general rule
Article 1 The information network of State Grid Corporation is an important tool for the production, operation and management of State Grid Corporation and an important guarantee for the safe, stable, economical and high-quality operation of power grid. Information network security is an important part of the power production safety management system of State Grid Corporation of China. In order to standardize the operation and management of information network of State Grid Corporation of China, improve the operation and management level of information network, ensure the safe, reliable and stable operation of information network of State Grid Corporation of China, and promote the informatization of State Grid Corporation of China, these Provisions are formulated.
Article 2 This information network refers to the network system and network application system of all units of State Grid Corporation, including network system, network service system, application system, security system, network storage system and auxiliary system.
Article 3 These Measures shall apply to the operation and management of computer information networks of all units of State Grid Corporation. The information network operation and management of power grid operation enterprises and information service enterprises of State Grid Corporation shall strictly implement this regulation, and formulate corresponding operation rules and operation management rules according to this regulation.
Article 4 The rules and regulations on the operation and management of information networks issued by various units shall not contravene the relevant national laws and these Provisions.
Article 5 Reference Standards and Reference Documents:
(1) Regulations on Security Protection of Computer Information System in People's Republic of China (PRC)
Interim Provisions of People's Republic of China (PRC) Municipality on the Administration of International Networking of Computer Information Networks
Measures for the implementation of the Interim Provisions of People's Republic of China (PRC) Municipality on the administration of international networking of computer information networks
(4) Measures for the administration of security protection of international networking of computer information networks
(5) Measures for the administration of entrance and exit channels of international networking of computer information networks.
(6) Measures for the Administration of Internet International Networking of Public Computers in China
(7) Measures for the Administration of Public Multimedia Communication in China.
(8) Interim Provisions on Networking between Private Network and Public Network.
(9) Interim Provisions on Security Management of Computer Information Systems
(ten) Interim Measures for the examination and approval of communications, office automation and computer information systems involving state secrets.
(eleven) guidelines for the use and management of passwords in classified computer systems.
(12) Regulations on Management of Commercial Passwords
(thirteen) the provisions on the safety management of international networked computer information systems.
(14) Regulations on Information Network Operation Management of State Grid Corporation (Trial)
Division of responsibilities
Article 6 The information network of each unit refers to the information network within the management scope of the unit, including the local area network of the unit, the wide area network interconnected with subordinate units and the network application system.
Article 7 The Science and Technology Information Department of State Grid Corporation of China is responsible for inspecting, supervising and assessing the information network operation and management of all units in the State Grid Corporation system. The centralized information management departments of regional and provincial power grid companies and prefecture (city) power supply companies are responsible for implementing the requirements of the centralized information management departments at higher levels, and inspecting, supervising and assessing the information network operation and management of their own units and subordinate units.
Article 8 Each unit shall specify that the operation management department or institution is responsible for the daily operation and maintenance of the information network within its management scope.
Basic measures
Section 1 Operation Responsibilities
Ninth units of the information network should be implemented 7 x 24 hours of uninterrupted operation. Each unit shall arrange personnel with corresponding professional and technical level to be on duty for 5×8 hours on legal working days. The rest of the time should be arranged off-site duty, and ensure that the personnel on duty can arrive at the scene in time when there is a problem with the system. 7×24-hour on-site duty is implemented in important periods to ensure the normal operation of key application systems.
Article 10 The personnel on duty shall regularly check the information network when they are on duty every day, monitor the operation of the information network in real time through effective technical means and measures, and record and analyze the system operation data. Once the fault is found, it should be reported and handled in time.
Article 11 The personnel on duty should make a good log on duty. The personnel on duty should conscientiously implement the system of handover and reporting on major issues.
Twelfth units should set up a special telephone on duty to inform users and report to the superior network operation management department for the record. The telephone on duty should be answered 7×24 hours.
Section 2 Job Responsibilities
Thirteenth units should be clear about the information network operation management department, and have a clear division of responsibilities.
Fourteenth units of information network operation management department should set up network security, network management, system management, database management, operation duty and other posts. Be commensurate with its network scale, and define the division of responsibilities of each post according to the situation of the unit. Relevant technical posts must be undertaken by specialized personnel with corresponding technical level, and all units should conduct regular professional technical training and assessment.
