If the evaluation conclusion of waiting insurance is poor, does it mean that waiting insurance has been done in vain?

When surfing the Internet recently , Ask again when you see an enterprise , The evaluation conclusion of ISO insurance is poor , Does it mean that the insurance work has been done in vain ？ How to deal with this situation ？ Who can answer it in detail , Thank you guys ！

The evaluation conclusion of ISO insurance is poor , Does it mean that the insurance work has been done in vain ？

【 answer 】： No, it isn't . The conclusion of the grading protection evaluation is “ Bad ”, It means that the current information system has high risk or poor overall security , It doesn't meet the requirements of corresponding standards . But it doesn't mean that the work of classified protection has been done in vain , Even if you have a non compliant evaluation report , The competent authorities also acknowledge that the work of classified protection in your unit has been carried out this year , It's just that there are many problems at present , Not up to the standard , We need to speed up the rectification . So we must seize the time to rectify .

Summary of high-risk items that lead to poor evaluation conclusion of equal assurance in equal assurance work

1、 Cloud computing platform is not available in China

The cloud computing infrastructure of level II and above cloud computing platforms shall be located in China . If you choose an overseas cloud platform , Then you can't pass the insurance .

2、 Only one internal network segment does not conform to

Secondary and above systems , Important network areas and non important network areas shall be divided into different network segments or subnets . Production network and office network , External and internal server areas are mixed with high-risk risks .

3、 The uncontrolled wireless network can access the internal network at will

Class III and above systems of equal protection , Wireless network and important internal network interconnection are not controlled , Or improper control , After accessing through wireless network, you can access important internal resources , This is a high risk item , Therefore, illegal access should be controlled in Level 3 and above systems , It is recommended that you use safety access equipment , Not just for wireless networks .

Classification standard for conclusion level of ISO guarantee evaluation

1、 optimal ： There are security problems in the tested object , But it will not cause the tested object to face 、 High level security risk , And the comprehensive score of the system 90 More than , contain 90 branch ;

2、 good ： There are security problems in the tested object , However, it will not cause the tested object to face high-level security risks , And the comprehensive score of the system 80 More than , contain 80 branch ;

3、 in ： There are security problems in the tested object , However, it will not cause the tested object to face high-level security risks , And the comprehensive score of the system 70 More than , contain 70 branch ;

4、 Bad ： There are security problems in the tested object , And it will cause the measured object to face high-level security risks , Or the comprehensive score of the tested object is lower than 70 branch .