HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (30 Nov 2024)

GB/T 20282-2006 PDF in English


GB/T 20282-2006 (GB/T20282-2006, GBT 20282-2006, GBT20282-2006)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 20282-2006English145 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Information system security engineering management requirements Valid
Standards related to (historical): GB/T 20282-2006
PDF Preview

GB/T 20282-2006: PDF in English (GBT 20282-2006)

GB/T 20282-2006 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.020 L 09 Information Security Technology - Information System Security Engineering Management Requirements ISSUED ON. MAY 31, 2006 IMPLEMENTED ON. DECEMBER 1, 2006 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China; Standardization Administration of the People’s Republic of China. Table of Contents 1 Scope ... 5  2 Normative References ... 5  3 Terms and Definitions ... 6  4 Security Engineering System ... 7  4.1 Overview ... 7  4.2 Goal of Security Engineering ... 8  4.3 Fundamental Relation ... 8  5 Qualification Assurance Requirements ... 8  5.1 System Integration Qualification Requirement ... 8  5.2 Personnel Qualification Requirement ... 8  5.3 Third-party Service Requirement ... 8  5.4 Security Product Requirement ... 8  5.5 Engineering Supervision Requirement ... 9  5.6 Requirement for Compliance with Laws, Regulations and Policies ... 9  6 Organizational Assurance Requirements ... 9  6.1 Define Organizational Process of System Engineering ... 9  6.2 Improve Organizational Process of System Engineering ... 10  6.3 Manage the Evolution of Series of Products ... 10  6.4 Manage Support Environment of System Engineering ... 12  6.5 Host Training ... 13  6.6 Coordinate with Supplier ... 14  7 Engineering Implementation Requirements ... 15  7.1 Manage Security Control ... 15  7.2 Assess Impacts ... 16  7.3 Assess Security Risk ... 17  7.4 Assess Threats ... 18  7.5 Assess Vulnerability ... 19  7.6 Build Assurance Argument ... 20  7.7 Coordinate Security ... 21  7.8 Monitor Security Posture ... 22  7.9 Provide Security Input ... 23  7.10 Specify Security Requirements ... 25  7.11 Verify and Validate Security ... 26  8 Project Implementation Requirements ... 27  8.1 Quality Assurance ... 27  8.2 Manage Configuration ... 29  8.3 Manage Project Risk ... 30  8.4 Monitor Technical Activities... 31  8.5 Plan Technical Activities ... 33  9 Grading Requirements for Security Engineering Management ... 35  9.1 Level 1. the User's Discretionary Protection Level ... 35  9.2 Level 2. System Audit Protection Level ... 37  9.3 Level 3. Security Label Protection Level ... 40  9.4 Level 4. Structured Protection Level ... 44  9.5 Level 5. Access Verification Protection Level ... 46  9.6 Comparison Table of Security Protection Level Classification and Security Engineering Requirements ... 49  10 Process and Requirements of Security Engineering ... 49  10.1 Security Engineering Process ... 49  10.2 Security Engineering Requirements of Security Engineering Process in Each Stage ... 56  Appendix A (Informative) Corresponding Relationship between Security Engineering Requirements and Security Protection Level/Security Engineering Process ... 57  References ... 62  Foreword Appendix A of this Standard is informative. This Standard was proposed by and is under the jurisdiction of National Committee on Information Security of Standardization Administration of China. Drafting organizations of this Standard. the 30th Research Institute of China Electronics Technology Group Corporation (CETC 30), Shanghai 30wish Information Security Co., Ltd. and Shanghai Institute of Standardization. Main drafters of this Standard. Zhang Jianjun, Wei Zhong, Ye Ming, Chen Changsong and Kong Yitong. Information Security Technology - Information System Security Engineering Management Requirements 1 Scope This Standard specifies management requirements for information system security engineering (hereinafter referred to as security engineering) as the instructions for construction of information system safety engineering by the owner, the developer and the third party, upon which all parties can base security engineering management system. This Standard, in accordance with five security protection levels specified in GB 17859-1999, specifies different requirements for management of information system security engineering. This Standard is applicable for the owner and the developer of information system to manage security engineering, which can be referred by all parties concerned. 2 Normative References The provisions in following documents become the provisions of this Standard through reference in this Standard. For dated references, the subsequent amendments (excluding corrections) or revisions do not apply to this Standard, however, parties who reach an agreement based on this Standard are encouraged to study if the latest versions of these documents are applicable. For undated references, the latest edition of the referenced document applies. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 20269-2006 Information Security Technology - Information System Security Management Requirements GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System 3 Terms and Definitions For the purposes of this Standard, the following terminologies and definitions apply. 3.1 Security engineering The process of system engineering that ensures confidentiality, integrity and availability of information system. 3.2 Security engineering lifecycle Activities that relate to security engineering throughout the lifecycle of information system, including concept formation, concept development and definition, verification and validation, engineering implementation development and manufacture, production and deployment, operation and support, and termination. 3.3 Security engineering guide Guiding information that is defined by engineering group on how to select, design and implement engineering system structure. 3.4 Vulnerability ... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.