The Cybersecurity Law of the People’s Republic of China was officially implemented on June 1, 2017. In this fundamental law in the field of cybersecurity, it is clearly stipulated that China implements the classified system of classified protection of cybersecurity. On December 1, 2019, Information Security Technology Network Security—Evaluation Requirements for Classified Protection of Cybersecurity GB/T 28448—2019 (hereinafter referred to as “Evaluation Requirements”), the National Standard of the People’s Republic of China, was implemented.
The Evaluation Requirements is the core standard that guides the test and evaluation agencies to carry out the evaluation for the classified protection of cybersecurity. The correct understanding and use of this standard is the prerequisite for the smooth implementation for the classified protection of cybersecurity.
In order to better understand and comprehend the “Evaluation Requirements” and further improve the evaluation capabilities of test and evaluation agencies, the Cybersecurity Bureau under the Ministry of Public Security, the Zhong guan cun Information Security Evaluation Alliance, and the Information Security Rating Center of the Ministry of Public Security jointly organized and compiled the “Guidelines for the Application of Evaluation Requirements for Classified Protection of Cybersecurity”.
For each evaluation unit in the Evaluation Requirements, this book focuses on the determination of evaluation targets, the key points and methods of evaluation implementation, so as to better guide the classified test and evaluation agencies, the operation and using organizations of classified protection objects and the competent authorities to carry out the evaluation work for classified cybersecurity protection.
This book is divided into 8 chapters. Chapter 1 is the basic concept, which explains the terms or concepts related to the evaluation of classified cybersecurity protection, mainly including classified test and evaluation, evaluation targets and selection, evaluation index and selection, the mapping relationship between evaluation targets and evaluation indicators, and non applicable evaluation index, evaluation intensity, evaluation method, singular evaluation, overall evaluation and evaluation conclusion, etc. Chapter 2 is the general introduction of the Evaluation Requirements, elaborating on the meaning of general requirements for security evaluation and extended requirements for security evaluation. Chapter 3 is the application interpretation of the general evaluation requirements at Level Ⅲ and Level Ⅳ. Chapter 4 is the application and interpretation of the extended requirements of cloud computing security evaluation. Chapter 5 is the application and interpretation of the extended security evaluation requirements of mobile Internet. Chapter 6 is the application and interpretation of the extended security evaluation requirements of Internet of Things. Chapter 7 is the application and interpretation of the extended security evaluation requirements of industrial control systems, and Chapter 8 is the application and interpretation of the extended security evaluation requirements of big data. The content of interpretation includes the evaluation targets, the main points and methods of the evaluation implementation, etc., and the security protection level of the evaluation metric is identified by the evaluation unit number.
The editor in chief of this book is Guo Qiquan, the associate editor in chief are Liu Jianwei and Wang Xinjie, and other main contributors are Zhu Guobang, Fan Chunling, Pan Wenbo, Wang Lianqiang, Yang Yuzhong.
Due to the limited knowledge of the authors, there are inevitably some inadequacies in this book. Please feel free to kindly provide your feedback and correction.
書單推薦
