HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (12 Oct 2025)

GB/T 25070-2019 PDF English

US$1005.00 · In stock · Download in 9 seconds
GB/T 25070-2019: Information security technology - Technical requirements of security design for classified protection of cybersecurity
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

GB/T 25070: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 25070-2019English1005 Add to Cart 0-9 seconds. Auto-delivery Information security technology - Technical requirements of security design for classified protection of cybersecurity Valid
GB/T 25070-2010EnglishRFQ ASK 6 days Information security technology -- Technical requirements of security design for information system classified protection Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 25070-2019
      

Similar standards

GB/T 25068.1   GB/T 25064   GB/T 25061   GB/T 25068.4   

GB/T 25070-2019: Information security technology - Technical requirements of security design for classified protection of cybersecurity


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT25070-2019
NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 25070-2010 Information security technology - Technical requirements of security design for classified protection of cybersecurity Issued on. MAY 10, 2019 Implemented on. DECEMBER 01, 2019 Issued by. State Administration for Market Regulation; Standardization Administration of PRC.

Table of Contents

Foreword... 4 Introduction... 6 1 Scope... 7 2 Normative references... 7 3 Terms and definitions... 8 4 Abbreviations... 11 5 Design overview of classified protection security technology of cybersecurity ... 12 5.1 Design framework of security technology of general classified protection... 12 5.2 Design framework of security technology of classified protection for cloud computing... 13 5.3 Design framework of security technology of classified protection for mobile interconnection... 15 5.4 Design framework of security technology of classified protection for Internet of Things... 17 5.5 Design framework of security technology of classified protection of industrial control... 18 6 Design of the first-level system security protection environment... 20 6.1 Design targets... 20 6.2 Design strategy... 21 6.3 Design technical requirements... 21 7 Design of second-level system security protection environment... 26 7.1 Design targets... 26 7.2 Design strategy... 26 7.3 Design technical requirements... 27 8 Design of third-level system security protection environment design... 36 8.1 Design targets... 36 8.2 Design strategy... 36 8.3 Design technical requirements... 37 Information security technology - Technical requirements of security design for classified protection of cybersecurity

1 Scope

This standard specifies the technical requirements for the security design of the first to fourth-levels of classified protection of cybersecurity. This standard is applicable to the design and implementation of classified protection of cybersecurity and security technology solutions by operating and using organizations, network security enterprises, network security service agencies. It can also be used as the basis for cybersecurity functional departments to conduct supervision, inspection and guidance. Note. The fifth-level classified protection object is a very important supervision and management object. It has special management modes and security design technical requirements, so it is not described in this standard.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB 17859-1999 Classified criteria for security protection of computer information system GB/T 22240-2008 Information security technology - Classification guide for classified protection of information systems security GB/T 25069-2010 Information security technology - Glossary GB/T 31167-2014 Information security technology - Security guide of cloud computing services GB/T 31168-2014 Information security technology - Security capability requirements of cloud computing services GB/T 32919-2016 Information security - Industrial control systems - Guidelines for the application of security controls

3 Terms and definitions

The terms and definitions as defined in GB 17859-1999, GB/T 22240-2008, GB/T 25069-2010, GB/T 31167-2014, GB/T 31168-2014, GB/T 32919-2016 as well as the following terms and definitions apply to this document. For ease of use, the following lists some of the terms and definitions in GB/T 31167-2014. 3.1 Cybersecurity By taking necessary measures to prevent network attacks, intrusions, interference, destruction and illegal use, as well as accidents, so that the network is in a stable and reliable state of operation; as well as the ability to ensure the integrity, confidentiality and availability of network data. [GB/T 22239-2019, definition 3.1] 3.2 Classified system A system with a defined level of protection. The classified system is divided into first-level, second-level, third-level, fourth-level, fifth-level systems. 3.3 Security environment of classified system An environment that secures the classified system by a security computing environment, a security area boundary, a secure communication network, and / or a security management center.

4 Abbreviations

The following abbreviations apply to this document. 3G. 3rd Generation Mobile Communication Technology 4G. 4th Generation Mobile Communication Technology API. Application Programming Interface BIOS. Basic Input Output System CPU. Central Processing Unit DMZ. Demilitarized Zone NFC. Near Field Communication OLE. Object Linking and Embedding OPC. OLE for Process Control PLC. Programmable Logic Controller RTU. Remote Terminal Units VPDN. Virtual Private Dial-up Networks SIM. Subscriber Identification Module WiFi. Wireless Fidelity