Fifteenth units of information network management, system management, network security and other key positions should implement the main and deputy standby system. When the main post is absent, the deputy post should be able to perform related work instead of it.
The third quarter working ticket management
Sixteenth information network operation involves the following contents, must fill in the working ticket:
(1) Troubleshooting (including system recovery)
(2) Eliminate defects
(3) System upgrade and configuration change
(4) System debugging and shutdown
(five) other operations that may affect the operation of the system.
See attached table 1 for the working ticket style.
Article 17 The working ticket shall be applied by a special person and signed by a qualified working ticket issuer. The working ticket issuer shall not concurrently be the person in charge (supervisor) of the work.
Article 18 The duty of the working ticket issuer is to carefully examine all the contents filled in the working ticket, including the necessity of work, whether the work is safe, whether the operation steps filled in the working ticket are appropriate, whether the person in charge (supervisor) and the designated operators are appropriate, and whether the safety protection and emergency measures are adequate.
Article 19 The duty of the person in charge of the work (guardian) is to organize the work correctly and safely, organize the operators to complete the preparation of safety measures and technical measures before the work, and strictly implement the working ticket.
Article 20 the operator's duty is to conscientiously carry out the work specified in the working ticket under the supervision of the person in charge (guardian).
Twenty-first working ticket number should be standardized. The contents of the working ticket should include: number, work content, place, time, person in charge, staff, cooperative unit, safety measures, work plan and scheme, signature of approver, work record, site recovery, possible impact of operation on the system and emergency preparation, etc. No one is allowed to fill in the ticket or sign it without authorization.
Article 22 All operations must have implementation plans, steps, safety measures and emergency plans. At least two people should be on site to supervise the operation of the system.
Twenty-third working tickets should be filed for long-term preservation for inspection and statistics should be made regularly.
Twenty-fourth cases that need urgent treatment can be handled first after asking the relevant leaders, but the working ticket must be re-issued afterwards.
Section 4 Business Acceptance
Twenty-fifth units shall formulate relevant business acceptance systems according to their own business conditions, and carry out standardized and streamlined management of information network services such as wide area network access, metropolitan area network access, local area network access, application system access and network services.
Article 26 It shall be determined according to the importance and frequency of business. , and stipulate the acceptance process and commitment completion time of different businesses.
Twenty-seventh business acceptance process should be clear, including application, approval, confirmation, execution, feedback, filing and other links, and clear the responsibilities of each post involved in the process.
Section 5 Computer Room Management
Twenty-eighth units should formulate information network computer room management system, computer room safety should be the responsibility of the personnel on duty, and make it clear that the head of the operation management department is the first person responsible for computer room safety.
Twenty-ninth different computer room areas should be set with different security levels, and personnel in different positions should be given corresponding access rights to the computer room.
Thirtieth in addition to the operating personnel and maintenance personnel on duty, other personnel shall not enter the computer room without permission. Foreigners entering the computer room need to obtain the consent of relevant departments and be led into the computer room by designated personnel. The personnel entering and leaving the computer room are registered in detail, and the relevant registration records are kept for more than 1 year.
Thirty-first computer room equipment can only be maintained and operated by specialized engineers, and other personnel are not allowed to operate without approval.
Article 32 The construction and maintenance of any lines and equipment in the computer room by outsiders must be approved by the operation management department in advance and carried out under the supervision of the operation management personnel.
Thirty-third computer rooms should maintain proper temperature and humidity and keep the environment clean and tidy.
Section 6 User Services
Article 34 User service refers to the maintenance and application service of personal office terminal equipment provided for employees.
Thirty-fifth network operation management departments should set up a user service hotline, and can also use online repair, e-mail repair and other means if conditions permit. , and the maintenance log statistics.
Thirty-sixth legal working days should be set up to be responsible for 5×8 hours on duty, responsible for answering customer service hotline, viewing, registration, task assignment, user feedback, filing statistics and other work.
Thirty-seventh personnel on duty should use civilized language when answering the phone, understand the user's faults in detail, make records carefully and reply in time. Online maintenance and e-mail maintenance should be checked and handled in time.
Thirty-eighth field service personnel should correct their service awareness, improve service quality and have good professional ethics. Any operation on the user's computer must be approved by the user in advance. Do a good job of keeping the information inside the user's computer confidential, and don't do anything unrelated to the work.
Thirty-ninth reasonable arrangements for spare parts and spare equipment inventory, to ensure that the fault can be eliminated in time, does not affect the normal work of users.
Fortieth fault handling methods include telephone support and on-site service. The fault handling process is shown in the following figure:
Article 41 It is generally required to arrive at the site within 1 hour after receiving the fault repair report.
Forty-second regular customer satisfaction surveys to promote the improvement of service quality. It is generally required once a year.
Section 7 Equipment Management
Article 43 Information network management departments at all levels should strengthen equipment management, classify and code equipment, establish equipment account and equipment card, track equipment health status according to equipment card, and establish standardized equipment resume and file.
Article 44 Routers, switches, servers, instruments, meters, safety devices, etc. It should be managed by a special person, and the responsibility should be implemented to ensure safe and economic operation.
Article 45 Classification of Equipment
According to the types, uses, media (especially software) and other factors, equipment can be divided into the following categories:
(1) network (router, switch, dial-up server, optical transceiver, firewall, intrusion detection, etc. )
(2) servers (including minicomputers, workstations and PC servers)
(3) Personal computers (including portable computers)
(4) External equipment (printers, scanners, plotters, etc.). )
(5) Auxiliary equipment (network and server cabinets, air conditioners, UPS, etc. )
(six) tools (including network tools, common tools, etc.). )
7. Software
(8) Others
Among them, the software is divided into:
1, system software
2. Application software
3. Database software
4. Tool software
Article 46 Equipment coding
According to the relevant standards of the coding system, the equipment is coded.
Article 47 Equipment acceptance management
(a) after the arrival of the equipment, the relevant departments should organize relevant personnel to check and accept the equipment. The acceptance contents include unpacking acceptance, electrifying test acceptance and overall operation acceptance of the equipment.
(2) Unpacking acceptance of equipment includes unpacking counting, counting the quantity of equipment and accessories (accessories), random data and equipment quality appraisal, and the acceptance is based on the contents of the signed contract. After unpacking the equipment for acceptance, a written acceptance report shall be submitted and signed by the acceptance personnel. The acceptance report includes equipment arrival list, random data list and equipment quality appraisal description.
(3) Equipment power-on test acceptance includes power-on debugging, parameter testing and software testing. When the equipment is tested and accepted, all parameters should be carefully tested according to the requirements of the technical agreement, and corresponding software should be installed for testing to check whether the performance index of the equipment meets the technical requirements. After the electrifying test and acceptance of the equipment, a written acceptance report shall be submitted and signed by the acceptance personnel. The acceptance report includes a list of parameter records, a description of performance indicators and a list of problems.
(4) The acceptance of the integrated operation of equipment shall be carried out in accordance with the relevant requirements of the technical agreement, so as to ensure that the equipment integrated into the running system can reach the qualified technical performance index and will not have a negative impact on the original system. After the acceptance of equipment integrated operation, a written acceptance report and technical report shall be submitted, and an expert group shall be organized for acceptance. After acceptance, the completion report shall be submitted.
Article 48 Equipment account management
(1) Equipment account, equipment card and equipment label must be established within 30 days after the on-site installation and acceptance of equipment, so that the accounts, cards and materials are consistent. See Schedule 2, Schedule 3 and Schedule 4 for the equipment account, equipment card and equipment label styles.
(2) Each unit submits statistical reports on equipment account management to relevant departments every year.
Article 49 Equipment operation management
(a) the operation and management of all equipment should be the responsibility of the people, regular inspection, inspection and maintenance, and make a good log on duty and hand-over records. According to the technical requirements of the equipment, the equipment should be used reasonably to meet the design requirements.
(two) the implementation of daily inspection, weekly inspection, monthly inspection, quarterly inspection and annual inspection system, found that the problem should be recorded, and according to the severity of the problem in accordance with the relevant provisions.
(three) should establish and improve the operation log, carefully record the operation of equipment anomalies, equipment defects, test data, fault analysis, fault handling process, etc., and do a good job in operation statistics.
