GB/T 35280-2017 English PDFUS$279.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 35280-2017: Information security technology -- Requirement and code of conduct for security testing bodies of information technology products Status: Valid
Basic dataStandard ID: GB/T 35280-2017 (GB/T35280-2017)Description (Translated English): Information security technology -- Requirement and code of conduct for security testing bodies of information technology products Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 14,155 Date of Issue: 2017-12-29 Date of Implementation: 2018-07-01 Regulation (derived from): National Standards Bulletin 2017 No. 32 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China GB/T 35280-2017: Information security technology -- Requirement and code of conduct for security testing bodies of information technology products---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology - Requirement and code of conduct for security testing bodies of information technology products ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Information Technology Product Security Testing agency conditions and code of conduct 2017-12-29 Posted 2018-07-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 basic requirements 2 4.1 Administrative Requirements 2 4.2 capacity requirements 2 5 Resource Requirements 2 5.1 staff 2 5.2 Facilities and Environment 3 5.3 Equipment 3 5.4 External Products and Services 4 6 Process Requirements 4 6.1 Requirements, Tenders and Contract Review 4 6.2 Method Selection and Verification 4 6.3 Sampling 5 6.4 test sample disposal 5 6.5 Technical Records 5 6.6 quality assurance test results 5 6.7 Results report 6 6.8 Complaints 6 6.9 does not meet the testing control 6 6.10 Data and Information Management 6 7 Management System Requirements 7 8 Code of Conduct 7 Reference 9 ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents. This standard by the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This standard drafting unit. China Electronics Standardization Institute, China Information Security Assessment Center, China Institute of Information Security Limited Company, Beijing Information Security Assessment Center, National Information Technology Security Research Center, Ministry of Public Security Institute of the third, the National Security Technology Evaluation Heart, National Application Software Product Quality Supervision and Inspection Center, China Information Security Certification Center, China Electronics Technology Corporation fifteenth study (Information Industry Information Security Assessment Center), Institute of Software Chinese Academy of Sciences, Shaanxi Province Network and Information Security Assessment Center, Xi'an Electronics University of Science and Technology, Chongqing University of Posts and Telecommunications, East China Normal University, State Grid Jiangsu Electric Power Company Electric Power Research Institute. The main drafters of this standard.Fan Kefeng, Wang Hui-li, Gong Jie, Li Lin, Ren Zejun, Wang Chunjia, Yang Chen, Gu Jian, Yang Hongning, Wang Kun, Dong Jingjing, Li Fengjuan, Zhang Baofeng, Shi Zhiwei, Wei Fangfang, Gan Gefu, Liu Yuling, He Hai, Ma Wenping, Yang Fan, Pei Qingqi, Yang Li, Huang Yonghong, He Daojing, Liu Hong, Huang Wei.IntroductionTo protect cyber security for critical information infrastructure, mitigating security shortfalls that may be introduced into facilities due to extensive use of information technology products Potential security risks such as vulnerabilities, vulnerabilities, malicious programs, etc., need to be improved through the detection of information technology products and the improvement of information technology products Product safety and security capabilities. At the same time, in order to strengthen the management of information technology product safety testing organizations, standardize the behavior of information technology product safety testing agencies and guarantee the testing activities The impartiality and credibility of the safety testing agencies and the ability to promote the supply of information technology products to improve product safety and security capabilities to protect National key information infrastructure safety, the development of this standard. Information Security Technology Information Technology Product Security Testing agency conditions and code of conduct1 ScopeThis standard specifies the information technology products safety testing agencies should have the conditions and should comply with the code of conduct. This standard applies to third-party agencies engaged in the security testing of information technology products, for the relevant authorities, the supply of information technology products Party and the user to choose a third-party testing agencies to provide a reference.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. Information technology - Security terminology Glossary and general principles of conformity assessment GB/T 27000-2006 GB/T 27025 General requirements for testing and calibration laboratories Information security technology Information technology product supplier behavior safety guidelines3 Terms and definitionsGB/T 25069-2010, GB/T 27000-2006 and GB/T 32921-2016 as defined by the following terms and definitions apply In this paper. For ease of use, some terms and definitions in GB/T 32921-2016 are listed below. 3.1 Information technology product informationtechnologyproduct Has the hardware, software, systems and services that collect, store, process, transmit, control, exchange, display data or information functions. Note. Information technology products include computers and their auxiliary equipment, communications equipment, network equipment, automatic control equipment, operating systems, databases, application software and services Services and so on. [GB/T 32921-2016, Definition 3.1] 3.2 Information technology product supplier informationtechnologyproductsupplier Organization providing information technology products. Note. Information technology product suppliers include manufacturers, distributors, agents, integrators, service providers and more. [GB/T 32921-2016, Definition 3.2] 3.3 Information technology product safety testing agencies securitytestingbodiesofinformationtechnologyproducts Third-party agencies engaged in the safety testing of information technology products. Note 1. An information technology product safety testing facility can be an organization or part of an organization. Note 2. This standard information technology product safety testing agency referred to as "testing agencies." ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 35280-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 35280-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 35280-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 35280-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
