GB/T 20279-2024 English PDFUS$999.00 ยท In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 20279-2024: Cybersecurity technology - Technical specification for network and terminal separation products Status: Valid GB/T 20279: Historical versions
Basic dataStandard ID: GB/T 20279-2024 (GB/T20279-2024)Description (Translated English): Cybersecurity technology - Technical specification for network and terminal separation products Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 50,556 Date of Issue: 2024-09-29 Date of Implementation: 2025-04-01 Older Standard (superseded by this standard): GB/T 20279-2015,GB/T 20277-2015 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 20279-2024: Cybersecurity technology - Technical specification for network and terminal separation products---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 20279-2015, GB/T 20277-2015 Network security technology network and terminal isolation products Technical Specifications 2025-04-01 Implementation State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 General 3 6 Safety technical requirements 5 6.1 Security Function Requirements 5 6.2 Self-security requirements 9 6.3 Performance requirements 10 6.4 Security requirements 11 7 Evaluation Methods 13 7.1 Safety function evaluation 13 7.2 Self-security assessment 23 7.3 Performance Evaluation 26 7.4 Security Assessment 26 Appendix A (Normative) Classification of network and terminal isolation products and classification of security technical requirements 33 Appendix B (Normative) Classification and evaluation methods of network and terminal isolation products 39ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 20279-2015 "Information security technology network and terminal isolation product security technical requirements" and GB/T 20277- 2015 "Information Security Technology Network and Terminal Isolation Product Test and Evaluation Method", GB/T 20279-2015 and GB/T 20277-2015 Compared with the previous version, in addition to structural adjustments and editorial changes, the main technical changes are as follows. --- Changed the product classification of network isolation products (see Chapter 5, Chapter 4 of GB/T 20279-2015 edition); --- Added general rules (see Chapter 5); --- Changed the information flow control strategy requirements (see 6.1.1.1, 5.2.2.1.1.1, 5.2.2.2.1.1, --- Changed the information flow control function requirements (see 6.1.1.2, 5.2.2.1.1.2, 5.2.2.2.1.2, --- Added application and protocol support requirements (see 6.1.2); --- Added information filtering requirements (see 6.1.3); --- Change the anti-attack requirements to attack protection requirements (see 6.1.5, 5.2.2.1.2, 5.2.2.2.2, 5.2.3.1.2 and 5.2.3.2.2); ---Change the domain isolation requirement to the security isolation requirement (see 6.1.6, 5.2.2.1.6, 5.2.2.2.6, 5.2.3.1.6 and 5.2.3.2.6); ---Change the fault tolerance requirement to high availability requirement (see 6.1.7, 5.2.2.1.7, 5.2.2.2.7 and 5.2.3.2.7); --- Added linkage requirements (see 6.1.10); ---Change the environmental adaptability requirements to IPv6 support requirements (see 6.1.11, 5.4 of GB/T 20279-2015 edition); ---Added virtualization deployment requirements (see 6.1.12); --- Added its own safety requirements (see 6.2); --- Changed the performance requirements (see 6.3, 5.5 of GB/T 20279-2015 edition); --- Changed the safety assurance requirements (see 6.4, 5.3 of GB/T 20279-2015 edition); --- Added the classification of network and terminal isolation products and the classification of security technical requirements (see Appendix A); ---Added the classification of network and terminal isolation products and the level classification of evaluation methods (see Appendix B). