Confidential information systems have certain security and confidentiality requirements. According to relevant national standards, the construction of confidential information systems requires computer systems that reach a higher security level.
Whether a computer information system is classified as a confidential information system mainly depends on whether the information in the system involves the state. Secret information, no matter how much or little confidential information it contains, as long as it exists (that is, it stores, processes or transmits confidential information), this information system is a confidential information system. (Recommended learning: PHP video tutorial)
But not all confidential systems are high-security computer information systems; not all high-security computer information The systems are all classified information systems.
Introduction
For example, some enterprises’ computer information systems have adopted many security and confidentiality technical and management measures to protect their business secrets, achieving a high level of security. level, but since there is no information involving state secrets, it cannot be regarded as a confidential information system;
However, some confidential networks of party and government agencies are very small in scope, only in one or a few rooms. Several computers are connected to the Internet, and relatively closed physical security measures have been adopted to physically isolate them from the outside world. Although more security and confidentiality technologies have not been used, the system security level is not very high, but due to tight management, safe and controllable operation in the system If national secret information is obtained, these systems are classified information systems.
Computer information systems that store and process state secrets (referred to as classified information systems) are subject to hierarchical protection according to the degree of confidentiality.
——Secret-related systems are divided into top secret level, confidential level, and secret level according to the degree of confidentiality, and hierarchical protection is implemented.
Grade protection is targeted at confidential information systems. Based on the level of confidentiality of the confidential information, the importance of the confidential information system, and the harm to the national economy and people's livelihood after being destroyed, And the security protection level that confidential information systems must achieve is divided into three levels: secret level, confidential level and top secret level.
The State Administration of Secrecy has formulated a series of management methods and technical standards on how to carry out hierarchical protection of confidential information systems. Currently, several national confidentiality standards for hierarchical protection that are being implemented are
BMB17 "Technical Requirements for Classified Protection of Information Systems Involving State Secrets"
BMB20 "Management Specifications for Classified Protection of Information Systems Involving State Secrets"
BMB22 "Classification of Information Systems Involving State Secrets" Protection Evaluation Guide"
BMB23 "Design Guide for Hierarchical Protection Plans for Information Systems Involving State Secrets".
The National Confidentiality Technology Evaluation Center is the only security and confidentiality evaluation institution for classified information systems in my country.
For more PHP related technical articles, please visit the PHP Graphic Tutorial column to learn!
The above is the detailed content of Computers that store and process state secrets. For more information, please follow other related articles on the PHP Chinese website!