|
US$359.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 37934-2019: Information security technology - Security technical requirements of industrial control system security isolation and information ferry system
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 37934-2019 | English | 359 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology - Security technical requirements of industrial control system security isolation and information ferry system
| Valid |
GB/T 37934-2019
|
PDF similar to GB/T 37934-2019
Basic data | Standard ID | GB/T 37934-2019 (GB/T37934-2019) | | Description (Translated English) | Information security technology - Security technical requirements of industrial control system security isolation and information ferry system | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 18,187 | | Date of Issue | 2019-08-30 | | Date of Implementation | 2020-03-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 37934-2019: Information security technology - Security technical requirements of industrial control system security isolation and information ferry system
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Security technical requirements of industrial control system security isolation and information ferry system
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology Industrial Control Network Security
Security technical requirements for isolation and information exchange systems
2019-08-30 released
2020-03-01 Implementation
State Administration for Market Regulation
Issued by China National Standardization Administration
Table of contents
Foreword Ⅰ
Introduction Ⅱ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Abbreviations 2
5 Product description 2
6 Safety technical requirements 2
6.1 Basic level safety technical requirements 2
6.1.1 Safety function requirements 2
6.1.2 Own safety requirements 3
6.1.3 Safety assurance requirements 5
6.2 Enhanced safety technical requirements 7
6.2.1 Safety function requirements 7
6.2.2 Own safety requirements 8
6.2.3 Safety assurance requirements 11
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents.
This standard was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
Drafting organizations of this standard. The Third Research Institute of the Ministry of Public Security, the Cyber Security Bureau of the Ministry of Public Security, and Beijing Shenzhou NSFOCUS Information Security Technology Co., Ltd.
Co., Ltd., Zhuhai Hongrui Software Technology Co., Ltd., China Electronics Technology Network Information Security Co., Ltd., China Information Security Research Institute
Co., Ltd., Beijing Tianrongxin Network Security Technology Co., Ltd., Jinan Huahan Electric Technology Co., Ltd., Beijing Kuangen Network Technology Co., Ltd.
The company, Beijing Likong Huakang Technology Co., Ltd., and China Electronics Standardization Institute.
The main drafters of this standard. Zou Chunming, Lu Zhen, Tian Yuan, Shen Qinghong, Fan Chunling, Lu Lei, Yu You, Liu Rui, Gu Jian, Liu Zhiyong, Chen Minchao,
Lan Kun, Yang Chen, Zhang Dajiang, Gong Lianghua, Lei Xiaofeng, Ye Xiaohu, Wang Xiaopeng, Zhou Wenqi, Fan Kefeng, Yao Xiangzhen, Li Lin, Zhou Ruikang.
Introduction
With the deep integration of industrialization and informatization, security threats from information networks are gradually causing great security to industrial control systems.
All threats, the general network security isolation and information exchange system is incapable of facing the security protection of industrial control systems, so it needs
A network security isolation and information exchange system that can be applied to an industrial control environment protects the industrial control system.
The main differences between the network security isolation and information exchange system applied to the industrial control environment and the general network security isolation and information exchange system are reflected in.
---In addition to basic five-tuple filtering, the general network security isolation and information exchange system also needs to have certain applications
Layer filter protection ability. The network security isolation and information exchange system used in the industrial control environment has in addition to general network security
In addition to the filtering capability of the application layer of some common protocols of the isolation and information exchange system, the filtering capability of the application layer of the industrial control protocol is also required.
---Combined with the current level of information security protection technology in the industrial control environment, and information security protection must not affect system functions
In normal operation, the mandatory access control requirements required by the general network security isolation and information exchange system cannot be adapted to the industrial control environment.
---The network security isolation and information exchange system under the industrial control environment has more advantages than the general network security isolation and information exchange system.
High availability, reliability, stability and other requirements.
Information Security Technology Industrial Control Network Security
Security technical requirements for isolation and information exchange systems
1 Scope
This standard specifies the security function requirements, own security requirements and security guarantees of industrial control network security isolation and information exchange systems
Claim.
This standard applies to the design, development and testing of industrial control network security isolation and information exchange systems.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 20279-2015 Information security technology network and terminal isolation product security technical requirements
GB/T 20438.3-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems Part 3.Software requirements
GB/T 20438.4-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems Part 4.Definitions and abbreviations
GB/T 25069-2010 Information Security Technical Terms
3 Terms and definitions
The following terms and definitions defined in GB/T 20279-2015, GB/T 20438.4-2017 and GB/T 25069-2010 apply to this document.
