m88 live casino and sports betting
Ministry of Public Security
National Security Bureau
National Cryptozoology Administration
State Council Information Office
2007Year6month22日
Provinces、Autonomous Region、Municipality Public Security Department (Bureau)、Secret Bureau、State Cryptography Administration (Office of the State Cryptography Management Committee)、Information Leadership Group Office,Xinjiang Production and Construction Corps Public Security Bureau、Secret Bureau、State Cryptozoology Administration、Information Leadership Group Office,Office of the Secretariat Committee of Central and State Agencies and Ministries、Office of the Cryptocurrency Leading Group、Information Leadership Group Office,Office of confidentiality committees of various people’s organizations:
Chapter 1 General Provisions
Article 1 To standardize information security level protection management,Improve information security capabilities and levels,Maintaining national security、Social stability and public interests,Guarantee and promote information construction,According to the "Computer Information System Security Protection Regulations of the People's Republic of China" and other relevant laws and regulations,Develop these measures。
Article 2 The state has adopted unified information security level protection management specifications and technical standards,Organizational Citizen、Legal entities and other organizations implement hierarchical security protection for information systems,Supervise the implementation of graded protection work、Management。
Article 3 Public security organs are responsible for the supervision of information security level protection、Check、Guidance。The national confidentiality department is responsible for the supervision of confidentiality work in hierarchical protection work、Check、Guidance。The national cryptography management department is responsible for the supervision of cryptography work in grade protection work、Check、Guidance。Matters involving the jurisdiction of other functional departments,Managed by relevant functional departments in accordance with national laws and regulations。The State Council Information Office and the local information leading group offices are responsible for the inter-departmental coordination of hierarchical protection work。
Article 4 The information system department shall comply with these Measures and relevant standards,Supervision、Check、Guide this industry、This department or regional information system operation、User unit’s information security level protection work。
Article 5 Information system operations、Users shall comply with these Measures and relevant standards and specifications,Perform obligations and responsibilities for information security level protection。
Chapter 2 Grade classification and protection
Article 6 National information security level protection adheres to independent grading、Principle of independent protection。The m88 online sports bettingsecurity protection level of information systems should be based on the national security of the information system、Economic Construction、Importance in social life,National security after the information system is destroyed、Social order、Public interest and citizens、Determination of the degree of harm to the legitimate rights and interests of legal persons and other organizations and other factors。
Article 7 The m88 online sports bettingsecurity protection level of information systems is divided into the following five levels:
First level,After the information system is damaged,To the citizens、Cause damage to the legitimate rights and interests of legal persons and other organizations,But without harming national security、Social order and public interests。
Second level,After the information system is damaged,To the citizens、Serious damage to the legitimate rights and interests of legal persons and other organizations,Or cause damage to social order and public interests,But without harming national security。
Level 3,After the information system is damaged,It will cause serious damage to social order and public interests,Or cause damage to national security。
Level 4,After the information system is damaged,It will cause particularly serious damage to social order and public interests,Or cause serious damage to national security。
Level 5,After the information system is damaged,It will cause particularly serious damage to national security。
Article 8 Information System Operation、The user unit shall protect the information system in accordance with these measures and relevant technical standards,The relevant national information security regulatory authorities supervise and manage their information security level protection work。
First level information system operation、User units should carry out protection in accordance with relevant national management regulations and technical standards。
Second level information system operation、User units should carry out protection in accordance with relevant national management regulations and technical standards。The national information security regulatory department provides guidance on the information security level protection of this level of information system。
Third level information system operation、User units should carry out protection in accordance with relevant national management regulations and technical standards。The national information security regulatory department supervises the information security level protection work of this level of information system、Check。
Level 4 Information System Operations、Using units shall comply with relevant national management regulations、Technical standards and business-specific needs are protected。The national information security regulatory department conducts mandatory supervision of the information security level protection of this level of information system、Check。
Level 5 Information System Operations、User units should comply with national management regulations、Protected by technical standards and special business security requirements。The state designates specialized departments to conduct special supervision of the information security level protection work of this level of information system、Check。
Chapter 3 Implementation and management of graded protection
Article 9 Information System Operation、Using units shall implement level protection work in accordance with the "Implementation Guidelines for Information System Security Level Protection"。
Article 10 Information System Operation、Using units shall determine the m88 online sports bettingsecurity protection level of information systems in accordance with these Measures and the "Guidelines for Rating Information System Security Level Protection"。With competent authority,Should be reviewed and approved by the competent department。
