ICS 13.200 CCS A 90 湖 43 南 省 地 方 标 准 DB43/T 2313—2022 政务信息化项目网络安全审查规范 Cybersecurity review specification of government affairs informationize projects 2022 - 03 - 31 发布 2022 - 06 - 30 实施 湖南省市场监督管理局 发 布 DB43/T 2313—2022 目 次 前言························································································································ Ⅲ 1 范围 ····················································································································· 1 2 规范性引用文件 ······································································································ 1 3 术语和定义 ············································································································ 1 4 审查方式 ··············································································································· 2 4.1 线下审查 ········································································································· 2 4.2 线上审查 ········································································································· 2 5 审查前合规性自查 ··································································································· 2 5.1 方案编制 ········································································································· 2 5.2 方案自查 ········································································································· 3 6 审查流程 ··············································································································· 3 6.1 审查申请 ········································································································· 4 6.2 完备性审查 ······································································································ 4 6.3 专业审查 ········································································································· 4 6.4 出具审查结果 ··································································································· 4 7 审查内容 ··············································································································· 4 7.1 基本要求 ········································································································· 4 7.2 具体要求 ········································································································· 5 8 审查结果 ··············································································································· 5 附录 A （资料性） 流程图 ··························································································· 6 附录 B （规范性） 网络安全审查申请表········································································· 7 附录 C （资料性） 审查结果的判别············································································· 37 参考文献·················································································································· 38 I DB43/T 2313—2022 II DB43/T 2313—2022 前 言 本文件按照 GB/T 1.1—2020《标准化工作导则 第 1 部分：标准化文件的结构和起草规则》的规 定起草。 请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。 本文件由中共湖南省委网络安全和信息化委员会办公室提出并归口。 本文件起草单位：中共湖南省委网络安全和信息化委员会办公室、长沙市委网络安全和信息化委员 会办公室、湖南省金盾信息安全等级保护评估中心有限公司。 本文件主要起草人：刘学、刘厚、刘志勇、李浩、周海毅、周明熙、方木、查国峰、李雪飞、邓庭 波、熊璐、刘兰芳、彭晓涛、龚捷、禹振博。 III DB43/T 2313—2022 IV DB43/T 2313—2022 政务信息化项目网络安全审查规范 1 范围 本文件规定了政务信息化项目网络安全审查的审查方式、审查前合规性自查、审查流程、审查内容、 审查结果等要求。 本文件适用于政务信息化项目的项目规划、建设、运行阶段的网络安全审查，其他信息化项目网络 安全审查可参照执行。 2 规范性引用文件 下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中，注日期的引用文件， 仅该日期对应的版本适用于本文件；不注日期的引用文件，其最新版本（包括所有的修改单）适用于本 文件。 GB/T 22239—2019 信息安全技术 网络安全等级保护基本要求 GB/T 22240—2020 信息安全技术 网络安全等级保护定级指南 GB/T 25070—2019 信息安全技术 网络安全等级保护安全设计技术要求 GB/T 35273—2020 信息安全技术 个人信息安全规范 GB/T 37988—2019 信息安全技术 数据安全能力成熟度模型 GB/T 39335—2020 信息安全技术 个人信息安全影响评估指南 GB/T 39477—2020 信息安全技术 政务信息共享 数据安全技术要求 GB/T 39786—2021 信息安全技术 信息系统密码应用基本要求 GB/T 40692—2021 政务信息系统定义和范围 DA/T 28—2018 建设项目档案管理规范 3 术语和定义 下列术语和定义适用于本文件。 3.1 政务信息系统 Government information system 由政务部门建设、运行或使用的，用于直接支持政务部门工作或履行其职能的各类信息系统。 [来源：GB/T 40692—2021 4] 3.2 政务信息化项目 Government affairs informationize projects 由财政性资金投资建设、与社会企业联合建设、购买服务或需要财政性资金运行维护的信息化项目 （含新建、扩建和改造升级信息化项目）。 3.3 项目设计方案 Project design scheme 在信息化项目建设过程中编制的可行性研究报告、初步设计方案、深化设计方案和投资概算等。 1 DB43/T 2313—2022 3.4 安全设计方案 Security design scheme 项目设计方案中包含的网络安全体系总体设计方案、密码应用方案、数据安全保护方案等子方案。 3.5 关键信息基础设施 Critical information infrastructure 公共通信和信息服务、能源、交通、水利、金融、公共服务、电子政务、国防科技工业等重要行业 和领域的，以及其他一旦遭到破坏、丧失功能或者数据泄露，可能严重危害国家安全、国计民生、公共 利益的重要网络设施、信息系统等。 3.6 重要信息系统 Important information system 一旦遭到破