This standard specifies five levels for security protection capacity of computer information system, i.e.:
Level 1: the user's discretionary protection level
Level 2: system audit protection level;
Level 3: security label protection level;
Level 4: structured protection level;
Level 5: access verification protection level.
This standard is applicable to the classification for technical capability levels for computer information system security protection. With the improving of security protection level, security protection capability of computer information system improves gradually.
2 Normative References
The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. At time of publication, the editions indicated were valid. All the standards will be revised and modified, and all parties using this standard shall discuss the possibility of using the latest version.
GB/T 5271 Data Processing - Vocabulary
3 Definitions
Except those defined in this chapter, other definitions not listed are detailed in GB/T 5271.
3.1 Computer information system
A man-machine system composed of computer and associated and mating equipment and facility (including network) to collect, process, store, transmit and retrieve the information according to certain application goals and rules.