The notice of "Gong Tong Zi [2004] No.66" was put forward. Let's take a look at the specific content:
Implementing the principle of information security level protection system (level protection) National information security level protection adheres to the principle of independent classification and independent protection, protects different levels of information systems, and carries out construction, management and supervision according to standards. The information security level protection system follows the following basic principles.
(1) Clear responsibilities and common protection. Organize and mobilize the state, legal persons, other organizations and citizens to participate in information security protection through hierarchical protection; All parties shall bear corresponding, clear and specific responsibilities for information security protection according to norms and standards.
(2) Self-protection according to standards. The state applies mandatory norms and standards, requiring information and information systems to be classified and self-protected according to corresponding construction and management requirements.
(3) Synchronous construction and dynamic adjustment. Information security facilities should be built simultaneously when information systems are newly built, rebuilt and expanded to ensure that information security is compatible with informatization construction. If it is necessary to change the level of security protection due to changes in the application type and scope of information and information systems, the level of security protection of information systems shall be re-determined in accordance with the requirements of management norms and technical standards for level protection. The management norms and technical standards of grade protection shall be revised in a timely manner according to the actual situation of grade protection.
(4) Guidance and supervision, focusing on protection. The information security supervision department designated by the state guides and supervises the information security protection of important information and information systems by filing, guiding, inspecting and urging rectification.
The national key protection involves national security, economic lifeline and social stability of basic information networks and important information systems, mainly including: national affairs handling information system (office system of party and government organs); Information systems related to the national economy and people's livelihood, such as finance, finance, taxation, customs, auditing, industry and commerce, social security, energy, transportation and national defense industry. Information systems of education, national scientific research and other units; Information systems in basic information networks such as public communication, radio and television transmission, etc.: important information systems in network management centers, important websites and other fields.
Basic model of security level protection
Implementing the principle of network security level protection system (level protection) Network security level protection should focus on protecting the operation safety and data safety of key information infrastructure and other networks involving national security, national economy and people's livelihood and public interests in accordance with the principles of active defense, comprehensive prevention and control, highlighting key points and comprehensive protection. In the process of network construction, network operators should plan, construct and operate network security protection, confidentiality and password protection measures simultaneously. The national network security level protection adheres to the principle of hierarchical protection and hierarchical supervision, protects the network at different levels, and carries out construction, management and supervision according to standards. When implementing the network security level protection system, the following requirements should also be observed:
First, clear responsibilities and common protection. Organize and mobilize the state, legal persons, other organizations and citizens to participate in network security protection through hierarchical protection; All parties should bear corresponding, clear and specific responsibilities for network security protection according to norms and standards.
The second is to protect according to standards. By applying mandatory laws and standards, the state requires network operators to scientifically and accurately determine the level and implement protection strategies and measures in accordance with the requirements of network security construction and management.
The third is synchronous construction and dynamic adjustment. Network security facilities should be built at the same time as network construction, reconstruction and expansion to ensure that network security is compatible with information construction. If the level of security protection needs to be changed due to changes in the type and scope of network applications, the level of security protection shall be re-determined in accordance with the requirements of the management norms and technical standards for level protection. The management norms and technical standards of grade protection shall be revised in a timely manner according to the actual situation of grade protection.
The fourth is to guide supervision and focus on protection. The network security supervision department designated by the state guides and supervises the network security protection work by filing, guiding, inspecting and urging rectification. The key information infrastructure protected by the state involves national security, economic lifeline and social stability, mainly including: telecommunications network, radio and television network, Internet, mobile Internet, Internet of Things, industry private network and other network infrastructure; Business information systems and websites of various industries, departments and units such as command and dispatch, internal office, management and control, production and operation, and public services; Industrial control systems in the fields of energy, transportation, water conservancy and municipal administration; Network platforms, important business systems and websites of Internet enterprises; Data center, big data service platform, cloud computing service platform, intelligent equipment facilities and data resources; Other networks and information systems involving national security, social order, public interests and the legitimate rights and interests of citizens, legal persons and other organizations.
This principle was first published by On Printing and Distribution.
Notice No.66 [2004] of Zhongfa put forward the principle of hierarchical protection, that is, the hierarchical protection system of network security, which is different from the description of hierarchical protection in words, but the relevant principles and explanations are in the same strain. As can be seen from document No.66, the document defines the security level protection system as a basic system to improve the ability and level of information security, safeguard national security, social stability and public interests, and ensure and promote the healthy development of information construction in the process of national economy and social informatization development. Implementing the classified protection system of information security can fully mobilize the enthusiasm of the state, legal persons, other organizations and citizens, give full play to the role of all aspects, achieve the purpose of effective protection, enhance the integrity, pertinence and effectiveness of security protection, make the security construction of information systems more centralized, unified, standardized, scientific and reasonable, and play an important role in promoting the development of information security in China.
About "About Printing and Distributing"
The five "benefits" of the notice "Gongtongzi [2004] No.66" have been simply stated in the previous WeChat official account article. See "Important Policy Document No.66 on Equal Protection" to clarify four responsibilities. Generally speaking, ensuring network (information) security and safeguarding national security, public interests and social stability are still major problems to be solved urgently in the current information development.