GBT-31167-2014-信息安全技术-云计算服务安全指南（OCR）

ICS 35.040 L 80 GB 中华人民让 /、和国国家标准 GB/T 31167 信息安全技术 —2014 云计算服务安全指南 Information security technology-Security guide of cloud computing services 2014-09-03 发布中华人民共和国国家质最监督检验检疫总局中国国家标准化管理委员会 2015-04-01 实施发布中华人民共和国国家标准信息安全技术云计算服务安全指南 GB/T 31167 2014 * 中国标准出版社出版发行北京市朝阳区和平里西街甲 2 号 (100029) 北京市西城区三里河北街 16 号 (100045) 网址 www.spc.net.cn 总编室： (010)64275323 读者服务部：发行中心： (010)51780235 (010)68523946 中国标准出版社秦皇岛印刷厂印刷各地新华书店经销 * 开本 880X1230 1/16 2014 年 10 月第一版印张 1.75 字数 44 千字 2014 年 10 月第一次印刷 * 书号： 155066·1-50121 定价如有印装差错 27.00 兀由本社发行中心调换版权专有侵权必究举报电话： (010)68510107 GB/T 31167-2014 目次前言 ························································································································ill 弓 I 言 ························································································································IV 1 范围..................................................................................................................... 1 2 规范性弓 l 用文件...................................................................................................... 1 3 术语和定义............................................................................................................ 1 4 云计算概述 ············································································································2 5 6 7 8 9 4.1 云计算的主要特征·············································................................................ 4.2 服务模式..................... 4.3 部署模式····················································································..................... 4.4 云计算的优势································· 2 ····················································································2 3 ••••••••••••••••·•.••.•••••••••••••••••••••••••••••••••••.•••••••• 3 云计算的风险管理························........................................................................... 3 5.1 5.2 概述 ···············································································································3 5.3 云计算服务安全管理的主要角色及责任………………………………………………………… 5 5.4 云计算服务安全管理基本要求············ 5.5 云计算服务生命周期云计算安全风险 ································································································4 规划准备·················· …... …......................................................... 5 ··························································································:) ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 6 6.1 概述·············································......... 6.2 效益评估......................................................... 6.3 政府信息分类·············································································· 6.4 政府业务分类...... ·····························································································8 6.5 优先级确定···································· 6.6 安全保护要求························........................................................................... 6.7 6.8 需求分析···································································································...... •••••••••.•••••••• ••••••••• ······························6 ·············•·····················•·········... 6 ·····················7 ••••••••••••••••••.••••••••••••••••.•••••••••••••••••••••••••••••• 9 9 形成决策报告................................................................................................... 10 13 选择服务商与部署................................................................................................... 14 …......... ………... …... ….................. …... …... …...... ……… 14 7.1 云服务商安全能力要求...... 7.2 确定云服务商......................................................... 7.3 7.4 合同中的安全考虑................................. •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 15 15 部署............................................................................................................... 17 运行监管............................................................................................................... 18 •••••••••••••••••••••••••••••••••••••••••• ••••••••••••••••••••.•.• 18 8.1 概述....................................................................................... 8.2 运行监管的角色与责任…............... 8.3 客户自身的运行监管.......................................................................................... 8.4 对云服务商的运行监管…......... …... …...