Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 32916-2023 English PDF

US$1799.00 · In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 32916-2023: Information security techniques - Guidelines for the assessment of information security controls
Status: Valid
Standard IDUSDBUY PDFLead-DaysStandard Title (Description)Status
GB/T 32916-20231799 Add to Cart 10 days Information security techniques - Guidelines for the assessment of information security controls Valid

Similar standards

GB/T 32918.1   GB/T 32918.2   GB/T 32915   GB/T 32920   GB/T 32914   

Basic data

Standard ID: GB/T 32916-2023 (GB/T32916-2023)
Description (Translated English): Information security techniques - Guidelines for the assessment of information security controls
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.030
Word Count Estimation: 90,986
Date of Issue: 2023-09-07
Date of Implementation: 2024-04-01
Older Standard (superseded by this standard): GB/Z 32916-2016
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 32916-2023: Information security techniques - Guidelines for the assessment of information security controls


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030 CCSL80 National Standards of People's Republic of China Replace GB /Z 32916-2016 Information security technology Information Security Control Assessment Guide Published on 2023-09-07 2024-04-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration Committee

Table of contents

Preface III Introduction IV 1 Scope 1 2 Normative reference documents 1 3 Terms and Definitions 1 4 Structure of this document 1 5 background 1 6 Overview of information security control assessment 2 6.1 Assessment process 2 6.2 Resources and Capabilities4 7 Assessment Methods 5 7.1 General 5 7.2 Process Analysis 6 7.3 Check 6 7.4 Testing and Validation 7 7.5 Sampling 8 8 Control Measures Assessment Process8 8.1 Preparation 8 8.2 Planning and evaluation 9 8.3 Implementation Assessment13 8.4 Analyzing and reporting results14 Appendix A (Informative) Initial Information Collection (Except Information Technology) 15 Appendix B (Informative) Technical Security Assessment Practical Guide 18 Appendix C (Informative) Cloud Service (Infrastructure as a Service) Technical Assessment Guide50 Appendix NA (informative) Correspondence between GB/T 22081-2016 and ISO /IEC 27002.2022 control measures 79 Reference 84

Foreword

This document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents" Drafting. This document replaces GB /Z 32916-2016 "Information Technology Security Technology Information Security Control Measures Auditor's Guide" and is consistent with GB /Z 32916- Compared with.2016, in addition to structural adjustments and editorial changes, the main technical changes are as follows. ---An introduction to sampling has been added to the evaluation method (see 7.5). This document is equivalent to ISO /IEC TS27008.2019 "Information Technology Security Technology Information Security Control Assessment Guide", document The type is adjusted from ISO /IEC technical specifications to my country's national standards. This document has made the following minimal editorial changes. a) In order to coordinate with existing standards, the name of the standard is changed to "Information Security Technology Information Security Control Assessment Guide"; b) Added Appendix NA. Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents. This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260). This document was drafted by. Beijing Saixi Certification Co., Ltd., China Electronics Technology Standardization Institute, China National Accreditation Service for Conformity Assessment Can Center, Beijing Times Xinwei Information Technology Co., Ltd., Huawei Technologies Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Beijing Shenzhou NSFOCUS Technology Co., Ltd., Shenzhen Hongtu Technology Co., Ltd., Midea Group Co., Ltd., China Software Evaluation Center (Industrial and Information Technology Ministry of Software and Integrated Circuit Promotion Center), Hangzhou Anheng Information Technology Co., Ltd., National Computer Network Emergency Response Technology Coordination Center Center, State Grid Xinjiang Electric Power Co., Ltd. Electric Power Research Institute, Xi'an Jiaotong University Jiepu Network Technology Co., Ltd., Beijing Tiandi Hexing Technology Co., Ltd. Company, Hangzhou Qulian Technology Co., Ltd., Zhejiang Electronic Information Products Inspection Institute, Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd. Co., Ltd., Shaanxi Provincial Network and Information Security Evaluation Center, Beijing Kingsoft Cloud Network Technology Co., Ltd., Shanghai Guanan Information Technology Co., Ltd. The company, Beijing University of Posts and Telecommunications, Hangzhou Zhongzheng Testing Technology Co., Ltd., Ma Ma Consumer Finance Co., Ltd., Information Engineering Research Institute of the Chinese Academy of Sciences Research Institute, Zhiwang Anyun (Wuhan) Information Technology Co., Ltd., Venus Information Technology Group Co., Ltd., and Xi'an University of Posts and Telecommunications. The main drafters of this document. Han Shuoxiang, Zhao Lihua, Fu Zhigao, Huang Junmei, Wang Huili, Zhou Xiaoyu, Liu Haijun, Zhao Hua, Wang Ling, Liu Fengsong, Ye Jianwei, Huang Pengcheng, Zhang Liangliang, Li Chunqi, Yu Zhengchen, Li Haotian, Liang Wei, Zhang Shijie, He Chuangxin, Zhang Jie, Xiong Weijun, Wang Bingzheng, Cai Beifang, Wang Wenlei, Zou Zhenwan, Yang Kun, He Jianfeng, Liu Lenong, Wei Zunbo, Yin Xiaodong, Wang Jing, Hang Xiao, Yu Lifang, Xie Jiang, Wang Dongbin, Cao Yu, Liu Zhiqiang, Han Dongxu, Wang Yanqing, Wang Hongliang, Zhu Zhixiang, Zheng Kun, Zhang Qiang, Gao Zhenzhen, Lu Yueming, Tian Lidan, Quan Xiaowen. The release status of this document and the previous versions it replaces are. ---First released in.2016 as GB /Z 32916-2016; ---This is the first revision.

