Abstract: Since the Ministry of Public Security of the People's Republic of China issued the “Information security technology— Baseline for classified protection of information system security” (GB/T 22239-2008) in 2008, the standard has been widely used in various industries and fields. However, with the development of new technologies and new applications, the timeliness, ease of use, and operability of the standard need to be further improved. Therefore, the National Safety Standards Committee revised the standards. New standards have proposed special security requirements for the technologies such as cloud computing, big data, the mobile interconnection, Internet of Things and industrial control system. This article analyzes the technical security requirements in the security special requirements for cloud computing, and analyzes the security protection objects, security responsibility entities, and security protection requirements in the cloud computing system from the perspective of classified protection. In this article, the author takes an e-government cloud platform as an example, to share the testing and evaluation experience of cloud computing security, point out the problems in the testing and evaluation of the cloud computing systems, and make suggestions for the next stage of work.

Key words: Classified protection, Cloud computing, Network security, Testing for classified protection, E-government cloud platform

摘要： 自2008年公安部发布《信息安全技术 信息系统安全等级保护基本要求》（GB/T 22239-2008）以来，该标准在各行业和领域均得到广泛应用。但随着新技术、新应用的发展，该标准的时效性、易用性、可操作性需要进一步完善，因此国家安标委对该标准进行了修订，针对云计算、大数据、移动互联、物联网、工业控制等技术提出了安全扩展要求。本文即对云计算安全要求中的技术安全要求进行解析，从等级保护的角度对云计算系统中的安全保护对象、安全责任主体、安全保护要求进行分析，并以某地区电子政务云平台为例，分享云等保测评经验，提出在对云计算系统开展等级保护测评工作中存在的问题及下一阶段的建议。

关键词: 等级保护, 云计算, 网络安全, 等级测评, 电子政务云平台