Home Cart Quotation Policy About-Us
www.ChineseStandard.net
SEARCH

GA/T 1574-2019 English PDF

Q: How long will the true-PDF of English version of GA/T 1574-2019 be delivered?

Upon your order, we will start to translate GA/T 1574-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.

Q: Can I share the purchased PDF of GA/T 1574-2019_English with my colleagues?

Yes. The purchased PDF of GA/T 1574-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Q: Does the price include tax/VAT?

Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Avoidance of Double Taxation Agreements (DTAs) between Singapore and 100+ Countries: https://www.iras.gov.sg/taxes/international-tax

Q: Do you accept my currency other than USD?

Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

US$329.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
GA/T 1574-2019: Information security technology - Security technology requirements for database security reinforcement products
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GA/T 1574-2019	329	Add to Cart	3 days	Information security technology - Security technology requirements for database security reinforcement products	Valid

Similar standards

GB/T 37230 GA/T 1393 GB 13954 GA/T 2000.148 GA/T 1578 GA/T 1568

Basic data

Standard ID: GA/T 1574-2019 (GA/T1574-2019)
Description (Translated English): Information security technology - Security technology requirements for database security reinforcement products
Sector / Industry: Public Security (Police) Industry Standard (Recommended)
Classification of Chinese Standard: A90
Classification of International Standard: 35.240
Word Count Estimation: 14,176
Date of Issue: 2019
Date of Implementation: 2019-07-01
Issuing agency(ies): Ministry of Public Security

GA/T 1574-2019: Information security technology - Security technology requirements for database security reinforcement products

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
(Information security technology Database security hardening product security technical requirements) ICS 35.240 A90 GA People's Republic of China Public Safety Industry Standard Information Security Technology Database Security Hardening Product Security Technology Technical requirements Information security technology Security technology requirements for database security reinforcement products Published by the Ministry of Public Security of the People's Republic of China

Foreword ... II 1 Scope ... 1 2 Normative references ... 1 3 Terms and definitions ... 1 4 Database Security Hardening Product Description ... 1 5 General description of database security hardening products ... 2 5.1 Classification of safety technical requirements ... 2 5.2 Classification of Security Levels. 2 6 Safety function requirements ... 2 6.1 Dual system authentication ... 2 6.2 Data storage encryption ... 2 6.3 Application permission control ... 3 6.4 Ciphertext access control ... 3 6.5 Cipher text index ... 3 6.6 Integrity check ... 3 6.7 Separation of permissions ... 3 6.8 Database status monitoring ... 3 6.9 Other functional requirements ... 3 7 Self-safe function requirements ... 3 7.1 User Identification ... 4 7.2 Identification ... 4 7.3 Anti-unloading function (if applicable) ... 4 7.4 Security management ... 4 7.5 Audit logs ... 4 8 Security requirements ... 5 8.1 Development ... 5 8.2 Guidance documents ... 6 8.3 Life cycle support ... 6 8.4 Testing ... 7 8.5 Vulnerability assessment ... 8 9 Classification requirements ... 8 9.1 Overview ... 8 9.2 Classification of safety function requirements ... 8 9.3 Level classification of self-safety requirements ... 8 9.4 Classification of security requirements ... 9

Foreword

This standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard was proposed by the Cyber Security Bureau of the Ministry of Public Security. This standard is under the jurisdiction of the Information System Security Standardization Technical Committee of the Ministry of Public Security. This standard was drafted. Computer Information System Security Product Quality Supervision and Inspection Center of the Ministry of Public Security, the Third Research Institute of the Ministry of Public Security, Beijing Zhongan Nebula Software Technology Co., Ltd. The main drafters of this standard. Hu Yalan, Zhang Yan, Qiu Zihua, Zhao Ting, Yu You, Gu Wei, Zhao Weiguo. Information security technology database security hardening product security technical requirements

1 Scope

This standard specifies the security function requirements, self-security function requirements, security guarantee requirements, and classification of database security hardening products. Claim. This standard applies to the design, development, and testing of database security hardening products.

2 Normative references

The following documents are essential for the application of this document. For dated references, only the dated version applies to this document. For undated references, the latest version (including all amendments) applies to this document. GB/T 18336.3-2015 Information technology security technology Information technology security assessment guidelines Part 3. Security assurance components GB/T 25069-2010 Information Security Technology Terminology

3 terms and definitions

GB/T 18336.3-2015, GB/T 25069-2010 and the following terms and definitions apply to this document. 3.1 Database security reinforcement product Based on traditional database management systems (such as Oracle, Mysql, SQLserver, DB2, etc.) A product with enhanced security functions based on technical means such as encryption, access control, and data integrity protection. 3.2 Ciphertext access control Control access to ciphertext data stored in the database. 3.3 Ciphertext index The ciphertext retrieval is performed on the index established by the ciphertext data stored in the relational database. 3.4 Data storage encryption The important data in the database is encrypted at the storage level through an encryption algorithm.

