外商独资企业MLPS 2.0指南

MLPS 2.0为您的网络提供更高级别的安全性,确保您的数据和信息的安全。使用MLPS 2.0,您可以轻松地申请记录,接受专家评审,并获得详细的评估报告。我们专注于保护您的网络,让您专注于发展您的业务。

MLPS 评估

摘要:

自2019年以来,新的多层次保护计划(MLPS)2.0标准已经发布,现在它越来越多地从政府实体进入企业。本文是针对主要企业进行MLPS评估或如何使企业尽可能符合MLPS标准的指导。

由于国家安全立场的发展,以及网络犯罪在中国发生的越来越频繁,为了保护中国经济和中国人民的生计,中国于2017年6月发布了网络安全法(《中华人民共和国网络安全法》,即CSL)。《电信企业法》第21条规定,所有网络运营者均应履行MLPS。

MLPS是帮助网络运营商对其信息系统/网络进行评级和维护和保护的规范性文件。

自2008年以来,MLPS已经起草并实施。它首先被认为是专门为政府实体保护国家网络安全。但在2017年之后,如CSL所述,所有网络运营商(包括重点工业公司,甚至外商独资企业)都有义务遵循MLPS标准,以保护其运营的网络。

1.1.法律参考

  • 《中华人民共和国网络安全法》
  • 中华人民共和国计算机信息系统安全保护条例(中华人民共和国国务院令(第147号))
  • 《信息安全多层次保护管理办法》(工同字[2007]43号)

1.2.标准

  • GB/T 22239-2019《信息安全技术多层次保护基本要求》
  • GB/T 25070-2019《信息安全技术网络安全多级防护安全设计技术要求》
  • GB/T 28448-2019《信息安全技术网络安全多层次保护评估要求》
  • GB/T 25058-2019《信息安全技术-网络安全分类保护实施指南》

1.3.对象:网络运营商

本规范的分级对象是指建设、运营和使用基础信息网络、云计算平台/系统、大数据应用/平台/资源、物联网、工业控制系统和采用移动互联网技术的系统、承载独立业务应用的数据资源和信息系统的地方政府部门、企事业单位或具有代表性的其他社会组织。

网络运营者应当按照多层次保护制度的要求,履行安全义务,确保网络不受干扰、破坏、不被非法接入,防止网络数据泄露、被盗用、伪造。

2.评估程序

2.1.一般流程

 

2.1.1.示例1 “MLPS记录表”,由评估机构提供。

2.1.2.例2 《MLPS备案证书》,由公安部门出具。

 

2.1.3.例3“MLPS评估机构推荐证书”

 

2.1.4.例4 “评估报告”

2.2.自动分级

网络运营商根据自己的网络/系统情况填写申请表(模板表格见附件1,因为只接受中文表格,所以我们没有翻译)。

采取哪一级是基于下面的矩阵:

Harmed objects when the network/system is damagedSeverity of the harm
harmserious harmparticularly serious damage
legitimate rights and interests of the Chinese citizensL1L2L3
social order and the public interestL2L3L4
National SecurityL3L4L5

 

当网络拓扑、用途、服务范围/对象或处理的数据发生变化时,相应的安全级别也应重新分级。

根据我们的经验,通常对于制造公司来说,最大L2就足够了。甚至L1也是可以接受的。

 

由于2021年的新形势,目前我们区域内所有对外商独资企业自我评级2级以上的认可都不成功。这意味着外商独资企业可以在没有得到官方评估的情况下为MLPS做好准备。

 

2.3.现场评估

评估机构将申请表交予市网络安全保障局(见附件2),市网络安全保障局办公室邀请三名或三名以上专家进行审查,并通知区网络安全警察参加评估会议。

评估开始前,参加评估的专家应选择一名专家作为评估工作的负责人,由组长主持评审会。

申请人的负责人应当将网络和信息系统的基本情况向审核组报告具体的网络和信息系统情况,包括但不限于:

       1.主体的责任:

(1)信息系统的规划设计、立项、开发建设、运行时间;

(2)项目主管、开发单位、系统集成与安全集成商、网络设备及安全产品供应商、安全服务提供商(含运维)等;

(3)系统所在服务器机房、负责部门、用户部门等。

       2.系统功能的应用:

(1)系统所使用的编程语言和数据库管理软件,以及版本;

(2)本系统设置的应用服务器的数量、品牌、型号和数量、数据库类型和数据库服务器的数量;

