广告合作等您加入0571-87759920

Enterprise news case special column evaluation focus market current affairs interview smart home

What should I do to wait for the official implementation of rating and record 2.0?

Technology Exchange December 11, 2019 14:42 Source: Anzhixun
On December 1, the Standard 2.0 for Network Security Level Protection System (hereinafter referred to as "equivalent security 2.0") was formally implemented, and in accordance with Article 21 of the "Network Security Law": Network operators shall perform in accordance with the requirements of the network security level protection system. Security protection obligations to protect the network from interference, damage, or unauthorized access, and to prevent network data from being leaked or stolen or tampered with.
Therefore, network operators need to implement network security level protection in accordance with the Equal Guarantee 2.0 requirements, and carry out the entire process related to them: rating, filing, overall planning, design and implementation, operation and maintenance, and termination. Among them, grading and filing are the beginning and foundation of the implementation of equal guarantees.
Grading and filing process
The rank protection system is very important. The equal guarantee 2.0 is similar to the equal guarantee 1.0. According to the degree of importance, the information system is divided into 5 levels. Different levels implement different standards of protection standards and record them. For enterprises, grading and filing are very important steps, so that companies can clarify the protection standards they should implement. If the level is not clear, the implementation of protection standards below the rating will fall into an illegal situation. If the protection standards are higher than the rating, Will waste costs.


The grading and filing process is divided into four steps: grading, object analysis, level determination, and filing. It involves all roles in the implementation of equal guarantees, including operating units, network security companies, competent departments, network information offices, network security assessment agencies, Network security service agencies and public security agencies.


First, industry authorities and network security service agencies determine the level of insurance in their industry, and complete the industry / sector grading work. Second, the operating unit and network security service agency complete the protection according to the industry, business scope, product role, etc. Object importance analysis and expert review; the third step is the competent authority to review and approve the equal guarantee objects and rating to determine the number and grade of equal guarantee objects; finally, according to the requirements of the equal insurance management department, go through the filing procedures and report Public security organs carry out record review and complete all grading and record work.
It should be noted here that in addition to the first-level guarantee, no classification is required, and the remaining levels need to be declared and filed. The third-level guarantee is the highest level of national certification for non-bank institutions and belongs to the "supervisory level." "The supervision and inspection by the national information security supervision department is the current level that financial payment institutions and enterprises need to achieve.
Evaluation exists in all aspects of implementation
Evaluation is an important part in the implementation of equal guarantee. Its main role is to detect and assess whether the safety level of the rated object meets the basic requirements of the corresponding level. It is an important means to implement equal guarantee. The unit needs to establish a concept: evaluation is not a separate link, and it is not a one-time pass for peace of mind. As long as the implementation of the guarantee, the evaluation will always exist.
Institutions that can conduct evaluations must have corresponding qualifications. During the evaluations, they must obtain the entrustment of the operating and user units or the authorization of the insurance management department. The operating and using units conduct status analysis through registration assessment, determine the current status and problems of system security protection, and determine the system's rectification needs.
In the process of grading, construction and operation and maintenance of iso-guarantees, evaluation work is required to obtain an evaluation report. According to the regulations, the third-level equal guarantee object needs to be evaluated once a year. The evaluation report is an important basis for carrying out rectification and reinforcement, and it is also an important attachment for the record of the third-level and higher-level objects. Importance in the process.
Some people call the process of waiting for insurance implementation to be a process of evaluation, rectification, and re-evaluation, and then rectification until it passes the evaluation. The assessment content of the third-level certification needs to cover the five levels of security technology requirements and five levels of security management requirements. It mainly includes nearly 300 requirements including information protection, security audits, and communication confidentiality. They involve a total of test scores. Class 73, the specific requirements can refer to "Information Security Technology Network Security Level Protection Evaluation Requirements", and the evaluation process can refer to "Information Security Technology Network Security Level Protection Evaluation Process Guide".

   Level evaluation process
It should be noted that the enterprise intranet information system, the cloud, or systems hosted elsewhere need to be evaluated. According to the principle of "who operates who is responsible, who uses who is responsible, who is responsible for who is responsible", the system responsibility subject is still Belong to the network operator, so do not be careless.
Waiting for insurance is just the beginning
At present, the recommended directory of national network security level protection evaluation agencies includes a total of 189 organizations. It should be noted that the security evaluation is not a security certification. There is no certification certificate. The evaluation report and record certification can only prove that the information system meets the security requirements of level protection. Meet the compliance needs of national laws and regulations.
The guarantee is only a basic requirement to ensure network security and information security. The basic guarantee is that the system can run smoothly, that is, the "bottom line". It does not mean that you can sit back and relax when you wait for security. Nor does it mean that you can wait for security. Legal sanctions can be circumvented when a risk incident occurs.
Meeting the demand for equal protection is only the first step to achieving network security and data security, and it is only the beginning of compliance. With the introduction of other regulations and measures, compliance requirements will inevitably become more stringent.
@ 安防 展 网 AFzhan

Sweep, more official Weibo interaction

WeChat: AFzhan

Scan and see the security information

点击这里给我发消息 Call for Papers / Information Cooperation Email: afzhan@foxmail.com


  • ① All works marked "Source: Security Exhibition Network" on this website, the copyright belongs to Security Exhibition Network, please reprint the security exhibition website. Violators of this website will be held responsible for relevant legal responsibilities.
  • ② If the company releases company news, technical articles, data downloads and other content that involves infringement or violation of regulations, the publishing company shall bear the responsibility itself. This website has the right to delete the content and retroactively blame.
  • ③ This website reprints and indicates works from other sources, the purpose is to convey more information, does not mean that this website agrees with its views or confirms its content
    The authenticity of content, does not assume direct responsibility and joint liability for infringement of such works. When other media, websites or individuals reprint from this website,
    You must keep the source of the works indicated on this website and bear your own legal responsibilities such as copyright.
  • ④ If you are involved in the content of the work, copyright, etc., please contact this website within one week from the date of publication of the work, otherwise it is deemed to waive the relevant rights.

After signing up for free, you can
Learn more about the security industry
View security industry supply and demand information
Highlight the value of the security industry itself

Register Now

Do you want quickly found by buyer
Only one opportunity needs to be posted.
Opportunities found by buyers up to
90%! What are you waiting for?

Post information now

Editor's Pick

More

Top interview

More
  • Lan Sheng Communication: Based on user needs to improve product quality
  • Control the frontiers of the “Vision” industry and pursue high-end quality
  • Ruiwei: Facial recognition applications blossom from the construction of smart airport
  • Tianbo Communication: Optimizing the technical team to create brand value 2020
  • Xikang: Strengthening the Productivity of Scientific and Technological Innovation, Entering a New Era of Security Reform
  • Fresh and Connected: 5G + AI Dual Engine Drive Leads Wireless Intelligent Security
  • Dahua shares: dual-engine multi-layout brings seven black technologies
  • Practicing wisdom, new policing
  • Sizheng Technology: Intelligent Voice Recognition Pickup is still underway and more technical bottlenecks need to be broken
  • Electronic Journals

    More

    Recommended topics

    More

    Back to Home