4.0 KiB
CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
Repository Overview
This repository contains security operation manuals and compliance documentation for the Suzhou Education E-Card platform, implementing China's Multi-Level Protection Scheme (MLPS) Level 3 requirements.
Key Documents
- 苏州教育E卡通数据安全运维操作手册.md - Main operational manual with 5-tier risk classification system, role-based access control, and MLPS Level 3 compliance measures
- ff.md - Original formal compliance document with theoretical security framework
Architecture Focus
The operational manual implements a 5-tier risk classification system:
-
Level 1 Operations (Critical Management Operations)
- Special sensitive data modifications (ID cards, names, student numbers)
- System core configuration changes
- Security policy modifications
- MLPS Level 3 required: 2FA + screen recording + dual-person execution + complete audit trail
-
Level 2 Operations (Important Data Modifications)
- Secondary sensitive data modifications
- MLPS Level 3 required: 2FA + approval + backup + audit logging
-
Level 3 Operations (General Permission Operations)
- New student registration, account creation
- MLPS Level 3 required: 2FA for critical actions + approval + session management
-
Level 4 Operations (Data Query Operations)
- Information queries, report generation
- MLPS Level 3 required: Access control + query audit + data masking
-
Level 5 Operations (Read-only Operations)
- Public information viewing, help documentation
- MLPS Level 3 required: Basic authentication + session management
Technical Implementation
- Field-level Access Control: Row-level security policies with role-based data masking
- MLPS Level 3 Authentication: Multi-factor authentication with specific application scenarios
- Audit Trail Integrity: Digital signatures, SHA256 hashing, WORM storage
- Data Integrity Protection: Transmission validation, storage constraints, automated integrity checks
Development Context
This is a documentation-only repository focused on security compliance and operational procedures rather than application code development. The main work involves:
- Updating security operation manuals based on regulatory requirements
- Implementing MLPS Level 3 compliance measures
- Creating audit and monitoring procedures
- Defining role-based access control matrices
Common Development Tasks
Since this is primarily a documentation repository, common tasks include:
- Manual Updates: Revise operational procedures based on new MLPS requirements
- Compliance Reviews: Audit existing procedures against MLPS Level 3 standards
- Template Creation: Develop new operation forms and checklists
- Policy Documentation: Write technical implementation guidelines for security measures
Review Guidelines
When updating documentation:
- MLPS Level 3 Compliance: Ensure all procedures align with China's Multi-Level Protection Scheme requirements
- Practical Implementation: Focus on operational feasibility rather than theoretical security
- Role Separation: Maintain clear separation between operations, audit, and technical roles
- Audit Completeness: Ensure all security controls have corresponding audit procedures
File Structure
/
├── 苏州教育E卡通数据安全运维操作手册.md # Main operational manual
├── ff.md # Original formal compliance document
└── CLAUDE.md # This file
Important Notes
- This repository handles sensitive student data - always follow MLPS Level 3 requirements
- The operational manual implements practical security measures rather than theoretical frameworks
- All procedures should maintain separation of duties between operational roles
- Documentation should be actionable and suitable for immediate implementation