Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 20009-2019 English PDF

US$999.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20009-2019: Information security technology - Security evaluation criteria for database management system
Status: Valid

GB/T 20009: Historical versions

Standard IDUSDBUY PDFLead-DaysStandard Title (Description)Status
GB/T 20009-2019999 Add to Cart 7 days Information security technology - Security evaluation criteria for database management system Valid
GB/T 20009-2005RFQ ASK 6 days Information security technology -- Data base management systems security evaluation criteria Obsolete

Similar standards

GB/T 20261   GB/T 20270   GB/T 20271   GB/T 37027   GB/T 19713   

Basic data

Standard ID: GB/T 20009-2019 (GB/T20009-2019)
Description (Translated English): Information security technology - Security evaluation criteria for database management system
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 50,530
Date of Issue: 2019-08-30
Date of Implementation: 2020-03-01
Older Standard (superseded by this standard): GB/T 20009-2005
Quoted Standard: GB/T 18336.1-2015; GB/T 18336.2-2015; GB/T 18336.3-2015; GB/T 20273-2019; GB/T 25069-2010; GB/T 30270-2013
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration
Summary: This standard specifies the general principles, contents and methods of security assessment of database management systems. This standard applies to the testing and evaluation of database management systems, and can also be used to guide the development of database management systems.

GB/T 20009-2019: Information security technology - Security evaluation criteria for database management system


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Security evaluation criteria for database management system ICS 35.040 L80 National Standards of People's Republic of China Replace GB/T 20009-2005 Information Security Technology Security Evaluation Criteria for Database Management System 2019-08-30 released 2020-03-01 Implementation State Administration for Market Regulation Issued by China National Standardization Administration

Table of contents

Preface Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and definitions, abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 1 4 General Principles of Evaluation 2 4.1 Overview 2 4.2 Evaluation requirements 2 4.3 Assess the environment 2 4.4 Evaluation Process 3 5 Evaluation content 3 5.1 Safety function evaluation 3 5.2 Security assurance assessment 22 5.3 Evaluation method 35 Appendix A (informative appendix) Standard revision instructions 40

Foreword

This standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard replaces GB/T 20009-2005 "Guidelines for Security Evaluation of Information Security Technology Database Management Systems". versus Compared with GB/T 20009-2005, the main technical changes except for editorial changes are as follows. ---Modified Chapter 3 terms and definitions and abbreviations (see 3.1 and 3.2, Chapter 3 of the.2005 edition); ---Chapter 4 "Security Environment" is revised, and the title is revised to the General Rules of Evaluation, which describes the overall requirements, evaluation requirements, and Assessment environment and assessment process (see Chapter 4, Chapter 4 of the.2005 edition); ---Modified the evaluation content in Chapter 5, and defined the safety functions in GB/T 20273-2019 according to GB/T 30270-2013 Components and safety assurance component evaluation content (see Chapter 5, Chapter 5 of the.2005 edition); --- Deleted Appendix A "Threats and Countermeasures Faced by Database Management Systems" (see Appendix A of the.2005 edition); ---Listed the EAL2, EAL3 and EAL4 component list and evaluation criteria according to the concept of evaluation assurance level. Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This standard was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). Drafting organizations of this standard. China Information Security Evaluation Center, Tsinghua University, Beijing Jiangnan Tianan Technology Co., Ltd., Ministry of Public Security Third Research Institute, Peking University, Wuhan Dameng Database Co., Ltd., Tianjin Nanda General Data Technology Co., Ltd. The main drafters of this standard. Zhang Baofeng, Bi Haiying, Ye Xiaojun, Wang Feng, Wang Jianmin, Chen Guanzhi, Lu Zhen, Shen Liang, Gu Jian, Song Haohao, Zhao Yujie, Ji Zengrui, Liu Yuhan, Liu Xueyang, Hu Wenhui, Fu Quan, Fang Hongxia, Feng Yuan, Li Dejun. The previous versions of the standard replaced by this standard are as follows. ---GB/T 20009-2005. Information Security Technology Security Evaluation Criteria for Database Management System

