The new version of "Network Security Review Measures" will be implemented on February 15, and Palladium has built a strong data security defense line!-Hangzhou pldsec Network Technology Co

The new version of "Network Security Review Measures" will be implemented on February 15, and Palladium has built a strong data security defense line!

Release time： 2022.02.15 | Source：帕拉迪

From February 15, 2022, the Cybersecurity Review Measures (hereinafter referred to as the Measures) jointly revised and issued by thirteen departments including the Cyberspace Administration of China will come into effect.

1. The revision process

With the development of the digital economy, the impact of data security on national security continues to rise. Objectively, data security needs to be considered as a key consideration in cybersecurity review.

June 1, 2020

Cybersecurity review is an important legal system in the field of cybersecurity. Since its implementation on June 1, 2020, the original "Measures for Cybersecurity Review" has played an important role in ensuring the security of the critical information infrastructure supply chain and maintaining national security.

July 10, 2021

In order to implement the requirements of laws and regulations such as the "Data Security Law", the Cyberspace Administration of China, together with relevant departments, revised the "Measures for Cybersecurity Review", and issued the "Measures for Cybersecurity Review (Draft for Comments) on July 10, 2021." ", soliciting opinions from the community.

January 4, 2022

On January 4, 2022, the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of National Security, the Ministry of Finance, the Ministry of Commerce, the People's Bank of China, the State Administration for Market Regulation, the National Radio and Television Thirteen departments including the State Administration of Taxation, the China Securities Regulatory Commission, the State Secrecy Administration, and the State Cryptography Administration jointly revised and issued the "Measures for Cybersecurity Review", which will come into force on February 15, 2022.

February 15, 2022

The "Measures for Cybersecurity Review" will come into effect on February 15, 2022.

2. Key Interpretation of the Contents of the Measures

1. Data security and critical information infrastructure security have become the focus of attention

The Measures not only pay attention to the security of data processing activities, but also pay attention to the supply chain security of critical information infrastructure, that is, the security of the network products and services they purchase.

For enterprises as critical information infrastructure operators, before purchasing products and services from network product and service providers, enterprises need to predict the national security risks that the purchased network products and services may bring. If it affects or may affect national security, a cybersecurity review shall be reported to the Cybersecurity Review Office.

2. The Measures emphasize important data security risks

Article 10 of the "Measures" stipulates the national security risk factors that the network security review will focus on assessing, including "(5) the risk of core data, important data or a large amount of personal information being stolen, leaked, damaged, illegally used, or illegally exiting the country; ( 6) There is a risk that key information infrastructure, core data, important data or a large amount of personal information will be influenced, controlled, or maliciously used by foreign governments in the listing, as well as network information security risks”.

At present, the definition of important data is not clear, but Article 21 of the "Data Security Law" stipulates that "the national data security work coordination mechanism will coordinate relevant departments to formulate important data catalogs and strengthen the protection of important data", "all regions and departments". According to the data classification and grading protection system, the specific catalogue of important data in the region, the department, and related industries and fields should be determined, and the data included in the catalogue should be protected.” To avoid the risk of cybersecurity review, network platform operators should continue to track The formulation of relevant regulations and standards, actively identify the important data of the organization, strengthen the risk assessment of important data processing activities and the protection of important data.

When focusing on the protection of national core data and important data, the choice of database security products is particularly important. Palladium database security operation and maintenance treasure (abbreviation: DIM) is based on the "zero trust" security model, from personnel security authentication, application access control, database compliance login, operation and maintenance authority governance, work order process system, operation and maintenance operation audit, etc. In terms of comprehensive support for database operation and maintenance security management and database leakage prevention, it meets the requirements of database operation and maintenance security internal control and various laws and regulations, and finally solves the security governance, account risk control, transmission channel management and in-depth access control on the database operation and maintenance side. And the problem of database operation and maintenance authority governance.

3. Enterprises should improve safety awareness and actively report and review

According to Article 11 of the National Security Law of the People's Republic of China, citizens of the People's Republic of China, all state organs and armed forces, all political parties and people's organizations, enterprises, institutions and other social organizations have the responsibility and obligation to safeguard national security .

As part of the main body responsible for national security, network platform operators need to strengthen the main body responsibility awareness of national security to prevent the risks brought by listing to national security; the second is to master key information infrastructure, core data, important data or a large number of individuals When an information-based company goes public abroad, there is a risk of being influenced, controlled, or maliciously used by a foreign government, as well as network information security risks, and should actively apply for a cybersecurity review to prevent the listing of the company from bringing risks to national security.

3. Palladium builds a strong data security defense line

The "Measures for Cybersecurity Review" is an important legal system in the field of cybersecurity, which is of great significance to ensuring the security of the critical information infrastructure supply chain, ensuring network security and data security, and maintaining national security. Under the strict supervision situation, data security compliance has become the primary issue of corporate compliance development, and strengthening compliance management of data security is an inevitable trend for the future development of enterprises.

When it comes to data security, a topic that cannot be avoided is database security. As a warehouse for organizing, storing and managing data, the security risks it faces cannot be underestimated. In the process of enterprise digital transformation, database security has gradually become the "Achilles' heel" when enterprises maintain data security.

Over the years, Palladium has developed a complete set of database security products for data life cycle management by relying on in-depth research on the database security industry, relying on mature security technology strength, combined with the network security framework IPDRR, Gartner data protection methodology and other international mainstream security models. , to assist enterprises to fully realize the security protection and compliance management in the data center field.

Palladiumgm Database Security Product Overview

01-Palladium database security operation and maintenance treasure DIM

02-Palladium database security audit system DBXPERT

03-Palladium database access firewall DAF

04-Palladium Next Generation Database Application Defense System NGDAP

05-Palladium Next Generation WEB Application Firewall NGWAF

In the future, Palladium will continue to pay attention to the dynamic development of the security industry. On the basis of fully understanding the laws and regulations and the needs of local supervision, industry supervisors, operators and other business scenarios, it will provide a full range of data security compliance solutions for related network platforms. Operators, key information infrastructure operators and enterprises provide high-quality and comprehensive services in data security and network security construction.

NEXT：Strength on the list| Palladiu...Previous：Good news! Palladium is shortl...

Return