3.1
Industrial Control System
Industrial control system (ICS) is a general term that includes control systems used in a variety of industrial production, including monitoring and data acquisition
Integrated system (SCADA), distributed control system (DCS) and other smaller control systems, such as programmable logic controller (PLC), are now widely used
Widely used in industrial sectors and critical infrastructure.
[GB/T 32919-2016, definition 3.1]
3.2
Industrial Control Protocol
In the industrial control system, the communication protocol between the host computer and the control equipment, and between the control equipment and the control equipment.
Note. It usually includes analog and digital read-write control.
3.3
Industrial control network security isolation and information exchange system
Deployed between different security domains in the industrial control network, using protocol isolation technology to achieve access control and protocol between the two security domains
Products with functions such as conversion, content filtering and information exchange.
4 Abbreviations
The following abbreviations apply to this document.
MAC. Media Access Control
OPC. Object linking and embedding for process control
5 Product description
Industrial control network security isolation and information exchange systems are usually deployed at the boundary of industrial control networks, and the protected assets are industrial control networks
Or deployed between the production management layer and the process monitoring layer, the protected assets are the process monitoring layer network and the field control layer network. this
In addition, the industrial control network security isolation and information exchange system itself and its internal important data are also protected assets.
Industrial control network security isolation and information exchange systems are generally composed of two mainframes and dedicated isolation components, that is, internal processing
Unit, external processing unit and dedicated isolation components. Among them, special isolation parts can be used to contain electronic switches and solidify information
An isolated switch board composed of a dedicated isolation chip for the ferry control logic can also be a security-enhanced operation dedicated information transmission logic
The host of the control program. The internal and external processing units in the industrial control network security isolation and information exchange system are connected through dedicated isolation components.
The dedicated isolation component is the only trusted physical channel between the two security domains. This internal channel cuts out public network protocols such as TCP/IP.
Discuss the stack, using private protocols to achieve public protocol isolation. There are usually two ways to implement dedicated isolation components. one is to use a private protocol to logically
The method realizes protocol isolation and information transmission; the second is to use a group of mutually exclusive time-sharing electronic switches to realize the on-off control of the internal physical channel.
The information ferry is completed by time-sharing switching connection, thereby forming an isolation zone without real-time physical connection between the two security domains.
This standard divides industrial control network security isolation and information exchange system security technical requirements into security functions, own security requirements and security
Full protection requires three major categories. Safety function requirements, self-safety requirements and safety assurance requirements are divided into basic level and enhanced level.
In contrast, the content that has been increased or changed in the enhanced level is indicated by "in bold" in the text.
6 Safety technical requirements
6.1 Basic level safety technical requirements
6.1.1 Safety function requirements
6.1.1.1 Access control
6.1.1.1.1 Whitelist-based access control
The product should adopt a whitelisted access control strategy, that is, access that is not explicitly allowed by the access control strategy, which needs to be prohibited by default.
6.1.1.1.2 Network layer access control
The product should support access control based on source IP, source port, destination IP, destination port, transport layer protocol and other requirements.
6.1.1.1.3 Application layer access control
The product should support access control at the application layer.
a) Support the identification and access control of HTTP, FTP, TELNET and other applications;
b) Support at least one type of industrial control protocol access control.
6.1.1.1.4 In-depth inspection of industrial control protocols
The product should support in-depth analysis and access control of the industrial control protocol content.
a) Check the protocol protocol of the supported industrial control protocol, and explicitly reject access that does not comply with the protocol protocol;
b) It should support the access control of the operation type, operation object, operation range and other parameters of the industrial control protocol;
c) If it supports the OPC protocol. it should support control based on the control point name, read and write operations and other elements;
d) If the ModbusTCP protocol is supported. it should support device ID, function code type, read and write operations, register address, control value range
Control the surrounding elements.
6.1.1.2 Protocol isolation
All information flows sent and received between the subject and the object are stripped of the network layer protocol and restored to the application layer data.
TCP/IP private protocol format transmission.
6.1.1.3 Residual information protection
When allocating resources for all host connections on the internal or external network, the security function should ensure that the allocated resources are not provided
Any information content generated in previous connection activities.
6.1.1.4 Not bypassable
When security-related operations (such as modification of security attributes, internal network hosts transmitting information to external network hosts, etc.) are allowed to perform
Before implementation, the safety function should ensure that it passes the check of the safety function strategy.
6.1.1.5 Anti-attack
Products should be able to resist SYNFlood attacks, UDPFlood attacks, ICMPFlood attacks, Pingofdeath attacks and other typical rejections.
Absolute service attack capability.