(3)系统的主要功能;

(4)系统是否提供在线服务;

(5)是否有手机应用;

(6)系统是否采用了大数据、云计算等。

(7)用户类型和数量。

如果现场无法演示,请将各功能页面截图制作成演示文件。

       3.系统网络结构:

(1)系统的网络架构;

(2)出站连接数和带宽;

(3)部署在网络边界的核心网设备;

(4)安全防护产品情况(注明品牌、型号);

(5)保安设备的政策和状况;

(6)简要介绍网络结构、区域和边界的定义以及安全方法等。

         4.数据的情况:

(1)系统收集的数据(包括公民个人信息)的大小、类型以及安全保护方式的收集、存储、传输、使用、提供、销毁等方面;

(2)是否向第三方提供数据接口(如有),请清楚描述;是否签署了保密协议;

(3)从核心数据中收集了哪些字段,总量是多少;

(4)收集公民个人信息的字段(包括手机号码、身份证)及其总量。

(5)简要介绍主要数据类型、数量以及如何存储它们。

          5.自评分情况及原因:

介绍申请人系统的保安级别,并解释建议级别的相关级别。如果有更好的指导,请召集专家组。介绍申请人系统的保安级别,并解释建议级别的相关级别。如果有更好的指导,请召集专家组。

          6.专家评价:

评估专家根据申请人申报情况,采用询问、查阅资料等方式对拟应用信息系统的水平进行评审。

评估内容包括但不限于以下内容:

(1)审核责任主体:通过询问、查阅文件等形式,检查申请人是否对分级信息系统的安全主管负有责任。

(2)审查评级对象:通过询问、查阅资料和现场观看等方式,审查评级对象是否具备信息系统的三个基本要素:明确责任主体;相对独立的业务应用;多个互联资源。避免将单个系统组件(如服务器、终端、网络设备等)作为分级对象;

(3)审查客体和来自客体的损害影响:通过网络运营者提供的材料,在专家意见中说明清楚网络和信息系统客体和来自客体的损害影响的原因。

         7.评估结果:

现场评估完成后,由组长的专家共同确定申请人评分对象的合理性,并由所有专家签名(避开现场评分对象申请人)。

在评估过程中,如发现分级对象存在重大安全隐患,应在评估意见结束时提出建议,便于网络运营者及时整改。

 

 

 