1 Scope

According to GB/T 20273-2019, this standard specifies the general rules, evaluation content and evaluation methods of database management system security evaluation. This standard applies to the testing and evaluation of database management systems, and can also be used to guide the development of database management systems. Note. The evaluation content and evaluation methods of EAL2, EAL3 and EAL4 specified in this standard are applicable to all parts based on GB/T 18336-2015 The database management system security evaluation is also applicable to the second-level system audit protection level and third-level security of the database based on GB 17859-1999. The security evaluation of the database management system of the full-marked protection level and the fourth-level structured protection level. For the corresponding relationship, please refer to Appendix A in A.1.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all revised versions) applies to this document. GB/T 18336.1~18336.3-2015 Information Technology Security Technology Information Technology Security Evaluation Criteria GB/T 20273-2019 Information security technology database management system security technical requirements GB/T 25069-2010 Information Security Technical Terms GB/T 30270-2013 Information technology security technology Information technology security assessment method 3 Terms and definitions, abbreviations 3.1 Terms and definitions The terms and definitions defined in GB/T 25069-2010, GB/T 30270-2013 and GB/T 20273-2019 apply to this document. 3.2 Abbreviations The following abbreviations apply to this document.

4 General Rules of Evaluation

4.1 Overview This standard provides the evaluation of the database management system (DBMS) defined in GB/T 20273-2019 in accordance with GB/T 30270-2013 Object (TOE) evaluation content and evaluation method of safety function components and safety assurance components. 4.2 Evaluation requirements When conducting a security assessment of the database management system, first complete the assessment according to the security objective assessment method of GB/T 30270-2013 Based on the evaluation of DBMSST, the safety function and safety guarantee of DBMS are evaluated. a) The goal of safety function assessment is to ensure the integrity and integrity of the design and implementation of safety function components defined in GB/T 20273-2019. Confirmation, generally through the evaluation evidence analysis provided by the DBMS initiator and the TOE safety function (TSF) independence test to confirm Ensure that the DBMS security functions meet the functional requirements claimed by its security goals. The independence test should be based on the database product manufacturer’s proposal A series of evaluation evidence (such as analysis, design and test documents) and TOE security policy (TSP) provided by the evaluator in accordance with ST The TSS in the database analyzes the evidence materials of the evaluation object provided by the DBMS developer, and compares it according to the different evaluation guarantee levels. The DBMS security function components are sampled and tested, or the evaluator can design corresponding test cases and complete the DBMS independently The functional test of the security function component verifies that the implementation of TSF complies with the database management system outline specification. b) The goal of security assurance assessment is to discover the flaws or vulnerabilities in the design and implementation of the DBMS, so as to require development during the assessment process. The developer corrects the corresponding errors of the evaluation object, thereby reducing the risk of safety function failure during the operation of the DBMS after the release. Capability. Therefore, the security assessment requires testers to test whether the DBMS can withstand various security in a simulated real application environment. Full attack to determine whether the assessment object has potential security weaknesses or security vulnerabilities. Penetration testing technology is to eliminate Effective methods for defects or vulnerabilities in the design or implementation of the DBMS. Testers need to follow the communication protocol of the database product Security attack surface assessment evidence data such as discussion, structured query language, database development interface, stored procedure/function, etc. Penetration testing technologies such as testing test the credibility of the implementation mechanism of the safety function components to ensure the design of the safety function components. There are no unknown weaknesses/defects in design, implementation and testing. 