GB/T 20270-2006 PDF English
US$145.00 · In stock · Download in 9 secondsGB/T 20270-2006: Information security technology -- Basis security techniques requirement for network Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
GB/T 20270-2006 | English | 145 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Information security technology -- Basis security techniques requirement for network
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GB/T 20270-2006
GB/T 20270-2006: Information security technology -- Basis security techniques requirement for network ---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20270-2006
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology –
Basis Security Techniques Requirement for Network
Issued on. MAY 31, 2006
Implemented on. DECEMBER 1, 2006
Issued by. General Administration of Quality Supervision, Inspection
and Quarantine;
Standardization Administration of the People's Republic
of China.
Table of Contents
Foreword... 5
Introduction... 6
1 Scope... 8
2 Normative References... 8
3 Terms, Definitions and Abbreviations... 8
4 Composition and Interrelationship of Network Security... 10
5 Basic Requirements for Network Security Function... 12
6 Requirements for Network Security Function at Each Grade and Layer... 21
7 Grading Requirements for Network Security Technology... 33
Appendix A... 62
Bibliography... 67
1 Scope
This Standard specifies basis security techniques requirements necessary for
network system of every security grade according to the division of five security
protection grades in GB 17859-1999 and the roles of network system in information
system.
This Standard is applicable to design and realization of network system according to
the requirements of hierarchy and for reference for testing and management of
network system security as required.
2 Normative References
The provisions in the following documents, through reference in this Standard,
constitute the provisions of this Standard. For dated reference, the subsequent
amendments, excluding corrigendum, or revisions of these publications do not apply.
However, all parties who enter into an agreement according to this Standard are
encouraged to study whether the latest editions of these documents are applicable.
For undated references, the latest edition of the normative document referred to
applies.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GB/T 20271-2006 Information Security Technology Common Security Techniques Requirement for Information System
3 Terms, Definitions and Abbreviations
3.1 Terms and definitions
For the purpose of this Standard, the terms and definitions given in GB/T
17859-1999 AND the following ones apply.
3.2 Abbreviation
For the purpose of this Standard, the following abbreviations apply to this Standard.
SFP security function policy
SSC SSF scope of control
SSFSSON SSON security function
SSP SSON security policy
SSON security subsystem of network
4 Composition and Interrelationship of Network Security
According to OSI reference model and security protection grades and security
element prescribed in GB 17859-1999, the composition and interrelationship of
network security are detailed in Table 1.
5 Basic Requirements for Network Security Function
5.1 Identity Authentication
5.1.1 User Identification
5.1.2 User Authentication
5.1.3 User-Subject Binding
When another subject (such as progress) shall be activated for one identified and
authenticated user so that SSF can complete a certain task under the SSON security
function control range, the users shall be related to the subject by user - subject
binding to correlate the user's identity to its all the auditable actions.
5.2 Discretionary Access Control
5.2.1 Access Control Policy
SSF shall design according to established discretionary access control security policy
to control the operation between subject and object.
5.2.3 Scope of Access Control
Discretionary access control coverage in network system includes.
5.2.4 Granularity of Access Control
Granularity of discretionary access control in network system includes.
5.3 Tag
5.3.1 Subject Tag
Mandatory access control subject shall be designated with a sensitive tag which is a
reference to execute mandatory access control. For example, sensitive tag for
combination of grade classification and non-grade classification is a basis to execute
multi-layer security model.
5.3.4 Output of Information with Tag
SSON shall indicate single stage or multiple stages for each communication channel
and I/O equipment and any change of tag shall be realized by authorized users and
permissibly audited by SSON. SSON shall maintain and be able to audit any change
of security protection grades or make security audit for security protection grades
involved with communication channel or I/O equipment.
5.4 Mandatory Access Control
5.5 Data Flow Control
In the network to realize data flow by way of data flow, the data flow control
mechanism shall be adopted to realize the data flow control, in order to prevent data
information with high security grade flowing to the area with low security grade.
5.6 Security Audit
5.6.1 Response of Security Audit
Security audit SSF shall respond to audit event in accordance with the following
requirements.
5.6.2 Generation of Security Audit Data
SSF shall generate audit data in accordance with the following requirements.
5.8 User Data Confidentiality
5.8.1 Confidentiality of Storage Data
The user data stored in SSC shall be subjected to confidentiality protection.
5.9 Trusted Path
Trusted path between the users and SSF shall be as follows.
6 Requirements for Network Security Function at Each Grade and Layer
6.1 Identity Authentication Function
The identity authentication security mechanism shall be designed in accordance with
the requirements of user identification and user authentication.
6.2 Discretionary Access Control Function
The required access control policy shall be selected in accordance with the
requirements for access control policy and the required discretionary access control
function shall be designed and achieved in accordance with the requirements for
access control function.
6.3 Tag Function
The tag shall be designed in accordance with the requirements for subject tag and
object tag.
6.11 Network Security Monitoring Function
Security monitoring function shall be provided for network system operation. Network
security monitoring mechanism collect security-related information by setting
distributed detector at each critical part of the network environment, and then network
security monitoring center collect and analyze to find various violation behavior timely.
7 Grading Requirements for Network Security Technology
7.1 Grade 1.the User's Discretionary Protection Grade
7.1.1 Grade 1 Security Function Requirements
7.1.2.3 SSON security management
SSON security management of the user's discretionary protection grade of network
system is realized according to the requirements of 6.1.6 in GB/T 20271-2006.
7.2 Grade 2.System Audit Protection Grade
7.2.1 Grade 2 Security Function Requirements
7.2.1.5 Session layer
7.2.1.6 Presentation layer
7.3 Grade 3.Security Tag Protection Grade
7.3.1 Grade 3 Security Function Requirements
7.5.2 Grade 5 Security Assurance Requirements
7.5.2.1 SSON self-security protection
a) SSF physical security protection. the physical security protection for SSF of
access verification protection grade of network system shall be realized
according to the requirements of 6.5.4.1 in GB/T 20271-2006;
b) SSF operation security protection. the operation security protection for SSF of
access verification protection grade of network system shall be realized
according to 6.5.4.2 in GB/T 20271-2006;
c) SSF data security protection. the data security protection for SSF of access
verification protection grade of network system shall be realized according to
the requirements of 6.5.4.3 in GB/T 20271-2006;
d) Resource utilization. the resource utilization of access verification protection
grade of network system shall be realized according to the requirements of
6.5.4.4 in GB/T 20271-2006;
e) SSON access control. the SSON access control of access verification
protection grade of network system shall be realized according to the
requirements of 6.5.4.5 in GB/T 20271-2006.
7.5.2.2 SSON design and realization
7.5.2.3 SSON security management
SSON security management of access verification protection grade of network
system shall be realized according to the requirements of 6.5.6 in GB/T 20271-2006.
...... Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked QuestionsQuestion 1: How long will the true-PDF of English version of GB/T 20270-2006 be delivered?Answer: The full copy PDF of English version of GB/T 20270-2006 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice. Question 2: Can I share the purchased PDF of GB/T 20270-2006_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20270-2006_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 20270-2006 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.
How to buy and download a true PDF of English version of GB/T 20270-2006?A step-by-step guide to download PDF of GB/T 20270-2006_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD). Step 2: Search keyword "GB/T 20270-2006". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9
|