The differences are as follows:
Level 1 (self-protection): generally applicable to small private enterprises, individual enterprises, primary and secondary schools, information systems belonging to towns and villages, and general information systems of county-level units.
After the information system is destroyed, it will harm the legitimate rights and interests of citizens, legal persons and other organizations, but it will not harm national security, social order and public interests.
The second level (guidance and protection level): generally applicable to important information systems of other units at the county level; General internal information systems of state organs, enterprises and institutions at or above the prefecture level. For example, office systems and management systems that do not involve work secrets, business secrets and sensitive information.
After the information system is destroyed, it will cause serious damage to the legitimate rights and interests of citizens, legal persons and other organizations, or damage to social order and public interests, but it will not endanger national security.
The third level (supervision and protection level): generally applicable to important information systems of state organs, enterprises and institutions at or above the prefecture level, such as office systems and management systems involving work secrets, business secrets and sensitive information.
Production, scheduling, management, command, operation, control and other important information systems. And the subsystems of these systems in various provinces and cities; Central ministries, provinces (autonomous regions and municipalities) portals and important websites; Inter-provincial network system, etc.
After the information system is destroyed, it will cause serious damage to social order and public interests, or damage to national security.
Level 4 (compulsory protection level): generally applicable to particularly important systems and core systems in important national fields and departments. Such as power, telecommunications, radio and television, railways, civil aviation, banking, taxation and other important departments, such as production, dispatching, command and other core systems involving national security, national economy and people's livelihood.
After the information system is destroyed, it will cause particularly serious damage to social order and public interests, or to national security.
Level 5 (special control and protection level): an extremely important system generally applicable to important areas and departments of the country.
After the information system is destroyed, it will cause particularly serious damage to national security.
Extended data:
The trusted computing foundation of computer information system can record the following events: using identity authentication mechanism; Introduce an object into the user address space (for example, open a file, initialize a program); Delete the object; Operations performed by operators, system administrators and/or system security managers, and other events related to system security.
For each event, its audit records include: date and time of the event, user, event type and whether the event was successful or not. For authentication events, the audit record contains the source of the request (for example, the terminal identifier).
For the event that the object is introduced into the user address space and the event that the object is deleted, the audit record contains the object name and the security level of the object.
For audit events that cannot be solved independently by the trusted computing foundation of computer information system, the audit mechanism provides an audit record interface, which can be called by authorized subjects. These audit records are different from those independently solved on the basis of trusted computing in computer information systems.
The trusted computing foundation of computer information system can audit the events that may be used when using covert storage channels. ?
The trusted computing foundation of computer information system includes a mechanism that can monitor the occurrence and accumulation of auditable security events, and when it exceeds the threshold, it can immediately alert the security administrator. In addition, if these safety-related events continue to occur or accumulate, the system should stop them at the least cost.
Baidu Encyclopedia —— Classification Standard of Computer Information System Security Protection