Abstract: To study the cybersecurity evaluation of railway business system. On the basis of sorting out the current national cybersecurity standards and railway regulations for cybersecurity assessment. Analyze the gap between the current cybersecurity assessment work carried out by the railway and the requirements of national standards. Put forward the concept of safety assessment based on the trinity of classified cybersecurity protection assessment, risk assessment and security assessment. Based on the concept of the trinity form the whole life cycle of the railway system of network security evaluation model and evaluation system，which provides reference for the cybersecurity detection.

Key words: cybersecurity, security assessment, assessment system, railway, trinity

摘要： 研究铁路业务系统网络安全测评问题。在整理现行国家网络安全标准和铁路规章制度对网络安全测评要求的基础上，分析铁路现阶段开展的网络安全测评工作与国家标准要求之间的差距，提出基于等级保护、风险评估、安全测评三位一体的网络安全测评概念，基于三位一体的概念形成铁路系统全生命周期的网络安全测评模型和测评体系，为开展网络安全检测工作提供参考。

关键词: 网络安全, 安全测评, 测评体系, 铁路, 三位一体