1 Scope
This standard specifies the security protection requirements for internet interactive services.
This standard is applicable to the implementation of Internet security protection management system and technical measures for security protection by the internet interactive service providers.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GA 1278-2015 Information security technology—Basic procedures and requirements for Internet service security evaluation
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GA 1278-2015 and the following apply.
3.1
internet interactive service
a service provided to users for publishing information to the public through text, pictures, audio, video, etc.
Note: Including but not limited to forums, communities, post bars, text or audio/video chat rooms, micro blogs, blogs, instant messaging, mobile downloads, shared storage, third-party payment and other internet information services.
3.2
illegal and harmful information
information that violates national laws and regulations, and endangers national security, public safety, and citizens’ safety and their property
3.3
destructive program
a program that has the functions of obtaining, deleting, adding, modifying, interfering, and destroying, without authorization, the functions of the computer information system and the data stored, processed and transmitted
3.4
personal electronic information
electronic information that can be known and processed, and is related to a specific natural person who can be identified through ID card number, network identifier or one or more factors of the physiological, mental, economic, cultural and social identity, and that involving the privacy of the natural person
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Requirements for security management system
5 Requirements for institution
6 Personnel security management
7 Access control management
8 Network and operation security
9 Application security
10 Protection of personal electronic information
11 Complaint
12 Subcontracting
13 Security incident management
Bibliography
Standard
GA 1277-2015 Information security technology—Security protection requirements for internet interactive service (English Version)
Standard No.
GA 1277-2015
Status
superseded
Language
English
File Format
PDF
Word Count
5500 words
Price(USD)
130.0
Implemented on
2016-1-1
Delivery
via email in 1 business day
Detail of GA 1277-2015
Standard No.
GA 1277-2015
English Name
Information security technology—Security protection requirements for internet interactive service
GA 1277-2015, GA/T 1277-2015, GAT 1277-2015, GA1277-2015, GA 1277, GA1277, GA/T1277-2015, GA/T 1277, GA/T1277, GAT1277-2015, GAT 1277, GAT1277
Introduction of GA 1277-2015
1 Scope
This standard specifies the security protection requirements for internet interactive services.
This standard is applicable to the implementation of Internet security protection management system and technical measures for security protection by the internet interactive service providers.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GA 1278-2015 Information security technology—Basic procedures and requirements for Internet service security evaluation
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GA 1278-2015 and the following apply.
3.1
internet interactive service
a service provided to users for publishing information to the public through text, pictures, audio, video, etc.
Note: Including but not limited to forums, communities, post bars, text or audio/video chat rooms, micro blogs, blogs, instant messaging, mobile downloads, shared storage, third-party payment and other internet information services.
3.2
illegal and harmful information
information that violates national laws and regulations, and endangers national security, public safety, and citizens’ safety and their property
3.3
destructive program
a program that has the functions of obtaining, deleting, adding, modifying, interfering, and destroying, without authorization, the functions of the computer information system and the data stored, processed and transmitted
3.4
personal electronic information
electronic information that can be known and processed, and is related to a specific natural person who can be identified through ID card number, network identifier or one or more factors of the physiological, mental, economic, cultural and social identity, and that involving the privacy of the natural person
Contents of GA 1277-2015
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Requirements for security management system
5 Requirements for institution
6 Personnel security management
7 Access control management
8 Network and operation security
9 Application security
10 Protection of personal electronic information
11 Complaint
12 Subcontracting
13 Security incident management
Bibliography