Information systems operating on a unified network across provinces or across the country can be uniformly determined by the competent authorities to provide m88 online sports bettingsecurity protection levels。
For information systems to be determined as level 4 or above,Operations、The user unit or competent department shall request the National Information m88 online sports bettingsecurity protection level Expert Review Committee for review。
Article 11 After the m88 online sports bettingsecurity protection level of the information system is determined,Operations、m88 online bettingThe user unit shall comply with the national information security level protection management regulations and technical standards,Used in compliance with relevant national regulations,Information technology products that meet the security protection level requirements of information systems,Carry out information system security construction or reconstruction work。
Article 12 In the process of information system construction,Operations、Using units shall follow the "Guidelines for Classification of m88 online sports bettingsecurity protection levels of Computer Information Systems" (GB17859-1999)、"Basic Requirements for Information System Security Level Protection" and other technical standards,Refer to "Information Security Technology General Security Technical Requirements for Information Systems" (GB/T20271-2006)、"Information Security Technology Basic Network Security Technical Requirements" (GB/T20270-2006)、"Information Security Technology Operating System Security Technical Requirements" (GB/T20272-2006)、"Information Security Technology Security Technical Requirements for Database Management Systems" (GB/T20273-2006)、"Information Security Technology Server Technical Requirements"、"Information Security Technology Technical Requirements for Security Level of Terminal Computer Systems" (GA/T671-2006) and other technical standards to simultaneously build information security facilities that meet the requirements of this level。
Article 13 Operations、Using units should refer to the "Information Security Technology Information System Security Management Requirements" (GB/T20269-2006)、"Information Security Technology Information System Security Engineering Management Requirements" (GB/T20282-2006)、"Basic Requirements for Information System Security Level Protection" and other management specifications,Develop and implement a safety management system that meets the safety protection level requirements of this system。
Article 14 After the construction of the information system is completed,Operations、The user unit or its competent department shall select an evaluation institution that meets the conditions stipulated in these measures,Based on technical standards such as "Information System Security Level Protection Evaluation Requirements",Regularly conduct level assessments on the security level of information systems。The third-level information system should conduct a level assessment at least once a year,The fourth-level information system should conduct a level assessment at least once every six months,Level 5 information systems should be evaluated based on special security requirements。
Information system operation、Using units and their competent departments should regularly review the security status of information systems、Self-examination of the implementation of safety protection systems and measures。The third-level information system should conduct self-examination at least once a year,The fourth-level information system should conduct self-examination at least once every six months,Level 5 information systems should conduct self-examination based on special security requirements。
After evaluation or self-examination,The security status of the information system does not meet the m88 online sports bettingsecurity protection level requirements,Operations、The user unit should formulate a plan for rectification。
Article 15 Operated (running) second-level and above information systems,Should be after the m88 online sports bettingsecurity protection level is determined30Within days,Operated by、The user shall go to the local public security organ at or above the municipal level to complete the registration procedures。
Create a new second-level or above information system,Should be put into operation30Within days,Operated by、The user shall go to the local public security organ at or above the municipal level to complete the registration procedures。
Units in Beijing affiliated to the central government,An information system that is uniformly networked across provinces or across the country and rated uniformly by the competent authorities,The competent department shall complete the filing procedures with the Ministry of Public Security。Inter-provincial or national unified network-operated information systems are operated in various places、Application branch system,Should be filed with the local public security organ at or above the municipal level。
Article 16 When going through the registration procedures for information system m88 online sports bettingsecurity protection level,The "Information System Security Level Protection Registration Form" should be filled out,The third-level and above information system should also provide the following materials:
(1) System topology and description;
(2) System security organization and management system;
(3) Design and implementation plan or reconstruction implementation plan for system safety protection facilities;
(4) List of information security products used by the system and their certification、Sales license certificate;
(5) Technical inspection and evaluation report that meets the system m88 online sports bettingsecurity protection level after evaluation;
(6) Expert review opinions on information system m88 online sports bettingsecurity protection level;
(7) Opinions of the competent department on reviewing and approving the m88 online sports bettingsecurity protection level of the information system。
Article 17 After information system registration,Public security organs should review the filing status of information systems,For those that meet the requirements for grade protection,Should be from the date of receipt of the filing materials10Issuance of information system security level protection registration certificate within 18 working days;Discovered that do not comply with these measures and related standards,Should be from the date of receipt of the filing materials10Notify the filing unit to correct it within 1 working day;Incorrect classification found,Should be from the date of receipt of the filing materials10working days to re-examine and confirm.