6.1.2 Own safety requirements
6.1.2.1 Identification and identification
6.1.2.1.1 Unique identification
The product should ensure that any user has a unique identification.
6.1.2.1.2 Administrator attribute definition
The product should specify the security attributes related to each administrator, such as administrator identification, authentication information, membership group, authority, etc., and provide
A function to initialize the attributes of each administrator created with default values.
6.1.2.1.3 Basic authentication
The product should ensure that any user must be authenticated before performing security functions.
6.1.2.1.4 Authentication failure handling
The product should set an authentication attempt threshold for administrator login that can be modified by the authorized administrator. When the administrator's unsuccessful login attempt exceeds
If the threshold is exceeded, the system should block the administrator’s further authentication request through technical means.
6.1.2.2 Security Management
6.1.2.2.1 Interface and management security
Products should ensure the security of business interfaces, management interfaces, and management interfaces.
a) Business interface and management interface adopt different network interfaces;
b) The management interface and the management interface do not have medium to high risk security vulnerabilities.
6.1.2.2.2 Safety status monitoring
The product should be able to monitor the status of the product itself and its components, including monitoring the usage status of the product's CPU, memory, storage space and other system resources.
6.1.2.3 Data integrity
The security function should protect the authentication data and information transmission strategy stored in the device from unauthorized access, modification and destruction.
6.1.2.4 Time synchronization
The product should support time synchronization with an external time server.
6.1.2.5 High availability
6.1.2.5.1 Fault tolerance
The product should have certain fault tolerance.
a) When important programs and files are damaged, the device can recover automatically after restarting;
b) When important processes terminate abnormally, they can be started automatically.
6.1.2.5.2 Security Policy Update
The application of access control security policies should not affect normal data communication.
6.1.2.6 Audit log
6.1.2.6.1 Business log generation
The product should generate audit logs for the business functions it provides.
a) Access requests that match the access control policy, including permitted and prohibited access requests;
b) Identify and protect various types of attacks.
6.1.2.6.2 Business log content
The content of the business log includes at least.
a) Date, time, source and destination MAC, source and destination IP, source and destination port, protocol type;
b) The operation type, operation object, operation value and other related parameters of the industrial control protocol;
c) The type and description of the attack event.
6.1.2.6.3 System log generation
The product shall generate audit logs for the following events related to its own security.
a) Identity authentication, including success and failure;
b) Measures taken to prohibit further attempts due to the number of authentication failures exceeding the threshold;
c) Addition, deletion, and modification of access control policies;
6.1.2.6.4 System log content
The content of the system log should at least include date, time, event subject, event object, event description, etc.
6.1.2.6.5 Audit log management
Should support the log management function, the specific technical requirements are as follows.
a) Only authorized administrators should be able to read, archive, export, delete, and empty the audit log;
b) Tools to check logs should be provided;
c) Audit events should be stored in non-volatile storage media after power failure, and at least the authorized auditor can be notified when the storage space reaches the threshold.
6.1.3 Safety assurance requirements
6.1.3.1 Development
6.1.3.1.1 Security Architecture
The developer should provide a description of the security architecture of the product's security functions. The technical requirements are as follows.
a) Consistent with the description of the safety function in the product design document;
b) Describe the security domain consistent with the security function requirements;
c) Describe the initialization process and safety measures of product safety functions;
d) Verify that the product safety function can prevent damage;
e) Confirm that the product safety function can prevent the safety strategy from being bypassed.
6.1.3.1.2 Functional specification
The developer should provide a complete functional specification, and the technical requirements are as follows.
a) Completely describe the safety function of the product;
b) Describe the purpose and usage of all safety function interfaces;
c) Identify and describe all parameters related to each safety function interface;
d) Describe the safety function implementation behavior related to the safety function interface;
e) Describe the direct error message caused by the implementation of the safety function;
f) Verify that the safety function requires traceability to the safety function interface.
6.1.3.1.3 Product design
The developer should provide product design documents, the technical requirements are as follows.
a) Describe the product structure according to the subsystem, and identify and describe all the subsystems of the product safety function;
b) Describe the interaction between all subsystems of the safety function;
c) The provided mapping relationship can verify that all the behaviors described in the design can be mapped to the security function interface that calls it.
6.1.3.2 Guiding documents
6.1.3.2.1 Operation User Guide
The developer should provide a clear and reasonable operating user guide, and the operating user guide should be consistent with all other documents provided for evaluation.
