【正文】 XXX大學等級保護項目技術(shù)方案2022 年 4 月I / 94目 錄1 項目概述 .....................................................................................................................................................1 項目建設背景 ............................................................................................................................................1 項目建設目標 ............................................................................................................................................1 項目建設內(nèi)容 ............................................................................................................................................1 項目建設范圍 ............................................................................................................................................1 項目建設依據(jù) ............................................................................................................................................22 信息系統(tǒng)現(xiàn)狀與安全需求 ..........................................................................................................................3 信息化建設現(xiàn)狀綜述 ................................................................................................................................3 技術(shù)體系結(jié)構(gòu)現(xiàn)狀 ....................................................................................................................................3 物理環(huán)境 ...............................................................................................................................................4 主機層結(jié)構(gòu) ...........................................................................................................................................6 網(wǎng)絡層結(jié)構(gòu) ...........................................................................................................................................7 應用層結(jié)構(gòu) ...........................................................................................................................................8 管理體系結(jié)構(gòu)現(xiàn)狀 ..................................................................................................................................13 安全管理機構(gòu) .....................................................................................................................................13 安全管理制度 .....................................................................................................................................13 人員安全管理 .....................................................................................................................................18 系統(tǒng)運維管理 .....................................................................................................................................19 安全威脅與風險 ......................................................................................................................................20 技術(shù)層面威脅與風險 .........................................................................................................................20 管理層面威脅與風險 .........................................................................................................................22 等級保護安全需求 ..................................................................................................................................23 系統(tǒng)安全等級劃分 .............................................................................................................................23 系統(tǒng)安全等級 .....................................................................................................................................23 等級保護基本安全要求 .....................................................................................................................23 信息系統(tǒng)定級情況 .............................................................................................................................24 安全需求分析 ..........................................................................................................................................25II / 94 技術(shù)層面安全需求分析 .....................................................................................................................25 管理層面安全需求分析 .....................................................................................................................283 等級保護方案設計 ....................................................................................................................................29 安全方案設計思路 ..................................................................................................................................29 構(gòu)建分域的控制體系 .........................................................................................................................30 構(gòu)建縱深的防御體系 .........................................................................................................................30 保證一致的安全強度 .........................................................................................................................30 實現(xiàn)集中的安全管理 .........................................................................................................................30 安全技術(shù)方案詳細設計 ..........................................................................................................................31 確定保護強度 .....................................................................................................................................31 安全域劃分與隔離 .............................................................................................................................31 本地備份系統(tǒng) .....................................................................................................................................35 網(wǎng)絡鏈路冗余改造 .............................................................................................................................39 PKI 基礎設施 .......................................................................................................................................40 安全審計管理 ................................................