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. the Third Research Institute of the Ministry of Public Security, the National Industrial Information Security Development Research Center, China Cybersecurity Review and Certification and Market Supervision Big Data Center, China Electronics Technology Standardization Institute, Beijing Topsec Network Security Technology Co., Ltd., Beijing Anmeng Information Technology Co., Ltd., Zhongfu Information Co., Ltd., Tsinghua University, Shenzhen Lipu Information Technology Co., Ltd., Venusstar Information Technology Technology Group Co., Ltd., Zhuhai Special Economic Zone Weisi Co., Ltd., Torui Tianxing Network Security Information Technology Co., Ltd., Qi'anxin Network Shen Information Technology (Beijing) Co., Ltd., Institute of Software, Chinese Academy of Sciences, First Research Institute of the Ministry of Public Security, Tencent Cloud Computing (Beijing) Co., Ltd. Responsible company, Xi'an Jiaotong University Jabil Network Technology Co., Ltd., Beijing Shuanxing Technology Co., Ltd., Shandong Shouhan Information Technology Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., H3C Technologies Co., Ltd., State Grid Block Chain Technology (Beijing) Co., Ltd., Blue Shield Information Security Technology Co., Ltd., Guangzhou Tianmao Information System Co., Ltd., China Southern Power Grid Electric Power Technology Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd., Blue Elephant Standard (Beijing) Technology Co., Ltd., Hangzhou Lingxin Digital Information Technology Co., Ltd., and Chengdu Saibo Security Technology Development Co., Ltd. The main drafters of this document are. Lu Zhen, Zhu Guobang, Li Xuan, Gu Jian, Gu Jianxin, Shen Liang, An Gaofeng, Liu Zhifei, Ma Ao, Yang Chen, Sun Yan, Zhang Dongju, Wang Chonghua, Shen Yongbo, Shen Wenjie, Jiang Jun, Lu Wenli, Jiao Mengmeng, Zuo Anji, Zhang Xiyu, Lu Dongliang, Yan Min, Yang Chunhua, Hu Weina, Wang Luhan, Zhang Lingyun, Qiao Huayang, Yu Guo, Liu Yuhong, Yang Geng, Zhao Hua, Liu Weihua, He Jianfeng, Shi Zhuyu, Jiao Shaobo, Wan Xiaolan, Li Shiqi, Chang Yuanyuan, Liu Qiang, Zou Kai, Lin Di, Li Kepeng, Han Xiude, Zhang Dawei, Zhao Huimin, Qian Yunjie, Ding Wensuo, Yang Wei, Zhang Zhenyu, Lin Dansheng, Li Huimin and Guo Aibo. The previous versions of this document and the documents it replaces are as follows. ---GB/T 20279, first issued in.2006 and first revised in.2015; ---GB/T 20277, first issued in.2006 and first revised in.2015; ---This is the second revision. Network security technology network and terminal isolation products Technical Specifications1 ScopeThis document specifies the classification, grading, security technical requirements and evaluation methods of network and terminal isolation products. This document applies to the design, development, and testing of network and endpoint isolation products.2 Normative referencesThe contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 18336.3-2024 Cybersecurity technology Information technology security assessment criteria Part 3.Security assurance components GB/T 25069-2022 Information Security Technical Terminology GB/T 30279-2020 Information security technology - Guidelines for the classification and grading of network security vulnerabilities GB 42250-2022 Information security technology - Safety technical requirements for network security products3 Terms and definitionsGB/T 18336.3-2024, GB/T 25069-2022, GB/T 30279-2020 and GB 42250-2022 and the following The following terms and definitions apply to this document. 3.1 securitydomain A collection of assets and resources that are subject to a common security policy. [Source. GB/T 25069-2022, 3.36] 3.2 A technology that uses physical methods to ensure that different security domains cannot be connected directly or indirectly. Note. Implement physical disconnection of different security domains, including disconnection in physical conduction and physical storage. 3.3 protocol conversionprotocolconversion A technology that extracts application data from public protocols based on the network and encapsulates it into a system-specific private protocol for data transmission. 3.4 Information ferry informationferry The information is transmitted from the security domain where the information source is located to the intermediate cache area, and then the information in the intermediate cache area is transmitted to the security domain where the information destination is located. Global data transmission technology. Note. At any one time, the intermediate cache area is connected to only one security domain. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20279-2024_English be delivered?Answer: Upon your order, we will start to translate GB/T 20279-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 20279-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20279-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 20279-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20279-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
