|
US$1199.00 · In stock
Delivery: <= 8 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 28452-2012: Information security technology -- Common security technique requirement for application software system
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 28452-2012 | English | 1199 |
Add to Cart
|
8 days [Need to translate]
|
Information security technology -- Common security technique requirement for application software system
| Valid |
GB/T 28452-2012
|
PDF similar to GB/T 28452-2012
Basic data | Standard ID | GB/T 28452-2012 (GB/T28452-2012) | | Description (Translated English) | Information security technology -- Common security technique requirement for application software system | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.020 | | Word Count Estimation | 54,525 | | Quoted Standard | GB 17859-1999; GB/T 20271-2006; GB/T 20272-2006; GB/T 20273-2006 | | Regulation (derived from) | National Standards Bulletin 2012 No. 13 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | | Summary | This standard specifies the five accordance with GB 17859-1999 security classification of the level of the application software systems involved in the protection of common technical requirements. This standard is applicable in accordance with GB 17859-19 | GB/T 28452-2012: Information security technology -- Common security technique requirement for application software system
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology. Common security technique requirement for application software system
ICS 35.020
L80
National Standards of People's Republic of China
Information Security Technology
Application Software System General Safety Requirements
Issued on. 2012-06-29
2012-10-01 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Introduction Ⅴ
Introduction Ⅵ
1 Scope 1
2 Normative references 1
3 Terms and definitions, abbreviations 1
3.1 Terms and definitions
3.2 Acronyms 3
4 application software life cycle Safety requirements 3
4.1 application software beginning Safety requirements 3
4.2 Application Software obtained or developed stage 3 Safety requirements
4.3 application software implementation and evaluation phase 3 Safety requirements
4.4 application software operation and maintenance phase 4 Safety requirements
4.5 application is terminated and disposal phases Safety requirements 4
5 The first application software system security technical requirements 4
4 technical requirements 5.1 security features
5.1.1 User authentication 4
5.1.2 Discretionary Access Control 5
5.1.3 User data integrity protection 5
5.1.4 Backup and Recovery 5
5.2 Technical requirements for security guarantees 5
5.2.1 Security Subsystem own security requirements 5
5.2.2 security subsystem design and implementation requirements 6
Safety management requirements 5.2.3 security subsystem 8
6 second-stage application software system security technical requirements 8
6.1 Technical requirements 8 security features
6.1.1 user authentication 8
6.1.2 Discretionary Access Control 8
6.1.3 Security Audit 9
9 6.1.4 integrity of user data protection
6.1.5 User data privacy protection 9
6.1.6 Backup and Recovery 10
6.1.7 Detection and Analysis System Security 10
6.2 Technical security assurance requirements 10
6.2.1 security subsystem itself claimed 10
6.2.2 security subsystem design and implementation requirements 11
Safety management requirements 6.2.3 Security Subsystem 13
7 Third level application software system security technical requirements 13
Safety features 13 7.1 Technical Requirements
7.1.1 User authentication 13
7.1.2 Non-repudiation 14
7.1.3 Discretionary Access Control 14
7.1.4 numeral 15
7.1.5 Mandatory Access Control 15
16 7.1.6 Security Audit
7.1.7 User data integrity protection 16
7.1.8 User data privacy protection 16
7.1.9 Backup and Recovery 17
7.1.10 security detection and analysis system 17
7.2 Technical security assurance requirements 17
7.2.1 security subsystem itself claimed 17
7.2.2 security subsystem design and implementation requirements 19
Safety management requirements 7.2.3 Security Subsystem 21
8 The fourth application software system security technical requirements 22
Safety features 22 8.1 Technical Requirements
8.1.1 User authentication 22
8.1.2 Non-repudiation 22
8.1.3 Discretionary Access Control 23
8.1.4 mark 23
8.1.5 Mandatory Access Control 24
8.1.6 Security Audit 24
8.1.7 User data integrity protection 24
8.1.8 User data privacy protection 25
8.1.9 Trusted Path 26
8.1.10 Backup and Recovery 26
8.1.11 security detection and analysis system 26
8.2 Technical security assurance requirements 26
8.2.1 security subsystem itself claimed 26
8.2.2 security subsystem design and implementation requirements 27
Safety management requirements 8.2.3 Security Subsystem 30
9 The fifth application software system security technical requirements 31
Safety features 31 9.1 Technical Requirements
9.1.1 User authentication 31
31 9.1.2 Non-repudiation
9.1.3 Discretionary Access Control 32
9.1.4 marker 32
9.1.5 Mandatory Access Control 33
9.1.6 Security Audit 33
9.1.7 User data integrity protection 33
9.1.8 User data privacy protection 34
9.1.9 Trusted Path 35
9.1.10 Backup and Recovery 35
9.1.11 security detection and analysis system 35
9.2 Technical security assurance requirements 35
9.2.1 security subsystem itself claimed 35
9.2.2 security subsystem design and implementation requirements 37
Safety management requirements 9.2.3 Security Subsystem 40
Concepts Appendix A (informative) application software system safety instructions 41
Annex B (informative) Application Software System Security and Information Systems Security Relationship 42
Annex C (informative) Safety features and safety requirements of the technical sub-level correspondence 43
References 47
Foreword
This standard was drafted in accordance with GB/T 1.1-2009 given rules.
