridical persons and other
organizations;
b) Social order and public interests;
c) National security.
The infringement of the legitimate rights and interests of citizens, juridical persons and
other organizations means certain social rights and interests enjoyed by citizens,
juridical persons and other organizations confirmed and protected by law are impaired.
The infringement of the social order includes the following aspects:
a) Affect the work order of social management and public services of state
organs;
b) Affect the order of various types of economic activities;
c) Affect the order of scientific research and production in various industries;
d) Affect the normal life of the public under legal constraints and ethics;
e) Other effects on the social order.
The infringement of the public interests includes the following aspects:
a) Affect social members’ use of public facilities;
b) Affect social members’ acquisition of public information resources;
c) Affect social members’ reception of public services;
d) Other effects on the public interests.
The infringement of the national security includes the following aspects:
a) Affect the steadiness of state power and national defense strength;
b) Affect national unity, ethnic unity and social stability;
c) Affect national political and economic interests in foreign activities;
d) Affect important national security defense work;
e) Affect national economic competitiveness and technological strength;
f) Other effects on the national security.
4.2.3 The degree of infringement on the object
The degree of infringement on the object is comprehensively determined by different
external manifestations of the objective aspects. Since the infringement on the object
is implemented by destroying the target of classified protection, the external
manifestation of the infringement on the object is the damage to the target of classified
protection, which is described through the mode of damage, the consequence of
damage and the degree of damage.
The degrees of infringement on the object, after the target of classified protection is
destroyed are attributed as: general damage, severe damage and extremely severe
damage. The description of the three degrees of infringement is as follows:
a) General damage: job function is partially affected, and service capability is
decreased, but it does not affect the execution of the main functions; there are
relatively slight legal problems, relatively low property loss, limited adverse
social influence, and relatively low damage to other organizations and
individuals;
b) Severe damage: job function is severely affected, and service capability is
significantly decreased, the execution of the main functions is severely
affected; there are relatively severe legal problems, relatively high property
loss, a relatively wide sphere of adverse social influence, and relatively severe
management layer is shown in 5.2.5. The field equipment layer, the field control layer
and the process monitoring layer shall be considered as a whole target for grading.
The elements of each layer shall not be individually graded.
In accordance with system functions, control target and manufacturer, large-scale
industrial control system may be divided into multiple grading targets.
5.2.2 Cloud computing platform
In the cloud computing environment, the cloud computing platform on the cloud server
side shall be considered as an individual grading target for grading. The target of
classified protection on the cloud tenant side shall also be considered as an individual
grading target for grading.
In terms of large-scale cloud computing platform, clo...
Get QUOTATION in 1-minute: Click GA/T 1389-2017
Historical versions: GA/T 1389-2017
Preview True-PDF (Reload/Scroll if blank)
GA/T 1389-2017: Information security technology—Guidelines for grading of classified protection of cyber security
GA/T 1389-2017
PUBLIC SECURITY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.40
L 80
Information Security Technology - Guidelines for
Grading of Classified Protection of Cyber Security
ISSUED ON: MAY 8, 2017
IMPLEMENTED ON: MAY 8, 2017
Issued by: The Ministry of Public Security of the People’s Republic of
China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 5
4 Principle and Process of Grading ... 6
5 Determination of Target of Grading ... 10
6 Preliminary Determination of Grade of Security Protection ... 12
7 Expert Review ... 16
8 Competent Department’s Review ... 16
9 Public Security Organ’s Recording and Review ... 16
10 Grade Variation ... 16
Appendix A (informative) Requirements for Grading of Classified Protection
Targets under Various Grades ... 17
Appendix B (informative) Process of Grading Methods ... 18
Bibliography ... 19
Information Security Technology - Guidelines for
Grading of Classified Protection of Cyber Security
1 Scope
This Standard stipulates the grading method and grading process for classified
protection of cyber security.
This Standard is applicable to the guidance of the grading of the target of classified
protection.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB 17859-1999 Classified Criteria for Security protection of Computer Information
System
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
What is defined in GB 17859-1999 and GB/T 25069-2010, and the following terms and
definitions are applicable to this document.
