1
/
de
12
PayPal, credit cards. Download editable-PDF & invoice in 1 second!
JR/T 0072-2012 English PDF (JR/T0072-2012)
JR/T 0072-2012 English PDF (JR/T0072-2012)
Preço normal
$2,520.00 USD
Preço normal
Preço de saldo
$2,520.00 USD
Preço unitário
/
por
Envio calculado na finalização da compra.
Não foi possível carregar a disponibilidade de recolha
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click JR/T 0072-2012
Historical versions: JR/T 0072-2012
Preview True-PDF (Reload/Scroll if blank)
JR/T 0072-2012: Testing and evaluation guide for classified protection of information system of financial industry
JR/T 0072-2012
JR
ICS 03.060
A 11
INDUSTRY STANDARDS OF
THE PEOPLE’S REPUBLIC OF CHINA
Testing and Evaluation Guide for Classified
Protection of Information System of Financial
Industry
ISSUED ON. JULY 06, 2012
IMPLEMENTED ON. JULY 06, 2012
Issued by. THE PEOPLE'S BANK OF CHINA
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 6
Introduction ... 7
1 Scope ... 8
2 Normative references ... 8
3 Overview ... 9
3.1 Evaluation contents ... 9
3.2 Evaluation object ... 10
3.3 Evaluation index ... 10
3.4 Evaluation method ... 10
3.4.1 Field evaluation method ... 11
3.4.2 Risk analysis method ... 11
3.5 Class-evaluation risk ... 12
3.5.1 Verification evaluation that impacts normal operation of system ... 12
3.5.2 Tool evaluation that impacts normal operation of system ... 12
3.5.3 Sensitive information leakage ... 12
4 Class-evaluation process ... 12
4.1 Evaluation preparation ... 12
4.2 Program preparation ... 13
4.3 Field evaluation activity ... 13
4.4 Analysis and report preparation activity ... 13
5 Evaluation preparation ... 13
5.1 Project initiation ... 13
5.2 Information collection and analysis ... 14
5.3 Tools and forms preparation ... 14
6 Evaluation program ... 14
6.1 Determination of evaluation object ... 14
6.2 Determination of evaluation indexes ... 15
6.2.1 Types of security control indicators of second-level information
system... 16
6.2.2 Types of security control indicators of third-level information system.
... 16
6.2.3 Types of security control indicators of fourth-level information
system... 17
6.3 Determination of evaluation tool’s access-point ... 17
6.4 Determination of unit-evaluation content ... 18
6.5 Evaluation program preparation ... 18
7 Field evaluation ... 19
7.1 Unit-evaluation ... 19
7.1.1 Unit-evaluation for second-level information system ... 19
7.1.1.1 Security technology evaluation ... 19
7.1.1.1.1 Physical security ... 19
7.1.1.1.2 Network security ... 30
7.1.1.1.3 Host security ... 37
7.1.1.1.4 Application security ... 45
7.1.1.1.5 Data security and backup recovery ... 53
7.1.1.2 Security management evaluation ... 57
7.1.1.2.1 Security management system ... 57
7.1.1.2.2 Security management institution ... 60
7.1.1.2.3 Personnel security management ... 65
7.1.1.2.4 System construction management ... 70
7.1.1.2.5 System operation-maintenance management ... 80
7.1.2 Unit-evaluation for third-level information system... 97
7.1.2.1 Security technology evaluation ... 97
7.1.2.1.1 Physical security ... 97
7.1.2.1.2 Network security ... 113
7.1.2.1.3 Host security ... 123
7.1.2.1.4 Application security ... 136
7.1.2.1.5 Data security and backup recovery ... 148
7.1.2.2 Security management evaluation ... 153
7.1.2.2.1 Security management system ... 153
7.1.2.2.2 Security management mechanism ... 156
7.1.2.2.3 Personnel security management ... 165
7.1.2.2.4 System construction management ... 171
7.1.2.2.5 System operation management ... 186
7.1.3 Unit-evaluation for fourth-level information system ... 210
7.1.3.1 Security technology evaluation ... 210
7.1.3.1.1 Physical security ... 210
7.1.3.1.2 Network security ... 228
7.1.3.1.3 Host security ... 240
7.1.3.1.4 Application security ... 254
7.1.1.1.5 Data security and backup recovery ... 268
7.1.3.2 Security management evaluation ... 274
7.1.3.2.1 Security management system ... 274
7.1.3.2.2 Security management institution ... 278
7.1.3.2.3 Staff security management ... 287
7.1.3.2.4 System construction management ... 294
7.1.3.2.5 System operation and maintenance management ... 310
7.2 Overall evaluation ... 338
7.2.1 Evaluation among security control points ... 338
7.2.2 Inter-levels security evaluation ... 339
