ICS03.060 A11JR 中华人民共和国金融行业标准 JR/T0071.2—2020 代替JR/T0071—2012 金融行业网络安全等级保护实施指引 第2部分：基本要求 Implementationguidelinesforclassifiedprotectionofcybersecurityoffinancial industry—Part2：Basicrequirements 2020-11-11发布 2020-11-11实施 中国人民银行 发布JR/T0071.2—2020 I目  次 前言.....................................................................................................................................................................III 引言.........................................................................................................................................................................V 1范围.....................................................................................................................................................................1 2规范性引用文件.................................................................................................................................................1 3术语和定义.........................................................................................................................................................1 4缩略语.................................................................................................................................................................6 5网络安全等级保护概述.....................................................................................................................................6 5.1等级保护对象.............................................................................................................................................6 5.2不同级别的安全保护能力.........................................................................................................................7 5.3安全通用要求和安全扩展要求.................................................................................................................7 5.4金融行业增强性安全要求.........................................................................................................................7 6网络安全保障框架.............................................................................................................................................8 6.1概述.............................................................................................................................................................8 6.2技术体系.....................................................................................................................................................9 6.3管理体系...................................................................................................................................................10 7第二级安全要求...............................................................................................................................................11 7.1安全通用要求...........................................................................................................................................11 7.2云计算安全扩展要求...............................................................................................................................22 7.3移动互联安全扩展要求...........................................................................................................................24 7.4物联网安全扩展要求...............................................................................................................................25 8第三级安全要求...............................................................................................................................................27 8.1安全通用要求...........................................................................................................................................27 8.2云计算安全扩展要求...............................................................................................................................45 8.3移动互联安全扩展要求...........................................................................................................................48 8.4物联网安全扩展要求..........................................................................................