3.1 Target of Classified Protection
Target of classified protection refers to the object of cyber security classified protection
work, which mainly includes basic information network, information system (such as:
industrial control system, cloud computing platform, Internet of Things, information
system using mobile Internet technology and other information systems) and big data,
etc.
3.2 Basic Information Network
Basic information network refers to information networks that play a basic supporting
role for information circulation and the operation of information system, including
telecommunication network, broadcast and television transmission network, the
Internet, private business network and other network facilities.
c) Grade-3: after the target of classified protection is damaged, it would cause
extremely severe damage to the legitimate rights and interests of citizens,
juridical persons and other organizations, or cause severe damage to the
social order and public interests, or cause damage to the national security;
d) Grade-4: after the target of classified protection is damaged, it would cause
extremely severe damage to the social order and public interests, or cause
severe damage to the national security;
e) Grade-5: after the target of classified protection is damaged, it would cause
extremely severe damage to the national security.
4.2 Grading Elements
4.2.1 An overview of grading elements
The grade of the target of classified protection is determined by two grading elements:
a) The object being infringed;
b) The degree of infringement on the object.
4.2.2 The object being infringed
When the target of classified protection is damaged, the object being infringed includes
the following three aspects:
a) Legitimate rights and interests of citizens, juridical persons and other
organizations;
b) Social order and public interests;
c) National security.
The infringement of the legitimate rights and interests of citizens, juridical persons and
other organizations means certain social rights and interests enjoyed by citizens,
juridical persons and other organizations confirmed and protected by law are impaired.
The infringement of the social order includes the following aspects:
a) Affect the work order of social management and public services of state
organs;
b) Affect the order of various types of economic activities;
c) Affect the order of scientific research and production in various industries;
d) Affect the normal life of the public under legal constraints and ethics;
e) Other effects on the social order.
The infringement of the public interests includes the following aspects:
a) Affect social members’ use of public facilities;
b) Affect social members’ acquisition of public information resources;
c) Affect social members’ reception of public services;
d) Other effects on the public interests.
The infringement of the national security includes the following aspects:
a) Affect the steadiness of state power and national defense strength;
b) Affect national unity, ethnic unity and social stability;
c) Affect national political and economic interests in foreign activities;
d) Affect important national security defense work;
e) Affect national economic competitiveness and technological strength;
f) Other effects on the national security.
4.2.3 The degree of infringement on the object
The degree of infringement on the object is comprehensively determined by different
external manifestations of the objective aspects. Since the infringement on the object
is implemented by destroying the target of classified protection, the external
manifestation of the infringement on the object is the damage to the target of classified
protection, which is described through the mode of damage, the consequence of
damage and the degree of damage.
The degrees of infringement on the object, after the target of classified protection is
destroyed are attributed as: general damage, severe damage and extremely severe
damage. The description of the three degrees of infringement is as follows:
a) General damage: job function is partially affected, and service capability is
decreased, but it does not affect the execution of the main functions; there are
relatively slight legal problems, relatively low property loss, limited adverse
social influence, and relatively low damage to other organizations and
individuals;
b) Severe damage: job function is severely affected, and service capability is
significantly decreased, the execution of the main functions is severely
affected; there are relatively severe legal problems, relatively high property
loss, a relatively wide sphere of adverse social influence, and relatively severe
management layer is shown in 5.2.5. The field equipment layer, the field control layer
and the process monitoring layer shall be considered as a whole target for grading.
The elements of each layer shall not be individually graded.
In accordance with system functions, control target and manufacturer, large-scale
industrial control system may be divided into multiple grading targets.
5.2.2 Cloud computing platform
In the cloud computing environment, the cloud computing platform on the cloud server
side shall be considered as an individual grading target for grading. The target of
classified protection on the cloud tenant side shall also be considered as an individual
grading target for grading.
In terms of large-scale cloud computing platform, clo...
Share
