What Is China’s Cybersecurity Level Protection 2.0 and How to Achieve Compliance?

01 What Is Level Protection?

Breaking news: On May 16, 2019, the Ministry of Public Security released the Network Security Level Protection Technical 2.0 version, officially marking the entry into the 2.0 era. The highly anticipated Level Protection 2.0 is about to be implemented, promising huge growth opportunities for the cybersecurity market.

The Network Security Level Protection 2.0 standard is the “Information Security Technology – Basic Requirements for Network Security Level Protection”. Level protection has entered a new stage, providing graded protection for networks and information systems based on their importance. Higher protection levels correspond to stronger security capabilities. Level protection builds an important defense line for China’s network and information security.

On one hand, conducting level protection work helps identify gaps between an organization’s network and information systems and national security standards, revealing existing security risks and deficiencies. On the other hand, security remediation enhances network protection capabilities and reduces the risk of attacks.

02 Differences Between Level Protection 1.0 and 2.0

Level Protection 1.0 only targeted networks and information systems, whereas 2.0 also includes cloud computing, big data, IoT and other new industries, and incorporates important matters stipulated by the Cybersecurity Law of the People’s Republic of China.

Level Protection 2.0 expands regulatory scope from internal institutions to the whole society. Its deep implementation will greatly promote national cybersecurity level and industry advancement. The release and adoption of 2.0 is urgent; it reexamines the level protection system in light of the Cybersecurity Law, evolving threat landscape, task requirements, and new technologies.

03 How Internet Companies Can Quickly Comply in the 2.0 Era

According to Zhang Zhenfeng, deputy director of the Public Security Ministry’s Information Security Level Protection Evaluation Center, when building and rectifying, first focus on identity authentication, user authorization, access control, and security auditing; meeting these four covers most compliance requirements and forms the foundation. Additionally, emphasize dynamic monitoring, early warning, and rapid response capabilities, leveraging strengths. Under new technologies, also address compliance of cloud security products, focusing on protecting business data and user privacy.

Level Protection 2.0’s broader scope positively impacts the steady development of the cybersecurity industry, thereby promoting the expansion of companies’ core businesses.

* This article’s content is compiled from the internet; PPT source is from the public account “Plain Talk Security”. If there is any infringement, please contact for removal.