5 Design overview of classified protection security

technology of cybersecurity 5.1 Design framework of security technology of general classified protection The design of security technology for the classified protection of cybersecurity includes the design of the security protection environment of all levels of systems and the design of their security interconnection, as shown in Figure 1. The security protection environment of the system at each level is composed of the corresponding level of security computing environment, the security area boundary, the security communication network and / or the security management center. The classified system’s interconnection consists of security interconnection components and a security management center across the classified system. Chapter 6 ~ Chapter 11 of this standard put forward the corresponding design technical requirements for each part of Figure 1 (except the design requirements for the fifth-level network security protection environment). Appendix A gives the design of access control mechanism; Appendix B gives an example of the design of a third-level system security protection environment. In addition, Appendix C gives technical requirements for big data design. When designing the security protection environment of classified protection of the classified system, it may, combining the system’s own business requirements, further refine the classified system into different subsystems, to determine the level of each subsystem, thereby designing the security protection environment of the subsystem. 5.2 Design framework of security technology of classified protection for cloud computing Combining the layered framework of cloud computing functions and the characteristics of cloud computing security, construct the protection technical framework of the cloud computing security design, including the cloud user layer, access layer, service layer, resource layer, hardware facility layer, management layer (cross-layer functions). One of the centers refers to the security management center; the triple protection includes a security computing environment, a security area boundary, a security communication network, as shown in Figure 2.

6 Design of the first-level system security protection

environment 6.1 Design targets The design targets of the first-level system security protection environment is to realize the autonomous access control of the classified system in accordance with GB 17859-1999 security protection requirements for the first-level system, so that the system users have the ability to protect the object it belongs to. 6.2 Design strategy The design strategy of the first-level system security protection environment is to follow the relevant requirements in 4.1 of GB 17859-1999, based on identity authentication, to provide users and / or user groups with independent access control of files and database tables, so as to achieve isolation between he user and the data, thereby making the user have the ability of autonomous security protection; provide area boundary protection by means of packet filtering; provide data and system integrity protection by means of data verification and prevention of malicious code. The design of the first-level system security protection environment is realized through the design of the first-level security computing environment, the security area boundary, the security communication network. Computing nodes shall be based on trusted roots for trusted verification from startup to operating system startup.

7 Design of second-level system security protection

environment 7.1 Design targets The design target of the second-level system security protection environment is. in accordance with GB 17859-1999 for the second-level system security protection requirements, on the basis of the first-level system security protection environment, add the system security audits, object reuse and other security functions; implement the autonomous access control which uses the user as the basic granularity, so that the system has a stronger ability of autonomous security protection, ensure that the basic computing resources and applications are trusted. 7.2 Design strategy The design strategy for the second-level system security protection environment is to follow the relevant requirements in 4.2 of GB 17859-1999, based on identity authentication, provide individual users and / or user groups with independent access control to shared files, database tables, etc.; use the packet filtering method to provide area boundary protection; by means of data verification and malicious code prevention, at the same time, by adding functions such as system security auditing and object security reuse, make users held accountable for their actions; provide the user data confidentiality and integrity protection, to enhance the security protection capabilities of the system. When the second-level system security protection environment is designed with cryptographic technology, it shall support the cryptographic algorithm approved by the national cryptographic management authority; use the cryptographic products certified by the national cryptographic management authority; follow relevant national and industry standards for cryptography. The design of the second-level system security protection environment is realized through the design of the second-level security computing environment, the security area boundary, the security communication network, the security management center. Computing nodes shall be based on trusted roots to achieve trusted verification from booting to operating system startup, then to application startup, form an audit record of the verification results.

8 Design of third-level system security protection

environment design 8.1 Design targets The design target of the third-level system security protection environment is. in accordance with GB 17859-1999 for the third-level system security protection requirements, based on the second-level system security protection environment, by implementing the mandatory access control based on the security policy model and tags as well as the audit mechanism of the enhanced system, to make the system has the ability of protecting the sensitive resources under the control of a unified security policy; to ensure the credibility of basic computing resources and applications, thereby ensuring the credibility of key execution links. 8.2 Design strategy The design strategy for the third-level system security protection environment is. on the basis of the second-level system security protection environment, according to the relevant requirements in 4.3 of GB 17859-1999, construct an informal security policy model to perform security marking of the subject and object, show the combination of the leveled classification and non-leveled classification of the subject and object. Based on this, follow the mandatory access control rules to achieve the access control of the subject and object. When the third-level system security protection environment is designed with cryptographic technology, it shall support the cryptographic algorithm as approved by the national cryptographic management authority, use the cryptographic products as certified by the national cryptographic management authority, follow the relevant national and industry standards for cryptography. The design of the third-level system security protection environment is realized through the design of the third-level security computing environment, the security area boundary, the security communication network, the security management center. Computing nodes shall be based on trusted roots to implement boot-to-OS startup, then to the trusted verification of application startup; meanwhile perform trusted verification of their execution environment at the key execution link of the application; actively resist virus intrusion behavior; form the verification result int an audit record and send it to the management center. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 25070-2019 be delivered?

Answer: The full copy PDF of English version of GB/T 25070-2019 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 25070-2019_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 25070-2019_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 25070-2019 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Question 5: Should I purchase the latest version GB/T 25070-2019?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 25070-2019 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

How to buy and download a true PDF of English version of GB/T 25070-2019?

A step-by-step guide to download PDF of GB/T 25070-2019_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 25070-2019".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9