GB/T 30273-2013 English PDF
Basic dataStandard ID: GB/T 30273-2013 (GB/T30273-2013)Description (Translated English): Information security technology -- Common methodology for information systems security assurance evaluation Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 141,152 Quoted Standard: GB/T 20274.1-2006; GB/T 20274.2-2008; GB/T 20274.3-2008; GB/T 20274.4-2008 Regulation (derived from): National Standards Bulletin 2013 No. 27 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the criteria for use when evaluators GB/T 20274 series of standards defined by the need to complete an assessment of assessment activities, provide guidance for the evaluator to assess the behavior and activities of specific assess GB/T 30273-2013: Information security technology -- Common methodology for information systems security assurance evaluation---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology. Common methodology for information systems security assurance evaluation ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology General Information Systems Security Assessment Guidelines Issued on. 2013-12-31 2014-07-15 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Symbols and abbreviations 2 5 Overview 3 Relationship 5.1 GB/T 20274 series of standards and this standard between 3 structure 5.2 Assessment award 3 6 General Evaluation Model 4 6.1 Evaluation Model Overview 4 6.2 Assessment Task 4 Input 6.3 Assessment Activity 5 6.4 Assessment Task 5 output 7 9 Assessment Information System Protection Profile 7.1 Overview 9 7.2 Objective 9 7.3 Assessment requirements 9 7.4 Assessment Activity 9 8 Information Systems Security Assessment objectives 18 8.1 Overview 18 8.2 Objective 18 8.3 Assessment Requirements 18 Evaluation activities 19 8.4 9 assessment of information systems security measures 30 9.1 Information security technology safeguards assessment 30 9.2 Information Systems Security Management safeguards assessment 74 9.3 Information Systems Security Engineering safeguards assessment 113 10 126 information system security level evaluation 10.1 Overview 126 10.2 Objective 126 10.3 relationship 126 10.4 ISAL1 (basic execution) assessment 126 10.5 ISAL2 (planning and tracking level) assessment 127 10.6 ISAL3 (well-defined level) assessment 129 10.7 ISAL4 (quantization control level) assessment 131 10.8 ISAL5 (continuous improvement level) assessment 132 Appendix A (normative) General Evaluation Guide 134 References 135ForewordThis standard was drafted in accordance with GB/T 1.1-2009 given rules. This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points. This standard drafting units. China Information Security Evaluation Center, North China Institute of Computing Technology, Central China Information Security Evaluation Center Assessment Center. The main drafters of this standard. Jiang Changqing, Zhang Li, Yi Zhan Yao, Xin Tong, Ban Xiaofang, Wengzheng Jun, Wang Hongxian.IntroductionThis standard is GB/T 20274 series of standards "Information Security Technology Information Systems Security Assessment Framework" supporting guidance document. The target audience is the use of standard GB/T 20274 series of standards for information systems security evaluation and assessment of the evaluators Shen Please, developers, ISPP/ISST compilers. Information Security Technology General Information Systems Security Assessment Guidelines1 ScopeThis standard describes the evaluation criteria were when using GB/T 20274 series of standards defined by the need to assess the completion of evaluation activities Move, provide guidance for evaluators to assess the behavior and activities in the specific assessment activities. This standard applies to the use of GB/T 20274 series of standards for information system security assessment and ISPP/ISST assessment.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB/T 20274.1-2006 Information security technology information system security assessment framework - Part 1. Introduction and general model GB/T 20274.2-2008 Information technology security information system security assessment framework - Part 2. Technical Support GB/T 20274.3-2008 Information security technology information system security assessment framework - Part 3. Management Guarantee GB/T 20274.4-2008 Information security technology information system security assessment framework - Part 4. Engineering Support3 Terms and DefinitionsThe following terms and definitions apply to this document. 3.1 Verification check Evaluators formed a relatively simple decision. NOTE. Use this verb phrase describes the need to check the contents. 3.2 Assessment deliverables evalutiondeliverable Evaluators to perform one or more evaluation activities necessary for any resources from the applicant or developer. 3.3 Assess the evidence evaluationevidence Tangible evaluation deliverable. 3.4 Evaluation Report evaluationtechnicalreport Form of documents recording the overall award and the reasons reported by the evaluator prepared. 3.5 Examination examination Analysis using evaluator expertise to form a ruling. Note. This statement indicates that the verb which is to be analyzed and what the nature of the needs analysis. 3.6 Interpretation interpretation A kind of standard content clarification or detail. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 30273-2013_English be delivered?Answer: Upon your order, we will start to translate GB/T 30273-2013_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 30273-2013_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 30273-2013_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
