Grade protection is aimed at grade information system. According to the classification of classified information, the importance of classified information system, the degree of harm to the national economy and people's livelihood after being destroyed and the level of security protection that classified information system must achieve, it is divided into three levels: secret level, secret level and top secret level.
The State Secrecy Bureau has specially formulated a series of management methods and technical standards for hierarchical protection of classified information systems. At present, the two national confidentiality standards for grade protection are
BMB 17 Technical Requirements for Level Protection of Information Systems Involving State Secrets
BMB20 Management Specification for Hierarchical Protection of Information Systems Involving State Secrets.
National Security Science and Technology Evaluation Center is the only security evaluation institution of classified information system in China, and Shandong Software Evaluation Center is the only sub-center established in Shandong Province.
-Technical protection of confidential information systems. The revised draft stipulates that classified information systems should be equipped with security facilities and equipment that meet national security standards. Safety facilities and equipment shall be planned, constructed and operated synchronously with the classified information system. Before the classified information system is put into use, it shall be inspected and qualified by the secrecy administrative department at or above the municipal level.
-Strictly regulate the confidentiality behaviors that confidential information systems should abide by. The revised draft stipulates that classified computers and classified storage devices are not allowed to access the Internet or other public information networks; Without taking protective measures, information shall not be exchanged between classified information systems and public information networks such as the Internet; Do not use non-confidential computers or non-confidential storage devices to store and process state secret information; Do not uninstall the safety technical regulations and management regulations of classified information systems without authorization; Do not give, sell or discard classified computers and classified storage devices that have not been processed by security technology; Without security measures, state secrets may not be transmitted in wired and wireless communications, the Internet and other public information networks.