GA/T 1140-2014 English PDF
Basic dataStandard ID: GA/T 1140-2014 (GA/T1140-2014)Description (Translated English): Information security technology. Security technical requirements for web application firewall Sector / Industry: Public Security (Police) Industry Standard (Recommended) Classification of Chinese Standard: A90 Classification of International Standard: 35.240 Word Count Estimation: 21,268 Quoted Standard: GB 17859-1999; GB/T 25069-2010; GB/T 18336.1-2008; GB/T 18336.2-2008; GB/T 18336.3-2008 Regulation (derived from): Announcement on Releasing Public Safety Industry Standard (Year of 2014) Issuing agency(ies): Ministry of Public Security Summary: This standard specifies the security functional requirements, security assurance requirements and classification requirements for web application firewalls. This standard applies to web application firewall design, development and testing. GA/T 1140-2014: Information security technology. Security technical requirements for web application firewall---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology.Security technical requirements for web application firewall ICS 35.240 A90 People's Republic of China Public Security Industry Standards Information Security Technology web application firewall security technical requirements Issued on. 2014-03-12 2014-03-12 implementation People's Republic of China Ministry of Public Security Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Abbreviations 1 5 web application firewall Description 2 2 6 Security Environment 6.1 Hypothesis 2 6.2 Threat 2 6.3 3 Organization for Security Policy 7 security objectives 3 7.1 Product Safety Objective 3 7.2 Objective 4 Environmental Safety 8 security functional requirements 4 8.1 protection 4 8.2 Protection Strategy 5 8.3 response processing 5 Reports and statistics 8.4 5 8.5 HTTPS Support 6 8.6 Bypass function 6 8.7 pairs of hot standby 6 6 8.8 upgrade capability 8.9 identification and authentication 6 8.10 Security 7 8.11 Audit Logs 7 8 9 Security assurance requirements 9.1 Configuration Management 8 9.2 Delivery and Operation 9 9.3 Development 9 9.4 guidance document 10 11 9.5 Life Cycle Support 9.6 Test 11 9.7 Vulnerability assessment 12 10 basic principles of technical requirements 13 10.1 13 basic principles of security functional requirements 10.2 14 basic principles of security assurance requirements 11 Classification of claim 14 11.1 Overview 14 11.2 Classification of security functional requirements 14 11.3 Classification of security assurance requirements 15ForewordThis standard was drafted in accordance with GB/T 1.1-2009 given rules. This standard was proposed by the Ministry of Public Security Network Security Protection Agency. This standard is under the jurisdiction of the Ministry of Public Security Information System Standardization Technical Committee. This standard was drafted. Ministry of Public Security of Computer Information System Security Product Quality Supervision and Inspection Center, Hangzhou Hengxin Information Technology Co., Division, Digital Network (Beijing) Co., Ltd., Beijing Science and Technology Development Co., Ltd. Linktrust, Beijing China Green League of information security technology shares Ltd., Blue Shield Information Security Technology Co., Ltd., Shanghai-day Thai Network Technology Co., Ltd., Third Institute of Ministry of Public Security. The main drafters of this standard. Excellent Yu, Lu Zhen, Li, Gu Jian, Zhang smiled, Zhang Yan, Yang Yuan, Yuan Fan, Sun Xiaoping, Huang Jian, high Jiming, Qin Bo, Yang Yubin, Ye Zhiqiang.IntroductionThis standard is described in detail and web application firewall security environment-related assumptions, threats and organizational security policies should define the web Use a firewall for security purposes and its supporting environment, demonstrated safety and functional requirements can be traced back cover product safety purposes, safety purposes can Traceability and safety covering environment-related assumptions, threats and organizational security policies. The standard base-level reference to GB/T 18336.3-2008 prescribed level EAL2 security assurance requirements, and enhance the level at EAL4 level Security assurance requirements based on the vulnerability analysis requires upgrade to an attacker can withstand moderate attack potential attack. This standard gives only a web application firewall security technologies should meet the requirements, but the specific technical implementations of web application firewall Type, method is not required. Information Security Technology web application firewall security technical requirements1 ScopeThis standard specifies the security requirements of web application firewall functionality, security assurance requirements and grading requirements. This standard applies to the design, development and testing web application firewall.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB 17859-1999 computer information system security protection classification criterion GB/T 18336-2008 (all parts), Information technology - Security techniques - Information Technology Security Evaluation Guidelines GB/T 25069-2010 Information security technology terms3 Terms and DefinitionsGB 17859-1999, GB/T 18336-2008 (all parts) and GB/T 25069-2010 defined and the following terms and definitions Meaning applicable to this document. 3.1 web application firewall webapplicationfirewal Deployed between the web client and the web server, through the analysis of communications web application layer, according to pre-defined filtering rules and Protection policies, to achieve web application protection products. 3.2 SQL injection SQLinjection The SQL commands inserted into a web form to submit arguments or page request to fool the server to execute malicious SQL commands Behavior purposes. 3.3 Cross-site scripting crosssitescripting A malicious attacker to insert malicious web page using HTML code, when a user browses the page, embedded inside a web page HTML code will be executed, so as to achieve the purpose of malicious user behavior. 3.4 Bypass function bypassfunction When the web application firewall exception occurs (power failure, failure, etc.), enables network connection on web application firewall with each other Turned on.4 AbbreviationsThe following abbreviations apply to this document. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 1140-2014_English be delivered?Answer: Upon your order, we will start to translate GA/T 1140-2014_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GA/T 1140-2014_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 1140-2014_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |