The main differences between DJP2 and DJP** are as follows:
Application scenarios: Level 2 of classified protection is applicable to general information systems, small LANs, and office systems that do not involve secret and sensitive information in state organs, enterprises, and institutions at or above the prefecture and municipal level. The classified protection** is applicable to the internal important information systems of state organs, enterprises and institutions above the prefecture-level city, the information systems of important fields and important departments that operate across provinces, cities or national (provinces) networks, and the official websites of ministries and commissions.
Protection capability: The security protection capability of the second level of classified protection requires that the system can be protected from malicious attacks initiated by external small organizations, threat sources with a small number of resources, general natural disasters and other threats of corresponding degrees caused by important resource damage, can find important security vulnerabilities and security incidents, and have the ability to recover part of the function within a period of time after suffering attack damage. The security protection capability of classified protection requires that the system be protected from major resource damage caused by external organized groups, malicious attacks launched by threat sources with abundant resources, more serious natural disasters and other threats of corresponding degrees under a unified security policy, and can find important security vulnerabilities and security incidents, and can quickly restore most of the functions after the system is damaged by attacks.
Evaluation cycle: According to Article 14 of the Administrative Measures for the Graded Protection of Information Security, the classified protection information system shall be evaluated at least once a year; Level 2 of classified protection does not require assessment, but requires regular assessment by an assessment agency or system self-test.
Evaluation intensity: The evaluation workload of the second level of classified protection is relatively small, the requirements are relatively few, and the corresponding evaluation items are relatively few, with a total of 135 items; However, the evaluation requirements of classified protection** are higher, and the equipment requirements are more stringent.
There are significant differences between DJCP Level 2 and DJCP** in terms of application scenarios, protection capabilities, assessment cycles, and evaluation strength. When choosing the appropriate level of security protection, you need to make trade-offs based on specific application scenarios and security requirements.
Free consultation link for Baobao level assessment.