Article 50 Inspection and Maintenance of Equipment
(a) each unit should establish and improve the equipment maintenance procedures and post responsibility system.
(two) the equipment officially put into operation shall not be stopped or repaired at will. When stopping or repairing equipment, you need to apply for a work ticket. The interruption of information network with great influence must be approved by the relevant departments before it can be stopped. Equipment maintenance time exceeding 8 hours must be included in the monthly maintenance work plan and can only be implemented after being approved by the competent department. The replacement of equipment must be included in the maintenance plan, and a written application should be written one week in advance and submitted to the competent leader for approval.
(three) the maintenance of equipment interconnected with the superior information network must be approved by the superior information network operation management department before implementation.
(four) in order to ensure the normal maintenance of the network system and timely troubleshooting, the information network operation management department must be equipped with necessary instruments, meters, tools and spare parts according to the specific situation.
(5) Carefully prepare for each overhaul, prepare the equipment overhaul plan, make records, and complete the overhaul task as quickly and accurately as possible.
(six) earnestly perform the inspection and acceptance procedures. Strictly implement the principle of "whoever overhauls is responsible", improve the quality of overhaul and ensure safe operation.
Article 51 Modification and renewal of equipment
(a) the transformation and renewal of equipment should have a long-term plan and an annual plan, and seriously organize their implementation.
(two) to transform and update important equipment, technical and economic demonstration must be carried out in advance, and reported for approval according to relevant regulations.
(three) after the acceptance of the equipment transformation, the equipment change record should be handled.
Section 8 Data Management
Article 52 Data refer to standards, systems, plans and summaries (including plans), logs, project management documents, equipment account (cards), technical documents, etc. It is closely related to the system construction and operation, and records the system operation parameters, technical indicators, equipment configuration, scheme design, engineering construction contracts and other information.
Article 53 Data management requirements include:
(a) do a good job in the collection, collation, registration, cataloging, storage, identification and utilization of information. Equipment technical data should be complete, correct, unified and clear. For large equipment, the original random data should be submitted to the archives department for archiving. For important and core equipment, data should be copied and saved in various ways and in different places.
(2) The technical data of the equipment shall be managed by special personnel to ensure the safety of the data and prevent the disclosure of confidential information.
(3) Data managers should have the basic qualities of file managers, master certain professional and technical knowledge and strong computer application level, and be able to clearly classify and accurately file the documents they manage.
(4) The file storage space should be as tight and firm as possible, meeting the requirements of seven precautions (fire prevention, dust prevention, rat prevention, insect prevention, moisture prevention, light prevention and theft prevention). The temperature of the warehouse should be controlled between 14-24 degrees Celsius and the relative humidity should be controlled between 45-65%.
(5) During the project construction, the person in charge of the project or the designated person is responsible for collecting, sorting out the documents produced in the whole project process, classifying them, marking the necessary explanations, and submitting all the project documents to the document management personnel for filing within one week after the project acceptance.
Article 54 Archived materials shall be kept in organic contact according to the natural laws formed, classified and archived, so as to correctly reflect the construction process of different systems and facilitate borrowing and inquiry.
Article 55 According to the importance and confidentiality of materials, important materials shall be copied, and electronic materials shall be copied.
Section 9 Account Management
Article 56 Information network accounts include user accounts, application system accounts and super administrator accounts. A user account must be opened for each user, and it is forbidden to open an account for a role or position. The opening of application system account should be based on each application service, avoiding multiple services sharing one account, and using super administrator account to run the application system. The application system account is used for internal management of the application system, and the super administrator account is only used when necessary.
Fifty-seventh account and password management includes the specification, protection, use and authority change of user name and password.
Article 58 The establishment of accounts in any system must be examined and approved according to procedures.
Article 59 Passwords must have sufficient length and complexity and be updated in time. For important passwords, a regular revision system should be established.
Article 60 The password of the system super administrator must be kept and modified by a special person, and the scope of use must be strictly limited.
Article 61 If a user loses or forgets his password, he must reapply to the operation management department according to the prescribed procedures.
Article 62 When transferring out of the unit, the user must go through the formalities of canceling the account at the operation management department. Administrators must immediately disable their accounts, cancel their accounts and cancel their permissions within the specified time.
