"Cybersecurity Protection" is the abbreviation of the Graded Protection of Cybersecurity. It is based on article 21 of "Cyber Security Law" – “The state shall implement the rules for graded protection of cybersecurity. Network operators shall, according to the requirements of the rules for graded protection of cybersecurity, fulfill the following security protection obligations, so as to ensure that the network is free from interference, damage or unauthorized access, and prevent online data from being leaked, stolen or tampered.” and article 31 – “The State implements focus protection for critical information infrastructure on the basis of the graded cybersecurity protection structure in important sectors and areas such as public telecommunications and information services, energy, transportation, irrigation works, finance, public services, e-government, etc., as well as other critical information infrastructure that, whenever it is destroyed, loses its ability to function or encounters data leaks, may gravely harm national security, the national economy, the people's livelihood and the public interest.” All websites must "adopt technical measures such as preventing computer viruses and cyber-attacks, network invasion and other hazardous cyber security behaviors" and "adopt technical measures such as data classification, important data backup and encryption" to ensure the website system security and meet the requirements of cybersecurity protection compliance.
“Cryptography Protection” is the abbreviation of encryption protection and security authentication. It is based on article 2 of "Cryptography Law" – “"cryptography" refers to technologies, products, and services utilized for encryption protection and security authentication on information and the like by using specific transformation methods.” and article 27 – “Operators of critical information infrastructure shall adopt commercial cryptography to protect such infrastructure.” All websites and information system, especially the CII systems must use cryptographic technologies, products, and service to protect its security.
In summary, the critical information infrastructure must meet the compliance requirements of the "Cyber Security Law" and "Cryptography Law" both. Government official websites and e-government service systems are critical information infrastructure. However, according to the 9th issue of "Cybersecurity Information and Dynamic Weekly" released by CNCERT/CC on April 26, 738 websites have been implanted in the back door within a week, of which 12 government websites. And within a week, 3611 websites were tampered with, of which 17 government websites. In 2020, 53,171 websites in China were implanted in the back door, of which 256 were government websites. It can be seen from these data that many websites are still in a state of no protection, especially government websites, which are seriously illegal! what to do?
ZoTrus Website Security Cloud Service can help these websites, including government websites to achieve cybersecurity protection compliance requirements with one click, and to achieve cryptography protection compliance requirements with one click. Users do not need to apply for SSL certificate from CA, only need to set the CNAME domain name resolution to complete the domain name control verification, the application for the website SSL certificate can be automatically completed. And Users do not need to purchase cloud WAF services separately, just set the CNAME domain name resolution again to complete the setting to automatically start the Alibaba Cloud WAF service, and automatically configure the website SSL certificate to Alibaba Cloud WAF. Only two click settings are required to perfectly implement the key parts of " Cybersecurity Protection" and "Cryptography Protection" compliance.
Alibaba Cloud WAF protection can meet the cybersecurity protection compliant requirements such as "invasion prevention", "malicious code prevention", and "data integrity (anti-tampering)" with one click. And ZoTrus Cloud SSL service can meet the cybersecurity protection compliant requirements in three aspects: "communication transmission", "data integrity", and "data confidentiality". And it can also meet the cryptography protection complaint requirements in secure communication to protect data integrity, confidentiality and authenticity of identity using cryptography technology, and meet the requirement in application security and data security to protect data confidentiality and integrity in transmission and storage procedure using cryptography technology. All are done with one click.
ZoTrus Website Security Cloud Service is a comprehensive website security solution that integrates HTTPS encryption, cloud WAF protection and website trusted identity validation, achieving one-click for 3 website security protections. It is a comprehensive innovative service including Alibaba Cloud WAF service that meets the cybersecurity protection complaint requirement and HTTPS encryption service that meets the cryptography protection compliant requirements. It is also greatly reducing the cost for compliance, the most important, it protect the important data security of the website and ensuring the smooth operation of the business of the website owner. ZoTrus Website Security Cloud Service let all websites to enjoy everyday security and worry-free!