Part Ⅰ Interpretation of Cybersecurity Classified ProtectionSystem of China Chapter1 Development of China Cybersecurity Classified Protection System 1.1 Establishment of Computer Information Systems Security Protection System 1.2 Establishment of Information Security Classified Protection System 1.3 Establishment of Cybersecurity Classified Protection System Chapter2 Interpretation of the Cybersecurity Law 2.1 Cybersecurity Obligations and Primary Tasks 2.2 Division of Responsibilities and Related Obligations 2.3 National Cybersecurity Classified Protection System 2.4 Basic Responsibilities and Obligations of Network Operators 2.5 Operation Security of Critical Information Infrastructure 2.6 Network Data and Information Security 2.7 Monitoring, Early Warning, and Emergency Response 2.8 Acts Prohibited and Legal Responsibility Chapter3 Interpretation of Cybersecurity Classified Protection System of China 3.1 Policies on Cybersecurity Classified Protection 3.1.1 General Policy Documents 3.1.2 Policy Document of Classified Protection Specific Stages 3.2 Basic Concept of Cybersecurity Classified Protection 3.2.1 Legal Basis for Carrying Out Cybersecurity Classified Protection 3.2.2 Policy Basis for Carrying Out Cybersecurity Classified Protection 3.2.3 What is Cybersecurity Classified Protection 3.2.4 Division and Supervision of Security Protection Levels 3.2.5 Critical Information Infrastructure Protection 3.3 Main Contents of the Cybersecurity Classified Protection System 3.3.1 Organization Structure of Cybersecurity Classified Protection 3.3.2 Main Stages and Basic Requirements of Classified Protection 3.3.3 Security Management of Evaluation 3.3.4 Network Products and Security Service Requirements 3.3.5 Monitoring, Early Warning and Information Reporting 3.3.6 Data Security Protection 3.3.7 Emergency Disposal Requirements 3.3.8 Evaluation Requirements 3.3.9 Risk Control of New Technology and New Application 3.3.10 Supervision and Administration of Cybersecurity Classified Protection Practices Chapter4 Interpretation of Cybersecurity Classified Protection Standards of China 4.1 Cybersecurity Classified Protection Standards Framework 4.2 Relationship between Relevant Standards and Different Stages of Classified Protection 4.2.1 Basic Standards 4.2.2 Classification 4.2.3 Security Requirement 5.1 Classification of Security Protection Levels 5.1.1 Principle of Classification 5.1.2 Security Protection Levels of Network 5.1.3 Classification Factors of Cybersecurity Protection Level 5.1.4 Protection and Supervision of the Five Levels 5.2 Procedures of Classification 5.2.1 Determine the Classification Object 5.2.2 Determine the Security Protection Level of Network 5.2.3 Expert Reviews of Cybersecurity Protection Level 5.2.4 Examination of Cybersecurity Protection Level 5.2.5 Public Security Authorities Examine the Security Protection Level of Network 5.3 How to Determine the Security Protection Level of Network 5.3.1 How to Understand the Five Security Protection Levels of Network 5.3.2 General Process of Network Classification Chapter6 Registration of Cybersecurity Classified Protection 6.1 Registration and Acceptance 6.2 Public Security Authorities Accept Network Registration 6.3 Treatment for Inaccurate Level and Non-registration 6.4 Public Security Authorities』 Guidance on Network Classification and Registration Chapter7 Development and Improvement of Cybersecurity Classified Protection 7.1 Objective and Content 7.1.1 Objective 7.1.2 Scope and Characteristics 7.1.3 Contents 7.1.4 Cybersecurity Protection Capability Objective 7.2 Methods and Processes 7.2.1 Methods 7.2.2 Processes 7.3 Security Management System Development 7.3.1 Implementing Cybersecurity Responsibility System 7.3.2 Cybersecurity Management Status Analysis 7.3.3 Formulating Security Management Strategy and System 7.3.4 Conducting Security Management Measures 7.3.5 Security Self-Inspection and Adjustment 7.4 Security Technology Measures Development 7.4.1 Security Protection Technology Status Analysis of Network 7.4.2 Designing of Cybersecurity Technology Development and Improvement Plan 7.4.3 Implementation and Management of Security Development and Improvement Engineering 7.4.4 Elements of Cybersecurity Development and Improvement Plan 7.5 Selection and Use of Information Security Products 7.5.1 Selecting the Information Security Products Licensed for Sale 7.5.2 Multilevel Testing and Use of Products 8.1.3 When Should We Carry Out Level Evaluation 8.1.4 Business Scope of Level Evaluation Organizations 8.1.5 Standards of Level Evaluation 8.1.6 Development of Level Evaluation Business 8.1.7 Notes on the Application of Level Evaluation Standards 8.2 Management and Supervision of Level Evaluation Organizations and Personnel 8.2.1 Why Need to Develop the Level Evaluation System 8.2.2 Management of Evaluation Organizations and Personnel 8.2.3 Business Scope and Work Requirements of Evaluation Organizations 8.3 Risk Control of Level Evaluation 8.3.1 Existing Risks 8.3.2 Risk Aversion 8.4 Evaluation Reports Chapter9 Supervision and Inspection of Cybersecurity Classified Protection 9.1 Regular Self-Inspection and Supervision 9.1.1 Regular Self-inspection of Registration Organizations 9.1.2 Supervision and Inspection of Industry Competent Departments 9.2 Supervision and Inspection of Public Security Authorities 9.2.1 Principles and Methods 9.2.2 Main Contents of Inspection 9.2.3 Inspection and Improvement Requirements 9.2.4 Inspection Requirements 9.2.5 Incidents Investigation 9.3 Supervision and Management of Network Service Organizations Part Ⅲ Appendices AppendixA Cybersecurity Law of the People』s Republic of China AppendixB The Cryptography Law of the People』s Republic of China AppendixC Regulations of the People』s Republic of China on the Protection of Computer InformationSystem Security AppendixD Administration Measures for Information Security Classified Protection AppendixE Regulations for the Cybersecurity Classified Protection AppendixF Specifications on Information Security Classified Protection Inspection of PublicSecurity Authorities (Trial) AppendixG Administration Measures for Cybersecurity Classified Protection EvaluationOrganizations AppendixH Interpretation of Classification Guide for Classified Protection of Cybersecurity (GB/T 22240-2020) AppendixI Interpretation of Baseline for Classified Protection of Cybersecurity (GB/T22239-2019) AppendixJ Interpretation of Technical Requirements of Security Design for ClassifiedProtection of Cybersecurity (GB/T 25070-2019) AppendixK Interpretation of Evaluation Requirement for Classified Protection of Cybersecurity (GB/T 28448-2019) Glossaryof Classified Protection Terms
[