The paper analyzes the requirements for the security construction of information systems of Center for Disease Control and Prevention (CDC), and expounds the network security protection practices based on the classified protection system 2.0 from the aspects of safety management system construction, safety operation and maintenance measures, safety awareness education, the whole life cycle management of information systems, etc.