7.2.3 Inter-areas security evaluation ... 340
7.2.4 System structure security evaluation ... 341
8 Analysis and report preparation ... 342
8.1 Result judgment of unit-evaluation ...
Get QUOTATION in 1-minute: Click JR/T 0072-2012
Historical versions: JR/T 0072-2012
Preview True-PDF (Reload/Scroll if blank)
JR/T 0072-2012: Testing and evaluation guide for classified protection of information system of financial industry
JR/T 0072-2012
JR
ICS 03.060
A 11
INDUSTRY STANDARDS OF
THE PEOPLE’S REPUBLIC OF CHINA
Testing and Evaluation Guide for Classified
Protection of Information System of Financial
Industry
ISSUED ON. JULY 06, 2012
IMPLEMENTED ON. JULY 06, 2012
Issued by. THE PEOPLE'S BANK OF CHINA
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 6
Introduction ... 7
1 Scope ... 8
2 Normative references ... 8
3 Overview ... 9
3.1 Evaluation contents ... 9
3.2 Evaluation object ... 10
3.3 Evaluation index ... 10
3.4 Evaluation method ... 10
3.4.1 Field evaluation method ... 11
3.4.2 Risk analysis method ... 11
3.5 Class-evaluation risk ... 12
3.5.1 Verification evaluation that impacts normal operation of system ... 12
3.5.2 Tool evaluation that impacts normal operation of system ... 12
3.5.3 Sensitive information leakage ... 12
4 Class-evaluation process ... 12
4.1 Evaluation preparation ... 12
4.2 Program preparation ... 13
4.3 Field evaluation activity ... 13
4.4 Analysis and report preparation activity ... 13
5 Evaluation preparation ... 13
5.1 Project initiation ... 13
5.2 Information collection and analysis ... 14
5.3 Tools and forms preparation ... 14
6 Evaluation program ... 14
6.1 Determination of evaluation object ... 14
6.2 Determination of evaluation indexes ... 15
6.2.1 Types of security control indicators of second-level information
system... 16
6.2.2 Types of security control indicators of third-level information system.
... 16
6.2.3 Types of security control indicators of fourth-level information
system... 17
6.3 Determination of evaluation tool’s access-point ... 17
6.4 Determination of unit-evaluation content ... 18
6.5 Evaluation program preparation ... 18
7 Field evaluation ... 19
7.1 Unit-evaluation ... 19
7.1.1 Unit-evaluation for second-level information system ... 19
7.1.1.1 Security technology evaluation ... 19
7.1.1.1.1 Physical security ... 19
7.1.1.1.2 Network security ... 30
7.1.1.1.3 Host security ... 37
7.1.1.1.4 Application security ... 45
7.1.1.1.5 Data security and backup recovery ... 53
7.1.1.2 Security management evaluation ... 57
7.1.1.2.1 Security management system ... 57
7.1.1.2.2 Security management institution ... 60
7.1.1.2.3 Personnel security management ... 65
7.1.1.2.4 System construction management ... 70
7.1.1.2.5 System operation-maintenance management ... 80
7.1.2 Unit-evaluation for third-level information system... 97
7.1.2.1 Security technology evaluation ... 97
7.1.2.1.1 Physical security ... 97
7.1.2.1.2 Network security ... 113
7.1.2.1.3 Host security ... 123
7.1.2.1.4 Application security ... 136
7.1.2.1.5 Data security and backup recovery ... 148
7.1.2.2 Security management evaluation ... 153
7.1.2.2.1 Security management system ... 153
7.1.2.2.2 Security management mechanism ... 156
7.1.2.2.3 Personnel security management ... 165
7.1.2.2.4 System construction management ... 171
7.1.2.2.5 System operation management ... 186
7.1.3 Unit-evaluation for fourth-level information system ... 210
7.1.3.1 Security technology evaluation ... 210
7.1.3.1.1 Physical security ... 210
7.1.3.1.2 Network security ... 228
7.1.3.1.3 Host security ... 240
7.1.3.1.4 Application security ... 254
7.1.1.1.5 Data security and backup recovery ... 268
7.1.3.2 Security management evaluation ... 274
7.1.3.2.1 Security management system ... 274
7.1.3.2.2 Security management institution ... 278
7.1.3.2.3 Staff security management ... 287
7.1.3.2.4 System construction management ... 294
7.1.3.2.5 System operation and maintenance management ... 310
7.2 Overall evaluation ... 338
7.2.1 Evaluation among security control points ... 338
7.2.2 Inter-levels security evaluation ... 339
7.2.3 Inter-areas security evaluation ... 340
7.2.4 System structure security evaluation ... 341
8 Analysis and report preparation ... 342
8.1 Result judgment of unit-evaluation ...
Share
