GA/T 711-2007 English PDF
Basic dataStandard ID: GA/T 711-2007 (GA/T711-2007)Description (Translated English): Information security technology--Common technique guide of security classification protection for application software system Sector / Industry: Public Security (Police) Industry Standard (Recommended) Classification of Chinese Standard: L09 Classification of International Standard: 35.020 Word Count Estimation: 37,313 Date of Issue: 2007-08-13 Date of Implementation: 2007-10-01 Quoted Standard: GB 17859-1999; GB/T 20270-2006; GB/T 20271-2006; GB/T 20272-2006; GB/T 20273-2006 Issuing agency(ies): Ministry of Public Security Summary: This standard specifies the general technical requirements involved in the security level protection of the corresponding software system according to the five security protection levels of GB 17859-1999. This standard is applicable to the design and implementation of the security level protection of the application software system according to the five security protection levels of GB 17859-1999. For the five security levels in accordance with the GB 17859-1999 division of the application software system for security level protection testing, management can also refer to the use. GA/T 711-2007: Information security technology--Common technique guide of security classification protection for application software system---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology--Common technique guide of security classification protection for application software system ICS 35.020 L09 People's Republic of China Public Safety Industry Standard Information security technology Application Software System Security Level Protection General Technical Guide Released on.2007-08-13 2007-10-01 implementation Ministry of Public Security ContentForeword III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms, definitions and abbreviations 1 4 Application Software System Basic Security Technical Requirements 3 4.1 Application Software System Risk Analysis and Security Requirements 3 4.2 Application Software System Security Solution 3 4.3 Application Software System Environment Security 3 4.4 Application Software System Business Continuity 4 4.5 Application software system and corresponding information system security level 4 5 Application Software System Security Technology Grade 4 5.1 First level user independent protection level 4 5.1.1 Basic Security Technical Requirements 4 5.1.2 Safety function technical requirements 5 5.1.3 SSOASS Self Protection Requirements 5 5.1.4 SSOASS Design and Implementation 6 5.1.5 SSOASS Security Management 7 5.2 Level 2 System Audit Protection Level 8 5.2.1 Basic safety technical requirements 8 5.2.2 Safety function technical requirements 8 5.2.3 SSOASS Self Protection 9 5.2.4 SSOASS Design and Implementation 10 5.2.5 SSOASS Security Management 12 5.3 Level 3 Security Mark Protection Level 12 5.3.1 Basic safety technical requirements 12 5.3.2 Safety function technical requirements 12 5.3.3 SSOASS Self Protection 14 5.3.4 SSOASS Design and Implementation 15 5.3.5 SSOASS Security Management 18 5.4 Level 4 structured protection level 18 5.4.1 Basic safety technical requirements 18 5.4.2 Safety function technical requirements 18 5.4.3 SSOASS Self Protection 20 5.4.4 SSOASS Design and Implementation 22 5.4.5 SSOASS Security Management 24 5.5 Level 5 Access Verification Protection Level 25 5.5.1 Basic Safety Technical Requirements 25 5.5.2 Safety function technical requirements 25 5.5.3 SSOASS Self Protection 27 5.5.4 SSOASS Design and Implementation 28 5.5.5 SSOASS Security Management 31 Appendix A (informative) Conceptual description of application software system security 32 A. 1 Location of the application software system in the information system 32 A. 2 The role of application software system security in information system security 32 A. 3 About business continuity of application software systems 32ForewordAppendix A of this standard is an informative annex. This standard is proposed and managed by the Information System Security Standardization Technical Committee of the Ministry of Public Security. This standard was drafted. Beijing Jiangnan Tianan Technology Co., Ltd., Beijing Siyuan Xinchuang Information Security Information Co., Ltd. The main drafters of this standard. Ji Zengrui, Wang Zhiqiang, Chen Guanzhi, Jing Yuyuan, Song Jianping.IntroductionThis standard provides for the application software system design and implementation of the required security level in accordance with the requirements of information system security level protection. Guide, mainly to achieve the safety technology that should be achieved by the application software system to achieve each safety protection level specified in GB 17859-1999 Claim. The application software system is an important part of the information system and is the sum of the software that processes the application services in the information system. industry The security requirements of the application are the starting point and destination of the security requirements of the information system. All technical and management measures taken by information systems security In the end, it is all about ensuring the security of business applications. Some of these security measures can be implemented in the application software system, and some need to be in the letter. The other components of the information system are implemented. This standard is a general description of the security technology elements that are generally applicable to application software systems in various application areas. Different application areas The application software system should select different security technology elements according to the needs to meet the specific security requirements of their respective business applications. Chapter 4 of this standard, the application security system basic security technical requirements, is the basis for each security level of the application software system. Description of basic security technical requirements, including. application software system risk analysis and security requirements, application software system security solutions, application software System environment security, application software system business continuity, and application software system and corresponding information system security level division. Chapter 5 of this standard, the application software system security technology is graded, and is divided into five security levels of GB 17859-1999. The basic basis is based on the classification of GB/T 20271-2006 on the general security technical requirements of information systems, for each security, etc. The level of application software system security technical requirements are described, including. basic security technical requirements, security functional technical requirements, and The above security technology requires the protection, design, implementation and security management requirements of the application software system security subsystem. Among them, "Bold Song "body" means content that is increased or enhanced in the higher level than the upper level. Information security technology Application Software System Security Level Protection General Technical Guide1 ScopeThis standard specifies the safety level protection of the application software system according to the five security protection levels of GB 17859-1999. General technical requirements involved in the care. This standard applies to the security level of the application software system according to the five security protection levels of GB 17859-1999. Design and implementation of protection. For the application software system according to the division of five security protection levels according to GB 17859-1999 Test and management of full-level protection can also be used as reference.2 Normative referencesThe terms in the following documents become the terms of this standard by reference to this standard. All dated references, followed by all Modifications (not including errata content) or revisions do not apply to this standard, however, parties to agreements based on this standard are encouraged to study Is it possible to use the latest version of these files? For undated references, the latest edition applies to this standard. GB 17859-1999 Computer Information System Security Protection Level Division Guidelines GB/T 20270-2006 Information security technology network basic security technical requirements GB/T 20271-2006 Information security technology information system general safety technical requirements GB/T 20272-2006 Information security technology operating system security technical requirements GB/T 20273-2006 Information security technology database management system security technical requirements 3 Terms, definitions and abbreviations The following terms and definitions established in GB/T 20271-2006 apply to this standard. 3.1 Terms and definitions 3.1.1 An important part of an information system is a software system that processes specific services in an information system. 3.1.2 Security technical measures taken to ensure that the application software system meets certain security objectives. 3.1.3 A general term for security devices in application software systems. It establishes a basic security protection environment for the application software system and provides Additional user services required by the security application software system. According to GB 17859-1999 definition of Trusted Computing Base (TCB), SSOASS TCB belonging to the application software system. The hardware and firmware support required is provided by a low-level security mechanism. 3.1.4 Rules for managing, protecting, and allocating resources in SSOASS. There can be one or more security in a SSOASS Strategy. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 711-2007_English be delivered?Answer: Upon your order, we will start to translate GA/T 711-2007_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GA/T 711-2007_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 711-2007_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |