摘要
介绍了国家标准《云计算服务安全能力要求》的编制背景、用途和适用范围,分析了标准编制原则,梳理了系统开发与供应链安全、系统与通信保护、访问控制等十类重点安全问题,解释并总结了标准遇到的安全措施实施责任等新问题及安全计划模版等创新点,以加强对该标准的理解。
This paper introduces the background and purpose as well as application scope of National Standard "Security capability requirements of cloud computing services", analyzes the development principles, and describes ten major security categories including system development and supply chain security, system and communication protection, access control and etc. Furthermore, this paper explains and summarizes the new problems and innovative points of the standard to enhance its understanding, including safety measures implementation responsibility, safety plan template, and etc.
出处
《信息技术与标准化》
2014年第8期58-61,共4页
Information Technology & Standardization
关键词
国家标准
网络安全审查
云计算服务
安全能力
national standard
cyber-security review
cloud computing services
security capabilities