4 Database Security Hardening Product Description

Database security hardening products generally consist of components such as a security server, security agent, and management. The security server is mainly responsible for data Management and distribution of encryption and decryption, permission verification, and security policies; security agents are installed on database servers that need to be hardened, and are mainly responsible for encryption and decryption. The receiving and execution of solid policies; the management side is mainly a graphical tool for operation and maintenance personnel to implement system management. The product is authenticated through dual systems, Data encryption, access control, data integrity protection and other technical means, products with enhanced security functions for databases to make up for general data Defects of low library security. Figure 1 is a typical operating environment for database security hardening products. Figure 1 Typical operating environment of database security hardening products

5 General description of database security hardening products

5.1 Classification of safety technical requirements This standard divides the database security hardening product security technical requirements into security function requirements, own security function requirements, and security assurance requirements Three categories. Among them, the security function requirements are specific requirements for the security functions that database security hardening products should have, including dual system authentication, Data storage encryption, application permission control, ciphertext access control, ciphertext index, integrity check, permission separation, database status monitoring, Other functional requirements, etc .; the requirements for own security functions are requirements for the security functions that the database security hardening product should have. Including user identification, identity authentication, anti-unloading functions, security management and audit logs, etc .; security assurance requirements for database security hardening products The content of the product development and use documents put forward specific requirements, including development, instructional documents, life cycle support and testing. The administrator account of the database security hardening product should adopt at least three separate designs, including system administrator, security administrator, and security Auditor. 5.2 Classification of security levels This standard divides the level of security function requirements according to the strength of the database security hardening product security function. GB/T 18336.3-2015 divides the levels of security requirements. The security level highlights security features, and is divided into basic and enhanced levels. Strength, weakness, and security requirements are the specific basis for the classification.

6 Safety function requirements

6.1 Dual system authentication In addition to the database management system's authentication, the database management system account should also strengthen the identity of the product through database security. Identification. 6.2 Data storage encryption The product supports data encryption. a) should be able to encrypt the specified data; b) data encryption granularity should support table/field level; c) Support random number encryption technology to ensure that the same plaintext data is encrypted differently after being encrypted; d) Encryption algorithms specified by the National Password Administration shall be supported. 6.3 Application permission control The product should be able to bind the application system, IP address and database management system account to ensure that only trusted database management systems Accounts and application systems have access to ciphertext data only through specific IP addresses. 6.4 Ciphertext Access Control The product provides access control for ciphertext data. a) A separate authority control system should be provided for the database management system itself. All accounts (including database management system privileged accounts) Before accessing the ciphertext data, the authorization of the product administrator should be hardened through the database; b) Should support the range of ciphertext data and access rights (such as database management system privileged accounts) that can be accessed by all accounts (such as database management system privileged accounts) Add, modify, and delete permissions); c) It should have the function of limiting the time range of ciphertext data access; d) It shall have the function of limiting the source IP address range for ciphertext data access. 6.5 Ciphertext Index The product supports the ciphertext index function and can manage the ciphertext index. 6.6 Integrity check The product supports data integrity check function. a) It shall be possible to perform integrity checks on the data stored in the database; b) There should be automatic recovery measures for critical data products where integrity is detected to be compromised. 6.7 Separation of permissions Products should be separated from database hardening product management permissions to achieve privilege user privilege separation and at least have system management Administrators, security administrators, and security auditors. The system administrator is responsible for system configuration, system operation status monitoring, etc .; the security administrator is responsible for Responsible for security maintenance such as ciphertext data configuration and ciphertext permission control. The security auditor is responsible for controlling audit switches, viewing audit data, Management of audit data. Database hardening products do not allow super administrators with all permissions. 6.8 Database Status Monitoring The product should support the status monitoring of the database. The monitoring content should include the database startup time, user connection time, and table space status. Average execution frequency, etc. 6.9 Other functional requirements The product has the following functions. a) After the product is installed, it should not affect the original data stored in the database management system; b) It should have a sensitive data discovery function to automatically discover sensitive data information; c) It should have a vulnerability scanning function, which can detect risks such as weak passwords, permission configuration, and default account.

