GB/Z 24294.1-2018

Information security technology—Guide of implementation for internet-basede-government information security—Part 1:General (English Version)

GB/Z 24294.1-2018
Standard No.
GB/Z 24294.1-2018
Language
Chinese, Available in English version
Release Date
2018
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest
GB/Z 24294.1-2018
Replace
GB/Z 24294-2009
Scope
This section provides an information security reference model for e-government based on the Internet, constructs an information security technology system for e-government based on the Internet, and provides guidance on the implementation principles, implementation framework, implementation key technologies and risk assessment of the system. It provides specifications for building an information security assurance architecture for e-government based on the Internet and establishing an information security system for e-government based on the Internet. This section is applicable to organizations that do not have an e-government external network dedicated line or do not have the conditions to rent a communication network dedicated line, and carry out e-government information security construction that does not involve state secrets based on the Internet, and provide management and technical references for managers, engineering and technical personnel, and information security product providers to carry out information security construction. If it involves state secrets, or the stored, processed, and transmitted information may involve state secrets after aggregation, it shall be implemented in accordance with national confidentiality regulations and standards.
Introduction

Standard Evolution and Core Changes

Version Comparison Dimensions GB/Z 24294-2009 GB/Z 24294.1-2018
Model Framework No complete reference model has been established New PIDDE five-stage security reference model
Technical System Basic Technical Architecture Reconstructed into 8 major technical subsystems
Mobile Office No special provisions New mobile terminal security adaptation specification

PIDDE security reference model analysis

The PIDDE model proposed in the standard constitutes a closed-loop process for e-government security construction:

  1. Policy: Contains 5 types of management policies and entity-oriented instance policies
  2. Identify: Clarify the protection objects through government system identification (office/service) and information classification (sensitive/public)
  3. Design: Build 8 major technical subsystems based on PKI
  4. Implementation: Build three major platforms (network/office/service platform)
  5. Evaluate: 6-stage risk assessment process

Security Technology System Architecture

The standard-built layered protection system includes:

  • Infrastructure layer: PKI provides digital certificate services
  • Network protection layer: VPN/firewall to achieve boundary isolation
  • Regional security layer: intrusion detection + web page anti-tampering and other technologies
  • Application security layer: unified authentication and authorization system

Comparison of typical implementation architectures

Implementation mode Data centralized Data distributed Mobile office
Core features Physical concentration + logical isolation Hierarchical VPN tunnel interconnection Wireless terminal security adaptation
Applicable scenarios Municipal data center County and township decentralized deployment Mobile government scenarios

Key implementation links

Four core principles emphasized by the standard:

  1. Domain-based prevention and control: Divide internal/public data processing domains
  2. Unified authentication: Support strong authentication with digital certificates
  3. Secure exchange: File/database level controlled exchange
  4. Terminal protection: Basic/enhanced/mobile modes

Risk assessment methodology

Based on GB/T 20984 Establish a 6-stage assessment process:

  1. Customer interview (threat identification)
  2. Document verification (system compliance)
  3. Solution analysis (design rationality)
  4. Implementation verification (construction compliance)
  5. Tool detection (vulnerability scanning)
  6. Conclusion output (corrective suggestions)

GB/Z 24294.1-2018 Referenced Document

  • GB/T 20984-2007 Information Security Technology Information Security Risk Assessment Specification
  • GB/T 30278-2013 Information security technology.Chinese government desktop core configuration specifications
  • GB/T 31167-2014 Information security technology.Security guide of cloud computing services

GB/Z 24294.1-2018 history

  • 2018 GB/Z 24294.1-2018 Information security technology—Guide of implementation for internet-basede-government information security—Part 1:General
  • 2009 GB/Z 24294-2009 Information security technology.Guide of implementation for internet-based E-government inoformation security

GB/Z 24294.1-2018 Information security technology—Guide of implementation for internet-basede-government information security—Part 1:General has been changed from GB/Z 24294-2009 Information security technology.Guide of implementation for internet-based E-government inoformation security.



Copyright ©2007-2025 ANTPEDIA, All Rights Reserved