GB/T 18336.5-2024 English PDFUS$674.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 18336.5-2024: Cybersecurity technology - Evaluation criteria for IT security - Part 5: Pre-defined packages of security requirements Status: Valid
Basic dataStandard ID: GB/T 18336.5-2024 (GB/T18336.5-2024)Description (Translated English): Cybersecurity technology - Evaluation criteria for IT security - Part 5: Pre-defined packages of security requirements Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 34,391 Date of Issue: 2024-04-25 Date of Implementation: 2024-11-01 Older Standard (superseded by this standard): GB/T 18336.3-2015; GB/T 18336.3-2015 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 18336.5-2024: Cybersecurity technology - Evaluation criteria for IT security - Part 5: Pre-defined packages of security requirements---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS 35:030 CCSL80 National Standards of People's Republic of China Partially replaces GB/T 18336:3-2015 Cybersecurity Technology Information Technology Security Assessment Criteria Part 5: Predefined security requirements package Published on April 25, 2024, implemented on November 1, 2024 State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III Introduction V 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Assessment Assurance Level 2 4:1 Family name 2 4:2 Overview of Assessment Assurance Level 2 4:3 Purpose of Assurance Level Assessment 4 4:4 Assessment Assurance Level 4 5 Combination Protection Package 14 5:1 Clan name 14 5:2 Overview of the combined protection package 14 5:3 Purpose of the combined protection package 15 5:4 Package 16 in the CAP family 6 Composite product packages 20 6:1 Package Name 20 6:2 Packet Type 20 6:3 Package Overview 20 6:4 Purpose 20 6:5 Security Assurance Components 20 7 Protection profile guarantee 21 7:1 Tribe name 21 7:2 Overview of PPA Family 21 7:3 PPA Family Purpose 21 7:4 PPA package 21 8 Security Goal Guarantee 23 8:1 Tribe name 23 8:2 STA Family Overview 23 8:3 STA Family Purpose 23 8:4 STA Packet 23 Appendix NA (Informative) Abbreviations 25 Reference 26ForewordThis document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for standardization work Part 1: Structure and drafting rules for standardization documents" Drafting: This document is part 5 of GB/T 18336 "Cybersecurity Technology Information Technology Security Assessment Criteria": GB/T 18336 has been Post the following parts: --- Part 1: Introduction and general model; --- Part 2: Safety functional components; --- Part 3: Safety assurance components; --- Part 4: Normative framework for assessment methods and activities; --- Part 5: Predefined security requirements package: This document and GB/T 18336:3-2024 "Cybersecurity Technology Information Technology Security Assessment Criteria Part 3: Security Assurance Group GB/T 18336:4-2024 "Cybersecurity Technology Information Technology Security Assessment Criteria Part 4: Assessment Methods and Activities Specification" GB/T 18336:3-2015 Information Technology Security Technology Information Technology Security Assessment Criteria Part 3: Security Full protection components: This document partially replaces GB/T 18336:3-2015 "Information Technology Security Technology Information Technology Security Assessment Criteria Part 3 Compared with GB/T 18336:3-2015, in addition to structural adjustments and editorial changes, the main technical changes are as follows: --- Deleted the protection model (see Chapter 5 of GB/T 18336:3-2015 edition); --- Deleted the safety assurance component (see Chapter 6 of GB/T 18336:3-2015 edition); --- Added Composite Product Package (COMP) (see Chapter 6); --- Added Protection Profile Assurance (PPA) (see Chapter 7); --- Added safety target assurance (STA) (see Chapter 8); --- Deleted the APE category: Assurance profile evaluation (see Chapter 9 of GB/T 18336:3-2015 edition); --- Deleted ASE category: Safety objective assessment (see Chapter 10 of GB/T 18336:3-2015 edition); --- Deleted ADV category: Development (see Chapter 11 of GB/T 18336:3-2015 edition); --- Deleted AGD category: Guidance document (see Chapter 12 of GB/T 18336:3-2015 edition); --- Deleted the ALC class: Lifecycle support (see Chapter 13 of GB/T 18336:3-2015 edition); --- Deleted ATE category: Test (see Chapter 14 of GB/T 18336:3-2015 edition); --- Deleted the AVA category: vulnerability assessment (see Chapter 15 of GB/T 18336:3-2015 edition): This document is equivalent to ISO /IEC 15408-5:2022 "Information security, network security and privacy protection information technology security assessment standards" Part 5: Predefined security requirements package: The following minimal editorial changes were made to this document: --- In order to coordinate with the existing standards, the name of the standard will be changed to "Cybersecurity Technology Information Technology Security Assessment Criteria Part 5: Pre- Defined security requirements package"; --- Add informative Appendix NA "Abbreviations": Please note that some of the contents of this document may involve patents: The issuing organization of this document does not assume the responsibility for identifying patents: This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260): This document was drafted by: China Information Security Evaluation Center, China Electronics Technology Group Corporation No: 15 Research Institute, China Trade Promotion Information Technology Co:, Ltd:, Vivo Mobile Communications Co:, Ltd:, Industrial Information Security (Sichuan) Innovation Center Co:, Ltd:, Jilin Information Security Evaluation Center Center, National Radio and Television Administration Radio and Television Science Research Institute, Beijing Shenzhou Green Alliance Technology Co:, Ltd:, National Technology Co:, Ltd:, Guangdong Midea Refrigeration Equipment Co:, Ltd:, Guangdong Rural Credit Cooperatives Union, Lenovo (Beijing) Co:, Ltd:, China Unicom Consulting and Design Institute Co:, Ltd: Company, Chengdu Xugu Weiye Technology Co:, Ltd:, Beijing Oriental Jinxin Technology Co:, Ltd:, and Beijing Blue Elephant Standard Consulting Service Co:, Ltd: