The Cybersecurity Latw of the People's Republic of China was formally implementedon June 1, 2017, which clearly stipulated that the State shall implement the system ofclassified protection of cybersecurity, and proposed that the eritical informationinfrastructure shall be specifically protected on the basis of the cybersecurity classifiedclassified protection system, the Cybersecurity Bureau under the Ministry of Public Securityhas organized the technical support units of cybersecurity classified protection to upgrade andrevise the standard system of the multi-level security protection and issued a series of much-needed national standards related to classified protection of cybersecurity, such asInformation Security Technology-Baseline for Classified Protection of Cybersecurity(GB/T 22239-2019).
Among them, GB/T 22239-2019 is the core standard to guide users to carry outsecurity development rectification, classified evaluation of classified protection ofcybersecurity. The correct understanding and use of this standard is the basis for the smoothdeployment of cybersecurity classified protection work under the new situation. TheCybersecurity Bureau under the Ministry of Public Security organized and formed anapplication guide drafting group consists of several excellent evaluation agencies andcybersecurity product and solution providers. This set of application guide series is compiledfor users' reference from standard terms interpretation, related products and services, andapplication scenarios. This book interprets in detail the content of the extended securityrequirements in the GB/T 22239-2019 in the hope that readers can better understand andcomprehend the new standard content of cybersecurity classified protection 2.0, and carryout the development and rectification work of cybersecurity classified protection. For adetailed interpretation of the general security requirements section in the GB/T 22239-2019, please refer to other relevant books, Due to the limited knowledge of the authors,there are inevitably some inadequacies in this book,please feel free to kindly provide yourfeedback and correction.

Part 1 General Security Requirement
Chapter 1 Basic Concepts of Cybersecurity Classified Protection
1.1 General Security Requirements
1.2 Objects of Classified Protection
1.3 Security Protection Level
1.4 Security Protection Capability
1.5 Security Control Points and Security Requirements
Chapter 2 General Introduction of the Baseline for Classified Protection of Cybersecurity
2.1 Frame Structure
2.2 General Security Requirements and Extended Security Requirements
2.2.1 General Security Requirements
2.2.2 Extended Security Requirements
2.3 Differences and Key Points of Each Level
2.3.1 Security Physical Environment
2.3.2 Security Communication Network
2.3.3 Security Area Boundary
2.3.4 Security Computing Environment
2.3.5 Security Management Center
2.3.6 Security Management System
2.3.7 Security Management Organization
2.3.8 Security Management Personnel
2.3.9 Security Development Management
2.3.10 Security Operation and Maintenance Management
Chapter 3 Interpretation on the Security General Requirement of Level I and Level ][
3.1 Security Physical Environment
3.1.1 Physical Location Selection
3.1.2 Physical Access Control
3.1.3 Theft and Vandalism Protection
3.1.4 Lightning Protection
3.1.5 Fire Prevention
3.1.6 Water and Moisture Proof
3.1.7 Anti-static
3.1.8 Temperature and Moisture Control
3.1.9 Power Supply
3.1.10 Electromagnetic Protection
3.2 Security Communication Network
3.2.1 Network Architecture
3.2.2 Communication Transmission
3.2.3 Trusted Verification
3.3 Security Area Boundary
3.3.1 Border Protection
3.3.2 Access Control
3.3.3 Intrusion Prevention
3.3.4 Malicious Code Prevention
3.3.5 Security Audit
3.3.6 Trusted Verification
3.4 Security Computing Environment
3.4.1 Network Equipment
3.4.2 Security Equipment
3.4.3 Servers and Terminals
3.4.4 Business Application System
3.4.5 Data Security
3.5 Security Management Center
3.5.1 System Management
3.5.2 Audit Management
3.6 Security Management System
3.6.1 Security Policy
3.6.2 Management System
3.6.3 Development and Release
3.6.4 Review and Revision
3.7 Security Management Organization
3.7.1 Post Setting
3.7.2 Staffing
3.7.3 Authorization and Approval
3.7.4 Communication and Cooperation
3.7.5 Audit and Inspection
3.8 Security Management Personnel
……
Part 2 Extended Security Requirement