GB/T 34990-2017 English PDF

US$1479.00 · In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 34990-2017: Information security technology -- Technical requirements and testing evaluation approaches of information system security management platform products
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 34990-2017	1479	Add to Cart	10 days	Information security technology -- Technical requirements and testing evaluation approaches of information system security management platform products	Valid

Similar standards

GB/T 35273   GB/T 34953.4   GB/T 34953.2   GB/T 37027   GB/T 19713   

Basic data

Standard ID: GB/T 34990-2017 (GB/T34990-2017)
Description (Translated English): Information security technology -- Technical requirements and testing evaluation approaches of information system security management platform products
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 74,731
Date of Issue: 2017-11-01
Date of Implementation: 2018-05-01
Regulation (derived from): National Standard Announcement 2017 No. 29
Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China

GB/T 34990-2017: Information security technology -- Technical requirements and testing evaluation approaches of information system security management platform products

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology-Technical requirements and testing evaluation approaches of information system security management platform products ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Information System Security Management Platform Technical requirements and test evaluation methods Posted.2017-11-01 2018-05-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 2 4 Security Management Platform Overview 3 4.1 Security Management Platform Fundamentals 3 4.2 security management platform management object 4 4.3 security management platform to use the environment 5 4.4 Security Management Platform Security Level 5 5 functional requirements 6 5.1 Functional Composition 6 5.2 The basic function 7 5.2.1 Safety Strategy and Safety Management Functions Requirements 7 5.2.2 System Component Management Function Requirements 9 5.2.3 Security Mechanism Management Function Requirements 12 5.2.4 audit mechanism management function requirements 14 5.2.5 platform function data management function requirements 17 5.2.6 platform system interface functional requirements 19 5.2.7 platform cascading function requirements 21 5.3 Extended Functions 23 5.3.1 Physical Security Management 23 5.3.2 Security Risk Management 24 5.3.3 Other extensions 25 6 safety requirements and protection requirements 25 6.1 Safety Requirements 25 6.1.1 Identification 25 6.1.2 Non-repudiation 27 6.1.3 Access Control 27 6.1.4 Security Audit 28 6.1.5 Integrity Protection 29 6.1.6 Confidentiality Protection 30 6.1.7 Intrusion and Malicious Code Prevention 31 6.1.8 Software Fault Tolerance and Resource Control 32 6.1.9 Trusted Path 32 6.1.10 password support 32 6.2 Security Requirements 33 6.2.1 Configuration and equipment selection 33 6.2.2 Delivery and Operation 34 6.2.3 Development 34 6.2.4 Guidance Document 36 6.2.5 Test 37 6.2.6 Vulnerability Assessment 37 6.2.7 Life Cycle Support 38 7 Test Evaluation Method 39 7.1 Test Evaluation Range 39 7.2 platform function test 40 7.2.1 Security Strategy and Security Responsibility Management Function Test 40 7.2.2 System Component Management Function Test 42 7.2.3 Security Mechanism Management Function Test 44 7.2.4 audit mechanism management function test 47 7.2.5 data management function test 50 7.2.6 Interface Management Function Test 52 7.2.7 Cascading function test 53 Appendix A (Informative) Safety Management Platform Technical Requirements Security classification 56 Appendix B (informative) platform for various types of management object control process description 59 Appendix C (Informative) Security Management Platform in the cloud computing applications 63 Appendix D (Informative) Information System Security Mechanism Reference References 69

Foreword

This standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents. This standard by the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This standard was drafted unit. The first Ministry of Public Security Institute, Beijing Branch of Granville Information Technology Co., Ltd., Beijing Jiangnan Tian An Technology Co., Ltd. Division, Ministry of Public Security Computer Information System Security Product Quality Supervision and Inspection Center, Zhejiang Yuan Wang Electronics Co., Ltd., China Telecom Co., Ltd. Beijing Research Institute, Beijing Meditation Technology Co., Ltd., Beijing Venus Information Technology Co., Ltd., Beijing Cyber Cyber Technology Co., Ltd. Company, Beijing Huacheng Technology Development Co., Ltd., Beijing Chu Zhi Technology Co., Ltd., Beijing He Yun Information Technology Co., Ltd. The main drafters of this standard.Hu Zhiang, Chen Guan straight, Jing Yuan, Yin Guoqiang, Zhang Xiang, Su Zhirui, Zhang Xiao laugh, Fu Ruyi, Liu Bing, Ming Xu, Hutuo, Wang Lei, Li Dapeng, Li Qingyu.