4.3 Assess the environment Under the support of different network environments and server environments, general database products provide solutions for a variety of security strategies and security control mechanisms. A solution to meet the safety requirements of the target consumers. The test environment of the database management system is divided into three categories. non-cluster database services Test environment and cluster database service test environment, cluster test environment is subdivided into shared storage cluster test environment and non-shared storage The cluster test environment. A certain test environment should be selected according to the system of GB/T 30270-2013 safety assessment basic principles, processes and procedures, Product safety function and safety assurance are evaluated. Each evaluation activity of the security component of the database management system includes two general evaluation tasks. a) Evaluation evidence input evaluation. The evaluation initiator shall provide the safety evaluation agency with all necessary evaluation materials for the DBMS safety evaluation Material. The evaluation initiator should prepare or develop TOE-related evaluation evidence in accordance with GB/T 30270-2013. Some inputs require evaluation. b) Evaluation result output evaluation. The purpose of the output task evaluation of the safety evaluation agency is to evaluate the output observation report and evaluation technology The report should satisfy the principle of repeatability and reproducibility of the evaluation results, and should maintain the consistency of the types and quantities of information reported. 4.4 Evaluation process The safety assessment process according to GB/T 30270-2013 includes assessment preparation, assessment implementation, assessment results and other stages, as follows. a) Evaluation preparation stage. The evaluation initiator shall provide the evaluator with safety goals in accordance with GB/T 30270-2013, and the evaluator shall analyze its feasibility. The evaluator may need the sponsor to provide other supporting information related to the evaluation. Evaluation initiator or ST development The evaluator will provide the evaluator with part of the object to be evaluated. The evaluator reviews the security goals and then informs the initiator to Necessary supplements and improvements to facilitate the implementation of the evaluation process in the future. When the evaluator believes that the initiator of the evaluation When the materials are ready, the evaluation process enters the next stage. b) Evaluation implementation stage. The evaluator generates a list of products to be evaluated, evaluation activities, and evaluation based on GB/T 30270-2013 The feasibility study report of documents such as sampling requirements for estimation methods. The initiator and the evaluator sign an agreement during the evaluation preparation phase The agreement contains the basic framework of evaluation, while taking into account the limitations of the evaluation system and any changes in national laws and regulations. Claim. After the agreement is signed, the evaluator can enter the evaluation implementation stage. The main activities included at this stage are. 1) The evaluator checks the evaluation objects that the initiator or developer should deliver, and then performs the necessary evaluation activities in accordance with GB/T 30270-2013. 2) During the evaluation phase, the evaluator may write an observation report. In this report, the evaluator will ask the supervisor (review agency) How to meet its regulatory requirements. 3) The supervisor responds to the evaluator's request for explanation, and then allows the next evaluation. 4) The supervisor may also confirm and point out some potential defects or threats, and then ask the initiator or developer to provide additional information. c) Evaluation of the final result stage. The evaluator will comprehensively evaluate the TOE based on the document review, test conditions, and on-site inspection results. And write evaluation technical report.

