HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GB/T 20271-2006 PDF English

US$145.00 · In stock · Download in 9 seconds
GB/T 20271-2006: Information security technology -- Common security techniques requirement for information system
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 20271-2006English145 Add to Cart 0-9 seconds. Auto-delivery Information security technology -- Common security techniques requirement for information system Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 20271-2006
      

Similar standards

GB/T 20272   GB/T 20273   GB/T 20270   GB/T 20279   

GB/T 20271-2006: Information security technology -- Common security techniques requirement for information system


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20271-2006
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information Security Technology – Common Security Techniques Requirement for Information System Issued on. MAY 31, 2006 Implemented on. DECEMBER 1, 2006 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China; Standardization Administration of the People’s Republic of China.

Table of Contents

1 Scope... 14 2 Normative References... 14 3 Terms, Definitions and Abbreviations... 14 4 Technical Requirements for Security Function... 21 5 Technical Requirements of Security Assurance... 48 6 Graded Requirements for Security Technology of Information System... 76 Appendix A (Informative) Explanation of Standard Concept... 132 Appendix B (Informative) Security Design Reference of Graded Information System ... 136 Appendix C (Informative) The Corresponding Relationship between the Elements and Graded Requirements of Security Technology... 156 References... 171

1 Scope

This Standard specifies the requirements of every security level for the security technology required for information system security according to the classification of five security protection levels in GB 17859-1999. This Standard is applicable to the design and realization of security information system according to the graded requirements, and serves for reference for the test and management of the information system security implemented according to graded requirements.

2 Normative References

The following normative documents contain the provisions which, through reference in this text, constitute the provisions of this Standard. For dated references, the subsequent amendments (excluding corrigendum) or revisions of these publications do not apply. However, all parties who enter into an agreement according to this Standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies. GB 17859-1999 Graded Criteria for Security Protection of Computer Information System GBJ 45-1982 Specifications for the Design of Highrise Civil Buildings (Trial) - Fire Prevention TJ 16-1974 Code for Design of Building Fire Protection

3 Terms, Definitions and Abbreviations

3.1 Terms and Definitions For the purposes of this Standard, the terms and definitions specified in GB 17859- 1999 AND those listed below apply. 3.2 Abbreviations For the purpose of this Standard, the following abbreviations apply. CM. configuration management CMS. configuration management system PP. protection profile SFP. security function policy SSC SSF. SSF scope of control SSF SSOIS. SSOIS security function SSP SSOIS. SSOIS security policy SSOIS. security subsystem of information system ST. security target

4 Technical Requirements for Security Function

4.1 Physical Security 4.1.1 Environmental Security 4.1.1.1 Security protection for central machine room 4.2 Operation Security 4.2.1 Risk Analysis The risk analysis of information system shall be carried out according to the following requirements. 4.2.4 Security Audit 4.2.4.1 Response of security audit Security audit SSF shall respond to audit event according to the following requirements. 4.2.4.2 Generation of security audit data Audit data shall be generated by security audit SSF according to the following requirements. 4.2.4.3 Security audit analysis According to different requirements on security audit, security audit analysis is divided into. 4.2.6 Backup and Fault Recovery In order to realize the defined recovery function, periodic backup or backup according to certain conditions must be carried out under normal operation of information system. Different recovery requirements shall be supported with different backup. According to different requirements on operation security of information system, security technology and mechanism for the realization of backup and fault recovery are divided into. 4.2.9 Trusted Computing and Trusted Connecting Technology 4.3 Data Security 4.3.1 Identity Authentication 4.3.1.1 User identification and authentication 4.3.1.4 Equipment identification and authentication 4.3.1.4.1 Equipment identification According to different requirements on equipment identification and authentication, equipment identification is divided into. 4.3.3.4 Granularity of access control According to the different requirements of access control, granularity of discretionary access control is graded into. 4.3.9 Trusted Path Trusted path between the user and SSF shall.

