摘要
《网络安全等级保护基本要求》(GB/T 22239-2019)即将正式实施。文章介绍了《GB/T 22239-2019》的修订背景和进程、与《GB/T 22239-2008》比较发生的主要变化、其安全通用要求和安全扩展要求的主要内容等,目的使用户更好地了解和掌握《GB/T22239-2019》的内容。
Baseline for Classified Protection of Cybersecurity(GB/T 22239-2019) will be formally implemented soon. This paper introduces the background and process of the revision GB/T 22239-2019, the main changes in comparison with GB/T 22239-2008, the main contents of its security general requirements and security special requirements, etc., so as to enable users to better understand and master the contents of GB/T 22239-2019.
引文
[1] QU Jie, FAN Chunling, CHEN Guangyong, et al. Research on Establishment of Network Security Service Ability System for A New Era[J].Netinfo Security,2019,19(1):83-87.曲洁,范春玲,陈广勇,等.新时代下网络安全服务能力体系建设思路[J].信息网络安全,2019,19(1):83-87.
[2] Cybersecurity Law of the People's Republic of China[EB/OL].http://www.npc.gov.cn/npc/, 2016-11-7.中华人民共和国网络安全法[EB/OL].http://www.npc.gov.cn/npc/,2016-11-7.
[3] JI Hui. Controlling Information System Risk by Information Security Service[J]. Netinfo Security,2010,10(5):17-18.季辉.通过信息安全服务实现信息系统风险可控[J].信息网络安全,2010, 10(5):17-18.
[4] GUO Qiquan, et al. Training Course on Cybersecurity Law and Classified Protection of Cybersecurity[M].Beijing:Publishing House of Electronics Industry,2018.郭启全,等.网络安全法与网络安全等级保护制度培训教程[M].北京:电子工业出版社,2018.
[5] GB/T 22239-2008.Information Security Technology-Baseline for Classified Protection of Information System Security[S]. Beijing:Standards Press of China,2008.GB/T 22239-2008.信息安全技术信息系统安全等级保护基本要求[S].北京:中国标准出版社,2008.
[6] National Information Security Standardization Technical Committee. Information Security Technology-Baseline for Classified Protection of Cybersecurity(Draft)[EB/OL]. https://www.tc260.org.cn/,2018-10-31.全国信息安全标准化技术委员会.信息安全技术网络安全等级保护基本要求(征求意见稿)[EB/OL]. https://www.tc260.org.cn/,2018-10-31.
[7] National Information Security Standardization Technical Committee.Information Security Technology—Evaluation Requirement for Classified Protection of Cybersecurity(Draft)[EB/OL]. https://www.tc260.org. cn/,2018-10-31.全国信息安全标准化技术委员会.信息安全技术网络安全等级保护测评要求(征求意见稿)[EB/OL]. https://www.tc260.org.cn/,2018-10-31.