HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (12 Jan 2025)

GB/T 20279-2015 (GB/T 20279-2024 Newer Version) PDF English


Search result: GB/T 20279-2015 (GB/T 20279-2024 Newer Version)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 20279-2024English999 Add to Cart 7 days Cybersecurity technology - Technical specification for network and terminal separation products Valid
GB/T 20279-2015English135 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Security technical requirements of network and terminal separation products Valid
GB/T 20279-2006EnglishRFQ ASK 9 days Safety technology requirements for information security, network and terminal equipment across the high parts Obsolete
BUY with any currencies (Euro, JPY, GBP, KRW etc.): GB/T 20279-2024     Newer version: GB/T 20279-2024

PDF Preview: GB/T 20279-2015


GB/T 20279-2015: PDF in English (GBT 20279-2015)

GB/T 20279-2015 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 20279-2006 Information Security Technology - Security Technical Requirements of Network and Terminal Separation Products ISSUED ON. MAY 15, 2015 IMPLEMENTED ON. JANUARY 1, 2016 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China; Standardization Administration of the People's Republic of China. Table of Contents 1 Scope ... 4  2 Normative References ... 4  3 Terms and Definitions ... 4  4 Description of Network and Terminal Separation Products ... 6  5 Security Technical Requirements ... 9  5.1 Overall Description ... 9  5.1.1 Classification of Security Technical Requirements ... 9  5.1.2 Security Level ... 9  5.2 Security Function Requirements ... 10  5.2.1 Terminal Separation Products... 10  5.2.2 Network Separation Product ... 13  5.2.3 Network Unilateral Transmission Product ... 30  5.3 Security Assurance Requirements ... 45  5.3.1 Requirements for Basic-level ... 45  5.3.2 Requirements for Enhanced-level ... 49  5.4 Environmental Adaptation Requirements ... 57  5.4.1 Next generation internet Support (if any) ... 57  5.4.2 Support IPv6 Transition Network Environment (optional) ... 58  5.5 Performance Requirements ... 59  5.5.1 Exchange Rate ... 59  5.5.2 Hardware Switching Time ... 59  Bibliography ... 60  Foreword This Standard was drafted according to the rules specified in GB/T 1.1-2009. Please pay attention that some contents of this document may involve patents. The issuing organization of this Standard does not undertake the responsibility to identify these patents. This Standard replaces GB/T 20279-2006 "Information Security Technology Security Techniques Requirements of Separation Components of Network and Terminal Equipment". The main differences between this Standard and GB/T 20279-2006 are as follows. - The products were classified into terminal separation products, network separation products and network unilateral transmission products; - The products were uniformly divided into basic-level and enhanced-level; - The description of terminal separation products, network separation products and network unilateral transmission products were added; - The requirement of the capability of supporting next generation internet protocol was added; - The basic principles of technical requirements were added in appendix, including basic principles of security function requirements and basic principles of security assurance requirements. This Standard was proposed by and shall be under the jurisdiction of National Technical Committee on Information Technology Security of Standardization Administration of China (SAC/TC 260). Drafting organizations of this Standard. Quality Supervision Testing Center of Computer Information System Security Products of the Ministry of Public Security, Zhuhai Victory Idea Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd. AND The Third Research Institute of Ministry of Public Security. Chief drafters of this Standard. Lu Zhen, Gu Jian, Yu You, Li Xuan, Deng Qi, Zuo Anji, Lu Wenli and Liu Bin. Information Security Technology-Security Technical Requirements of Network and Terminal Separation Products 1 Scope This Standard specifies the security function requirements, security assurance requirements, environmental adaptation requirements and performance requirements of network and terminal separation products. This Standard is applicable to the design, development and test of network and terminal separation products. 2 Normative References The following documents are essential for the application of this document. For the dated references, only the dated editions apply to this document. For undated references, the latest editions (including amendments) apply to this document. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria For IT Security - Part 3. Security Assurance Requirements GB/T 25069-2010 Information Security Technology - Glossary 3 Terms and Definitions For the purpose of this Standard, the following terms and definitions as well as those defined in GB 17859-1999 and GB/T 25069-2010 apply. 3.1 Security domain The computer or network area with the same security protection demand and security policy. 3.2 Physical disconnection The case that the networks in different security domains cannot be directly or indirectly connected. Note. In one physical network environment, the physical disconnection of networks in different security domains shall technically ensure disconnection of information in physical transmission and physical storage. 3.3 Protocol conversion The separation and reestablishment of protocol. Separate the application data in the network-based common protocol from one end of separation product in a certain security domain, package to transmit special system protocol to the other end of separation product in other security domain, then separate the special protocol and package it into the required format. 3.4 Protocol separation The networks in different security domains are physically connected, it is ensured that the protected information is logically separated through protocol conversion, and only the information with limited content required by the system for transmission may pass through. 3.5 Information ferry It is a mode of information exchange, physical transmission channel only exists during transmission. Note. During data transmission, the information is transmitted to the middle cache, the connection between middle cache and the security domain of the information destination is cut; and then connect the transmission channel between middle cache and the security domain of the information destination, transmit the information to the security domain of the information destination, and physically cut the connection between the security domain of information source and middle cache. Middle cache is only connected with security domain at one end at any one time. 3.6 Unilateral transmission unit A pair of transmission units with physical unilateral transmission characteristic, this transmission unit consists of a pair of independent sending and receiving units, which can only work in simplex mode, sending unit only has single sending function, and receiving unit only has single receiving function, they form a creditable unilateral channel, which is free from any feedback information. 3.7 Terminal separation product The security separation card or security separation computer which connects two different security domains simultaneously and achieves physical separation of security domains by adopting physical disconnection technology. 3.8 Network separation product The product between two different security domains and achieving security separation of security domains and information exchange on network by adopting protocol separation technology. 3.9 Network unilateral transmission product The only channel between two different security domains and achieving unilateral transmission of structure information physically, and it is ensured that only the information to which security policy permits for transmission may pass through, without any data transmission or feedback in the opposite direction. 4 Description of Network and Terminal Separation Products According to form and function, network and terminal separation products may be classified into terminal separation products, network separation products and network unilateral transmission products, the purpose is to establish security control point between different network terminals and network security domains to provide controllable access service among different network terminals and network security domains. In addition, the protocol stack of network and terminal separation products of the next generation Internet network environment shall not only support IPv4 technology, but also I... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.