What do we do with MLP
Author: Jiao Yehong, Intellectual Property, Data Compliance, Construction Engineering.
Modern enterprises are inseparable from the network and information, the state implements the network security graded protection system, what should enterprises do, in order to comply with the provisions of the relevant network graded protection? Here's a brief introduction.
The security protection level of information systems is divided into five levels, and the fifth level is the most important. Enterprises should follow the following steps:
The first step, the proposed information system, according to the relevant provisions of the independent determination of the level, after the determination of the national standards for construction, reconstruction, protection, the first and above information system, product development, production units must be invested by Chinese citizens, legal persons or the state investment or holding, the core technology of the product, key components with China's independent intellectual property rights, the product can not set up loopholes, backdoors, Trojans and other programs and functions;
The second step is to select an evaluation agency for the completed information system, conduct regular grade evaluation, regular self-inspection, and rectify the non-compliance matters, and the staff of the evaluation agency is limited to Chinese citizens;
The third step is to bring all the relevant materials to the public security organ to go through the filing formalities within 30 days after the security level is determined.
Finally, after review, the public security department will issue a filing certificate for the compliant information system, notify the non-compliant information system to correct, and re-review and grade the information system notification for the inaccurate grading.
The third and fourth levels of information systems are to be inspected, and the state designates special departments to inspect the fifth level of information systems, and to notify and rectify non-compliance matters.
In addition, consider the protection of confidential information and password protection.
According to the highest level of confidentiality of the information handled, the information system is divided into three levels: secret, confidential, and top secret, and its level of protection is generally not lower than the level of the first, fourth, and fifth levels of national information security protection.
Non-classified information systems must not handle state secret information, and after information security and confidentiality products have passed the test, the State Secrets Bureau shall review and publish a catalog, and the system evaluation body authorized by the State Secrets Bureau shall conduct a security and confidentiality assessment of classified information systems.
Where cryptography is used to protect information and information systems involving state secrets, it shall be reported to the State Cryptography Administration for approval, and the allocation and use of cryptography shall be filed with the State Cryptography Management Body.