Abstract: In response to the problem of unclear circulation situation and difficult security protection in the process of railway sensitive data circulation, this paper proposed a railway sensitive data circulation security management and control system based on the main data security risks and research status currently faced by the railway industry. Through technologies such as data asset sorting, identity asset management, and dynamic risk evaluation, combined with measures such as data identification, access control, data encryption and desensitization, the paper established a data flow monitoring and management and control mechanism across security domains and network boundaries. Through its application in different business scenarios, the paper verified the flexibility and scalability of the system architecture in complex environments, provided practical reference for the application of data security technology in the railway industry.