This guiding technology establishes the overall structure of Internet-based e-government information security assurance, and provides guidance for the implementation of security requirements in terms of information security technology, information security management, and information security engineering construction involved in Internet-based e-government. This guiding technical document mainly proposes norms and requirements for the construction of a unified secure government affairs network platform, a secure government affairs office platform, a trusted public service platform, and a security support platform. For the proprietary business systems of the relevant government departments, the security protection shall be based on the principle of clear responsibilities and each responsible, and the competent department shall take appropriate security measures. This technical guidance document does not involve its security requirements. This guiding technical document is applicable to prefecture-level (including below) government units to carry out e-government information security construction based on the Internet that does not involve state secrets, and to provide management for information security construction for managers, engineering technicians, and information security product providers. and technical reference
GB/Z 24294-2009 Referenced Document
GB 17859-1999 Classified oriteria for security protection of computer information system
GB/T 17902.2 Information technology-Security techniques-Digital signatures with appendix-Part 2:Identity-based mechanisms
GB/T 17902.3 Information technology-Decurity techniques-Digital signatures with appendix-Part 3:Certificate-based mechanisms
GB/T 19714 Information technology-Security technology.Internet public key infrastructure.Certificate management protocol
GB/T 19771 Information technology.Security technology.Public key infrastructure-Minimum interoperability specification for PKI components
GB/T 20269 Information security technology. Information system security management requirements
GB/T 20271 Information security technology.Common security techniques requirement for information system
GB/T 20275 Information security technology—Technical requirements and testing and evaluation approaches for network-based intrusion detection system*, 2021-10-11 Update
GB/T 20280 Information security technology.Testing and evaluation approaches for network vulnerability scanners
GB/T 20281 Information security technology—Security technical requirements and testing assessment approaches for firewall*, 2020-04-28 Update
GB/T 20282 Information security technology.Information system security engineering management requirements
GB/T 20945 Information security technology—Technical specification for network security audit products*, 2023-05-23 Update
GB/T 20984 Information security technology—Risk assessment method for information security*, 2022-04-15 Update
GB/T 22081 Information Technology—Security Techniques—Code ofpractice for information security controls*, 2016-08-29 Update
GB/T 22239 Information security technology — Baseline for classified protection of cybersecurity*, 2019-05-10 Update
GB/T 22240 Information security technology—Classification guide for classified protection of cybersecurity*, 2020-04-28 Update
GB/T 24363-2009 Information security technology.Specifications of emergency response plan for information security*, 2009-09-30 Update
GB/T 2887 General specification for computer field*, 2011-07-29 Update
GB/Z 19717 Secure message interchange based on Multipurpose Internet Mail Extensions
GB/Z 20985 Information technology.Security techniques.Information security incident management guide
ISO/IEC 18028 Information technology - Security techniques - IT network security - Part 5: Securing communications across networks using virtual private networks
GB/Z 24294-2009 history
2018GB/Z 24294.1-2018 Information security technology—Guide of implementation for internet-basede-government information security—Part 1:General
2009GB/Z 24294-2009 Information security technology.Guide of implementation for internet-based E-government inoformation security