5 Evaluation content

5.1 Safety function evaluation 5.1.1 Overview In the description of the safety function component evaluation content, the bold text in square brackets [] indicates the completed operation, and the black italic content table The indication also needs to be determined by the ST author in the safety target to determine the assignment and selection items. 5.1.2 Security audit (FAU category) 5.1.2.1 Audit data generation (FAU_GEN.1) The audit data generation component should automatically generate corresponding audits in accordance with database standard audits and fine-grained audit strategies set by security goals Event log information. The security assessment of this component is as follows. a) The different levels of audit strategies provided by the assessment object should be tested to produce the following auditable event records. 1) Start and close the database audit function; 2) The startup and shutdown of the database instance and its component services; 3) Non-default value modification events of database instance configuration parameters; 4) Database object structure modification event; 5) Auditable events of the database audit level [minimum] listed in GB/T 20273-2019; 6) Other auditable events for database security auditors that can bypass the special definition of the access control strategy [assignment. audit event defined by the ST author]; 7) All auditable events that do not specify the audit level [assignment. fine-grained audit events at the database object data operation level]. b) Check that the audit records contain at least the following information. 1) Event type, event date and time, subject's associated identity/group/role, database objects involved, Information about the host that generated the audit event and the result of the event operation (success or failure); 2) Audit data should be generated according to the evaluation object [assignment. audit event specified by the ST author] and the prescribed format [assignment. data type and format]; 3) For each audit event type, the auditable event definition based on the security function components included in GB/T 20273-2019. c) The audit data generation strategy configuration management API or tool of the database management system should be checked to confirm the effectiveness of the audit data generation mechanism and function. 5.1.2.2 User Identity Association (FAU_GEN.2) The user identity correlation component should associate audit events with the identity of the subject, so that auditable events can be traced back to a single database user identity Requirements. The security assessment of this component is as follows. a) The audit record should be able to view whether each audit event is associated with the identity of the user who triggered the audit event; b) Audit records should be able to see whether each audit event is related to the [assignment. the user identity specified by the ST author] Authentication method] associated database session information; c) It should be checked and provided to associate the user identity in the audit record with the user’s group/role identity to view the auxiliary view or management API/work Tool, confirm that you can see the user identity related information. 5.1.2.3 Audit review (FAU_SAR.1) The audit review component provides authorized administrators with the ability to obtain and interpret audit data. The security assessment of this component is as follows. a) It should be tested whether the audit information listed below can be read and obtained from the audit records. 1) User identification; 2) Audit event type; 3) Database object identification; 4) [Assignment. Audit event specified by ST author] specified by the evaluation object; b) It should be tested whether the audit record reading and management interface (such as a graphical interface) that meets the review conditions is provided in a way that users can understand; c) It should be tested that when the authorized user is an external IT entity, the audit data should be unambiguously represented in a standardized electronic way; d) It should be tested whether all unauthorized users are prohibited from accessing audit data. 5.1.2.4 Restricted audit access (FAU_SAR.2) The restricted audit access component only allows authorized administrators to access part of the audit data. The security assessment of this component is as follows. a) It should be tested whether the audit information can be accessed according to [Selection. Subject ID, Host ID, Object ID, [Assignment. Audit Conditions Specified by ST Author]]; b) It should be tested whether it can be based on [Select. Auditable security event for success, Auditable security event for failure, [Assignment. ST author specifies its He chooses conditions】】Check audit information; c) It should be tested whether the audit information can be consulted according to [Selection. Database System Authority, Database Object Authority, [Assignment. Authority Level Specified by ST Author]]; d) The management audit data authorization control mechanism and audit data authorization administrator (security administrator) should be tested to control authorized administrator access [Assignment of audit data. ST author designated role/system authority]; e) It should be tested whether security administrators or authorized administrators who have been granted audit data access rights are allowed to access audit data views or interfaces; f) It should be tested whether all unauthorized users are prohibited from accessing audit data. 5.1.2.5 Optional audit review (FAU_SAR.3) The optional audit review component allows authorized administrators to select audit data to be reviewed based on specified search criteria. The security assessment of this component is as follows. a) It should be tested whether the audit records can be searched according to the search and classification conditions of the values in the audit data fields, and the audit data that authorized administrators care about should be filtered; b) It should be tested whether the returned audit data can be sorted and summarized; c) It should be tested whether the authorized administrator is allowed to use [Select. SQL statement, [Assignment. ST author specified method]] to search for and sort audit data; d) It should be tested whether to provide application development interface capabilities for accessing audit data or audit data analysis auxiliary tools; e) It should be tested whether all unauthorized users are prohibited from accessing audit data. 5.1.2.6 Selective audit (FAU_SEL.1) The selective audit component defines the ability to add or exclude events from the auditable event set. The security assessment of this component is as follows. a) It should be tested whether it can be based on [selection. object identity, user identity, group identity, subject identity, host identity, [assignment. ST author Determine subject attributes】】Select auditable events from the audit event set; b) It should be tested whether it can be selected according to [selection. database system authority, statement-level audit, authority-level audit, mode object-level audit, column-level......
Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 20009-2019_English be delivered?

Answer: Upon your order, we will start to translate GB/T 20009-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 20009-2019_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 20009-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GB/T 20009-2019?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20009-2019 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.