This standard specifies the security technical requirements for the application of cloud computing technology in the financial field, covering the contents such as basic hardware security, resource abstraction and control security, application security, data security, security management function, security technology management requirements, and optional component security.
This standard is applicable to cloud service providers, cloud service users, cloud service partners, etc. in the financial field.
2 Normative references
The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition of the normative document (including any amendments) applies.
JR/T 0131-2015 Financial information system room power system specification
JR/T 0166-2018 Financial application specification of cloud computing technology - Technical architecture
3 Terms and definitions
For the purpose of this document, the terms and definitions defined in JB/T 0166-2013 apply.
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
API Application Programming Interface
CPU Central Processing Unit
DDoS Distributed Denial of Service
DoS Denial of Service
HTTPS Hypertext Transfer Protocol Secure
IaaS Infrastructure as a Service
IP Internet Protocol
MAC Media Access Control
PaaS Platform as a Service
SaaS Software as a Service
SQL Structured Query Language
VPN Virtual Private Network
XSS Cross-site Scripting
5 General
5.1 Graduation of security technical requirements for cloud computing
