GA/T 712-2007 English PDF
Basic dataStandard ID: GA/T 712-2007 (GA/T712-2007)Description (Translated English): Information security technology--Common test guide of security classification protection for application software system Sector / Industry: Public Security (Police) Industry Standard (Recommended) Classification of Chinese Standard: L09 Classification of International Standard: 35.020 Word Count Estimation: 18,143 Date of Issue: 2007-08-13 Date of Implementation: 2007-10-01 Quoted Standard: GB 17859-1999; GA/T 711-2007 Issuing agency(ies): Ministry of Public Security Summary: This standard specifies the requirements for testing the security level of the application software system according to the five security levels of GB 17859-1999. This standard specifies the application of the five security levels in accordance with the requirements of GB 17859-1999 application software system security testing. The safety design and management of the application software system according to the five security levels of GB 17859-1999 can also refer to the use. GA/T 712-2007: Information security technology--Common test guide of security classification protection for application software system---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology--Common test guide of security classification protection for application software system ICS 35.020 L09 People's Republic of China Public Safety Industry Standard Information security technology Application Software System Security Level Protection General Test Guide Released on.2007-08-13 2007-10-01 implementation Ministry of Public Security ContentForeword III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms, definitions and abbreviations 1 4 application software system security technology test environment and condition requirements 1 4.1 Test Environment 1 4.2 Test conditions 1 5 Application software system security technology testing common security level requirements 1 6 Application Software System Basic Security Technology Test 2 6.1 Risk Analysis and Security Requirements Testing 2 6.2 Application Software System Security Solution Test 2 6.3 Application Software System Environmental Security Test 2 6.4 Application Software System Business Continuity Test 2 6.5 Application software system and related information system security level division test 2 7 Application Software System Security Technology Graded Test 2 7.1 First level user independent protection level 2 7.1.1 Safety Technology Test Environment and Condition Requirements 2 7.1.2 Basic Security Technology Test 2 7.1.3 Security Function Test 3 7.1.4 SSOASS Self Protection Test 3 7.1.5 SSOASS Design and Implementation Test 3 7.1.6 SSOASS Security Management Test 4 7.2 Level 2 System Audit Protection Level 4 7.2.1 Safety Technology Test Environment and Condition Requirements 4 7.2.2 Basic Security Technology Test 4 7.2.3 Security function technical test 4 7.2.4 SSOASS Self Protection Test 5 7.2.5 SSOASS Design and Implementation Test 5 7.2.6 SSOASS Security Management Test 6 7.3 Level 3 Security Mark Protection Level 6 7.3.1 Safety Technology Test Environment and Condition Requirements 6 7.3.2 Basic safety technical test 6 7.3.3 Safety function technical test 6 7.3.4 SSOASS Self Protection Test 7 7.3.5 SSOASS Design and Implementation Test 8 7.3.6 SSOASS Security Management Test 8 7.4 Level 4 structured protection level 8 7.4.1 Safety Technology Test Environment and Condition Requirements 8 7.4.2 Basic Safety Technology Test 8 7.4.3 Safety function technical test 9 7.4.4 SSOASS Self Protection Test 10 7.4.5 SSOASS Design and Implementation Test 10 7.4.6 SSOASS Security Management Test 11 7.5 Level 5 Access Verification Protection Level 11 7.5.1 Safety Technology Test Environment and Condition Requirements 11 7.5.2 Basic Safety Technology Test 11 7.5.3 Safety function technical test 11 7.5.4 SSOASS Self Protection Test 12 7.5.5 SSOASS Design and Implementation Test 13 7.5.6 SSOASS Security Management Test 13ForewordThis standard is proposed and managed by the Information System Security Standardization Technical Committee of the Ministry of Public Security. This standard was drafted. Beijing Jiangnan Tianan Technology Co., Ltd., Beijing Siyuan Xinchuang Information Security Information Co., Ltd. The main drafters of this standard. Ji Zengrui, Wang Zhiqiang, Chen Guanzhi, Jing Yuyuan, Song Jianping.IntroductionThis standard provides guidance for testing the security level protection of application software systems, and whether the security technologies used in the application software systems are up to Test to the requirements of their respective safety protection levels. Chapter 4 of this standard, application software system security technology test environment and condition requirements, is the ring of application software system security technology test Environmental requirements and application software system security technology testing should meet the requirements of the conditions. Chapter 5 of this standard, application software system security technology tests the common requirements of each security level, is every security of the application software system, etc. A description of the safety technical test requirements applicable to the class. Chapter 6 of this standard, Application Software System Basic Security Technology Test, is the application software described in Chapter 4 of GA/T 711-2007. Testing of the system's underlying security technology. Chapter 7 of this standard, application software system security technology graded test, with GA/T 711-2007 Chapter 5 on application software system A description of the security technology's testing requirements for each security level of the application software system based on the hierarchical requirements of the security technology, including. Environmental and condition requirements for safety technology testing, basic safety technical testing requirements, safety functional technical testing requirements, and application software systems Test requirements for the protection, design and implementation of the safety subsystem and safety management. Among them, "Bold Song" means comparing at a higher level. Increase or enhance content at a lower level. Information security technology Application Software System Security Level Protection General Test Guide1 ScopeThis standard specifies the safety protection level of the application software system according to the five security protection levels of GB 17859-1999. Test requirements. This standard applies to application software system security technology according to the requirements of five security protection levels of GB 17859-1999. Test. The safety design and management of the application software system according to the five security protection levels of GB 17859-1999 is also available. Refer to use.2 Normative referencesThe terms in the following documents become the terms of this standard by reference to this standard. All dated references, followed by all Modifications (not including errata content) or revisions do not apply to this standard, however, parties to agreements based on this standard are encouraged to study Is it possible to use the latest version of these files? For undated references, the latest edition applies to this standard. GB 17859-1999 Computer Information System Security Protection Level Division Guidelines GA/T 711-2007 Information Security Technology Application Software System Security Level Protection General Technical Guide 3 Terms, definitions and abbreviations Terms, definitions and abbreviations established in GA/T 711-2007 apply to this standard.4 application software system security technology test environment and condition requirements4.1 Test environment The application software system security technology test environment should meet the following requirements. a) Software and hardware (such as physical layer, network layer, operating system layer, number) of other layers of the information system supporting the application software system operation According to the library management system layer, etc.), it should have a security level not lower than the security protection level of the application software system; b) According to the principle of association/complementarity, the security requirements of the application software system can be implemented in the application software system, or can be supported. Implemented in the low-level environment in which it operates; c) Testing of the application software system should be carried out in its actual operating environment or in the same simulated environment as the actual operating environment; d) The part of the application software system that involves the password should provide cryptographic support with the appropriate security strength/level. 4.2 Test conditions The tested application software system should meet the following conditions. a) The designer should first conduct self-tests and provide corresponding test documents and test results; b) The tests performed in accordance with the test documentation provided by the designer shall be capable of reproducing the self-testing process performed by the designer; c) The tester can perform new tests based on the safety requirements of the application software system; d) Testing involving password strength/level shall be carried out by the national password authority in accordance with the relevant regulations; e) The tester should be able to determine whether the tested application software system meets the required level of security protection based on the analysis of the test results. Make an evaluation.5 Application software system security technology test common requirements of each security levelThe developer of SSOASS should provide a self-test document containing the test results for each of the tested items. The self-test document should indicate the measured column ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 712-2007_English be delivered?Answer: Upon your order, we will start to translate GA/T 712-2007_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GA/T 712-2007_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 712-2007_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
