HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (27 Oct 2024)

IOT-GUIDELINES-2021 PDF in English


IOT-GUIDELINES-2021 PDF English
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
IOT-GUIDELINES-2021English320 Add to Cart 0-9 seconds. Auto-delivery. Guidelines for the Construction of Basic Security Standard System for Internet of Things
Standards related to (historical): IOT-GUIDELINES-2021
PDF Preview

IOT-GUIDELINES-2021: PDF in English

IOT-GUIDELINES-2021 Guidelines for the Construction of Basic Security Standard System for Internet of Things (2021 version) September 2021 Table of Contents I General requirements ... 3  (1) Basic principles ... 3  (2) Construction goals ... 3  II Construction details ... 4  (1) Framework of standard system ... 4  (2) Key areas ... 5  1 Overall security ... 5  2 Terminal security... 6  3 Gateway security ... 7  4 Platform security ... 9  5 Security administration ... 10  III Organization and implementation ... 11  Appendix List of standard items related to basic security of IoT ... 13  Guidelines for the Construction of Basic Security Standard System for Internet of Things I General requirements Guided by Xi Jinping’s New Era Chinese Characteristics Socialism Thought, thoroughly implement General Secretary Xi Jinping’s important thoughts on network powerful-country. Adhering to the overall national security concept, AND targeting on building Internet of Things [IoT] and preventing public network security risks, strive to build the basic security standard system of IoT, strengthen standard overall planning, steadily promote standard development, promote standard implementation, to support and guarantee the secured and orderly development of IoT industry. (1) Basic principles Demand traction, strengthen overall planning. Closely follow the development status and trends of IoT industry; focus on building a scientific, reasonable, advanced and applicable, open and integrated basic security standard system; strengthen the overall coordination of standard work; guide the orderly development of standard formulation. Focus on the key points and give priority to emergency. Focusing on IoT infrastructure and key industry applications, accelerate the development of key and urgently needed standards, such as basic general purpose, key technologies, test methods, so as to meet the security needs of IoT industry, in a timely manner. Participate extensively and strengthen implementation. Consolidate equipment manufacturers, telecommunications enterprises, security enterprises, internet enterprises, scientific research institutions, universities and other industry-university-research forces; encourage leading enterprises to play a leading role in demonstration, to promote the effective implementation of standards. (2) Construction goals By 2022, initially establish a basic security standard system for IoT; develop more than 10 key industry standards; clarify the security requirements for key basic links, such as IoT terminals, gateways, platforms, to meet the basic security requirements of IoT, thereby promoting the improvement of basic security capabilities of IoT. By 2025, promote the formation of a relatively complete basic security standard system for IoT; develop more than 30 industry standards; improve the coverage of standards in subdivided industries and fields; improve the security level of cross-industry applications of IoT, to ensure the secured use of consumers. II Construction details (1) Framework of standard system The basic security standards of IoT mainly refer to the security standards of key basic links, such as IoT terminals, gateways, platforms. The basic security standard system of IoT includes five major standard categories, including overall security, terminal security, gateway security, platform security, security administration (see Figure 1). (2) Key areas 1 Overall security Overall security is the basic, guiding, universal standard for basic security of IoT, which mainly includes the definition of basic security terms, architecture models, security scenarios, security integration, security grading, security protocols, etc. of IoT (see Figure 2). Figure 2 -- Overall security (1) Terms and definitions of basic security of IoT: Standardize the concepts of basic security for IoT; unify the understanding and use of related terms. (2) Architectural model of the basic security of IoT: Mainly propose the basic security system framework of IoT and the reference models of various parts; clarify and define the functions, relationships, roles, boundaries, responsibilities of the cloud, administration, terminal levels. (3) Scenarios of basic security of IoT: Mainly provide examples and specifications for security requirements in different types of scenarios. (4) Integration of basic security of IoT: In the process of planning, integration, implementation of IoT system, guarantee the security and reliability of objects, at all levels of the infrastructure system, by establishing security models and other methods. (3) Communication chip security: Mainly include communication encryption algorithm, key administration, encryption and decryption capabilities, signature verification, data storage, chip security baseline requirements, etc. (4) Card security: It is divided into administrative requirements and technical requirements. Among them, the administrative requirements are mainly to regulate the sales, registration, use administration of IoT cards; the technical requirements mainly include card identity authentication, grading and classification, construction of technical means. (5) Industry terminal security: Mainly refer to the security requirements of IoT terminals with specific functions, which are closely related to various vertical industries, such as the unique security requirements of specific industry terminals, including smart door locks and monitoring equipment. (6) Test and evaluation of terminal: Mainly include security test of IoT card, test of hardware security, test of operating system security, test of software security, test of access authentication security, test of data security, test of communication protocol security, test of firmware security, etc. 3 Gateway security Gateway security mainly includes generic security of IoT gateway, security of gateway communication and interface, security of gateway physical environment, security of gateway component, test and evaluation of gateway, etc. (see Figure 4). (2) Security protection of platform: Standardize the security protection requirements for IoT platform, as well as the security protection requirements for the access control, anti-code reverse, security audit, tampering and injection prevention, etc., of the industry business systems and external application components, which are developed based on IoT platform, mainly including the basic security of platform business, security protection requirements of platform, etc. (3) Interaction security of platform: Standardize the security requirements for data interaction, encrypted transmission, interactive interface configuration and auditing, between IoT platforms, platforms and upper-level business systems or administration systems, platforms and lower-level access devices, mainly Including the interaction between different IoT platforms, the interaction between the platform and the southbound and northbound directions, etc. (4) Security monitoring of platform: Standardize the functional construction of the security monitoring and situation summary of IoT platform, mainly including the network security monitoring and early warning platform of IoT, the network security situation awareness platform of IoT, etc. (5) Test and evaluation of platform: Standardize the test and evaluation methods of the generic security of IoT platform, security protection of platform, internal and inter-platform interaction security, security administration of platform, etc., mainly including the evaluation of the capabilities of IoT platform, test of security protection, test of interactive security, evaluation of security administration, etc. 5 Security administration Security administration standards are used to guide the industry to implement general security administration requirements, including data security administration, security information collaboration, administration and maintenance security, security authentication (see Figure 6). the goals and tasks, which are specified in the Standards System, strengthen the coordination of work among all parties including industry, academia, research, application; focus on the integration of the basic security standards of IoT with the actual development of the industry; promote the development of standards, in a systematic manner. The second is to implement dynamic updates. Track the development trend of new technologies and applications of IoT; actively adapt to the continuous improvement of the level of security development of IoT; strengthen the dynamic update and improvement of the standard system, to effectively meet the needs of industrial security development. The third is to deepen the application of standards. Encourage industry associations, standardization technical organizations, etc. to carry out publicity and training of key standards, for producers, users, third-party testing and authentication agencies, to guide enterprises to meet standards, thereby promoting the implementation of standards. The fourth is to carry out exchanges and cooperation. Support Chinese and foreign enterprises, associations, standardization agencies, etc., to carry out international exchanges and cooperation, on basic security standards for IoT; actively participate in the formulation of international standards for IoT security; contribute Chinese technical solutions, to improve the security level of global IoT. ......
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.