Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 38632-2020 English PDF

Q: How long will the true-PDF of English version of GB/T 38632-2020 be delivered?

Upon your order, we will start to translate GB/T 38632-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.

Q: Can I share the purchased PDF of GB/T 38632-2020_English with my colleagues?

Yes. The purchased PDF of GB/T 38632-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Q: Does the price include tax/VAT?

Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Avoidance of Double Taxation Agreements (DTAs) between Singapore and 100+ Countries: https://www.iras.gov.sg/taxes/international-tax

Q: Do you accept my currency other than USD?

Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

US$259.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 38632-2020: Information security technology - Security requirements for application of intelligent audio-video recording device
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 38632-2020	259	Add to Cart	3 days	Information security technology - Security requirements for application of intelligent audio-video recording device	Valid

Similar standards

GB/T 38626 GB/T 38671 GB/T 38638 GB/T 38625

Basic data

Standard ID: GB/T 38632-2020 (GB/T38632-2020)
Description (Translated English): Information security technology - Security requirements for application of intelligent audio-video recording device
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 14,139
Date of Issue: 2020-04-28
Date of Implementation: 2020-11-01
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 38632-2020: Information security technology - Security requirements for application of intelligent audio-video recording device

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Security requirements for application of intelligent audio-video recording device ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Application safety requirements for intelligent audio and video capture equipment 2020-04-28 released 2020-11-01 implementation State Administration for Market Regulation Issued by the National Standardization Management Committee

Foreword Ⅰ 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Abbreviations 2 5 Overview 2 6 Safety technical requirements 2 6.1 Equipment safety technical requirements 2 6.1.1 Equipment identification and authentication 2 6.1.2 Access Control 2 6.1.3 Network connection and port 3 6.1.4 Data Security 3 6.1.5 Software installation 3 6.1.6 Pre-built software security 3 6.1.7 Security Audit 3 6.1.8 Supply Chain Security 3 6.1.9 Service Guarantee Security 4 6.2 Server-side security technical requirements 4 6.2.1 Identification 4 6.2.2 Access Control 4 6.2.3 Data Security 4 6.2.4 Security Audit 4 7 Safety management requirements 5 7.1 Safety management system 5 7.2 Procurement Management 5 7.3 Installation and commissioning management 5 7.4 Operation and maintenance management 5 7.5 Retirement and decommissioning management 6 Appendix A (informative appendix) System overview 7 Appendix B (informative appendix) Typical information security threats 8 Reference 10 Information Security Technology Application safety requirements for intelligent audio and video capture equipment

1 Scope

This standard specifies the safety technical requirements and safety management requirements for intelligent audio and video capture equipment. This standard applies to users' application security management of smart audio and video acquisition equipment deployed in key locations, and can be used to guide design Equipment and service providers carry out product information security design and production, and can also serve as relevant departments to improve the security of intelligent audio and video acquisition equipment. The basis for supervision, inspection and guidance.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 25069-2010 Information Security Technical Terms

3 Terms and definitions

The following terms and definitions defined in GB/T 25069-2010 apply to this document. 3.1 Intelligent audio and video capture equipment Electronic equipment that can collect and process audio or video information, and realize automatic or interactive functions through the network and server linkage. Note 1.It mainly includes network cameras, audio and video conference equipment, smart TVs with audio and video capture functions, and smart speakers. Note 2.Smart mobile terminals, personal computers, smart wearable devices and other devices with audio and video capture functions are not within the scope of this standard. 3.2 Intelligent audio and video capture equipment server Connect with intelligent audio and video acquisition equipment through the network to provide equipment management, user management, and Software and hardware equipment or systems with service functions such as authority management, data storage, and data forwarding. Note. usually includes application server, web server, streaming media server, data storage server and other components. 3.3 Malicious code Specially designed code with malicious purposes has features and capabilities that can directly or indirectly harm users and their computer systems. Note. It mainly includes viruses, worms, Trojan horses, ransomware, logic bombs, rogue software, etc. 3.4 Prebuilt software Software pre-installed when the device is delivered to the user. Note 1.Mainly includes firmware, system software and application software. Note 2.If the device software is different from the original equipment manufacturer's version at the time of delivery, the terminal software at the time of delivery is regarded as the preset software. 3.5 Original equipment manufacturer Enterprises that manufacture equipment according to certain technical specifications and sell equipment under specific brands and models. Note. When the equipment purchased by the user is not directly from the original equipment manufacturer, its function may be changed in the intermediate circulation link. 3.6 supplier Organizations that provide smart audio and video products or services. Note. Rewrite GB/T 36637-2018, definition 3.2. 3.7 User data Data generated by users or serving users, including data generated locally by users, data generated locally for users, in-use After the user’s permission, enter the data in the user data area from outside [GB/T 32927-2016, definition 3.1.12]

4 Abbreviations

The following abbreviations apply to this document.

5 overview

This standard proposes safety technical requirements and safety management requirements for intelligent audio and video acquisition equipment deployed in key locations. appendix A presents the system architecture composed of intelligent audio and video capture equipment and its server. Appendix B shows the smart audio and video capture equipment The typical information security threats faced include collecting and accessing user audio and video data without user consent, and attacking public networks by implanting malicious code. This standard involves the use of cryptographic technology to solve the requirements of confidentiality, integrity, authenticity, and non-repudiation. Standards and industry standards.

6 Safety technical requirements

6.1 Equipment safety technical requirements 6.1.1 Equipment identification and authentication Smart audio and video capture equipment should. a) Have a unique identification code as the identification of the device to protect the identification code to prevent tampering; b) Equipped with a mechanism for identifying the identity of the device, protecting the relevant authentication information and preventing the leakage of the authentication information. 6.1.2 Access Control Smart audio and video capture equipment should. a) Support the configuration of access control strategies for important resources such as network, storage, and files; b) Have mechanisms to prevent unauthorized access and use of sensors such as cameras and microphones, such as prompt dialog boxes, status indicators, physical switches, etc.; c) Clarify the implementation conditions of remote access and have a secure remote access mechanism. 6.1.3 Network connection and port Smart audio and video capture equipment should. a) Have a mechanism to turn on, turn off, disable or monitor the WLAN, Bluetooth, mobile communication, USB, SD, DVB-T and other wireless or wired interfaces of the device; b) Have a mechanism to close, prohibit or restrict the use of ports, protocols, and services on the device that are irrelevant to the actual application. 6.1.4 Data Security Smart audio and video capture equipment should. a) Through data encryption and other technologies, important user data (such as user account, password, location, document, picture, audio (Video, video, etc.) integrity and confidentiality; b) Protect the integrity and confidentiality of important user data stored on the device through technologies such as data encryption; c) No user data may be collected or modified without the user's consent. 6.1.5 Software installation Smart audio and video capture equipment should. a) Have a mechanism to enable or prohibit users from installing third-party software; b) No third-party software can be installed without the user's consent; c) When users install third-party software by themselves, verify the source and integrity of the software; when an unknown source or integrity is identified When it comes to the damaged software, remind the user to deal with it. 6.1.6 Pre-built software security Smart audio and video capture equipment should. a) The preset software must not contain other functions outside the function list; b) Have a security upgrade mechanism for the preset software, and obtain the user's consent when the software is upgraded; c) Protect the integrity of the firmware and prevent the firmware from being modified by means other than suppliers and authorized third parties. 6.1.7 Security Audit Smart audio and video capture equipment should. a) Able to switch machine, create user, change configuration, install and uninstall software, software upgrade, modify password, login failure, privilege use User login and other events, the audit record should include event type, event occurrence time, subject that triggered the event, and event processing Results and other information; b) Protect audit information to prevent unauthorized access, modification and deletion; c) Support the server to obtain the function of local related audit information. 6.1.8 Supply chain security Intelligent audio and video capture equipment. a) The key chips, key modules, operating systems and other components used should have a clear supply chain of manufacturers, origins, and suppliers information; b) When the product is delivered to the user, there should be no chips, modules, software, etc. that have been disclosed that have high-risk security defects and vulnerabilities Components. 6.1.9 Service guarantee security Smart audio and video capture equipment should. a) Before delivery to the user, after sufficient security testing, as far as possible to repair the discovered security defects, to ensure that the high-risk defects To repair; for security defects and vulnerabilities that have not been repaired in the development stage, implement security management for emergency repairs on the user side Process; b) After delivery to users, establish a continuous security assurance mechanism, and notify users in time when information security defects occur and provide repairs. Recovery method or emergency response plan. 6.2 Server security technical requirements 6.2.1 Identity authentication The server of intelligent audio and video capture equipment should. a) Support the identification and authentication of different users, and the user identification should be unique; b) Support the identification of smart audio and video capture equipment; c) When using a username/password authentication mechanism, ensure that the generation, management and use of passwords meet the requirements of relevant national standards; d) Confidentiality and integrity protection of user and device authentication information; e) When using security protocols for remote management, authentication mechanisms such as digital certificates or multi-factor authentication should be used. 6.2.2 Access Control The server of intelligent audio and video capture equipment should. a) On the basis of user identification, authorize management and access control of users; b) Set a period for the use of special access rights; c) Control the access rights of other applications. 6.2.3 Data Security Intelligent audio and video capture equipment server. a) Data encryption and other technologies should be used to protect the integrity and confidentiality of important user data during transmission; b) Data encryption and other technologies should be used to protect the integrity and confidentiality of important user data during storage; c) It should have disaster recovery and backup functions to ensure the availability of the system; d) It should be able to back up important data such as application data, system data, configuration data and audit logs. 6.2.4 Security Audit The server of intelligent audio and video capture equipment should. a) Have a security audit function to record important user behaviors and important security events; b) Include the date of the event, user, type of event, and whether the event was successful in the audit record; c) The time when the audit record is generated by the clock uniquely determined by the server system; d) Protect audit records to prevent unauthorized access, modification and deletion; e) It has the function of obtaining relevant audit information of intelligent audio and video acquisition equipment.