To, the description requirements for each user role are as follows.
a) Describe the functions and privileges that authorized users can access, including appropriate warning information;
b) Describe how to use the interface provided by the product in a safe manner;
c) Describe the available functions and interfaces, especially all the safety parameters controlled by the user, and specify the safety values when appropriate;
d) Clearly state every security-related event related to the user-accessible function that needs to be performed, including changing the control of the security function
The security features of the control entity;
e) Identify all possible states of product operation (including failures or operational errors caused by operations), and their relationship with maintaining safety
Causality and connection between operations;
f) The security strategy that should be implemented to achieve the security purpose.
6.1.3.2.2 Preparation procedures
The developer should provide the product and its preparation procedures, the technical requirements are as follows.
a) Describe all the steps necessary to safely receive the delivered product consistent with the developer's delivery procedure;
b) Describe all the steps necessary to safely install the product and its operating environment.
6.1.3.3 Life cycle support
6.1.3.3.1 Configuration management capabilities
The developer's configuration management capabilities should meet the following requirements.
a) Provide unique identification for different versions of the product;
b) Use the configuration management system to maintain all the configuration items that make up the product, and uniquely identify each configuration item;
c) Provide configuration management documents, which describe the methods used to uniquely identify configuration items.
6.1.3.3.2 Configuration management scope
The developer should provide a list of product configuration items and indicate the developer of the configuration items. The list of configuration items includes at least product and safety assurance requirements
The evaluation evidence and product components.
6.1.3.3.3 Delivery procedures
Developers should use certain delivery procedures to deliver products and document the delivery process. When delivering each version of the product to the user,
The delivery document should describe all procedures necessary to maintain safety.
6.1.3.3.4 Support system security
Developers should clarify the security measures of the product support system. The technical requirements are as follows.
a) If the product is submitted in the form of software, the compatibility, reliability, and security requirements of the supporting operating system should be described in detail in the delivery document;
b) If the product is submitted in the form of hardware, a safe and reliable supporting operating system should be selected and adopted, and the necessary system should be selected based on the principle of minimization.
System components, and take certain reinforcement measures.
6.1.3.3.5 Hardware security guarantee
If the product is submitted in the form of hardware, the developer should take measures to ensure hardware safety. The technical requirements are as follows.
a) The product should adopt a hardware platform with high reliability;
b) If the hardware platform is outsourced, corresponding procedures should be developed to manage the hardware provider and verify the purchased hardware platform or components.
It requires the hardware provider to provide a certificate of conformity and necessary third-party environmental suitability test reports.
6.1.3.4 Test
6.1.3.4.1 Test coverage
The developer should provide a test coverage document, and the test coverage description should indicate the test and functional specifications identified in the test document.
Correspondence between the safety functions of the products.
6.1.3.4.2 Function test
Developers should test product safety features, document the results and provide test documentation. The test document should include the following.
a) Test plan, which identifies the tests to be performed, and describes the plan for executing each test. These plans include the results of other tests
Any order dependency of;
b) The expected test result, indicating the expected output after the test is successful;
c) The actual test results are consistent with the expected test results.
6.1.3.4.3 Independent testing
Developers should provide a set of resources equivalent to those used in self-testing safety functions for sampling tests of safety functions.
6.1.3.5 Vulnerability assessment
Based on the identified potential vulnerabilities, the product can resist basic attacks.
6.2 Enhanced safety technical requirements
6.2.1 Safety function requirements
6.2.1.1 Access Control
6.2.1.1.1 Whitelist-based access control
The product should adopt a whitelisted access control strategy, that is, access that is not explicitly allowed by the access control strategy, which needs to be prohibited by default.
6.2.1.1.2 Network layer access control
The product should support access control based on source IP, source port, destination IP, destination port, transport layer protocol and other requirements.
6.2.1.1.3 IP/MAC address binding
The product should support automatic or manual binding of the IP/MAC address of the device communicating with it by the administrator, when the communication IP, MAC address
When it does not match the binding list, communication should be blocked.
6.2.1.1.4 Application layer access control
The product should support access control at the application layer.
a) Support the identification and access control of HTTP, FTP, TELNET and other applications;
b) Support access control of at least two industrial control protocols.
6.2.1.1.5 In-depth inspection of industrial control protocols
The product should support in-depth analysis and access control of the industrial control protocol content.
a) Check the protocol protocol of the supported industrial control protocol, and explicitly reject access that does not comply with the protocol protocol;
b) It should support the access control of the operation type, operation object, operation range and other parameters of the industrial control protocol;
c) If it supports the OPC protocol. it should support control based on the control poi...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 37934-2019_English be delivered?Answer: Upon your order, we will start to translate GB/T 37934-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 37934-2019_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 37934-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|