GB/T 20945-2023 English PDFUS$989.00 ยท In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 20945-2023: Information security technology - Technical specification for network security audit products Status: Valid GB/T 20945: Historical versions
Basic dataStandard ID: GB/T 20945-2023 (GB/T20945-2023)Description (Translated English): Information security technology - Technical specification for network security audit products Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 52,581 Date of Issue: 2023-05-23 Date of Implementation: 2023-12-01 Older Standard (superseded by this standard): GB/T 20945-2013 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 20945-2023: Information security technology - Technical specification for network security audit products---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS35:030 CCSL80 National Standards of People's Republic of China Replacing GB/T 20945-2013 Information Security Technology Technical specifications for network security audit products Released on 2023-05-23 2023-12-01 Implementation State Administration for Market Regulation Released by the National Standardization Management Committee table of contentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 3 5 Overview 3 6 Technical requirements 4 6:1 Safety function requirements 4 6:2 Self-safety protection requirements 8 6:3 Environmental adaptability requirements 9 6:4 Performance requirements 10 6:5 Security requirements 10 7 Evaluation Methods 13 7:1 Test environment 13 7:2 Safety function test 13 7:3 Self-safety protection test 22 7:4 Environmental adaptability test 26 7:5 Performance testing 27 7:6 Safety assurance evaluation 28 8 Classification34 Appendix A (Informative) Audit Product Deployment Mode 35 Appendix B (Normative) Audit product basic level and enhanced level technical requirements and minimum set of evaluation methods 37 Reference 45forewordThis document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents" drafting: This document replaces GB/T 20945-2013 "Information Security Technology Information System Security Audit Product Technical Requirements and Test Evaluation Method Compared with GB/T 20945-2013, except for structural adjustment and editorial changes, the main technical changes are as follows: --- Changed the terms and definitions "event", "security audit", "audit record", "product log", "audit center" and "audit probe" (see 3:3, 3:4, 3:6, 3:7, 3:8, 3:9, 3:1, 3:2, 3:4, 3:5, 3:6, 3:7 of the:2013 edition); --- Changed the overview (see Chapter 5, Chapter 5 of the:2013 edition); ---Changed the "audit content" (see 6:1:2, 6:1:1:2:1, 6:2:1:2:1 of the:2013 edition); --- Deleted the "extended analysis interface" (see 6:2:1:2:2:5 of the:2013 edition); --- Added "custom event" (see 6:1:6:4); --- Added "product upgrade" (see 6:1:6:5); ---Changed "identification and authentication" (see 6:2:1, 6:1:2:1, 6:2:2:1 of the:2013 edition); --- Added "user information security" (see 6:2:5); --- Added "support system safety" (see 6:2:9); --- Added "environmental adaptability requirements" (see 6:3); --- Added "performance requirements" (see 6:4); --- Changed the "safety guarantee requirements" (see 6:5, 6:1:3, 6:2:3 of the:2013 edition); --- Added the normative appendix "Audit product basic level and enhanced level technical requirements and minimum set of evaluation methods" (see Appendix B): Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents: This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260): This document was drafted by: The Third Research Institute of the Ministry of Public Security, Beijing Shenzhou Lvmeng Technology Co:, Ltd:, Beijing Tianrongxin Network Security Technology Co:, Ltd: Company, Qi Anxin Wangshen Information Technology (Beijing) Co:, Ltd:, Venus Information Technology Group Co:, Ltd:, Xi'an Jiaotong University Jabil Network Technology Co:, Ltd:, Institute of Information Engineering, Chinese Academy of Sciences, Hangzhou Meichuang Technology Co:, Ltd:, Sangfor Technology Co:, Ltd:, Shanghai Haishi Information Security Evaluation and Certification Center, Landun Information Security Technology Co:, Ltd:, Huaxin Consulting Design and Research Institute Co:, Ltd:, Changchun Ji Dazhengyuan Information Technology Co:, Ltd:, China Network Security Review Technology and Certification Center, The First Research Institute of the Ministry of Public Security, China Electric Power Science Research Institute Co:, Ltd:, Beijing Shanshi Network Information Technology Co:, Ltd:, Beijing Municipal Information Security Center (Beijing Information Security Evaluation Center), Beijing Baidu Netcom Technology Co:, Ltd:, Changyang Technology (Beijing) Co:, Ltd:, Yuanjiang Shengbang (Beijing) Network Security Technology Co:, Ltd: Ltd: The main drafters of this document: Wang Zhijia, Shen Liang, Lu Zhen, Song Haohao, Gu Jian, Yu You, Hu Weina, Deng Qi, Xiao Ying, Bai Shuang, Liu Yan, Zhang Weifeng, He Jianfeng, An Gaofeng, Han Dongxu, Zhou Jie, Ye Runguo, Xu Tonghai, Sun Xiaoping, Liu Qiang, Zou Yi, Shen Yongbo, Zhao Hua, Yang Chenghao, Yao Shengying, Zhou Zhaodong, Jia Ling, Li Junzuo, Dong Ping: The release status of previous versions of this document and the documents it replaces are as follows: ---It was first published as GB/T 20945-2007 in:2007, and it was revised for the first time in:2013; --- This is the second revision: Information Security Technology Technical specifications for network security audit products1 ScopeThis document specifies the technical requirements for network security audit products and describes the evaluation methods: This document applies to the design, development, testing and evaluation of network security audit products:2 Normative referencesThe contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document: GB/T 18336:1-2015 Information technology security technology Information technology security assessment criteria Part 1: Introduction and general Model GB/T 18336:3-2015 Information Technology Security Technology Information Technology Security Assessment Criteria Part 3: Security Assurance Components GB/T 25069-2022 Information Security Technical Terminology GB/T 35273-2020 Personal Information Security Specifications for Information Security Technology3 Terms and DefinitionsGB/T 18336:1-2015, GB/T 18336:3-2015 and GB/T 25069-2022 and the following terms and definitions apply used in this document: 3:1 network security network security The maintenance of confidentiality, integrity and availability of information stored, transmitted and processed in the network environment: [Source: GB/T 25069-2022, 3:616] 3:2 abnormal abnormal A deviation from a previously verified condition, state, or behavior observed from documentation, operation, or monitoring: Note: Generally, the subjects involved in anomalies may be people, equipment, applications, services/processes, data, etc: Because the identified anomalies point to different subjects, they can be divided into Abnormal user behavior, abnormal device operation, abnormal program execution, abnormal service operation, abnormal data, etc: [Source: GB/T 32422-2015, 3:1, modified] 3:3 event incident Attempts to alter the state of an object and cause or may cause abnormal or damaging behavior to occur: [Source: GB/T 25069-2022, 3:552, modified] 3:4 Security audit securityaudit Independent review and examination of the records and activities of networks, information systems and their components to test the adequacy of system controls to ensure ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20945-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 20945-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 20945-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20945-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 20945-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20945-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
