Organs and units shall, according to the measures for the protection and management of classified information systems and the classification and nature of classified information, determine the classification of the system according to the classification.
Organs and units shall determine the security level of classified information system according to the highest security level of information stored and processed by classified information system, and take corresponding security and confidentiality protection measures according to the requirements of classified protection.
Organs and units shall determine the security level of classified information systems according to the highest security level of information stored and processed by classified information systems. According to the Law of People's Republic of China (PRC) on Guarding State Secrets, the provisions on the classification of state secrets of various organs and units are as follows: Article 13 When determining the classification of state secrets, the authority of classification shall be observed.
Central state organs, provincial organs and their authorized organs and units may determine top secret, confidential and secret-level state secrets; Municipal and autonomous prefecture-level organs divided into districts and their authorized organs and units may determine the confidentiality level and secret level of state secrets. The specific confidentiality authority and scope of authorization shall be stipulated by the state secrecy administrative department.
If a state organ or unit at a higher level needs to determine state secrets, it shall determine the classification on the basis of implementing the classification of state secrets. If an organ or unit at a lower level thinks that it has the right to decide secrets, it shall first take security measures and immediately report to the organ or unit at a higher level for decision. If there is no superior organ or unit, it shall be immediately submitted to the competent business department or the security management department with corresponding security authority.
Organs and units shall determine the security level of classified information system according to the highest security level of information stored and processed by classified information system, and take corresponding security and confidentiality protection measures according to the requirements of classified protection.
Information security level is a kind of security control level that classifies information security risks after evaluation, which is divided into five levels: top secret, confidential, secret, internal and public. Density refers to the sum of specific information security technologies and management requirements that support system security requirements at all stages of the information system life cycle.
The national standard specifies in detail that the density of classified information systems is divided into six grades, of which the lowest is security protection grade 1 (referred to as "low"), the highest is security protection grade 6 (referred to as "high"), and the rest are low, medium and high. When judging which security level a system is suitable for, the above factors need to be considered comprehensively.