7 Requirements for own safety functions

7.1 User Identification 7.1.1 Attribute Definition The product should specify the security attributes associated with each administrator, such as identification, authentication information, membership groups, permissions, and so on. 7.1.2 Property Initialization The product should be capable of initializing the attributes of each administrator created with default values. 7.1.3 Unique identification The product shall ensure that any user has a globally unique identity. 7.2 Identity 7.2.1 Basic authentication The product shall authenticate the user before performing any operation related to the security function. 7.2.2 Authentication Failure Handling When the number of user authentication failures reaches the specified threshold, the product shall prevent the user from further authentication requests and generate relevant information for review. Meter event. 7.2.3 Timeout lock or logout The product should have a user login timeout lockout or logout function that terminates the user when the user has not done anything for more than a predefined time The current management session needs to be authenticated again to resume management operations. 7.2.4 Authentication data protection The product shall protect authentication data from unauthorized access and modification. 7.3 Anti-unloading function (if applicable) The product should be able to provide some protection to the security agent installed on the database server to prevent unauthorized users from performing the following operations. a) Forcibly terminate the operation of this component; b) Forcibly cancel the automatic loading of the component when the system starts; c) Forcibly uninstall, delete or modify the component. 7.4 Safety management 7.4.1 Remote secure transmission The product has the following secure transmission functions. a) security measures shall be taken to ensure the security of data transmission between components; b) If the product supports remote management, ensure the confidential transmission of remote management data. 7.4.2 Trusted Management Address If the product provides remote capabilities, it should be possible to restrict the host addresses that can be remotely managed. 7.5 Audit logs 7.5.1 Audit log generation The product shall be able to generate audit records for the following events. a) administrators identify success and failure events; b) the ciphertext authorization event of the administrator; c) user identification events; d) events when users access ciphertext data; e) events where the administrator encrypts and decrypts sensitive data; f) the number of unsuccessful authentication attempts by the administrator exceeds the set limit and causes the session connection to be terminated; g) integrity verification events; h) other events. The product shall record the date and time of the event, the identity of the event subject, the event description, the success or failure in each audit record. Sign. 7.5.2 Audit log management Products shall provide security audit review tools and meet. a) allow only authorized administrators to access the audit log; b) Combine search based on date, time, user identification, etc .; c) Audit logs can be emptied and exported. 7.5.3 Audit log storage The audit log should be stored in a non-volatile storage medium after power failure, and the storage period cannot be less than 6 months.

8 Security requirements

8.1 Development 8.1.1 Security Architecture The developer should provide a description of the security architecture of the product's security functions. The description of the security architecture should meet the following requirements. a) Consistent with the level of abstract description of security functions implemented in the product design document; b) describe the security domain of the product security function consistent with the requirements of the security function; c) describe why the product safety function initialization process is safe; d) confirm that product safety functions can be prevented from being compromised; e) Verify that product safety functions prevent safety features from being bypassed. 8.1.2 Functional Specifications Developers should provide complete functional specifications, which should meet the following requirements. a) fully describe the safety functions of the product; b) describe the purpose and use of all safety function interfaces; c) identify and describe all parameters related to each safety function interface; d) describe the safety function implementation behavior related to the safety function interface; e) describe direct error messages caused by the behavioral processing of safety functions; f) confirm that the safety function requires traceability to the safety function interface; g) describe all actions related to the safety function interface during the implementation of the safety function; h) Describe all direct error messages that may be caused by the call of the safety function interface. 8.1.3 Implementation Representation Developers should provide implementation representations for all security functions. Implementation representations should meet the following requirements. a) Provide a mapping between product design descriptions and implementation representation examples and prove their consistency; b) Define product safety functions according to the level of detail, to a level of detail that can be generated without further design; c) Provided in the form used by developers. 8.1.4 Product Design Developers should provide product design documents, which should meet the following requirements. a) describe the product structure in terms of subsystems; b) identify and describe all subsystems of product safety functions; c) describe the interaction between all subsystems of the safety function; d) the mapping relationship provided can verify that all the behaviors described in the design can be mapped to the security function interface that calls it; e) describe safety functions according to the module; f) Provide the mapping relationship between the safety function subsystem and the module; g) describe all safety function implementation modules, including their purpose and interaction with other modules; h) Describe the relevant interfaces required by all modules to implement the security functions, return values from other interfaces, interactions with other modules, and Called interface i) Describe the supporting or related modules of all safety functions, including their purpose and interaction with other modules. 8.2 Guidance documents 8.2.1 Operation User Guide Developers should provide clear and reasonable operating user guides that are consistent with all other documentation provided for evaluation, The description of each user role should meet the following requirements. a) describe the functions and privileges accessible to users controlled in a secure processing environment, including appropriate alert information; b) describe how to use the available interfaces provided by the product in a secure manner; c) describe available functions and interfaces, especially all safety parameters controlled by the user, and indicate safety values where appropriate; d) clearly state each security-related event related to the user-accessible function that needs to be performed, including changes to the control of the security function Security features of the entity; e) identify all possible states of operation of the product (including failures or operational errors caused by operations), and their relevance to maintaining safety Causality and connection between operations; f) Security policies that must be implemented to fully achieve security purposes. 8.2.2 Preparation procedures The developer shall provide the product and its preparation procedures. The preparation procedure description shall meet the following requirements. a) describe all steps necessary to securely receive the delivered product in accordance with the developer delivery process; b) Describe all steps necessary to safely install the product and its operating environment. 8.3 Life cycle support 8.3.1 Configuration Management Capability Developer configuration management capabilities should meet the following requirements. a) provide unique identification for different versions of the product; b) use a configuration management system to maintain all configuration items that make up the product and uniquely identify configuration items; c) Provide configuration management documents, which describe the method used to uniquely identify configuration items; d) The configuratio......

Image

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GA/T 1574-2019_English be delivered?

Answer: Upon your order, we will start to translate GA/T 1574-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GA/T 1574-2019_English with my colleagues?

Answer: Yes. The purchased PDF of GA/T 1574-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.