5 Technical Requirements of Security Assurance

5.1 SSOIS Self-security Protection 5.1.1 SSF Physical Security Protection 5.1.2 SSF Operation Security Protection 5.1.2.1 Security operation test SSF shall provide security operation test for SSF software periodically under normal operation, as required by the authorized user or under other conditions, through operating test suit during the system initialization, so as to verify that the security assumption provided by SSF can be executed correctly. 5.1.2.5 Domain separation SFP shall ensure at least a security domain to protect SSF implementation from external interference and tampering (e.g. modify the SSF code or data structure) by the untrusted subject. According to the different requirements of SSF operation security protection, domain separation is graded into. 5.1.3 SSF Data Security Protection 5.1.3.1 Availability of output SSF data The availability of SSF data (like password, secret key, audit data or executable code of SSF) which are output from SSF to that of remote information system is ensure within the scope of defined measurement of availability through a series of rules, as indicated in the type list of SSF data. 5.1.3.2 Confidentiality of output SSF data SSF data (like password, key, audit data or executable of SSF) shall be protected from unauthorized leakage where it is output from SSF to that of remote information system. 5.1.3.4 Protection for SSF data transport in SSOIS SSF data transported between separated parts in SSOIS shall be protected. According to the different security protection requirements of SSF data, protection for SSF data transport in SSOIS is graded into. 5.1.3.5 SSF data consistency between SSFs In the distributed or composite system environment, the capability ensuring the consistency of data between SSFs shall be provided where SSF exchanges SSF data with SSF of other information system (e.g. SFP attribute, audit information, identification information etc.). 5.1.3.8 Trusted channel among SSF A trusted channel of data transport shall be provided between SSF and that of remote information system in order to protect communication data against the modification and leakage; meanwhile, the communication originated by SSF or that of remote information system through the trusted channel shall be allowed, supporting the communication which is originated by various functions listed in the function list and passes through the trusted channel. 5.1.4 SSOIS Resources Utilization 5.2 SSOIS Design and Realization 5.2.1 Configuration Management 5.2.2 Distribution and Operation 5.2.2.1 Distribution SSOIS product received by the receiving party shall be ensured to be transported by the very sender without any modification, the primary objective is to test SSOIS and avoid any modification to it in the process of distribution. According to different requirements of distribution and operation, distribution is graded into. 5.2.2.2 Operation (installation, generation and start) It shall be ensured that installation, generation and start is carried out in the security mode which is expected by developer, and realization expression of SSOIS under the control of configuration is securely converted to initial operation in the user environment. The installation, generation and start process may be described in an independent document. According to different requirements of distribution and operation, operation is graded into. 5.2.3 Development 5.2.3.1 Function design According to the requirements of formalization degree and detail degree of the provided SSF external interface, and different requirements of development, function design is graded into.

6 Graded Requirements for Security Technology of Information System

6.1 Level-1.the User's Discretionary Protection Level 6.1.1 Physical Security 6.1.1.1 Environmental security 6.1.2 Operation Security 6.1.2.1 Risk analysis The risk analysis is carried out according to the requirements of 4.2.1 for the determination of overall security requirements of information system; security technology and security management measures shall be taken for the confidentiality, integrity and availability determined to be required for the realization of the user's discretionary protection level based on the requirements of the user's discretionary protection level on physical security, operation security and data security. 6.1.2.5 Malicious code protection The malicious code protection function is designed and realized according to the requirements of strict management in 4.2.7. 6.1.2.6 Emergency handling of information system The emergency plans and measures are designed and developed in combination with specific requirements of the user's discretionary protection level on information system according to the requirements of taking various security measures in 4.2.8 to define measures which shall be taken where various conditions occur to the information system. 6.1.3 Data Security 6.1.3.1 Identity authentication 6.2.1.2 Equipment security The equipment security function is designed and realized according to the requirements of 4.1.2.The security protection level requires to. 6.2.1.3 Record medium security Record medium security protection function is designed and realized according to the requirements of internal data medium protection in 4.1.3. 6.2.2 Operation Security 6.2.2.1 Risk analysis The risk analysis is carried out according to the requirements of 4.2.1 for the determination of overall security requirements of information system; security technology and security management measures shall be taken for the confidentiality, integrity and availability determined to be required for the realization of system audit protection level based on the requirements of system audit protection level on physical security, operation security and data security. 6.2.5 SSOIS Design and Realization 6.3 Level-3.Security Label Protection Level 6.3.1 Physical Security 6.3.1.1 Environmental security 6.4 Level 4.Structured Protection Level 6.4.1 Physical Security 6.4.1.1 Environmental security 6.5 Level-5.Access Verification Protection Level 6.5.1 Physical Security ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 20271-2006 be delivered?

Answer: The full copy PDF of English version of GB/T 20271-2006 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 20271-2006_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 20271-2006_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 20271-2006 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 20271-2006?

A step-by-step guide to download PDF of GB/T 20271-2006_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 20271-2006".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9