GB/T 25063-2010 English PDF
Basic dataStandard ID: GB/T 25063-2010 (GB/T25063-2010)Description (Translated English): Information security technology -- Testing and evaluation requirement for server security Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.020 Word Count Estimation: 35,352 Date of Issue: 2010-09-02 Date of Implementation: 2011-02-01 Quoted Standard: GB/T 5271.8-2001; GB 17859-1999; GB/T 21028-2007 Regulation (derived from): Announcement of Newly Approved National Standards No. 4 of 2010 (total 159) Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the server security assessment requirements, including the first level, second level, third level and fourth -level server security evaluation requirements. This standard does not specify the fifth level server security evaluation of the specific content requirements. This standard applies to information security evaluation agencies degree of protection from the point of view of server security evaluation work carried out. Information systems department and operational use of units, servers, hardware and software manufacturers can use and reference. GB/T 25063-2010: Information security technology -- Testing and evaluation requirement for server security---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology.Testing and evaluation requirement for server security ICS 35.020 L80 National Standards of People's Republic of China Information Security Technology Server security evaluation requirements 2010-09-02 release 2011-02-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of the People 's Republic of China China National Standardization Management Committee released Directory Preface III Introduction IV 1 Scope 1 2 normative reference document 1 3 terms and definitions, abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 1 4 first level safety assessment 2 4.1 hardware system 2 4.2 operating system 2 4.3 database management system 3 4.4 Application System 3 4.5 safe operation 4 4.6 SSOS self-protection 4 4.7 SSOS design and implementation 4 4.8 SSOS Security Management 5 5 second level safety assessment 5 5.1 Hardware system 5 5.2 operating system 6 5.3 database management system 7 5.4 Application System 8 5.5 Operational safety 9 5.6 SSOS own security protection 10 5.7 SSOS design and implementation 5.8 SSOS Security Management 10 6 Level 3 Safety Assessment 6.1 Hardware system 11 6.2 operating system 11 6.3 database management system 13 6.4 Application System 6.5 Operational safety 18 6.6 SSOS own security protection 18 6.7 SSOS design and implementation 6.8 SSOS Security Management 19 7 Level 4 Safety Assessment 7.1 Hardware system 19 7.2 operating system 20 7.3 database management system 7.4 Application System 7.5 Operational safety 27 7.6 SSOS own security protection 28 7.7 SSOS design and implementation 29 7.8 SSOS Security Management 29 8 Level 5 Safety Assessment Reference 30 ForewordThis standard by the National Information Security Standardization Technical Committee proposed and centralized. The drafting unit. Tide Group Co., Ltd., Ministry of Public Security Computer Information System Security Product Quality Supervision and Inspection Center. The main drafters of this standard. Huang Tao, Sun Dajun, Liu Gang, Shen Liang, Li Qingyu, Yan Bin, Gu Jian, Gu Wei.IntroductionThis standard is in line with GB/T 21028-2007 supporting the evaluation criteria to guide the evaluation staff from the information security level protection angle The evaluation of server security. This standard in accordance with GB/T 21028-2007 on the server 5 security level division requirements, respectively, from the hardware system, operation System, database management system, application system, operational security, SSOS own security, SSOS design and implementation and SSOS security management And other aspects of the eight different levels of security requirements of the server. With regard to the step-by-step increase in server security evaluation requirements for different security levels, in the descriptions of Chapters 4 through 7, each level is added Part with "bold". Information Security Technology Server security evaluation requirements1 ScopeThis standard specifies the evaluation criteria for server security, including the first, second, third and fourth level server security evaluation requirements. This standard does not specify the specific requirements of the fifth level server security assessment. This standard is applicable to the evaluation of the security of the server from the perspective of information security level protection. The main information system Management departments and operating units, the server hardware and software manufacturers can also refer to the use.2 normative reference documentsThe terms of the following documents are hereby incorporated by reference into this standard. Whichever is the date of the reference file, which is followed by all (Not including corrigenda) or revisions are not applicable to this standard, however, encourage the parties to reach an agreement under this standard Whether you can use the latest version of these files. For dated references, the latest edition of the document is applicable to this standard. GB/T 5271.8-2001 Information technology - Vocabulary - Part 8. Security (ISO /IEC 2382-8..1998, IDT) Classification rules for the classification of security levels for computer information systems GB 17859-1999 Information security technology - Server security - Technical requirements GB/T 3 terms and definitions, abbreviations 3.1 Terms and definitions GB/T 5271.8-2001, GB 17859-1999 and GB/T 21028-2007 established and the following terms and definitions apply to This standard. 3.1.1 Check the examination Evaluation of the evaluation of objects using observation, inspection, analysis and other methods of static assessment activities. 3.1.2 Testing The evaluator follows the relevant process and uses a predetermined method/tool to measure the object to produce a specific behavior. 3.1.3 Evaluation According to the inspection and testing of the information obtained by the evaluation of the object to conduct a comprehensive analysis to determine whether the technical requirements are consistent activity. 3.2 abbreviations SSOS server security subsystem securitysubsystemofserver SSF SSOS Security Function SSOSsecurityfunction SFP security function strategy securityfunctionpolicy SSC SSF control range SSFscopeofcontrol SSP SSOS security policy SSOSsecuritypolicy ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 25063-2010_English be delivered?Answer: Upon your order, we will start to translate GB/T 25063-2010_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 25063-2010_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 25063-2010_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
