亚洲不卡一区二区av,国产精品乱一区二区三区,另类亚洲综合区图片小说区,99人妻精品日韩欧美一区二区`

GB/T 37972-2019

Information security technology—Operation supervision framework of cloud computing service (English Version)

GB/T 37972-2019
Standard No.
GB/T 37972-2019
Language
Chinese, Available in English version
Release Date
2019
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest
GB/T 37972-2019
Scope
It defines the regulatory framework for cloud computing service operations, specifies the content and regulatory activities for security control measures, change management, and emergency response, and provides suggestions for implementing operational supervision. It is applicable to the operational supervision of cloud computing services used by government departments, and can also be used as a reference for key industries and other enterprises and institutions when using cloud computing services.
Introduction

GB/T 37972—2019 Standard Overview

With the vigorous development of cloud computing technology, the demand for cloud computing services in government departments and key industries is increasing. In order to ensure that cloud service customers can use cloud computing services safely and that the security capabilities of cloud service providers meet the requirements of relevant national standards, GB/T 37972—2019 "Information Security Technology Cloud Computing Service Operation Supervision Framework" came into being. Based on GB/T 31167—2014 and GB/T 31168—2014, this standard regulates the relevant responsibilities and supervision contents of cloud service customers in government departments during the use of cloud computing services, and proposes an operation supervision framework, process and methods.

Standard Development Background and Technology Evolution Analysis

As an emerging information technology service model, the rapid development of cloud computing has brought many security challenges. When adopting cloud computing services, government departments and key industries must ensure that the operation quality and security status of the cloud platform comply with relevant laws, regulations and policy requirements. The background of the formulation of GB/T 37972—2019 can be traced back to the following aspects:

  • The rapid development of cloud computing technology and its widespread application.
  • Government departments have increasingly urgent security needs for cloud computing services.
  • Based on the existing standard system (such as GB/T 31167 and GB/T 31168), further refine the regulatory requirements.

Cloud computing service operation regulatory framework

Dimensions Content Overview Standard Requirements
Regulatory Purpose Ensure that cloud computing services continue to meet relevant national laws, regulations and standards, and ensure that security risks are controllable. GB/T 37972—2019
Framework Structure Based on the operation supervision requirements of national standards, the responsibilities of cloud service providers and operation supervisors are clarified. GB/T 31167—2014 & GB/T 31168—2014
Main Roles Cloud service providers and operation supervisors shall bear different responsibilities. Appendix A, B

Security Control Measures Supervision

Security control measures are one of the core contents of cloud computing service operation supervision, covering multiple aspects such as system development and supply chain security, system and communication protection, and access control. Cloud service providers need to ensure the effectiveness of these measures and submit relevant deliverables to the operation regulator on a regular basis.

Change management supervision

Change management involves supervision of major changes to the cloud computing platform, including hardware replacement, software upgrades, etc. A security impact analysis must be conducted before the change is implemented, and a detailed report must be provided to the operation regulator.

Emergency response supervision

Emergency response is a key measure to respond to security incidents. Cloud service providers need to initiate emergency procedures in a timely manner when potential threats are detected and form complete emergency response deliverables.

Implementation recommendations

Actual application case analysis

After adopting cloud computing services, a government agency established a complete operation supervision system in accordance with the GB/T 37972-2019 standard. By implementing security control measures, change management and emergency response mechanisms, the security and stability of the cloud platform have been significantly improved.

GB/T 37972-2019 Referenced Document

  • GB/T 31167-2014 Information security technology.Security guide of cloud computing services
  • GB/T 31168-2014 Information security technology.Security capability requirements of cloud computing services

GB/T 37972-2019 history

  • 2019 GB/T 37972-2019 Information security technology—Operation supervision framework of cloud computing service


Copyright ?2007-2025 ANTPEDIA, All Rights Reserved