Article 63 Conduct password management education and password security inspection for all managers, mainly including passwords for accessing the Internet and passwords for application systems with information release functions.
network system
Section 1 Access Management of Network User Equipment
Article 64 Network user equipment refers to user terminal equipment such as network workstations and network printers that need to access the local network.
Article 65 When accessing network user equipment, the person in charge of the equipment shall fill in the Application Form for Accessing Network User Equipment (see Annex 5), and submit an application to the information network operation management department with the consent of the department head. With the consent of the information network operation management department, the corresponding system management personnel are responsible for the specific equipment network access work. The information network operation management department shall establish the equipment files of network user equipment.
Article 66 The setting or modification of network parameters related to network user equipment shall be completed by the corresponding system administrator or approved by the corresponding system administrator before operation. Network users are not allowed to change network configuration parameters without authorization, and should use network resources correctly according to the network operation authority, and all kinds of illegal operations are strictly prohibited.
Article 67 Each network user's equipment shall be used by a special person, who shall be responsible for daily maintenance and maintenance to ensure its normal operation. If there is any problem, it shall promptly notify the personnel on duty for information network operation.
Sixty-eighth network user equipment should use genuine software, and information network operation management departments at all levels need to customize their systems.
Sixty-ninth network user equipment is used for daily work, and it is strictly forbidden to use network user equipment for any purpose other than work. It is forbidden to download illegal programs from the internet, and it is forbidden to use agents and port scanners without permission.
Article 70 Dismantling and moving network user equipment and its components shall be carried out in strict accordance with the requirements for equipment loading and unloading.
Seventy-first without the approval of the information network operation management department, no unit or individual may connect with the external network through telephone lines and other communication links without authorization, which will affect the security of the whole network.
Article 72 Network user equipment shall stop running unnecessary protocols, services and interfaces, and shall not start irrelevant network services at will.
Seventy-third for those who violate the above requirements, the information network operation management department has the right to disconnect their network connections and take corresponding procedures to deal with them.
Section 2 Network System Backup
Article 74 Configuration of network equipment (routers, switches, etc.). ) should be regularly backed up through electronic media and paper media.
Seventy-fifth before and after the network configuration change, system software upgrade and other operations, backup equipment configuration should be done.
Seventy-sixth do a good job in version management and backup of system software.
Seventy-seventh do a good job in updating the network topology map at the corresponding level.
Seventy-eighth determine the necessary network system recovery and installation plan.
Section 3 Network Isolation
For network interconnection, different security areas should be divided according to different security levels. Necessary isolation must be carried out between different safety areas. The operating requirements of the isolation point are as follows:
Article 79 The network connection of isolation points must be monitored in real time for 7×24 hours.
Article 80 When the network connection is abnormal, but the system can still operate normally, the personnel on duty shall immediately take technical measures to effectively isolate it, limit the access of illegal access, trace its source, and notify the information network operation management department of the unit where it belongs to handle it.
Article 81 When a large number of abnormal accesses occur at the isolation point and the system cannot operate normally, the operation management personnel shall cut off the interconnection link between the isolation equipment and the local network, fill in the fault application form, and notify the network security management personnel to handle it. Network security management personnel shall handle it according to the fault handling flow until the system can run normally.
Eighty-second network security managers should regularly audit and count the access logs and event logs of network isolation equipment, make necessary adjustments to the security policies of the system and form corresponding reports.
The fourth quarter IP address management
Article 83 The IP addresses of all internal nodes on the State Grid information network must be coded according to the principle of "Code for IP Address Coding of State Power System Information Network" to ensure network interconnection. Networks and nodes that do not meet the IP address coding specification are not allowed to access the information network, and they refuse to access each other within the State Grid information network. Due to historical reasons, the IP address is not coded according to the principle of "Code for IP Address Coding of National Power System Information Network", and should be gradually modified into a unified IP address when the network is upgraded and optimized.
Eighty-fourth information networks at all levels must regularly report the IP address allocation scheme and actual use of the information networks at the corresponding level to the higher authorities.
Network service system
Section 1 WWW services
Article 85 the system security:
(The system software and application software of the Web server should be updated in time.
(two) to establish a backup system, and keep pace with the main system, so that the main system can be put into use in time after failure or illegal tampering.
