This standard specifies the requirements for testing and evaluating whether the implemented information system complies with GB/T 22239-2008, including the first-level information system, the second-level information system, the third-level information system and the fourth-level information system. System requirements for test evaluation. This standard omits the requirements for evaluating the fifth-level information system. This standard is applicable to the security testing and evaluation of information system security level protection status conducted by information security assessment service agencies, information system authorities and operating and user units. The information security level protection supervision and inspection conducted by the information security supervision functional department according to law can be used as a reference.
GB/T 28448-2012 Referenced Document
GB/T 22239-2008 Information security technology.Baseline for classified protection of information system security
GB/T 5271.8 Information technology-Vocabulary Part 8: Security
GB/T 28448-2012 history
2019GB/T 28448-2019 Information security technology —Evaluation requirement for classified protection of cybersecurity
2012GB/T 28448-2012 Information security technology.Testing and evaluation requirement for classified protection of information system