T-GDIS 003—2023 信息安全技术互联网应用系统安全能力成熟度模型

信息安全技术互联网应用系统安全能力成熟度模型 Information security technology —Internet application system security capability maturity model ICS 35.240 CCS L80 团体标准 T/GDIS 003—2023 2023-04-20发布 2023-05-01实施广东省互联网协会发布全国团体标准信息平台 T/GDIS 003—2023 1 目次前言 ................................ ................................ ................. 6 1 范围 ................................ ................................ ................. 7 2 规范性引用文件 ................................ ................................ .......7 3 术语、定义 ................................ ................................ ........... 7 3.1 术语和定义 ................................ ................................ .......7 3.1.1 互联网应用系统 Internet application system ................................ ..7 3.1.2 互联网应用系统安全能力 Internet application system security capability .......7 3.1.3 成熟度 maturity ................................ ............................. 7 3.1.4 成熟度模型 maturity model ................................ ................... 7 3.1.5 安全过程域 security process area ................................ ............. 7 3.1.6 基本实践 base practices ................................ ...................... 8 3.1.7 通用实践 generic practices ................................ ................... 8 3.1.8 核心保护对象 core protected object ................................ .......... 8 4 缩略语 ................................ ................................ ............... 8 5 互联网应用系统安全能力成熟度模型架构 ................................ ................. 8 5.1 能力成熟度模型架构 ................................ ............................... 8 5.2 能力要素维度 ................................ ................................ .....9 5.2.1 能力构成 ................................ ................................ .....9 5.2.2 机构建设 ................................ ................................ .....9 5.2.3 制度流程 ................................ ................................ .....9 5.2.4 技术工具 ................................ ................................ .....9 5.2.5 人员能力 ................................ ................................ .....9 5.3 能力成熟度等级维度 ................................ ............................... 9 5.4 能力建设过程维度 ................................ ................................ 10 5.4.1 PA体系 ................................ ................................ ......10 5.4.2 编码规则 ................................ ................................ ....11 5.4.3 关系描述 ................................ ................................ ....11 6 核心保护对象安全 ................................ ................................ ....12 6.1 通信安全 ................................ ................................ ........ 12 6.1.1 PA01网络架构 ................................ ................................ 12 6.1.1.1 PA描述 ................................ ................................ ....12 6.1.1.2 等级描述 ................................ ................................ ..12 6.1.2 PA02通信传输 ................................ ................................ 12 6.1.2.1 PA描述 ................................ ................................ ....12 6.1.2.2 等级描述 ................................ ................................ ..13 6.1.3 PA03可信验证 ................................ ................................ 13 6.1.3.1 PA描述 ................................ ................................ ....13 全国团体标准信息平台 T/GDIS 003—2023 2 6.1.3.2 等级描述 ................................ ................................ ..13 6.2 网络边界安全 ................................ ................................ ....14 6.2.1 PA04安全区域划分 ................................ ............................ 14 6.2.1.1 PA描述 ................................ ................................ ....14 6.2.1.2 等级描述 ................................ ................................ ..14 6.2.2 PA05网络边界防护 ................