3.评价项目

3.1.Level 2

Security CategorySecurity sub-categoryNumber of assessment itemsComments
Physical securitySelection of physical location1Evaluate whether the physical server room is in the building with the ability of shockproof, windproof and rainproof
Physical access control2The examination and approval control means of entering and leaving the server room and the entrance and exit of the server room need to be attended by special personnel
Theft and vandalism5Evaluate the security of equipment and communication cables in the server room and the anti-theft alarm facilities.
Lightning protection2Evaluate the construction of building lightning protection and induction lightning protection and AC power ground wire
Fire prevention1Evaluate the setting of automatic monitoring fire protection system and the fire-fighting equipment.
Waterproof and damp proof3Evaluate the water pipe setting, rainwater infiltration, condensation and underground water transfer and infiltration in the server room.
Antistatic1Evaluate the anti-corrosion measures of key equipment.
Temperature and humidity control1Evaluate the temperature and humidity control measures of the server room.
Power supply2Evaluate the power supply line voltage stabilization, overvoltage and standby power supply in the server room.
Electromagnetic protection1Evaluate the isolation of power line and communication cable
Total19
Network securityStructural safety4Main verification: the processing capacity of key network equipment, whether the network bandwidth meets the business requirements, whether the network topology is consistent, and whether the subnet is divided.
Access control4Main verification: border network device access control function, system and dial-up access restrictions.
Security audit2Main verification: network equipment log collection, and audit records detailed records.
Boundary integrity check1Main verification: whether it can check the behavior of unauthorized devices connecting to the internal network.
Intrusion Prevention1Main verification: deployment and usage of IDS.
Network equipment protection6Main verification: user identification, administrator login address restriction, user identity uniqueness, password policy, login policy, remote management policy.
Total18
Host securityIdentification5Main verification: user identification method, account and user correspondence, account and password length setting, password change cycle, etc; Login failure handling function settings.
Access control4Main verification: privilege separation of privileged users; Access right of default account; Processing of redundant and overdue accounts.
Security audit4Main verification: coverage of safety audit; Record content integrity; Prevent audit records from being deleted and covered.
Intrusion Prevention1Main verification: operating system component installation and patch upgrade.
Malicious code prevention2Main verification: use and upgrade of anti-virus and malicious code products. Support the unified management of anti malware software.
Resource control3Main verification: terminal login restriction mode and security policy
Total19
Application SecurityIdentification4Main verification: identity identification and authentication, authentication information complexity, login failure processing function and user identity uniqueness check, etc.
Access control4Main verification: independent access control function, minimum required authority and mutual restriction.
Security audit3Main verification: coverage of safety audit; Record content integrity; Prevent audit records from being deleted and covered.
Communication integrity1Main verification: Communication cryptography technology ensures the integrity of data communication process.
Communication confidentiality2Main verification: whether to use cryptographic technology for session initialization verification and encryption of sensitive information in the communication process.
Software fault tolerance2Main verification: data validation; Whether the fault can provide some functions.
Resource control3Main verification: automatic end session function, maximum number of Concurrent Session connections limit, multiple concurrent sessions limit for a single account.
Total19
Data securityData integrity1Main verification: identify the integrity of information and important business data in the transmission process.
Data confidentiality1Main verification: use encryption or other protection measures to identify the storage confidentiality of information.
Backup and recovery2Main verification: backup and recovery of important information; Hardware redundancy of network equipment.
Total4
Safety management systemManagement system3Main verification: overall security strategy construction; Establish safety management system for important management contents in safety activities; Establishment of personnel management operation procedures.
Development and release3Main verification: the establishment of the responsible department for the formulation of the safety management system; Establishment, review and release of safety management system.
Review and revision1Main verification: review and revision of safety management system
Total7
Post setting2Main verification: establishment of safety management posts and clarification of responsibilities.
Staffing2Main verification: staffing of safety management posts.
Authorization and approval2The main verification is to authorize the approval department and the approving person according to the responsibilities of each department and post; The approval process for key activities shall be established and signed by the approval person.
Communication and cooperation2Main verification: communication and cooperation among management personnel, internal organizations and information functional departments; Cooperation and communication among brother units, public security organs and telecommunication companies.
Audit and inspection1Main verification: standardization and implementation of system safety inspection.
Safety management organizationTotal9
Personnel safety managementPersonnel recruitment3Main verification: standardized management of personnel recruitment process; Sign the confidentiality agreement for the employed personnel.
Personnel leaving post3Main verification: control of personnel departure process;
Personnel assessment1Main verification: conduct safety skill and safety cognition assessment for each daring personnel.
Safety awareness education and training3Main verification: formulation and implementation of safety training plan.
Access management of external personnel1Main verification: approval and supervision of external personnel entering important areas. And grade record.
Total11
System construction managementSystem grading3Main verification: whether the security protection level of the information system is clear, and the method and reason for determining the security protection level in written form, to ensure that the grading results are approved by relevant departments.
Security scheme design4Main verification: the overall planning and design of the information security work of the system.
Purchase and use of products3Main verification: purchase and use management measures of information security products in the system.
Self developed software3Main verification: management of self-development of software within the system
Outsourcing software development4Main verification: the quality of outsourcing software to ensure the safety and availability of outsourcing software.
Project implementation2Main verification: implementation of information system engineering.
Test acceptance3Main verification: acceptance of information system engineering.
System delivery3Main verification: delivery of information system engineering.
Security service provider selection3Main verification: selection of relevant security service providers and service management measures in the system.
Total28
System operation and maintenance managementEnvironmental management4Main verification: daily management of server room infrastructure and office environment.
Asset management2Main verification: asset list preservation measures; Establish asset safety management system.
Media management4Main verification: storage, filing, destruction and classified management measures of various media.
Device management4Main verification: management of daily use, operation and maintenance of all kinds of equipment.
Network security management6Main verification: Construction of safety management system and inspection of illegal networking.
System security management6Main verification: system access control, patch, daily vulnerability scanning and audit management.
Malicious code prevention management3Main verification: the management of malicious code detection, analysis and other preventive work.
Password management1Main verification: the institutionalization and implementation of password use.
Change management2Main verification: the institutionalization of change activities and the standardized management before, during and after the change.
Backup and recovery management3Main verification: daily backup management of system data and system recovery management.
Security incident handling4Main verification: the construction of security incident reporting and disposal system and the standardized management of different security incident handling processes.
Emergency plan management2Main verification: formulate emergency plans for different events and train system idlers on emergency plans.
Total41
Total66 items175 indexes

