This standard specifies the security protection requirements for internet interactive services.
This standard is applicable to the implementation of Internet security protection management system and technical measures for security protection by the internet interactive service providers.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GA 1278-2015 Information security technology—Basic procedures and requirements for Internet service security evaluation
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GA 1278-2015 and the following apply.
3.1
internet interactive service
a service provided to users for publishing information to the public through text, pictures, audio, video, etc.
Note: Including but not limited to forums, communities, post bars, text or audio/video chat rooms, micro blogs, blogs, instant messaging, mobile downloads, shared storage, third-party payment and other internet information services.
3.2
illegal and harmful information
information that violates national laws and regulations, and endangers national security, public safety, and citizens’ safety and their property
3.3
destructive program
a program that has the functions of obtaining, deleting, adding, modifying, interfering, and destroying, without authorization, the functions of the computer information system and the data stored, processed and transmitted
3.4
personal electronic information
electronic information that can be known and processed, and is related to a specific natural person who can be identified through ID card number, network identifier or one or more factors of the physiological, mental, economic, cultural and social identity, and that involving the privacy of the natural person