(3) The system must have a certain security strength to prevent unauthorized users from accessing the system and protect the content of the website from infringement. Users and workstations should be authenticated before uploading data.
(four) the system should have the function of home page access control, and some users can be prohibited from accessing by setting the domain name or IP address.
(5) It has monitoring function, monitoring system performance and site usage, and adjusting server performance and troubleshooting according to the monitoring situation.
(six) with multiple log records, including site visits, errors, services provided, tracking and monitoring, and real-time performance measurement.
Article 86 Information maintenance:
(a) website information should be regularly maintained and updated in time, especially news and other information should be updated at any time to ensure the timeliness of news information and the accuracy of important information, so that online information is rich, true, timely and effective. The update cycle varies with the content, and the last modification date should be displayed on the webpage after the big column is updated.
(2) Regularly verify the validity of links, CGI scripts and HTML to ensure the normal function of the system.
(three) according to the need to develop new content, add new columns.
Eighty-seventh online information audit
(a) in order to ensure the authenticity, integrity, reliability, accuracy, security and confidentiality of online information, we must establish a strict and perfect information grading audit system to audit online information. For different types and levels of information, relevant departments should review it according to the situation. Major information should be reviewed by relevant leaders. The specific audit process is determined by the unit itself.
(two) the information release department shall establish a perfect information release registration system and establish an effective workflow for information collection, review, storage, transmission, backup, monitoring, processing and reporting.
(3) To publish information on the website, it is necessary to strictly implement the Law of People's Republic of China (PRC) on Guarding State Secrets, the Regulations of People's Republic of China (PRC) on the Security Protection of Computer Information Systems, the Administrative Measures for the Security Protection of Internet Computer Information Networks of the Ministry of Public Security, and the Interim Provisions on the Security Management of Computer Information Systems of the State Secrecy Bureau.
(four) the information resources published on the website shall comply with the relevant confidentiality provisions, and shall be kept confidential for the information security of the unit and the department in accordance with the principle of "who publishes and who is responsible". The publishing unit shall be responsible for the authenticity and legality of the information.
(5) The scope of collection and release of information on internal websites shall be consistent with the management scope and business scope of their own units and departments. In principle, information beyond the management scope and business scope of their own units and departments shall not be collected and released.
(six) the English version of the home page must be translated accurately, truly and reliably.
(seven) should abide by the laws and regulations involving copyright, trademarks, logos, multimedia data types and software, and do not use information without the permission of the copyright owner.
Eighty-eighth electronic bulletin management
(1) Interactive information services (BBS, message boards, chat rooms, etc.) should be included in the corporate websites of all units. ) use with caution. Engaged in Internet information services, intends to carry out bulletin board services, should be in the province, autonomous region, municipality directly under the central government, telecommunications regulatory agencies or the Ministry of Information Industry to apply for operating Internet information service license or for non-operating Internet information services for the record, put forward a special application or special filing.
(two) to provide the above services, we must strictly implement the "Regulations on the Administration of Internet Bulletin Board Services", designate special personnel to manage, closely monitor, find problems, deal with them immediately, and report to the relevant departments in accordance with the regulations.
(three) the interactive column should have the function of identification and registration, and should have the function of saving the system network operation log for more than 90 days and recording the user usage log.
Section 2 E-mail Service
Article 89 An e-mail system must have high reliability. If conditions permit, it should be configured as a dual-machine hot standby. If there is no redundant hardware, there must be a fault recovery plan that can be implemented quickly. Redundancy must be transparent to user access.
Article 90 Anti-virus measures must be taken to prevent viruses from spreading by mail.
Article 91 The mail system should have the function of preventing relay and spam.
Article 92 The space size of users' mailboxes should be limited to prevent abuse of system resources.
Article 93 A mail system should have a certain mail filtering function, which can automatically delete mails containing specific characters or mail addresses. Once the source of bad mail is found, the administrator should update the mail filtering rules in time.
Article 94 the mail system should run without root authority.
Article 95 A unit shall establish strict procedures for applying for changing its e-mail account.
Ninety-sixth mail system administrators must abide by relevant laws and regulations and professional ethics, and safeguard the privacy and safety of enterprises and users.