2016年 第18卷 第6期
《中国工程科学》 >> 2016年 第18卷 第6期 doi: 10.15302/J-SSCAE-2016.06.008
网络安全审查制度研究及建议
1. 中国网络空间研究院,北京 100010;
2. 中国信息安全评测中心,北京 100085;
3. 中国科学院计算技术研究所,北京 100190;
4. 中国科学院信息工程研究所,北京 100093
下一篇 上一篇
摘要
网络安全作为国家安全的一部分,其安全检查与评估所依循的规章制度分布在国家安全审查或网络空间管理的政策制度中。本文着眼于国际上现行的网络安全审查相关制度,重点分析各国在信息技术产品和服务安全评估、关键信息基础设施安全评估与管理、供应链安全和背景安全调查等方面的做法,从法律法规、组织体系、运行模式、审查方法和支撑技术等方面研究建立我国的网络安全审查制度。
参考文献
[ 1 ] General Services Administration (GSA), U.S. Department of Defense (DoD), National Aeronautics and Space Administration (NASA). Federal acquisition regulation (FAR), FAC 2005_91 [Z/OL]. (2016-09-29) [2016-10-12].
[ 2 ] U.S. Congress. Public law 110–49 :Foreign investment and national security act of 2007(FINSA) [Z/OL].
[ 3 ] Peterson Institute for International Economics. The Exon-Florio amendment [Z/OL].
[ 4 ] U.S. Department of Homeland Security. Federal information security management act (FISMA) [Z/OL]. (2016-10-03) [2016-10-12].
[ 5 ] National Institute of Standards and Technology (NIST) [EB/OL]. [2016-10-12].
[ 6 ] Office of Management and Budget (OMB) [EB/OL]. [2016-10-12].
[ 7 ] The committee on foreign investment in the United States (CFIUS) [EB/OL]. [2016-10-12]. 链接1
[ 8 ] Rogers M, Ruppersberger D. Investigative report on the U.S. national security issues posed by Chinese telecommunications companies Huawei and ZTE [J]. Journal of Current Issues in Media & Telecommunications, 2012,4(2):59.
[ 9 ] National Information Assurance Partnership (NIAP) [EB/OL]. [2016-10-12].
[10] NIAP. CCEVS objectives[EB/OL]. [2016-10-12].
[11] Communications-Electronics Security Group (CESG) [EB/OL]. (2012-05-14) [2016-10-12].
[12] Federal Risk and Authorization Management Program (FedRAMP) [EB/OL]. (2016-10-05) [2016-10-12].
[13] U.S. Department of Homeland Security (DHS) [EB/OL]. [2016-10-12].
[14] U.S. Department of Homeland Security. Homeland security presidential directive 7: critical infrastructure identification, prioritization, and protection [EB/OL]. (2015-09-22) [2016-10-12].
[15] The White House. Executive order - Improving critical infrastructure cybersecurity [EB/OL]. (2013-02-12) [2016-10-12]. 链接1
[16] U.S. Department of Homeland Security. Strategy to enhance international supply chain security (July 2007)[EB/OL]. (2015-07-14) [2016-10-12].
[17] Cyber Security and Information Assurance Interagency Working Group (CSIA IWG). Federal plan for cyber security and information assurance research and development [R]. Washington, DC: CSIA IWG, 2006.
[18] The White House. The comprehensive national cybersecurity initiative [EB/OL]. [2016-10-12].
[19] National Institute of Standard Technology. Standards for security categorization of federal information and information systems, FIPS PUB 199 [S].
[20] National Institute of Standard Technology. Minimum security requirements for federal information and information systems, FIPS PUB 200[S].
[21] National Institute of Standard Technology. Summary of NIST SP 800-53 revision 4, security and privacy controls for federal information systems and organizations[S].
[22] National Institute of Standard Technology. Guideline for identifying an information system as a national security system, SP 800-59[S].
[23] National Institute of Standard Technology. Guide for mapping types of information and information systems to security categories, SP 800-60 [S].
[24] U.S. Office of Personnel Management (OPM) [EB/OL]. [2016-10-12].
[25] Farrell B S. Personal Security Clearances: Actions needed to ensure quality of background investigations and resulting decisions [R]. Washington, DC: U.S. Government Accountability Office, 2014.
[26] Federal Investigative Services. The security clearance and investigation process [R/OL]. Washington, DC: U.
[27] U.S. Office of Personnel Management. Questionnaire for national security positions, OMB No. 3206 0005[Z/OL].
[28] U.S. Office of Personnel Management. Questionnaire for non-sensitive positions, OMB No. 3206-0261 [Z/OL].
京公网安备 11010502051620号