Operation、After the user unit or competent department re-determines the information system level,Should be re-filed with the public security organs in accordance with these measures。
Article 18 The public security organ that accepts the filing shall report to the third level、Operation of Level 4 Information Systems、Check the information security level protection work of the use unit。Inspect the third-level information system at least once a year,Inspect the fourth-level information system at least once every six months。Inspection of information systems operating in a unified network across provinces or across the country,Should be conducted in conjunction with its competent authority。
For the fifth level information system,Should be inspected by specialized m88 live casino and sports bettingdepartments designated by the state。
Public Security Bureau、Specialized m88 live casino and sports bettingdepartments designated by the state shall inspect the following matters:
(1) Whether information system security requirements have changed,Is the original protection level accurate?;
(2) Operation、Use unit safety management system、Implementation status of measures;
(3) Operation、Inspection of information system security status by user units and their competent departments;
(4) Whether the system security level assessment meets the requirements;
(5) Whether the use of information security products meets the requirements;
(6) Information system security rectification situation;
(7) Filing materials and operations、Unit used、Compliance of information systems;
(8) Other matters that should be subject to supervision and inspection.
Article 19 Information System Operation、Using units should accept public security organs、Safety m88 best betting websitesupervision of specialized m88 live casino and sports bettingdepartments designated by the state、Check、Guidance,Report the truth to the public security organs、Special departments designated by the state provide the following information and data files related to information security protection:
(1) Changes in information system filing matters;
(2) Changes in security organizations and personnel;
(3) Information security management system、Changes in measures;
(4) Information system operating status records;
(5) Operation、Regular inspection records of information system security status by user units and competent authorities;
(6) Technical evaluation report for grade evaluation of information systems;
(7) Changes in the use of information security products;
(8) Information security incident emergency plan,Information security incident emergency response result report;
(9) Information system security construction、Rectification results report。
Article 20 The public security agency inspected and found that the security protection status of the information system did not comply with the relevant management specifications and technical standards for information security level protection,Should be reported to operations、The user unit issues a rectification notice。Operations、The user shall comply with the requirements of the rectification notice,Correct according to management regulations and technical standards。After the rectification is completed,The rectification report should be filed with the public security organ。When necessary,The public security organs can organize inspections on the rectification situation。
Article 21 Information systems at level 3 or above should choose to use information security products that meet the following conditions:
(1) Product development、The production unit is owned by Chinese citizens、Invested by legal persons or invested or controlled by the state,Have independent legal personality within the territory of the People’s Republic of China;
(2) Core technology of products、Key components have my country’s independent intellectual property rights;
(3) Product development、Production unit and its main business、Technician has no criminal record;
(4) Product development、The production unit stated that no loopholes were intentionally left or set、Backdoor、Trojan horses and other programs and functions;
(5) To national security、Social order、Public interests do not constitute harm;
(6) For those listed in the information security product certification catalog,Should obtain the certification certificate issued by the National Information Security Product Certification Agency。
Article 22 Information systems at level 3 or above should be evaluated by a level protection evaluation agency that meets the following conditions:
(1) Registered and established within the territory of the People’s Republic of China (excluding Hong Kong, Macao and Taiwan);
(2) Investment by Chinese citizens、Enterprises and institutions invested by Chinese legal persons or state-invested (except Hong Kong, Macao and Taiwan);
(3) Engaged in relevant testing and evaluation work for more than two years,No illegal record;
(4) Staff members are limited to Chinese citizens;
(5) Legal person and main business、Technician has no criminal record;
(6) Technical equipment used、Facilities shall comply with the requirements of this Measure for information security products;
(7) Have complete confidentiality management、Project Management、Quality Management、Safety management systems such as personnel management, training and education;
(8) To national security、Social order、Public interest does not pose a threat。
Article 23 Organizations engaged in information system security level assessment,Should fulfill the following obligations:
(1) Comply with relevant national laws, regulations and technical standards,Provide security、Objective、Fair testing and evaluation service,Guarantee the quality and effectiveness of the evaluation;
(2) Keep state secrets learned during the evaluation activities、Business secrets and personal privacy,Prevent evaluation risks;
(3) Provide safety and confidentiality education to evaluators,Sign a safety and confidentiality agreement with them,Specifies the security and confidentiality obligations and legal responsibilities that must be fulfilled,And responsible for inspection and implementation。
Chapter 4 Involving the hierarchical protection and management of national secret information systems
Article 24 Confidential information systems should be based on the basic requirements for national information security level protection,In accordance with the management regulations and technical standards for hierarchical protection of confidential information systems of the national security department,Protect based on the actual situation of the system。
Non-confidential information systems shall not process state secret information.
