On 7 May 2020 the State Administration for Market Regulation (SAMR) and the National Information Security Standardisation Technical Committee (NISSTC) jointly released the Information Security Technology Classification Guide for the Classified Protection of Cybersecurity to provide methods and procedures for the classification and protection of information systems and other protection targets which do not involve state secrets (collectively known as 'targets of classified protection').(1)
According to the guide, the targets of classified protection are classified from Grade 1 to Grade 5 based on:
- their importance to national security, the economy and social order; and
- the degree of infringement of national security, social order, public interest and the legitimate rights and interests of citizens, legal persons and other organisations if the targets of classified protection are destroyed, cease to work or the data is tampered with, leaked, lost or damaged.
The guide provides that where a network operator preliminarily determines a target to be Grade 2 or higher, they should organise experts to review and apply to the competent authority to examine and approve the classification result to determine the final classification grade.
If the business information and system service scope of targets of classified protection change and the infringed object and degree of infringement change as a result, the network operator should redetermine the targets of classified protection and their grades accordingly.
Endnotes