Please note that some of the content of this document may involve patents. Release mechanism of the present document does not assume responsibility for the identification of these patents.
This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points.
This standard was drafted. Beijing Jiangnan Tian Technology Co., Ltd., Beijing Siyuan Information Co., Ltd. Information Security startups.
The main drafters of this standard. Ji Zengrui, Chen Guan straight, Wang Zhiqiang, King Qianyuan.
Introduction
This standard describes the realization of GB 17859-1999 specified for each security level application software system should reach safety
Technical requirements for information system security protection in accordance with the requirements of the design and implementation of application software system security level required to provide
guide.
From the broad perspective of business application software system should include the development of software for specific applications, as well as for those business processing software
Development and operation support software tools and middleware. This standard only for each security level business processing software
Security should adopt security technology will be described.
Application software system is an important part of the information system is the sum of the information system for processing business application software. industry
Security needs of business applications, is the starting point for information system security needs and destination. All technical and management information systems security measures taken
Shi, ultimately to ensure the security of business applications. These security measures can be implemented in some application software systems, and some need in the letter
Other components of information systems implementation.
This standard is to describe the application software systems for various applications generally applicable safety technical elements of safety technology requirements.
Application software systems of different application areas can select different security technical elements to meet their specific security needs of business applications. this
At the same standards at all stages of life cycle of the application software system should follow safety technical requirements are briefly described.
Prepared according to standard regulatory requirements, the standard range in Chapter 1, Chapter 2 Normative references Terms and definitions third chapter,
After Abbreviations, Chapter 4 application software life cycle safety technical requirements, from the perspective of the application life cycle, application software, respectively
Initially, acquire or development phase, implementation, and evaluation phase, operation and maintenance phase, and disposal phase ends and the security technology requirements into
It provides a brief description. Standard from Chapter 5 to Chapter 9 to GB 17859-1999 five security levels divided as the fundamental basis for
GB/T 20271-2006 Classification of information systems on general safety technical requirements based on a level of security for each application software
Safety requirements for member systems are described, including. security features and technical requirements to ensure the safety technical requirements (including application software system security
Full self-protection subsystem requirements, application software, system security subsystem design and implementation requirements, application software, system security management security subsystem
Claim). In the hierarchical description Chapter 5 to Chapter 9, the "bold Arial" indicates a relatively low increase in the higher grades or enhanced within
Yung. The Standard Appendix A (informative) related application software system security concept note, application software systems information system
Location and application software security systems in information systems security, etc. are described. Annex B (informative) Application Software System
Security and information system security relationship, the application software system security is the security of information systems and application software core of the system security requirements on
Information system security requirements are described. Annex C (informative) gives the application software and system security features to security grading
The corresponding relationship between the demand. Table C.1 is a correspondence between the security features technical elements and security features hierarchical technical requirements; Table C.2 is safe
Full technical elements to ensure correspondence between the technical and safety assurance requirements graded.
Information Security Technology
Application Software System General Safety Requirements
1 Scope
This standard specifies the security level in accordance with 5 GB 17859-1999 division of application software system level protection
General technical requirements involved.
This standard applies to the security level in accordance with the five security levels divided GB 17859-1999 on the application of software systems
Design and implementation of protection. For safe protection according to GB 5 The classification 17859-1999 application software for security systems
Full protection grade test, management can also refer to use.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein
Member. For undated references, the latest edition (including any amendments) applies to this document.
GB 17859-1999 computer information system security protection classification criterion
GB/T 20271-2006 Information security technology - Common security techniques requirement information system
GB/T 20272-2006 Information security technology Security techniques requirement for operating system
GB/T 20273-2006 Information security technology Security techniques requirement for database management system
3 Terms and definitions, abbreviations
3.1 Terms and Definitions
GB/T 20271-2006 define the following terms and definitions apply to this document.
3.1.1
Application software systems applicationsoftwaresystem
An important part of information systems refers to the information system for processing a particular business software systems.
3.1.2
Application software systems security technology applicationsoftwaresystemsecuritytechnology
To ensure system security software application to determine the technological measures to achieve security objectives may be employed in the art.
3.1.3
Application software system security subsystem (SSOASS) securitysubsystemofapplicationsoftwaresystem
General application software systems security module. It establishes a basic security system to protect the environment applications, and provides
Additional user application software security system requires service. In accordance with GB 17859-1999 for trusted computing base (TCB) is defined, SSOASS
It is an application software system TCB. Wherein the required hardware and firmware support is provided by low-level security mechanism.
3.1.4
SSOASS Security Policy (SSP) SSOASSsecuritypolicy
The resources of SSOASS rules management, protection and distribution. A SSOASS can have one or more security
Strategy.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 28452-2012_English be delivered?Answer: Upon your order, we will start to translate GB/T 28452-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 5 ~ 8 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 28452-2012_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 28452-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|