The main drafters of this document are: Zhang Baofeng, Xu Yuan, Yang Yongsheng, Li Fengjuan, Shi Hongsong, Gao Jinping, Liu Hui, Huo Shanshan, Liu Jian, Xu Man, Li Bin, Liu Shanglin, Zhao Liangfu, Zhao Peihan, Xiao Fengjia, Ming Yuzhuo, Liu Juan, Qi Jinye, Yao Junxian, Li Ruxin, Wang Weizhe, Qiao Huayang, Zhang Debao, Bi Haiying, Deng Hui, Jia Wei, Chen Feng, and Wang Shuyi: This document was first published in:2001 as GB/T 18336:3-2001, revised for the first time in:2008, and revised for the second time in:2015: This is the third revision, partially replacing GB/T 18336:3-2015, and is numbered GB/T 18336:5:IntroductionThis document provides predefined safety requirements packages: Safety requirements packages can help standard users to maintain consistency in their assessments and Helps reduce the effort in developing Protection Profiles (PP) and Safety Targets (ST): GB/T 18336 is proposed to consist of five parts: --- Part 1: Introduction and general model: This aims to provide an overall overview of GB/T 18336 and define the basic principles of information technology security assessment: The paper introduces general concepts and principles and gives a general model for evaluation: --- Part 2: Safety functional components: Aims to establish a set of standardized templates for functional components that can be used to describe safety functional requirements: These functional components are structured in the form of classes and families, and specific functions are constructed through component selection, refinement, and cutting: safety functional requirements: --- Part 3: Security assurance components: Aims to establish a set of standardized templates for security assurance components that can be used to describe security assurance requirements: These security assurance components are structured in classes and families, defining the evaluation criteria for PP, ST, and TOE: Guidelines, construct specific security requirements through component selection, refinement, and tailoring: --- Part 4: Normative framework for evaluation methods and activities: Aims to provide a standardized framework for normative evaluation methods and activities: These assessment methods and activities are included in the PP, ST and any supporting documents for assessors to use based on The evaluation work is carried out based on the models described in other parts of GB/T 18336: --- Part 5: Predefined security requirement packages: Aims to provide security assurance requirements and security functions commonly used by stakeholders Required packages, examples of packages provided include Evaluation Assurance Level (EAL) and Combined Assurance Package (CAP): GB/T 18336:1-2024 defines the term "package" and describes the basic concepts: NOTE: This document uses bold and italic type in some cases to distinguish terms from the rest of the text: Highlighted, all new requirements are also in boldface: For layered components, when a requirement is enhanced or modified beyond the previous component In addition, any new or enhanced allowed operations beyond the previous components are also highlighted in bold: Conventionally italic text is used to indicate text with precise meaning: For security requirements, this convention also applies to special verbs related to assessment: Cybersecurity Technology Information Technology Security Assessment Criteria Part 5: Predefined security requirements package1 ScopeThis document provides users with a general security assurance requirement package and a security function requirement package: Example: Evaluation Assurance Level (EAL) and Combined Assurance Package (CAP) are available: This document describes: ---Evaluation Assurance Level Package (EAL), which specifies a set of pre-defined security assurance components that can be referenced in PP and ST Set,These components are also used to provide appropriate security for TOE evaluation; ---Combined Assurance Package (CAP), which specifies a set of security assurance components required for combined TOE evaluation; --- Composite Product Package (COMP), which specifies a set of security assurance components required for composite product TOE evaluation; ---Protection Profile Assurance Package (PPA), which specifies a set of security assurance components required for protection profile assessment; ---Security Target Assurance Package (STA), which specifies a set of security assurance components required for security target assessment: The audience for this document includes consumers, developers, and evaluators of secure information technology products:2 Normative referencesThe contents of the following documents constitute the essential clauses of this document through normative references in this document: For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document: GB/T 18336:1-2024 Cybersecurity technology Information technology security assessment criteria Part 1: Introduction and general model (ISO /IEC 15408-1:2022, IDT) ISO /IEC 15408-1 Information security, network security and privacy protection Information technology security evaluation criteria Part 1: Introduction and Note: GB/T 18336:1-2024 Cybersecurity technology Information technology security assessment criteria Part 1: Introduction and general model (ISO /IEC 15408- 1:2022,IDT) ISO /IEC 15408-3 Information security, network security and privacy protection Information technology security evaluation criteria Part 3: Security protection Note: GB/T 18336:3-2024 Cybersecurity technology Information technology security assessment criteria Part 3: Security assurance components (ISO /IEC 15408-3: 2022, IDT)3 Terms and definitionsFor this document, the terms and definitions defined in ISO /IEC 15408-1 and ISO /IEC 15408-3 apply: NOTE: Appendix NA gives the abbreviations used in this document: ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 18336.5-2024_English be delivered?Answer: Upon your order, we will start to translate GB/T 18336.5-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 18336.5-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 18336.5-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
