How many levels of information security protection are there?

The three-level security system means that the information system will cause serious damage to social order and public interests, or damage to national security.

Information security level protection is a kind of work to protect information and information carriers according to their importance, which exists in many countries such as China and the United States. In China, information security level protection is broadly defined as the security work of standards, products, systems and information of works according to the idea of level protection; In a narrow sense, it generally refers to the security level protection of information systems.

Grade protection standard system

The standard system of computer information system security level protection includes: information system security level classification standard, level equipment standard, level construction standard, level management standard, etc. This is an important basis for implementing the hierarchical protection system.

Level III: Protection level of safety signs

This level of computer information system trusted computing foundation has all the functions of system audit protection level. In addition, it also provides an informal description of the security policy model, data marking and the subject's mandatory access control to the object. Have the ability to accurately mark the output information; Eliminate any errors found through testing.

discretionary access control,dac

> The trusted computing foundation of computer information system defines and controls the access of named users to named objects in the system. Implementation mechanisms (such as access control lists) allow named users to define and control the sharing of objects as users and/or user groups; Prevent unauthorized users from reading sensitive information. And control that expansion of access right. The discretionary access control mechanism prevents unauthorized users from accessing the object according to the user-specified mode or the default mode. The granularity of access control is a single user. Users without access rights can only specify the access rights of authorized users to objects. Prevent unauthorized users from reading sensitive information.

Mandatory access control

> The trusted computing foundation of computer information system implements mandatory access control for all subjects and their controlled objects (such as processes, files, segments and devices). Specify sensitive tags for these subjects and objects. These marks are the combination of hierarchical classification and non-hierarchical classification, and are the basis for implementing mandatory access control. The trusted computing foundation of computer information system supports the security level composed of two or more components. The access rights of all subjects to the objects controlled by the trusted computing foundation of the computer information system should meet the following requirements: only when the hierarchical classification in the subject's security level is higher than or equal to the hierarchical classification in the object's security level, and the non-hierarchical classification in the subject's security level includes all the non-hierarchical classifications in the object's security level, can the subject read the object; Only when the hierarchical classification in the subject security level is lower than or equal to the hierarchical classification in the object security level, and the non-hierarchical categories in the subject security level are included in the non-hierarchical categories in the object security level, can the subject write the object. The trusted computing foundation of computer information system uses identity and authentication data to authenticate the identity of users, so as to ensure that the security level and authorization of the external subject of the trusted computing foundation of computer information system created by users are controlled by the security level and authorization of users.