Article 25 Confidential information systems are processed according to the highest level of confidentiality,Divided into secrets from low to high、Confidential、Three levels of top secret。
Units that construct and use confidential information systems should standardize and classify information,In accordance with the hierarchical protection and management measures for confidential information systems and national confidentiality standardsBMB17-2006"Technical Requirements for Hierarchical Protection of Computer Information Systems Involving State Secrets" determines the system level。For confidential information systems containing multiple security domains,Each security domain can determine the protection level separately。
Confidentiality departments and institutions should supervise and guide the construction and use units of confidential information systems to be accurate、Properly grade the system。
Article 26 Units that construct and use confidential information systems shall grade and construct and use the confidential information systems,Report in a timely manner to the confidentiality work organization of the business competent department and the confidentiality work department responsible for system approval,And accept the supervision of the confidentiality department、Check、Guidance。
Article 27 Units that build and use confidential information systems should choose units with relevant integration qualifications to undertake or participate in the design and implementation of confidential information systems。
Units that construct and use confidential information systems shall follow the hierarchical protection management specifications and technical standards for confidential information systems,Follow the secret、Confidential、Different requirements for top secret level three,Design the scheme based on the actual system,Implement hierarchical protection,The level of protection is generally not lower than the third level of national information security level protection、Level 4、Level 5。
Article 28 In principle, information security and confidentiality products used in confidential information systems should be domestic products,And it shall be tested by a testing agency authorized by the State Administration of Secrecy in accordance with relevant national confidentiality standards,Products that pass the test will be reviewed and released by the National Security Bureau。
Article 29 The construction and use unit of the confidential information system after the implementation of the system project,An application should be submitted to the confidentiality department,A system evaluation agency authorized by the State Administration of Secrecy in accordance m88 live casino and sports bettingwith national confidentiality standardsBMB22-2007"Evaluation Guidelines for the Graded Protection of Computer Information Systems Involving State Secrets",Conduct security and confidentiality assessment on confidential information systems。
Units constructing and using confidential information systems before the system m88 online sports betting appis put into use,Should be in accordance with the "Regulations on the Approval and Management of Information Systems Involving State Secrets",Apply to the confidentiality department at or above the districted municipal level for system approval,Confidential information systems can only be put into use after passing the approval。Confidential information system that has been put into use,After its construction and user units complete system rectification in accordance with graded protection requirements,Should be filed with the confidentiality department。
Article 30 When units constructing and using confidential information systems apply for system approval or filing,The following materials should be submitted:
(1) System design、Implementation Plan and Review Demonstration Opinions;
(2) Qualification certification materials of the system construction unit;
(3) Report on system construction and project supervision;
(4) System security and confidentiality testing and evaluation report;
(5) System security and confidentiality organization structure and management system;
(6) Other relevant materials.
Article 31 Confidential information system has a confidentiality level、Connection range、Environmental facilities、Main applications、When the unit responsible for security and confidentiality management changes,The construction and use units shall promptly report to the confidentiality department responsible for approval。Confidentiality work department should base on actual situation,Decide whether to re-evaluate and approve it。
Article 32 Units constructing and using confidential information systems shall comply m88 live casino and sports bettingwith national confidentiality standardsBMB20-2007"Specifications for the Hierarchical Protection and Management of Information Systems Involving State Secrets",Strengthening confidentiality management in the operation of confidential information systems,Perform regular risk assessment,Eliminate leakage risks and vulnerabilities。
Article 33 National and local confidentiality work departments at all levels monitor each region in accordance with the law、Implement supervision and management of hierarchical protection of confidential information systems in various departments,And do the following:
(1) Guidance、Supervise and inspect the development of graded protection work;
(2) Guide the construction and use units of confidential information systems to standardize information classification,Reasonably determine the system protection level;
(3) Participate in the demonstration of hierarchical protection plan for confidential information systems,Guide construction and user units to carry out simultaneous planning and design of confidential facilities;
(4) Supervise and manage confidential information system integration qualification units in accordance with the law;
(5) Strictly conduct system evaluation and approval work,Supervise and inspect the implementation of hierarchical protection management systems and technical measures for units constructing and using confidential information systems;
(6) Strengthening confidentiality supervision and inspection in the operation of confidential information systems。To the secret level、Confidential information systems must undergo a confidentiality inspection or system evaluation at least once every two years,Conduct confidentiality inspection or system evaluation of top-secret information systems at least once a year;
