GB/T 35274-2023
Information Security Technology Big Data Service Security Capability Requirements (English Version)
- Standard No.
- GB/T 35274-2023
- Language
- Chinese, Available in English version
- Release Date
- 2023
- Published By
- General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
- Latest
- GB/T 35274-2023
- Replace
- GB/T 35274-2017
- Scope
- This document specifies the big data service security capability requirements for big data service providers, including requirements for big data organization management security capability, big data processing security capability, and big data service security risk management capability. It is applicable to guiding the big data service security capability construction of big data service providers and the assessment work of third-party assessment agencies.
- Introduction
Standard Evolution and Core Changes
GB/T 35274—2023 is the replacement standard for the 2017 version. The main technical changes are reflected in:
Dimensions 2017 version 2023 version Terminology system 5 terms (data life cycle, etc.) 11 new terms (data processing, etc.) Framework structure 6 chapters such as service planning management Reorganized into 3 major capability systems Compliance requirements Basic requirements Deep integration of the "Data Security Law" and the "Personal Information Protection Law"
Big data organization and management security capabilities
5.1 Policies and procedures
Requires the establishment of 10 core systems:
- Data supply chain security management requires written agreement on 6 elements (purpose, scope, etc.)
- Machine-readable policy enforcement mechanism realizes automated compliance review
Big data processing security capabilities
Data protection throughout the entire life cycle
Hadoop platform implementation case:
- Use a two-factor authentication channel in the collection phase
- Storage architecture implements dual active-active in the same city + disaster recovery in different locations
- The destruction operation meets the irreversible deletion requirement
Implementation suggestions
Compliance construction path
Phase Work content Period Gap analysis Evaluate each of the 104 requirements of the standard 2-4 weeks System design Formulate three major capacity building plans 4-8 weeks Technical implementation Deploy tools such as data classification and grading 12-24 weeks
GB/T 35274-2023 Referenced Document
- GB/T 25069-2022 Information security techniques—Terminology
- GB/T 35273-2020 Information security technology—Personal information security specification
- GB/T 35295-2017 Information technology—Big data—Terminology
GB/T 35274-2023 history
- 2023 GB/T 35274-2023 Information Security Technology Big Data Service Security Capability Requirements
- 2017 GB/T 35274-2017 Information security technology—Security capability requirements for big data services