Introduction

This document supports the information security risk management process given in GB/T 22080-2016, as well as the relevant information security identified Set of control measures. Information security controls should be applicable, effective and efficient. This document describes how to evaluate information security risks and other objectives. Evaluate the organization's information security controls to confirm that they are appropriate, effective, and efficient, or to identify the need for changes (improvement opportunities). information The ultimate goal of security controls as a whole is to adequately mitigate what the organization considers to be undesirable issues in a cost-effective and business-consistent manner. Acceptable and unavoidable information security risks. Based on business mission and objectives, organizational policies and requirements, identified threats and vulnerabilities, operational This document provides the flexibility needed to tailor the necessary assessment to operational considerations, information system and platform dependencies, and organizational risk considerations. active. For information security management system audit guidelines, see GB/T 28450-2020, and for information security management system audit and certification agencies See GB/T 25067-2020 for the requirements. Note. “Information security control measures” and “information security controls” can be used interchangeably in this document. For the definition of “control”, see GB/T 29246-2017. Information security technology Information Security Control Assessment Guide

1 Scope

This document provides guidance on the implementation and operation of information security controls and the assessment process, including information system control measures. Technical assessment, which is based on the information security requirements and technical assessment criteria established by the organization. This document explains how to evaluate information security controls managed by an information security management system specified in ISO /IEC 27001. Provide guidance. This document is suitable for organizations of all types and sizes conducting information security assessments and technical compliance checks.

2 Normative reference documents

The contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to this document. Note. GB/T 29246-2017 Information technology security technology information security management system overview and vocabulary (ISO /IEC 27000.2016, IDT)

3 Terms and definitions

The terms and definitions defined in ISO /IEC 27000 apply to this document.

4 Structure of this document

This document describes the process for evaluating information security controls, including technical assessments. Chapter 5 provides background information. Chapter 6 provides an overview of information security control assessment. Chapter 7 introduces evaluation methods. Chapter 8 introduces the information security control assessment process. Appendix A guides initial information collection. Appendix B guides technical assessment. Appendix C guides the technical evaluation of cloud services. Appendix NA gives the correspondence between the control measures in GB/T 22081-2016 and ISO /IEC 27002.2022.

5 background

Information security controls are the main means of dealing with unacceptable information security risks and keeping them within the acceptable risk level of the organization. means. ......
Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 32916-2023_English be delivered?

Answer: Upon your order, we will start to translate GB/T 32916-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 32916-2023_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 32916-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.