Abstract: To meet the strict requirements of data security for railway sensitive information systems, this paper designed a data security protection scheme for railway sensitive information systems. It elaborated on the architecture and core protection measures of the scheme, and strictly followed the three-level standard of information system network security protection, integrated key technologies such as data classification and grading, encryption, desensitization, database auditing, and security gateway, and optimized the protection system from multiple dimensions including security management center, communication network, regional boundary, and computing environment. Practical application has shown that this scheme can seamlessly integrate into railway business scenarios, and is accompanied by management systems to comprehensively ensure data security and integrity, provides strong support for the safe and stable operation of railway sensitive systems.