PDF(238 KB)
PDF(238 KB)
PDF(238 KB)
网络安全审查制度研究及建议
Research on a Cybersecurity Review System with Suggestions
网络安全作为国家安全的一部分,其安全检查与评估所依循的规章制度分布在国家安全审查或网络空间管理的政策制度中。本文着眼于国际上现行的网络安全审查相关制度,重点分析各国在信息技术产品和服务安全评估、关键信息基础设施安全评估与管理、供应链安全和背景安全调查等方面的做法,从法律法规、组织体系、运行模式、审查方法和支撑技术等方面研究建立我国的网络安全审查制度。
Cybersecurity is part of national security. The rules and regulations for security testing and evaluation are distributed as policies for national security review or cyberspace management. This paper focuses on the current international systems related to cybersecurity review, and analyzes governments’ practices in the aspects of information technology product and service security evaluation, critical information infrastructure security evaluation and management, information and communication technology (ICT) supply chain security, and background security investigation. Based on the above, this paper discusses how to establish a cybersecurity review system in the fields of law and regulation, organization framework, operation mode, review approach, and supporting technology.
网络安全审查 / 信息技术产品和服务 / 关键信息基础设施 / 供应链安全 / 背景安全
cybersecurity review / information technology product and service / critical information infrastructure / supply chain security / background security
| [1] |
General Services Administration (GSA), U.S. Department of Defense (DoD), National Aeronautics and Space Administration (NASA). Federal acquisition regulation (FAR), FAC 2005_91 [Z/OL]. (2016-09-29) [2016-10-12].
|
| [2] |
U.S. Congress. Public law 110–49 :Foreign investment and national security act of 2007(FINSA) [Z/OL].
|
| [3] |
Peterson Institute for International Economics. The Exon-Florio amendment [Z/OL].
|
| [4] |
U.S. Department of Homeland Security. Federal information security management act (FISMA) [Z/OL]. (2016-10-03) [2016-10-12].
|
| [5] |
National Institute of Standards and Technology (NIST) [EB/OL]. [2016-10-12].
|
| [6] |
Office of Management and Budget (OMB) [EB/OL]. [2016-10-12].
|
| [7] |
The committee on foreign investment in the United States (CFIUS) [EB/OL]. [2016-10-12].
|
| [8] |
Rogers M, Ruppersberger D. Investigative report on the U.S. national security issues posed by Chinese telecommunications companies Huawei and ZTE [J]. Journal of Current Issues in Media & Telecommunications, 2012,4(2):59.
|
| [9] |
National Information Assurance Partnership (NIAP) [EB/OL]. [2016-10-12].
|
| [10] |
NIAP. CCEVS objectives[EB/OL]. [2016-10-12].
|
| [11] |
Communications-Electronics Security Group (CESG) [EB/OL]. (2012-05-14) [2016-10-12].
|
| [12] |
Federal Risk and Authorization Management Program (FedRAMP) [EB/OL]. (2016-10-05) [2016-10-12].
|
| [13] |
U.S. Department of Homeland Security (DHS) [EB/OL]. [2016-10-12].
|
| [14] |
U.S. Department of Homeland Security. Homeland security presidential directive 7: critical infrastructure identification, prioritization, and protection [EB/OL]. (2015-09-22) [2016-10-12].
|
| [15] |
The White House. Executive order - Improving critical infrastructure cybersecurity [EB/OL]. (2013-02-12) [2016-10-12].
|
| [16] |
U.S. Department of Homeland Security. Strategy to enhance international supply chain security (July 2007)[EB/OL]. (2015-07-14) [2016-10-12].
|
| [17] |
Cyber Security and Information Assurance Interagency Working Group (CSIA IWG). Federal plan for cyber security and information assurance research and development [R]. Washington, DC: CSIA IWG, 2006.
|
| [18] |
The White House. The comprehensive national cybersecurity initiative [EB/OL]. [2016-10-12].
|
| [19] |
National Institute of Standard Technology. Standards for security categorization of federal information and information systems, FIPS PUB 199 [S].
|
| [20] |
National Institute of Standard Technology. Minimum security requirements for federal information and information systems, FIPS PUB 200[S].
|
| [21] |
National Institute of Standard Technology. Summary of NIST SP 800-53 revision 4, security and privacy controls for federal information systems and organizations[S].
|
| [22] |
National Institute of Standard Technology. Guideline for identifying an information system as a national security system, SP 800-59[S].
|
| [23] |
National Institute of Standard Technology. Guide for mapping types of information and information systems to security categories, SP 800-60 [S].
|
| [24] |
U.S. Office of Personnel Management (OPM) [EB/OL]. [2016-10-12].
|
| [25] |
Farrell B S. Personal Security Clearances: Actions needed to ensure quality of background investigations and resulting decisions [R]. Washington, DC: U.S. Government Accountability Office, 2014.
|
| [26] |
Federal Investigative Services. The security clearance and investigation process [R/OL]. Washington, DC: U.
|
| [27] |
U.S. Office of Personnel Management. Questionnaire for national security positions, OMB No. 3206 0005[Z/OL].
|
| [28] |
U.S. Office of Personnel Management. Questionnaire for non-sensitive positions, OMB No. 3206-0261 [Z/OL].
|
/
| 〈 |
|
〉 |
