Current location - Information Consultation Platform - Information Consulting - What is the third level of insurance? What is the standard of insurance certification?

What is the third level of insurance? What is the standard of insurance certification?

The three-level security level is also called the national information 2 1 13 security level protection three-level certification. It is the most authoritative information product safety level qualification certification in China. The public security organs identify and evaluate the information system security level protection status of various institutions in accordance with the national information security protection regulations and related system regulations, management regulations 526 1 and technical standards.

Among them, it can be divided into one to five grades according to the evaluation grade. Level 3 insurance is the highest level of national certification for non-bank institutions, and 4 102 belongs to the "regulatory level", which is supervised and inspected by the national information security regulatory department. The content of certification evaluation covers five levels of protection safety technical requirements and five safety management requirements, including nearly 300 requirements such as information protection, safety audit and communication confidentiality. * * * involves 73 types of evaluation classification, and the requirements are very strict.

The most stringent three-level security certification is at the technical level, and 1653 is mainly reflected in system security management and malicious code prevention. Simply put, whenever there is a hacker attack platform, the platform has certain preventive ability.

The criteria are as follows:

Thirteen important standards

Classification standard of computer information system security level protection (GB 17859- 1999) (basic standard)

Implementation Guide for Security Level Protection of Information Systems (GB/T 25058-20 10) (basic standard)

Guide to Classification of Information System Security Protection Levels (GB/T 22240-2008) (Application of Level Classification Standard)

Basic Requirements for Security Level Protection of Information Systems (GB/T 22239-2008) (Application Construction Standard)

General Security Technical Requirements for Information Systems (GB/T 2027 1-2006) (Application Construction Standard)

Technical Requirements for Grade Protection Security Design of Information Systems (GB/T 25070-20 10) (application construction standard)

Information system security level protection evaluation requirements (GB/T 28448-20 12) (application evaluation standard)

Guide to Information System Security Level Protection Evaluation Process (GB/T 28449-20 12) (application evaluation standard)

Information System Security Management Requirements (GB/T 20269-2006) (Application Management Standard)

Information System Security Engineering Management Requirements (GB/T 20282-2006) (Application Management Standard)

Information security technology-Basic requirements for network security level protection (GB/T 22239-20 19) (basic standard)

Technical Requirements for Security Design of Information Security Technology Network Security Level Protection (GB/T 25070-20 19) (application construction standard)

Information security technology-Evaluation requirements for network security level protection (GB/T 28448-20 19) (application evaluation standard)

Other relevant standards

GB/T 2 1052-2007 technical requirements for physical security of information systems

GB/T 20270-2006 information security technology-basic network security technical requirements

GB/T 2027 1-2006 information security technology general security technical requirements for information systems

GB/T 20272-2006 information security technology operating system security technical requirements

GB/T 20273-2006 information security technology? Technical requirements for security of database management system

GB/T 20984-2007 Information Security Technology Information Security Risk Assessment Specification

GB/T 20985-2007 Information Security Technology Information Security Incident Management Guide

GB/Z 20986-2007 Information Security Technology Information Security Event Classification and Grading Guide

GB/T 20988-2007 Information Security Technology Disaster Recovery Specification for Information Systems

Related articles