GB/T 29240-2024 English PDFUS$629.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 29240-2024: Cybersecurity technology - General security technical specification for terminal computer Status: Valid GB/T 29240: Historical versions
Basic dataStandard ID: GB/T 29240-2024 (GB/T29240-2024)Description (Translated English): Cybersecurity technology - General security technical specification for terminal computer Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 31,375 Date of Issue: 2024-10-26 Date of Implementation: 2025-05-01 Older Standard (superseded by this standard): GB/T 29240-2012 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 29240-2024: Cybersecurity technology - General security technical specification for terminal computer---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT29240-2024 ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 29240-2012 Cybersecurity Technology General security technical specifications for terminal computers Released on October 26, 2024 Implementation on May 1, 2025 State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 Overview 2 6 Safety Technical Requirements 2 6.1 Security Functional Requirements 2 6.2 Security Requirements 6 7 Test Evaluation Method 8 7.1 General Description 8 7.2 Test Environment 8 7.3 Safety Function Requirements Testing and Evaluation 8 7.4 Security Assurance Requirements Testing and Evaluation 18 Appendix A (Normative) Terminal Computer Security Technical Requirements Grading Table 24 Reference 25 Preface This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 29240-2012 "Information security technology terminal computer general security technical requirements and test evaluation method" Compared with GB/T 29240-2012, the main technical changes in addition to the editorial revisions are as follows. --- Added "General Principles" (see Chapter 5); --- Deleted "Hardware System" (see 4.1.1.1, 4.2.1.1, 4.3.1.1, 4.4.1.1, 4.5.1.1 of the.2012 edition); --- Deleted "operating system" (see 4.1.1.2, 4.2.1.2, 4.3.1.2, 4.4.1.2, 4.5.1.2 of the.2012 edition); --- Deleted "SSOTC own safety protection" (see 4.1.2, 4.2.2, 4.3.2, 4.4.2, 4.5.2 of the.2012 edition); --- Deleted "Password support" (see 4.2.1.3.1, 4.3.1.3.1, 4.4.1.3.1, 4.5.1.3.1 of the.2012 edition); --- Deleted "Data confidentiality protection" (see 4.2.1.3.4, 4.3.1.3.5, 4.4.1.3.7, 4.5.1.3.7 of the.2012 edition); --- Deleted "SSOTC Management" (see 4.1.4, 4.2.4, 4.3.4, 4.4.4, 4.5.4 of the.2012 edition); --- Added "Hardware Interface Security" (see 6.1.1); --- Added "BIOS Firmware Security" (see 6.1.2); --- Added "Personal Information Security" (see 6.1.3); --- Modified "Identification and Authentication" (see 6.1.4, 4.2.1.3.3, 4.3.1.3.4, 4.4.1.3.6, 4.5.1.3.6 of the.2012 edition); --- Added "Access Control" (see 6.1.5); --- Modified "Runtime Protection" (see 6.1.6,.2012 edition 4.1.1.3.1, 4.2.1.3.2, 4.3.1.3.2, 4.4.1.3.3, 4.5.1. 3.3); --- Modified "Safety Audit" (see 6.1.7, 4.2.1.3.5, 4.3.1.3.6, 4.4.1.3.9, 4.5.1.3.9 of the.2012 edition); --- Modified "Safety Analysis" (see 6.1.8, 4.3.1.3.3, 4.4.1.3.4, 4.5.1.3.4 of the.2012 edition); --- Modified "Backup and Recovery" (see 6.1.9, 4.1.1.3.2, 4.2.1.3.6, 4.3.1.3.7, 4.4.1.3.10, 4.5.1.3.10 of the.2012 edition); --- Added "trustworthiness measurement" (see 6.1.10); --- Added "Wireless Security" (see 6.1.11); --- Added "Configuration Baseline Check" (see 6.1.12); --- Modified "Safety Assurance Requirements" (see 6.2, 4.1.3, 4.2.3, 4.3.3, 4.4.3, 4.5.3 of the.2012 edition); --- Modified "Test and Evaluation Methods" (see Chapter 7, Chapter 5 of the.2012 edition); --- Added the normative appendix "Terminal Computer Security Technical Requirements Grading Table" (see Appendix A). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document is proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. The Third Research Institute of the Ministry of Public Security, Lenovo (Beijing) Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., Sangfor Technologies Co., Ltd., Beijing Topsec Network Security Technology Co., Ltd., Qi'anxin Wangshen Information Technology (Beijing) Co., Ltd. Company, Venusstar Information Technology Group Co., Ltd., Xi'an Jiaotong University Jabil Network Technology Co., Ltd., Shenzhen Rongan Network Technology Co., Ltd. Co., Ltd., Blue Elephant Standard (Beijing) Technology Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Hangzhou Anheng Information Technology Co., Ltd., Antiy Technology Group Co., Ltd., AsiaInfo Technologies (Chengdu) Co., Ltd., HP China Co., Ltd., Inspur Electronic Information Industry Co., Ltd. Co., Ltd., 360 Technology Group Co., Ltd., Zhongfu Information Co., Ltd., and the National Engineering Research Center for Common Technologies in Information Security of China Science and Technology Co., Ltd., the 15th Research Institute of China Electronics Technology Group Corporation, Tencent Cloud Computing (Beijing) Co., Ltd., Beijing Shuanxing Technology Co., Ltd. Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Blue Shield Information Security Technology Co., Ltd., Feiteng Information Technology Co., Ltd., Beijing Luoan Technology Co., Ltd., State Grid Blockchain Technology (Beijing) Co., Ltd., Huawei Technologies Co., Ltd., Datang Gaohong Security (Zhejiang) Information Technology Co., Ltd., Beijing Shengxin Network Technology Co., Ltd., Bozhi Security Technology Co., Ltd., Guangdong Information Security Evaluation Center, Neusoft Group Co., Ltd., Beijing Baidu Netcom Technology Co., Ltd., Taikang Insurance Group Co., Ltd., Beijing Beixin Source Software Co., Ltd. The main drafters of this document are. Li Yi, Qiu Zihua, Song Haohao, Hu Weina, Wang Zhijia, Li Qian, Li Ruxin, Hua Chang, Zhao Hua, Liang Lianyi, Han Xiude, He Jianfeng, Liu Chen, Dong Jingjing, Wang Dunquan, Huang Chao, Zhang Yuntao, Su Zhenyu, Hu Jianxun, Xi Qianyue, Liu Qiang, Wang Yan, Xiao Huibo, Zhang Zhilei, Liao Shuangxiao, Yang Shaobo, Yang Yuanyi, Liu Jun, Zhang Yajing, Wen Jinyi, Wang Zhibin, Song Xiaopeng, Liu Yuhong, Wan Miao, Xiao Zhizhong, Pan Biao, Feng Yanchao, Shi Zhuyu, Huayang Qiao, Shi Li, Jinhong Ye, Xiangli Liu, Chi Zheng, Tao Fu, Jianchao Bian, Lin Tan, Jin Cui, Jianling Guo, Binjie Huang, and Hua Yang. The previous versions of this document and the documents it replaces are as follows. ---First published in.2012 as GB/T 29240-2012; ---This is the first revision. Cybersecurity Technology General security technical specifications for terminal computers 1 Scope This document specifies general security technical requirements for terminal computers and describes test and evaluation methods. This document is intended to guide the design, development, testing, and evaluation of common security functions for terminal computers. 2 Normative references The contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 5271.1-2000 Information technology vocabulary Part 1.Basic terms GB/T 18336.1-2024 Cybersecurity techniques Information technology security assessment criteria Part 1.Introduction and general model GB/T 18336.3-2024 Cybersecurity Technology Information Technology Security Assessment Criteria Part 3.Security Assurance Components GB/T 20272-2019 Information security technology Operating system security technical requirements GB/T 25069 Information Security Technical Terminology GB/T 30278-2013 Information security technology - Core configuration specification for government computer terminals GB/T 35273-2020 Information Security Technology Personal Information Security Specification GB/T 37092-2018 Information security technology - Security requirements for cryptographic modules GB 42250-2022 Information security technology - Safety technical requirements for network security products GM/T 0012-2020 Trusted Computing Trusted Cryptographic Module Interface Specification 3 Terms and Definitions GB/T 18336.1-2024, GB/T 18336.3-2024, GB/T 5271.1-2000 and GB/T 25069 and the following The following terms and definitions apply to this document. 3.1 terminal computer A computer for personal use that can independently process data and provide access to network services. Note 1.The terminal computers in this document do not include mobile smart terminals (mobile phones, tablets), vehicle-mounted smart terminals, smart TVs, wearable devices, etc. equipment. Note 2.Terminal computers usually consist of hardware systems, operating systems, and application systems (including tool software, security software, and other software that provide support for users to access the network). other application software) and other parts. 3.2 A general term for security protection components within terminal computers, including hardware, firmware, software, and a combination responsible for executing security policies. Note. The terminal computer security subsystem establishes a basic terminal computer security protection environment and provides additional user services required by the terminal computer. The terminal computer security subsystem needs to provide security protection for the terminal computer from aspects such as hardware system, operating system, application system and system operation. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 29240-2024_English be delivered?Answer: Upon your order, we will start to translate GB/T 29240-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 29240-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 29240-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 29240-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 29240-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