3.2.Level 3

Security CategorySecurity sub-categoryNumber of assessment itemsComments
Physical securitySelection of physical location2Evaluate whether the physical server room is in a building with the ability of shockproof, windproof and rainproof
Physical access control4The examination and approval control means of entering and leaving the server room and the entrance and exit of the server room need to be attended by special personnel
Theft and vandalism6Evaluate the security of equipment and communication cables in the server room and the anti-theft alarm facilities
Lightning protection3Evaluate the construction of building lightning protection and induction lightning protection and AC power ground wire
Fire prevention3Evaluate the setting of automatic monitoring fire protection system and the fire-fighting equipment
Waterproof and damp proof4Evaluate the water pipe setting, rainwater infiltration, condensation and underground water transfer and infiltration in the server room
Antistatic2Evaluate the anti-static measures of main equipment
Temperature and humidity control1Temperature and humidity control measures of assessment room
Power supply4Evaluate the power supply line voltage stabilization, overvoltage and standby power supply in the server room
Electromagnetic protection3Assessment of electromagnetic interference and electromagnetic protection
Total32
Network securityStructural safety7Main verification: processing capacity of main network equipment, whether network bandwidth meets business requirements, whether network topology is consistent, subnet division and isolation, bandwidth priority allocation of important services
Access control8Main verification: border network equipment access control function, system and dial-up access restrictions, information content filtering in and out of the network, maximum network traffic and connections, and measures to prevent address deception
Security audit4Main verification: network equipment log collection, detailed records of audit records, audit report generation and protection measures for audit records
Boundary integrity check2Main verification: whether the unauthorized equipment can be connected to the internal network independently to check, locate and block; Check, locate and block the behavior of internal users’ private external connection
Intrusion Prevention2Main verification: deployment and usage of IDS
Malicious code prevention2Main detection: detection and removal of malicious code at the network boundary
Network equipment protection8Main verification: user identification, administrator login address restriction, user identity uniqueness, password policy, login policy, remote management policy and user authority separation
Total33
Host securityIdentification6Main verification: user authentication method, account and user correspondence, account and password length settings, password change cycle, etc; Login failure handling function settings
Access control7Main verification: privilege separation of privileged users; Access right of default account; Disposal of surplus and overdue accounts
Security audit6Main verification: coverage of safety audit; Record content integrity; Prevent audit records from being deleted and covered
Residual information protection2Main inspection: the clearance of user identification information, system files, directories and data in the storage space
Intrusion Prevention3Main verification: operating system component installation and patch upgrade, intrusion behavior record and alarm, and recovery measures after damage
Malicious code prevention3Main verification: usage and upgrade of anti-virus and malicious code products, unified management of anti malicious code software, and malicious code library different from network anti malicious code products
Resource control5Main verification: terminal login restriction mode and security policy, monitoring server resource usage and minimum alarm measures
Total32
Application SecurityIdentification5Main verification: identity identification and authentication, complexity of user name and password, whether to use two or more combination of authentication technologies, login failure processing function and uniqueness check of user identity
Access control6Main verification: the function of independent access control, the minimum required authority and the relationship of mutual restriction, the function of setting sensitive marks on important information resources and controlling the operation of important information resources with sensitive marks
Security audit4Main verification: coverage of safety audit; Record content integrity; Prevent audit records from being deleted and covered; Functions of security audit statistics, query, analysis and audit report generation
Residual information protection2Main inspection: the clearance of user identification information, system files, directories and data in the storage space
Communication integrity1Main verification: Communication cryptography technology ensures the integrity of data communication process
Communication confidentiality2Main verification: whether to use cryptographic technology for session initialization verification and encrypt the whole message or session process in the communication process
Non-Repudiation2Main inspection: the function of providing primary evidence and receiving evidence of data
Software fault tolerance2Main verification: data validation; Whether it can provide partial function and automatic protection function in case of failure
Resource control7Main verification: automatic end session function, maximum concurrent session connection number limit, multiple concurrent session limit of a single account, maximum and minimum resource allocation of a single account, alarm function of reaching the minimum value, service priority setting function
Total31
Data securityData integrity2Main verification: integrity of user account information and important business data in the transmission process
Data confidentiality2Main verification: use encryption or other protection measures to ensure the storage confidentiality of user account information and important business data
