Article 2 The term "classified computer" as mentioned in these Measures refers to a desktop computer specially used for processing or storing state secret information, sending and receiving information and connecting to the Internet; Classified computer information system refers to a computer information system specially used for handling state secret information.
Article 3 In order to ensure the safety of state secrets and technical data related to the company's engineering projects, no department or individual of the company may use portable computers to process state secret information.
Article 4 The Company shall set up a confidentiality leading group to be specifically responsible for the security and confidentiality management of confidential computers and information systems within the Company. Daily safety management and supervision responsibilities are as follows:
(a) assessment and selection of personnel as system administrators, security administrators and password administrators of classified computer information and information systems, with clear responsibilities and clear division of labor.
(two) regularly check the use and storage of classified computers, classified computer information systems and classified mobile storage media, and eliminate hidden dangers in time.
(three) to strengthen the safety and confidentiality education of relevant personnel, establish and improve the confidentiality rules and regulations, and improve various safety precautions.
Article 5 The daily management personnel of classified computers are responsible for the security and confidentiality of classified computers, and their daily security management and supervision duties are as follows:
(a) computer and software installation for the record, regular verification.
(2) Set the power-on password, which is longer than 8 characters, and change it regularly to prevent others from stealing and deciphering it.
(3) Do not install, run or use software unrelated to work.
(four) should be marked in a prominent position in the classified computer, other irrelevant personnel shall not use the classified computer.
(5) If the isolation card is not installed, the management personnel shall remove the network card, and it is strictly forbidden for classified computers to surf the Internet; Confidential computers with isolation cards should be used in strict accordance with the correct methods, and it is strictly forbidden for others to process (that is, open, view, copy and transmit confidential documents) and store any confidential information on the external network; It is strictly forbidden for others to use classified mobile storage media on the external network.
(six) regularly do a good job in virus killing, prevention and system upgrade of confidential computers, and do a good job in data backup in time to prevent accidental loss of confidential information.
Article 6 The administrator of classified computer information system consists of system administrator, security administrator and password administrator, and their specific responsibilities are as follows:
(a) the system administrator is responsible for the distribution of login rights, access control and daily maintenance and repair of confidential computer information systems, and ensure the normal operation of the system and stand-alone computers. Regularly back up the important data of confidential computer information system to prevent data loss due to system damage or accidents.
(2) The security administrator is responsible for virus prevention and security audit. Classified computer information system, and be responsible for the security monitoring of system operation.
(3) The password administrator is responsible for regularly changing and managing the system login password, boot password and key of some important programs and files to ensure the security of passwords and keys. The passwords of classified computer information systems generated centrally shall be distributed and replaced regularly, and shall not be generated by users themselves. For the system dealing with secret information, the password length shall not be less than 8 characters, and the password replacement period shall not exceed 1 month; For systems dealing with confidential information, the length of the password shall not be less than 10 characters, and the password change period shall not exceed one week. Passwords must be stored encrypted, transmitted encrypted in the network, and the storage carrier of passwords must ensure physical security.
Article 7 The confidentiality management principle of "synchronous construction, strict examination and approval, prevention first and standardized management" shall be applied to classified computer information systems.
Article 8 The location of confidential computers and information systems must take necessary safety protection measures, install anti-theft doors and windows and alarms, and designate special personnel for daily management. Irrelevant personnel are strictly prohibited from entering the place.
Article 9 Confidential computers and information systems shall not be directly or indirectly connected to the Internet, and strict physical isolation shall be implemented, and corresponding security measures shall be taken to prevent the leakage of electromagnetic information.
Article 10 A classified computer shall be identified according to the highest classification of classified information stored and processed; The server of a classified computer information system shall be identified according to the highest-level classified information stored and processed by the system.
Article 11 The classified information in a classified computer shall have corresponding classification marks, and the classification marks cannot be separated from the text. Homepages such as graphics and programs cannot be marked, but should be marked after the file name. Printed confidential documents and materials shall be managed according to the corresponding confidential documents.
Article 12 The maintenance or destruction of confidential computers is generally carried out by company personnel within the company, and confidential information should be ensured not to be leaked during maintenance or destruction. If the company does not have the conditions for self-maintenance and destruction, it shall report to the competent leader of the company for approval and entrust a designated unit recognized by the security department for maintenance or destruction. The destruction of confidential storage media should be completely destroyed by physical or chemical methods.
Thirteenth in violation of these measures, the relevant personnel should be criticized and educated, and ordered to make rectification within a time limit; In case of leakage, the company will investigate and deal with it according to relevant confidentiality laws and regulations, and hold relevant personnel accountable for leakage.
Article 14 The Company Secrecy Committee shall be responsible for the interpretation of these Measures.
Fifteenth these Measures shall be implemented as of the date of promulgation.