Practice Tutorial of Classified Protection of Cybersecurity
Last updated: 2024-10-16 16:43:53
To assist enterprises with Cybersecurity Classified Protection Compliance Service, this article introduces the relationship between the capabilities of CDS and the relevant provisions of cybersecurity protection, to provide targeted evidentiary materials.
Prerequisites
Level-2 Classified Protection of Cybersecurity
a) Enable security audit feature to audit all users. Audit important user behavior and significant security incidents.
This clause mainly examines the following three points:
Whether the security audit feature has been enabled.
Log in to CDS Console and navigate to the CDS Overview page. You can view the service status and asset security overview, indicating that the product is running normally.
Whether the audit scope covers all users.
On the Audit Log Page, every username is audited.
Whether important user behaviors and significant security incidents are audited.
Through the Audit Log or Audit Risk page, you can filter risk levels (i.e., important user behaviors and significant security incidents) to view logs.
b) Audit records should include the date and time of the event, user, event type, whether the event was successful, and other audit-related information.
On the Audit Log Page, click Operation after any log. The audit log details will pop up and you can view related information.
c) Audit records should be protected and regularly backed up to avoid unexpected deletion, modification, or overwriting.
CDS's audit logs are stored in Tencent Cloud ES, ensured data availability through multi-availability zone deployment and regular backup. You can view the storage mechanism and estimated storage duration in the service status column on the overview page.
Others: According to the Cybersecurity Law, network logs should be kept for more than six months.
Level-3 Classified Protection of Cybersecurity
a) Enable security audit feature to audit all users. Audit important user behavior and significant security incidents.
This clause mainly examines the following three points:
Whether the security audit feature has been enabled.
Log in to CDS Console and navigate to the CDS Overview page. You can view the service status and asset security overview, indicating that the product is running normally.
Whether the audit scope covers all users.
On the Audit Log Page, every username is audited.
Whether important user behaviors and significant security incidents are audited.
Through the Audit Log or Audit Risk page, you can filter risk levels (i.e., important user behaviors and significant security incidents) to view logs.
b) Audit records should include the date and time of the event, user, event type, whether the event was successful, and other audit-related information.
On the Audit Log Page, click Operation after any log. The audit log details will pop up and you can view related information.
c) Audit records should be protected and regularly backed up to avoid unexpected deletion, modification, or overwriting.
CDS's audit logs are stored on Tencent Cloud ES, ensuring data availability through multi-AZ deployment and regular backups. Future versions will include relevant explanations on the product page.
d) The audit process should be protected from unauthorized interruptions.
The audit process consists of two parts: the audit server process and the agent process.
Audit Server Process
The audit server is deployed on Tencent Cloud side, with security guarantees provided by Tencent Cloud. Users do not have the permission to directly operate the product on the backend. When users have actual needs to operate on the backend, they should Submit a ticket following Tencent Cloud's procedure, and Tencent Cloud technicians will operate after receiving authorization. Detailed ticket records are retained for subsequent verification.
Agent process
Agent is deployed on the user's database or CVM, CDS will perform guardian checks on it. When an interruption in the Agent is detected, an alert will be generated promptly.
Others: According to the Cybersecurity Law, network logs should be kept for more than six months.
Yes
No
Was this page helpful?