Backup and recovery4Main verification: backup and recovery of important information; Hardware redundancy of network equipment
Total8
Safety management systemManagement system4Main verification: overall security strategy construction; Establish safety management system for important management contents in safety activities; Personnel management operating procedures establish and form a comprehensive information security management system composed of security strategy, management system and operating procedures
Development and release5Main verification: the establishment of the responsible department for the formulation of the safety management system; The formulation, audit and release of safety management system, whether there is a unified format and version control
Review and revision2Main verification: review and revision of safety management system and safety management system
Total11
Safety management organizationPost setting4Main verification: safety management department, post establishment and clear responsibilities
Staffing3Main verification: staffing of safety management posts
Authorization and approval4The main verification is to authorize the approval department and the approving person according to the responsibilities of each department and post; The approval process for important activities shall be established and signed by the examiner
Communication and cooperation5Main verification: communication and cooperation among management personnel, internal organizations and information functional departments; Cooperation and communication among brother units, public security organs and telecommunication companies; Establish contact list of external units and employ information security experts as perennial security consultants
Audit and inspection4Main verification: standardization and implementation of system safety inspection, regular and comprehensive inspection
Total20
Personnel safety managementPersonnel recruitment4Main verification: standardized management of personnel recruitment process; Signing confidentiality agreement for employed personnel; Key post personnel sign post safety agreement
Personnel leaving post3Main verification: personnel departure process control
Personnel assessment3Main verification: carry out safety inspection, strict safety review and skill assessment for all post personnel, and keep assessment results and records
Safety awareness education and training4Main verification: formulation and implementation of safety training plan
External personnel access management2Main verification: approval and supervision of external personnel entering important areas, and filing at different levels
Total16
System construction managementSystem grading4Main verification: whether the information system defines its security protection level and the method and reason for determining the security protection level in written form, ensures that the grading results are approved by relevant departments, and whether experts are organized to demonstrate and approve
Security scheme design5Main verification: the overall planning and design of the system’s information security work
Purchase and use of products4Main verification: purchase and use management measures of information security products in the system
Self developed software5Main verification: management of self software development in the system
Outsourcing software development4Main verification: the quality of outsourcing software, to ensure the safety and availability of outsourcing software
Project implementation3Main verification: implementation of information system engineering
Test acceptance5Main verification: acceptance of information system engineering
System delivery5Main verification: delivery of information system engineering
System record3Main verification: record of information system
Grade assessment4Main verification: assessment and rectification of information system
Security service provider selection3Main verification: selection of relevant security service providers and service management measures in the system
Total45
System operation and maintenance managementEnvironmental management4Main verification: daily management of server room infrastructure and office environment
Asset management4Main verification: asset list preservation measures; Establish asset safety management system, classify and mark assets
Media management6Main verification: establish media security management system, take measures for storage, filing, destruction and classification management of various media, and take encryption measures for data and software in important media
Device management5Main verification: establish equipment maintenance management system to manage the daily use, operation and maintenance of all kinds of equipment
Monitoring management and safety management center3Main inspection: take monitoring and management measures to monitor and alarm the communication line, host, network equipment and application software; Establish a security management center to centrally manage equipment status, malicious code, patch upgrade, security audit and other security related matters
Network security management8Main verification: Construction of safety management system and inspection of illegal networking
System security management7Main verification: system access control, patches, daily vulnerability scanning and audit management
Prevention and management of malicious code4Main verification: the management of malicious code detection, analysis and other preventive work
Password management1Main verification: the institutionalization and implementation of password use
Change management4Main verification: institutionalized construction of change activities and standardized management before, during and after change
Backup and recovery management5Main verification: daily backup management of system data and system recovery management
Security incident handling6Main verification: the construction of security incident reporting and handling system and the standardized management of different security incident handling processes
Emergency plan management5Main verification: formulate emergency plans for different events, train relevant personnel of the system, and conduct regular drills, etc
Total62
Total73 items290 indexes