Introduction

This standard, the safety management platform is able to meet the needs of the national information security management, reflecting the organization's management will to information security policy Slightly and management responsibility as the main line, with the information system components management, security mechanism management, audit mechanism management as the main means of information security Full management of object identification, security policy settings, security monitoring mechanisms, security incidents as the main work process to achieve information security management and the letter Interest security technology organically integrated security management center of the key technical support products. Security management platform for different levels of security Information system, but also more conducive to the safe centralized management of key information infrastructure. This standard based on the national information security level protection requirements, put forward a unified platform for the management of security mechanisms, provides for the security management platform Technical requirements and test evaluation methods. Chapter 4 of this standard safety management platform overview, a clear basic principle, management object, the use of the environment And security level. Chapter 5, the functional requirements of the safety management platform, elaborated the function constitution, the basic function, the extended function; Among them the basic function, Including safety strategy and safety management functions, system components management functions, safety management functions, audit mechanism Management function requirements, platform function data management function requirements, platform system interface function requirements, platform cascade function requirements; extended functions including Physical security management, security risk management and other extended functional requirements. Chapter 6 safety management platform security requirements and security requirements, elaborated The platform's own security requirements, security requirements. The seventh chapter safety management platform test evaluation method, expounds the test evaluation scope, platform function test. The appendices of this standard are informative appendices, of which Appendix A describes the safety management platform security requirements for technical classification, Appendix B describes the platform for all types of management object control process description, Appendix C illustrates the security management platform in cloud computing applications, Appendix D describes the information system security mechanism reference. Information Security Technology Information System Security Management Platform Technical requirements and test evaluation methods

1 Scope

This standard specifies the safety management platform based on information security strategy and management responsibilities of systems management, security management, audit management and other work Can, as well as platform function requirements of object recognition, policy setting, security monitoring, event handling and other processes, the platform's own security requirements, protection Seeking, and testing evaluation methods. This standard applies to the safety management platform planning, design, development and testing evaluation, as well as in the Information Systems Security Management Center application.

2 Normative references

The following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. Computer Information Systems - Security Protection Classification Guidelines GB/T 18018 Information Security Technology Router Security Technical Requirements Information security technology Information system security management requirements GB/T 20270 Information Security Technology Network Security Requirements Information security technology Operating system security technology requirements GB/T 20273 Information security technology database management system security technical requirements GB/T 20275 Information Security Technology Network Intrusion Detection System Technical Requirements and Test Evaluation Methods GB/T 20279 Information Security Technology Network and terminal isolation product safety technical requirements GB/T 20281 Information security technology Firewall security technical requirements and test evaluation methods GB/T 20945 Information security technology Information system security audit product technical requirements and test evaluation methods Information security technology Information security risk assessment code GB/T 21028 Information Security Technology Server Security Technology Requirements GB/T 21050 Information Security Technology Network Switch Security Technical Requirements (Evaluation Guarantee Level 3) GB/T 21052 Information Security Technology Information Systems Physical Security Technical Requirements Information technology - Security technology - Information security management - Practical rules Information security technology - Information system - Security level protection - Basic requirements GB/T 22239-2008 Information security technology Information security emergency response plan specification GB/T 25055 information security technology public key infrastructure security support platform technology framework Information technology - Security terminology Information security technology Information system level protection Security design technical requirements GB/T 28451 Information Security Technology Network Intrusion Prevention Product Technical Requirements and Test Evaluation Methods Information security technology application software systems - General safety requirements Information security technology Information system security management assessment requirements GB/T 29240 Information Security Technology Terminals Computer General Security Technical Requirements and Test Evaluation Methods GB/T 29244 Information security technology office equipment basic safety requirements ......

Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 34990-2017_English be delivered?

Answer: Upon your order, we will start to translate GB/T 34990-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 34990-2017_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 34990-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.