网络安全能力成熟度标准与机制建设综述

Review on Standards and Mechanism for Cybersecurity Capability Maturity

通过系统梳理美国网络安全能力成熟度相关政策与标准现状,并重点对比分析美国能源部和国防部分别实施网络安全能力成熟度评估的政策背景、实施目的和标准依据,基于我国在数据安全、工控安全等领域网络安全能力成熟度标准研究成果,为网络安全能力成熟度相关标准制定与机制建设提供参考。

This paper reviews the current status of policies and standards related to cybersecurity capability maturity in the United States,compares and analyzes the cybersecurity capability maturity assessment carried out by the United States Department of Energy(DOE)and Department of Defense(DOD),including policy background,implementation purpose and standards.Based on Chinese achievements of cybersecurity capability maturity standards in the fields of data security and industrial control security,this paper provides reference for the cybersecurity capability maturity standards and mechanism construction.