1 Scope
This standard specifies the classification method for classified protection of information system security and is applicable to provide guidance for the classification work for classified protection of information system security.
2 Normative References
The following standards contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, subsequent amendments (excluding corrections) to, or revisions, of any of these publications do not apply. However parties to agreements based on this standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below. For undated references, the latest edition applies.
GB/T 5271.8 Information Technology - Vocabulary - Part 8: Security (GB/T 5271.8-2001; idt ISO/IEC 2382-8: 1998)
GB 17859 Classified Criteria for Security Protection of Computer Information System
3 Terminologies and Definitions
For the purposes of this standard, the terms and definitions given in GB/T 5271.8 and GB 17859 and the following apply.
3.1
Target of classified security
Specific information and information systems on which the classified protection work of information security directly acts.
3.2
Object
Social relations that are protected by law and that are infringed when the target of classified security is breached, such as national security, social order and public interests as well as legitimate rights and interests of citizens, legal persons or other organizations.
3.3
Objective
Objective external manifestations showing that the object is infringed, including the infringement way and the infringement result.
3.4
System service
Programmed process provided by the information system to support the businesses it bears.
Foreword i
Introduction ii
1 Scope
2 Normative References
3 Terminologies and Definitions
4 Classification Principle
4.1 Classified Protection of Information System Security
4.2 Classification Elements for Information System Security Protection Class
4.2.1 Infringed Objects
4.2.2 Degree of Infringement to Object
4.3 Relationship between Classification Element and Class
5 Classification Method
5.1 General Process of Classification
5.2 Determine the Object to Be Classified
5.3 Determination of Infringed Objects
5.4 Determination of Degree of Infringement to Objects
5.4.1 Objectives of Infringement
5.4.2 Comprehensive Judgment of Degree of Infringement
5.5 Determination of Security Protection Class of Objects to Be Classified
6 Class Change
1 Scope
This standard specifies the classification method for classified protection of information system security and is applicable to provide guidance for the classification work for classified protection of information system security.
2 Normative References
The following standards contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, subsequent amendments (excluding corrections) to, or revisions, of any of these publications do not apply. However parties to agreements based on this standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below. For undated references, the latest edition applies.
GB/T 5271.8 Information Technology - Vocabulary - Part 8: Security (GB/T 5271.8-2001; idt ISO/IEC 2382-8: 1998)
GB 17859 Classified Criteria for Security Protection of Computer Information System
3 Terminologies and Definitions
For the purposes of this standard, the terms and definitions given in GB/T 5271.8 and GB 17859 and the following apply.
3.1
Target of classified security
Specific information and information systems on which the classified protection work of information security directly acts.
3.2
Object
Social relations that are protected by law and that are infringed when the target of classified security is breached, such as national security, social order and public interests as well as legitimate rights and interests of citizens, legal persons or other organizations.
3.3
Objective
Objective external manifestations showing that the object is infringed, including the infringement way and the infringement result.
3.4
System service
Programmed process provided by the information system to support the businesses it bears.
Contents of GB/T 22240-2008
Foreword i
Introduction ii
1 Scope
2 Normative References
3 Terminologies and Definitions
4 Classification Principle
4.1 Classified Protection of Information System Security
4.2 Classification Elements for Information System Security Protection Class
4.2.1 Infringed Objects
4.2.2 Degree of Infringement to Object
4.3 Relationship between Classification Element and Class
5 Classification Method
5.1 General Process of Classification
5.2 Determine the Object to Be Classified
5.3 Determination of Infringed Objects
5.4 Determination of Degree of Infringement to Objects
5.4.1 Objectives of Infringement
5.4.2 Comprehensive Judgment of Degree of Infringement
5.5 Determination of Security Protection Class of Objects to Be Classified
6 Class Change