7 Safety management requirements

7.1 Safety management system In the process of applying intelligent audio and video capture equipment and server products, users should. a) Incorporate related products into the daily information security management system; b) Formulate corresponding security strategies and security management systems for standardizing procurement, delivery, operation and maintenance, and scrapping; c) Identify the person responsible for the safety of each product. 7.2 Procurement management When users purchase smart audio and video capture equipment and server products. a) Products that meet actual needs should be selected according to the principle of minimization of functions; b) It is advisable to purchase products that have passed the information security testing of a third-party testing agency authorized by the relevant state departments; c) Suppliers should be required to provide product function lists and function descriptions; d) The supplier shall be required to explain the information security design of the product; e) The supplier shall be required to explain the information security risks that may be encountered during the use of the product and the corresponding avoidance methods; f) Equipment suppliers, original equipment manufacturers and service providers should be distinguished, and their respective information security responsibilities and obligations should be clarified. 7.3 Installation and commissioning management When installing and debugging smart audio and video acquisition equipment and server products, users should. a) The supplier arranges professionals or authorized practitioners with relevant qualifications to carry out; b) Install and configure in strict accordance with the safety configuration manual provided by the supplier; c) Different passwords should be set for each device, and weak passwords or default user name passwords should not be set; d) Designate a person to supervise the entire installation and commissioning process; e) Designate a dedicated person for acceptance, record whether each indicator meets the requirements, form an acceptance test report, and require personnel involved in installation Confirmed by the staff; f) The supplier is required to explain the network deployment of the server. 7.4 Operation and maintenance management When operating and maintaining smart audio and video acquisition equipment and server products, users should. a) Establish a safe use guide in accordance with the operating specifications or instructions provided by the supplier, and operate the equipment according to the safe use guide Operation and maintenance to avoid excessive or incorrect use of equipment; b) Provide necessary safety training for operation and maintenance management personnel; c) Close unnecessary ports, protocols and services in accordance with the principle of minimum functionality, and close or disable unnecessary wireless and wired interfaces; d) When the network environment, personnel, system configuration and other elements change, recheck and update the access control strategy; e) Monitor the operating status of the system and the operating status of terminal equipment; f) Deploy intrusion detection and protection systems on important nodes and equipment to detect and respond to various network attacks in real time; g) Implement malicious code protection mechanisms on network entrances and exits and system hosts, and update malicious code protection software in a timely manner; h) Update the product according to the software upgrade version provided by the supplier, and back up the existing important files before the update; i) Establish an evaluation and review mechanism for third-party software installation; j) Regularly conduct safety inspections, safety audits and safety assessments on products; k) Establish an information security incident response mechanism, timely assess the impact of the situation, analyze the cause, and collect evidence; l) Include equipment and application environment into the scope of the organization's risk assessment. 7.5 Retirement and decommissioning management When scrapping or disabling smart audio and video capture equipment and server products, users should. a) First archive the information stored in the equipment used, and then completely remove all user-related information; b) If the intelligent audio and video capture equipment server is provided by a third party in the form of cloud services, the cloud service provider shall be required Clear all user-related information.

Appendix A

(Informative appendix) System Overview The intelligent audio and video acquisition equipment, user terminal, and intelligent audio and video acquisition equipment server form an application system through network connection, such as As shown in Figure A.1. Intelligent audio and video collection equipment is mainly responsible for the collection and processing of audio or video information, and conduct business data through the network and the server Exchange, typical smart audio and video capture equipment includes network cameras, video conferencing terminals, smart TVs with audio and video capture functions, and Smart speakers, etc. The user realizes the access to intelligent audio and video acquisition equipment and server resources through the user terminal. Typical user terminals include PC and Smart phones, in smart TV and video conferencing applications, smart audio and video capture devices themselves are also user terminals. The intelligent audio and video acquisition equipment server is to provide equipment management, user management, and authority management for the application business of intelligent audio and video acquisition equipment. Software and hardware devices and systems with service functions such as management, data storage, and data forwarding, usually including application servers, web servers, and streaming media services. Server, database server and other components. According to different application scenarios, the implementation of the intelligent audio and video capture device server can be a single device (such as a small video security device). In the defense system, a digital video recording device can be used as a server to realize the management of multiple video capture devices), which can be multiple servers Independent coexistence (for example, smart TV equipment can be connected to terrestrial broadcasting, Internet on-demand, somatosensory games, Multiple different servers, such as online music, etc.), or a structure where multiple servers coexist in a cascade (for example, in a large video security system, The server can be divided into two or three levels, and different levels of service are given different permissions according to different responsibilities), and cloud services can also be used The way.

Appendix B

(Informative appendix)......

Image

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 38632-2020_English be delivered?

Answer: Upon your order, we will start to translate GB/T 38632-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 38632-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 38632-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.