HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (29 Sep 2024)

GB/T 20274.4-2008 PDF in English


GB/T 20274.4-2008 (GB/T20274.4-2008, GBT 20274.4-2008, GBT20274.4-2008)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 20274.4-2008English145 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Evaluation framework for information systems security assurance -- Part 4: Engineering assurance Valid
Standards related to (historical): GB/T 20274.4-2008
PDF Preview

GB/T 20274.4-2008: PDF in English (GBT 20274.4-2008)

GB/T 20274.4-2008 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information Security Technology - Evaluation Framework for Information Systems Security Assurance - Part 4. Engineering Assurance ISSUED ON. JULY 18, 2008 IMPLEMENTED ON. DECEMBER 1, 2008 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China; Standardization Administration of the People's Republic of China. Table of Contents Foreword ... 4  1 Scope ... 5  2 Normative References ... 5  3 Terms and Definitions ... 5  4 Structure of This Part ... 6  5 Framework of Information Systems Security Engineering Assurance ... 6  5.1    Overview of Information Systems Security Engineering Assurance ... 6  5.2    Information Systems Security Engineering Assurance Control ... 7  5.3    Information System Security Engineering Capability Maturity Level ... 10  6 Structure of Information Security Engineering Assurance Control Class ... 11  6.1    General ... 11  6.2    Structure of Security Engineering Assurance Control Class ... 11  6.3    Structure of Security Engineering Assurance Control Subclass ... 12  6.4    Structure of Security Engineering Assurance control module ... 13  7 PRM Security Engineering Assurance Control Class. Process of Risk ... 14  7.1    Introduction of Security Engineering Assurance Control Class in Process of Risk ... 14  7.2    System Definition (PRM_SDF) ... 15  7.3    Assess Threat (PRM_ATT) ... 16  7.4    Assess Vulnerability (PRM_AVL) ... 20  7.5    Assess Impact (PRM_AIM) ... 25  7.6    Assess Security Risk (PRM_ASR) ... 29  8 PEN Security Engineering Assurance Control Class. Engineering Process ... 33  8.1    Introduction of Engineering Process of Engineering Process Security Control Class ... 33  8.2    Identify Security Requirements (PEN_ISR) ... 34  8.3    High‐level Security Design (PEN_HSD) ... 40  8.4    Detailed Security Design (PEN_DSD) ... 42  8.5    Security Engineering Execution (PEN_SEE) ... 45  8.6    Provide Security Input (PEN_PSI) ... 49  8.7    Monitor Security Posture (PEN_MSP) ... 54  8.8    Manage Security Control (PEN_MSC) ... 61  8.9    Coordination of Security (PEN_COS) ... 66  9 PAS Security Engineering Assurance Control Class. Assurance Process ... 69  9.1    Introduction to Security Engineering Assurance Control Class in Assurance Process ... 69  9.2    Verify and Validate Security (PAS_VVS) ... 71  9.3    Establish Assurance Evidence (PAS_EAE) ... 74  10 Capability Level of Security Engineering Assurance Control Class ... 78  10.1    General ... 78  10.2    Description of Security Engineering Capability Levels ... 79  10.3    Requirements of Capability Level of Information System Security Engineering ... 84  Bibliography ... 85  Figure 1 Security Engineering Process Life Cycle ... 9  Figure 2 Composition of Security Engineering Assurance Control Class ... 11  Figure 3 Composition of Security Engineering Assurance Control Subclass ... 12  Figure 4 Composition of Security Engineering Assurance Control Component ... 13  Figure 5 Description of Process of Risk ... 15  Figure 6 Composition of Security Engineering Assurance Control Subclass for System Definition (PRM_SDF) ... 15  Figure 7 Composition of Security Engineering Assurance Control Subclass for Assessing Threat (PRM_ATT) ... 17  Figure 8 Composition of Security Engineering Assurance Control Subclass for Assessing Vulnerability (PRM_AVL) ... 21  Figure 9 Composition of Security Engineering Assurance Control Subclass for Assessing Influence (PRM_AIM) ... 25  Figure 10 Composition of Security Engineering Assurance Control Subclass for Assessing Security Risk (PRM_ASR) ... 30  Figure 11 Introduction of Engineering Process Of Security Engineering Assurance Control Class ... 34  Figure 12 Composition of Security Engineering Assurance Control Subclass for Identifying Security Requirements (PEN_ISR) ... 35  Figure 13 Composition of Security Engineering Assurance Control Subclass for High- level Security Design (PEN_HSD) ... 40  Figure 14 Composition of Security Engineering Assurance Control Subclass for Detailed Security Design (PEN_DSD) ... 42  Figure 15 Composition of Security Engineering Assurance Control Subclass for Security Engineering Execution (PEN_SEE) ... 45  Figure 16 Composition of Security Engineering Assurance Control Subclass for Providing Security Input (PEN_PSI) ... 49  Figure 17 Composition of Security Engineering Assurance Control Subclass for Monitoring Security Posture (PEN_MSP) ... 55  Figure 18 Composition of Security Engineering Assurance Control Subclass for Managing Security Control (PEN_MSC) ... 61  Figure 19 Composition of Security Engineering Assurance Control Subclass for Coordination of Security (PEN_COS) ... 67  Figure 20 Description of Security Engineering Assurance Control Class in Assurance Process ... 70  Figure 21 Composition of Security Engineering Assurance Control Subclass for Verifying and Validating Security (PAS_VVS) ... 71  Figure 22 Composition of Security Engineering Assurance Control Subclass for Establishing Assurance Evidence (PAS_EAE) ... 75  Figure 23 Required Capability Level of Information System Safety Engineering ... 84  Table 1 Relationship between Security Engineering Life Cycle and Process Domain ... 9  Foreword GB/T 20274 "Information Security Technology - Evaluation Framework for Information Systems Security Assurance" is divided into the flowing four parts. - Part 1. Introduction and General Model - Part 2. Technical Assurance - Part 3. Management Assurance - Part 4. Engineering Assurance This Part is Part 4 of GB/T 20274. This Part was proposed by and shall be under the jurisdiction of the National Technical Committee on Information Tec... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.