(7) Understand the management and use of various types of confidential information systems at all levels,Promptly detect and investigate various violations and leaks。
Chapter 5 Password management for information security level protection
Article 34 The national password management department implements classified and hierarchical management of passwords for information security level protection。According to the protected object in national security、Social stability、The role and importance of economic construction,Safety protection requirements and confidentiality level of the protected objects,The degree of harm after the protected object is destroyed and the nature of the department using the password, etc.,Determining the level of password protection criteria。
Information system operation、The user unit adopts password for level protection,Should comply with the "Information Security Level Protection Password Management Measures"、"Technical Requirements for Commercial Passwords for Information Security Level Protection" and other password management regulations and related standards。
Article 35 Password configuration in information system security level protection、Use and management, etc.,Relevant regulations on national password management should be strictly implemented。
Article 36 Information System Operation、Using units should make full use of cryptographic technology to protect information systems。Using passwords to protect information and information systems involving state secrets,Should be submitted to the State Cryptozoology Administration for approval,Password design、Implementation、Use、Operation, maintenance and daily management, etc.,Should be implemented in accordance with relevant national password management regulations and relevant standards;Using passwords to protect information and information systems that do not involve state secrets,Must comply with the "Commercial Password Management Regulations" and the relevant regulations and standards for password classification and hierarchical protection,The configuration and use of passwords should be filed with the national password management agency。
Article 37 Using cryptography technology to carry out system-level protection construction and rectification of information systems,Encryption products approved for use or approved for sale by the national encryption management department must be used for security protection,Do not use encryption products imported from abroad or developed without authorization;Imported information technology products containing encryption functions may not be used without approval。
Article 38 The evaluation of passwords and cryptographic equipment in information systems is undertaken by evaluation institutions recognized by the State Cryptozoology Administration,Any other department、Organizations and individuals are not allowed to evaluate and monitor passwords。
Article 39 Password management departments at all levels can regularly or irregularly equip passwords for information system level protection work、Check and evaluate the usage and management,Cryptographic configuration of important confidential information systems、Use and management conditions shall be inspected and evaluated at least once every two years。During the supervision and inspection process,Discover security risks or violate relevant regulations on password management or fail to meet password-related standard requirements,Should be handled in accordance with the relevant provisions of national password management。
Chapter 6 Legal liability
Article 40 Level 3 or above information system operation、The user unit violates the provisions of these regulations,Have one of the following behaviors,By the public security agency、The national security department and the national encryption management department order them to make corrections within m88 best betting websitea time limit according to the division of responsibilities;Not corrected within the time limit,Give warning,And report the situation to its superior authority,It is recommended that the directly responsible m88 online bettingsupervisor and other directly responsible personnel be dealt with,And provide timely feedback on the processing results:
(1) Failure to file and approve in accordance with the provisions of these Measures;
(2) Failure to implement the safety management system in accordance with these regulations、Measures;
(3) Failure to conduct system security status inspection in accordance with the provisions of these Measures;
(4) Failure to conduct system security technology evaluation in accordance with the provisions of these Measures;
(5) Refusing to make rectifications after receiving a rectification notice;
(6) Failure to choose and use information security products and evaluation institutions in accordance with the provisions of these Measures;
(7) Failure to truthfully provide relevant documents and supporting materials in accordance with the provisions of these Measures;
(8) Violation of confidentiality management regulations;
(9) Violation of password management regulations;
(10) Violation of other provisions of these Measures.
Violation of the provisions of the preceding paragraph,Causing serious damage,By relevant departments in accordance with relevant laws、Processed by regulations。
Article 41 The information security supervision department and its staff are performing supervision and management duties,Neglect of duty、Abuse of power、Practice for personal gain,Administrative sanctions in accordance with the law;Constituting a crime,Pursuing criminal responsibility according to law。
Chapter 7 Supplementary Provisions
Article 42 Operation of operational information systems、Using units from the date of implementation of these measures180Determine the m88 online sports bettingsecurity protection level of the information system within a day;New information system is being designed、Determine the security protection level during the planning stage。
Article 43 The "above" mentioned in these regulations includes the current number (level).
Article 44 These measures will come into effect from the date of promulgation,"Information Security Level Protection Management Measures (Trial)" (Gongtongzi〔2006〕7) shall be abolished at the same time.
(Source: Ministry of Industry and Information Technology of the People's Republic of China)