 

3.3.MLPS高危项目及整改办法

NO.Security CategorySecurity Sub-CategoryLevel-2 rectificationLevel-3 rectificationInvestment
1Physical security1Selection of physical location
22Physical access controlElectronic access controlMedium
33Theft and vandalismVideo monitoring system / burglar alarm systemVideo monitoring system / burglar alarm systemMedium
44Lightning protectionlightning protectorLow
55Fire preventionFire-fighting equipment and automatic fire alarm systemAutomatic fire-fighting systemHigh
66Waterproof and damp proofDehumidifierWaterproof detection and alarmMedium high
77AntistaticAnti-static floorMedium
88Temperature and humidity controlPrecision air conditionerPrecision air conditionerHigh
99power supplyVoltage regulator, overvoltage protection equipment, UPSVoltage regulator, overvoltage protection equipment, UPS, standby power supply systemHigh
1010Electromagnetic protectionElectromagnetic shielding and electromagnetic interference deviceLow
11Network security1Structural safetyCore equipment redundancyMedium
122Access controlBorder firewallBorder firewallMedium high
133Security auditLog audit systemLog audit systemMedium
144Boundary integrity checkPrivate external connection control (terminal security management system)Network access control / private external connection control (terminal security management system)Medium
155Intrusion PreventionIntrusion detection / defense systemIntrusion prevention systemMedium
166Malicious code preventionNetwork anti virus gatewayMedium
177Network equipment protectionNetwork operation and maintenance management system (Jumper machine)Medium
18Host security1IdentificationMulti factor identity authentication systemMedium
192Access controlHost security environment systemMedium
203Security auditLog audit systemLog audit systemMedium
Database audit systemDatabase audit system
214Residual information protectionHost security environment systemMedium
225Intrusion PreventionPatch management system (free WSUS or terminal management system with patch management module)Host intrusion prevention software / patch management system (free WSUS or terminal management system patch management module)Medium
236Malicious code preventionNetwork version antivirus softwareNetwork version anti-virus software (host anti malicious code products should have different malicious code libraries from network anti malicious code products)Medium
247Resource controlSecurity monitoring center host system resource monitoring module
25Application Security1IdentificationMulti factor identity authentication systemMedium
262Access control
273security auditApplication system audit module configurationLog integrated audit system application audit module / application system audit module configurationMedium
284Residual information protection
295Communication integrity
306Communication confidentiality
317Non-RepudiationDigital certificate
328Software fault toleranceWeb Application FirewallWeb application firewall / webpage tamper proof systemMedium
339Resource controlSecurity monitoring center application system resource monitoring moduleMedium
34Data security and backup1Data integrityData transmission integrity protection / data storage integrity protection (data security protection system)Medium
352Data confidentialityData transmission encryption / data storage encryption (data security protection system)Medium
363Backup and recoveryLocal data backup and recovery system (full backup once a day), communication line and hardware redundancy, remote data backup and network structure redundancyHigh
37System operation and maintenance management1Monitoring management and safety management centerEnvironmental monitoring system (such as power distribution, UPS, air conditioning, temperature and humidity, water leakage, smoke, video, access control, fire protection system, etc.)Medium
382Safety monitoring center (such as: monitoring and alarming of communication line, host, network equipment and application software, network traffic, user behavior, etc.)Medium
393Security Management Center (such as centralized management of equipment status, malicious code, patch upgrade, security audit and other security related matters)Medium
SummaryThere are 66 assessment items and 175 assessment indexesThere are 73 assessment items and 290 assessment indexes

 

4.总结

根据我们的经验,大多数没有任何web服务的中小企业制造商将处理/收集民用信息或为公众服务,通过MLPS二级评估没有问题。他们中的大多数都有内部系统,如MES/ERP,专门用于内部使用,并且已经具有强大的身份验证和安全方法。如果所有的高风险项目都被涵盖,那么通过它将不会是一个适当的报告的问题。中小企业生产企业无需申请三级,其成本仅为评估成本,收益较少。

对于无法通过评估的网络/主机项目,如防火墙/杀毒软件在现代IT环境中被广泛部署,特别是对于外商独资企业。IDS/IPS功能通常集成在防火墙系统中;日志审计器可以被任何syslog服务器确认。由于该品牌/型号目前未被列入白名单/黑名单。任何类似的设备都可以实现该功能。

在物理方面,没有良好服务器机房环境的中小企业,基于云的环境,如微软Azure 21Vnet,中国电信云/iDC已经通过MLPS认证。如果有环境监控系统对UPS电池、温度、湿度进行监控,将会有所帮助。

对于管理方面,已经编写好的灾难恢复计划将是最有帮助的,不仅对通过MLPS,而且对其自身的业务连续性也是如此。

5.Annex

1.Annex1_SelfGrading_网络安全等级保护定级报告

2.Annex2_MLPS_RecordForm网络安全等级保护备案表

3.Annex3_MLPS_Application_Form网络安全等级保护定级评审申请表

4.Annex4_ManagementDocumentation_网络运营单位中心机房安全管理制度