GA/T 695-2014 English PDFGA/T 695: Historical versions
Basic dataStandard ID: GA/T 695-2014 (GA/T695-2014)Description (Translated English): Information security technology-Technical requirements for audit products of network communication Sector / Industry: Public Security (Police) Industry Standard (Recommended) Classification of Chinese Standard: A90 Classification of International Standard: 35.240 Word Count Estimation: 21,245 Older Standard (superseded by this standard): GA/T 695-2007 Quoted Standard: GB 17859-1999; GB/T 18336.1-2008; GB/T 18336.2-2008; GB/T 18336.3-2008; GB/T 25069-2010 Regulation (derived from): Notice on Publication of Public Safety Industry Standard (Year of 2014); Industry Standard Record Announcement No. 4 of 2015 (No. 184) Issuing agency(ies): Ministry of Public Security Summary: This standard specifies the security functional requirements, security assurance requirements and classification requirements for network communications auditing products. This standard is applicable to the design, development and testing of network commu GA/T 695-2014: Information security technology-Technical requirements for audit products of network communication---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology-Technical requirements for audit products of network communication ICS 35.240 A90 People's Republic of China Public Security Industry Standards Replacing GA/T 695-2007 Information Security Technology Network communications products technical requirements for audit Issued on. 2014-05-23 2014-05-23 implementation People's Republic of China Ministry of Public Security Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Abbreviations 1 5 Product Description 2 Network Communications Audit 6 Security Environment 3 7 security purposes 4 Security functional requirements 8 5 9 9 Security assurance requirements 10 basic principles of technical requirements 14 11 Classification of claim 15ForewordThis standard was drafted in accordance with GB/T 1.1-2009 given rules. Instead of the standard GA/T 695-2007 "Information security technology security audit network communications data retained functional requirements", and GA/T 695-2007 Technical changes compared as follows. --- Standard name changed to "information security audit network communications products technical requirements" (see cover, the cover of the 2007 edition); --- Increased abbreviations (see Chapter 4); --- Increases network traffic audit product description (see Chapter 5); --- Increase the security environment, including the assumptions, threats and organizational security policies (see Chapter 6); --- Increased security purposes, including the purpose of product safety and environmental safety purposes (see Chapter 7); --- Increase the data collection requirements (see 8.1); --- Modify the data restoration requirements (see 82, 2007 version 4.2.); --- Increase the statistical requirements (see 8.3); --- Increased processing requirements analysis (see 8.4); --- Increased statistical reporting requirements (see 8.5.2); --- Modify the identification and authentication requirements (see 86, 2007 version 4.3 and 4.4.); --- Modify the data security requirements (see 87, 2007 version 4.6.); --- Modifies the data storage security requirements (see 88, 2007 version 4.6.); --- Modify the security assurance requirements (see Chapter 9, 2007 Edition Chapter 5); --- Increase the technical requirements of the basic principles, including the basic principles of security functional requirements and security assurance requirements for the basic principles (see Chapter 10). Please note that some of the content of this document may involve patents. Release mechanism of the present document does not assume responsibility for the identification of these patents. This standard was proposed by the Ministry of Public Security Network Security Protection Agency. This standard is under the jurisdiction of the Ministry of Public Security Information System Standardization Technical Committee. This standard was drafted. Ministry of Public Security of Computer Information System Security Product Quality Supervision and Inspection Center, Ministry of Public Security the third Institute, Shenzhen SINFOR Electronic Technology Co., Ltd. Blue Shield of information security technology. The main drafters of this standard. Wang Zhijia, Gu Wei, Li, Gu Jian, Shen Liang, Zhangwu Jian, Fang Weidong. This standard replaces the standards previously issued as follows. --- GA/T 695-2007.IntroductionThis standard describes in detail the audit and network communications products safe environment-related assumptions, threats and organizational security policies, the definition of network communication Security purposes letter audit products and their supporting environment, specifies the safety function of the network of communication audit product requirements and security assurance requirements, through Fundamentals proof required safety functions can be traced and the products covered by security purposes and security purposes can be traced back cover relevant security environment Assumptions, threats and organizational security policies. The standard base-level reference to GB/T 18336.3-2008 prescribed level EAL2 security assurance requirements, and enhance the level at EAL4 level Security assurance requirements based on the vulnerability analysis requires upgrade to an attacker can withstand moderate attack potential attack. This standard only gives the audit network communications products should meet the technical requirements of safety, but the audit network communications products, specific technical implementation Now way, way, etc. is not required. Information Security Technology Network communications products technical requirements for audit1 ScopeThis standard specifies the security features of network communication products, audit requirements, security assurance requirements and grading requirements. This standard applies to audit network communications product design, development and testing.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB 17859-1999 computer information system security protection classification criterion GB/T 18336.1 ~ 18336.3-2008 Information technology - Security techniques - Evaluation criteria for IT security GB/T 25069-2010 Information security technology terms3 Terms and DefinitionsGB 17859-1999, GB/T 18336.1 ~ 18336.3-2008 and GB/T 25069-2010 defined in the following terms and Definitions apply to this document. 3.1 Network Communications Audit auditofnetworkcommunication To record and analyze network traffic and take appropriate action for specific events. 3.2 Audit records auditrecordation Audit network communications products to be recorded and analyzed the information obtained. 3.3 Log log Audit product itself events are recorded and analyzed the information obtained. 3.4 Audit Center auditcenter Product audit records, analysis, processing data network communication features. 3.5 Audit Agent auditagent Audit network communications products, collect data and send audit center features.4 AbbreviationsThe following abbreviations apply to this document. CPU. Central Processing Unit (CentralProcessingUnit) DOS. Denial of Service (DenialofService) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 695-2014_English be delivered?Answer: Upon your order, we will start to translate GA/T 695-2014_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GA/T 695-2014_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 695-2014_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GA/T 695-2014?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GA/T 695-2014 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |