First, what is level protection?
our country implements the legal system of information security Management: Information system security implementation hierarchical protection and hierarchical management. Hierarchical management is a kind of universally applicable management method, and it is an effective information security management method which is applicable to the present situation of our country. The competent department is the public security organ. State secret Work Department, the National Password Management Department is responsible for the confidential work and password work, the National Letter office and the local Informatization leadership Group Office is responsible for the coordination of work.
Ii. What is tiered protection? According to the basic requirements of national information security level protection, the secret information system carries out the enforcement system of information security grading protection according to the Management regulations and technical standards respectively protected by the secret information system of the State confidential work department. The competent department is the state Secret Service Department (State Secrecy Bureau, provincial secrecy bureau, local city and City secrecy bureau).
third, grade protection and grading protection are divided into several levels, the corresponding relationship is what, how to rank? Level protection is divided into 5 levels: first level (autonomous protection), level two (guided protection), level Three (supervisory protection), level four (mandatory protection), level Five (monopoly protection). grading protection is divided into 3 levels: Secret level, confidential level (secret enhancement level), Top secret level. The secret level corresponds to a class three, which is the upward analogy. Grade protection grading is based on the network, equipment, system and unit attribute of important business system and carrying service, and the relationship between principal and object, which is affected after being destroyed .grading protection grading is based on the importance of information, with the highest level of information to determine the protected levels.
Iv. applicable objects of grade protection and grading protection
Standard system |
National Standard (GB/t) |
National standards of secrecy (BMB, enforcement) |
Applicable objects |
Non-secret-related information system |
Secret Information System |
Five, grading protection assessment and safety and security product requirementsThe secret information system needs approval before it is put into use, and the system evaluation is the necessary part of system approval. Without evaluation, the secret information system will not be able to pass the operational approval. At present, the State Security Department and the State Security Bureau authorized the system testing institutions to be responsible for the assessment, the evaluation agencies should have a national secret computer system integration risk assessment of individual qualifications. Information security Confidential products used in the secret information system should be elected in principle stipulations, and the inspection structure authorized by the State Security Bureau according to the National Confidential categorization malleability testing, through the inspection of products by the State Security Bureau Audit published catalogue. secret level, confidential level information system: at least once every two years; Top Secret grade information systems: at least once every year.
Level protection and tiered protection