GB/T 20276-2016 English PDFUS$679.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 20276-2016: Information security technology -- Security requirements for embedded software in IC card with CPU Status: Valid GB/T 20276: Historical versions
Basic dataStandard ID: GB/T 20276-2016 (GB/T20276-2016)Description (Translated English): Information security technology -- Security requirements for embedded software in IC card with CPU Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 34,368 Date of Issue: 2006-05-31 Date of Implementation: 2017-03-01 Older Standard (superseded by this standard): GB/T 20276-2006 Regulation (derived from): National Standard Announcement 2016 No.14 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China GB/T 20276-2016: Information security technology -- Security requirements for embedded software in IC card with CPU---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology - Security requirements for embedded software in IC card with CPU ICS 35.040 L80 National Standards of People's Republic of China Replacing GB/T 20276-2006 Information Security Technology IC card embedded software with central processing unit Safety technical requirements 2016-08-29 released 2017-03-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of the People 's Republic of China China National Standardization Management Committee released Directory Preface I Introduction II 1 Scope 1 2 normative reference document 1 3 terms and definitions, abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 1 4 IC card embedded software description 2 5 Definition of security issues 2 5.1 Assets 2 5.2 Threats 3 5.3 Organizational Security Strategy 4 5.4 Hypothesis 4 6 safety purpose 5 6.1 TOE Safety Purpose 5 6.2 Environmental Safety Purpose 6 7 Safety requirements 6 7.1 Safety Function Requirements 6 7.2 security requirements 11 Basic principles Basic principles of safety purposes 8.2 Safety Requirements Fundamentals 26 Component Dependency Reference 30 ForewordThis standard is drafted in accordance with the rules given in GB/T 1.1-2009. This standard replaces GB/T 20276-2006 "Information security technology Smart card embedded software security technical requirements (EAL4 enhanced level)". This standard compared with GB/T 20276-2006, the main changes are as follows. --- the standard name will be changed to "information security technology with IC processor IC card embedded software security technical requirements"; - Chapter 3 updates the term; --- Chapter 4 re-describes the IC card embedded software structure and application environment, and a more clear TOE scope definition; - Chapter 5 defines and simplifies the definition of security issues, defining six threats, three organizational security policies, and five Hypothesis - Chapter 6 updates the description of TOE security objectives in accordance with the new security issue definition; - Chapter 7 adjusts the safety function requirements to refine the new safety purpose description, clearly indicating that EAL4 and EAL5 should meet the safety function requirements; and security requirements have been adjusted to increase the EAL5 requirements Safeguards components; - Chapter 8 Definition of new security issues and safety objectives, safety objectives and safety requirements of the relationship between the basic principles of re- Conducted a comb, but also analyzed the dependencies between components. This standard is proposed by the National Information Security Standardization Technical Committee (SAC/TC260). The drafting of this standard. China Information Security Evaluation Center, Beijing Duo Si Technology Industrial Park Co., Ltd., the world of financial technology shares Limited company, Beijing University of Posts and Telecommunications, Jilin Information Security Evaluation Center. The main drafters of this standard. Zhang Chongbin, Shi Hongsong, Gao Jinping, Yang Yongsheng, Wang Yuhang, Rao Huayi, Wang Yannan, Chen Jiazhe, Li Dongsheng, Li Ming, Cao Chunchun, Shen Minfeng, Cui Baojiang, Zhao Jingling, Tang Xiqing, Liu Zhanfeng, Liu Li, Zou Zhaoliang. This standard replaced the previous version of the standard release. --- GB/T 20276-2006.IntroductionIC card application scope of the expansion and application of the complexity of the environment, requiring IC card embedded software has a stronger security protection. The EAL4 of this standard is based on EAL4 to enhance AVA_VAN.3 to AVA_VAN.4; EAL5 is EAL5 is based on AVA_VAN.4 enhanced to AVA_VAN.5, and ALC_DVS.1 enhanced to ALC_DVS.2. Information Security Technology IC card embedded software with central processing unit Safety technical requirements1 ScopeThis standard provides for the EAL4 enhanced level and EAL5 enhanced level with the central processing unit IC card embedded software security The safety requirements of the nurseries, including the definition of safety issues, safety objectives, safety requirements, basic principles and so on. This standard is applicable to the testing, evaluation and procurement of IC card embedded software products with central processing units, and can also be used to guide such Product development and development.2 normative reference documentsThe following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article Pieces. For undated references, the latest edition (including all modifications) applies to this document. GB/T 18336 (all parts) Information technology Security technology Information technology safety assessment criteria Information security technical terminology GB/T 25069-2010 3 terms and definitions, abbreviations 3.1 Terms and definitions GB/T 25069-2010 and GB/T 18336.1 and the following terms and definitions apply to this document. 3.1.1 Personalized data Personalizationdata Data written during the personalization of IC card embedded software for configuring parameters related to a particular application or user. 3.2 abbreviations The following abbreviations apply to this document. CM. Configuration Management (Configuration Management) EAL. Evaluation Support Level (EvaluationAssuranceLevel) EEPROM. Electrically Erasable Programmable Read Only Memory (Electricaly-ErasableProgrammableRead-onlyMemory) IC. Integrated circuit (IntegratedCircuit) I/O. Input/Output (Input/Output) RAM. random access memory (Random-AccessMemory) ROM. Read-only memory (Read-OnlyMemory) ST. Security target (SecurityTarget) TOE. Evaluation object (Target ofEvaluation) TSF. TOE security function (TOESecurityFunctionality) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20276-2016_English be delivered?Answer: Upon your order, we will start to translate GB/T 20276-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 20276-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20276-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 20276-2016?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20276-2016 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
