GBZ24294.2-2017 English PDFUS$359.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GBZ24294.2-2017: Information security technology -- Guide of implementation for Internet-based e-government information security -- Part 2: Access control and secure exchange Status: Valid
Basic dataStandard ID: GB/Z 24294.2-2017 (GB/Z24294.2-2017)Description (Translated English): Information security technology -- Guide of implementation for Internet-based e-government information security -- Part 2: Access control and secure exchange Sector / Industry: National Standard Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 18,192 Date of Issue: 2017-05-31 Date of Implementation: 2017-12-01 Older Standard (superseded by this standard): GB/Z 24294-2009 Quoted Standard: GM/T 0022-2014 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the two stages of Internet e-government sub-domain control, in the access control stage, access control structure, access security device function, access authentication, access control rules, access control management and so on Guidance recommendations; in the safe exchange phase, the requirements for secure exchange patterns, custom data security exchange requirements, and data flow security exchange are required. This standard applies to organizations that do not have e-government external network or do not have leased communication network line conditions. Based on the Internet, we will carry out e-government security access control strategy design, project implementation and system development, which is not involved in state secrets. Personnel, information security product providers to carry out information security planning and construction to provide management and technical reference. Involving GBZ24294.2-2017: Information security technology -- Guide of implementation for Internet-based e-government information security -- Part 2: Access control and secure exchange---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology. Guide to implementation for Internet-based e-government information security. Part 2. Access control and secure exchange ICS 35.040 L80 People's Republic of China national standardization of technical guidance documents Partially replace GB /Z 24294-2009 Information Security Technology Internet-based e-government information security implementation guidelines Part 2. Access control and security exchange e-governmentinformationsecurity-Part 2.Accesscontrolandsecureexchange 2017-05-31 released 2017-12-01 Implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Abbreviations 2 5 sub-domain control 3 6 access control 3 6.1 Access Control Structure 3 6.1.1 Access Control Composition 3 6.1.2 access control method 4 6.2 Access Control Function 4 6.2.1 Access Control Security Features 4 6.2.2 Access Control Adaptability 5 6.3 access authentication 5 6.3.1 User Access Authentication Policy 6.3.2 user access platform 5 6.3.3 user access authentication 5 6.4 Access Control Rules 6 6.4.1 User Access Control Rules 6 6.4.2 Packet Access Control Rules 6 6.4.3 Terminal isolation and recovery rules 7 6.5 Access Control Management 7 6.5.1 Unified Access Security Management 7 6.5.2 Access User Management 7 6.5.3 Security Policy Management 7 6.5.4 Security Audit Management 7 7 Information Security Exchange 8 7.1 Information Security Exchange Requirements 7.1.1 information security isolation requirements 8 7.1.2 Information Security Sharing Requirements 8 7.1.3 Exchange Policy Customization Requirements 8 7.1.4 Exchange Data Security Requirements 9 7.1.5 Exchange Behavior Regulatory Requirements 9 7.2 Information Security Exchange Mode 9 7.2.1 Custom Data Security Exchange Mode 9 7.2.2 Data Flow Security Exchange Mode 10 7.3 Custom Data Security Exchange Mode Technical Requirements 11 7.3.1 Custom Exchange Strategy 11 7.3.2 Custom Data Security Exchange Adaptation 11 7.3.3 Exchange data content security 11 7.3.4 Exchange Process Security 11 7.3.5 Exchange Network Connection Security 12 7.3.6 Exchange Behavior Audit 12 7.4 data stream security exchange mode technical requirements 12 7.4.1 Data Source Certification 12 7.4.2 Data Stream Integrity Verification 13 7.4.3 Data Flow Content Detection 13 ForewordGB /Z 24294 "Information Security Technology Internet-based e-government information security implementation guidelines" is divided into four parts. --- Part 1. General principles; --- Part 2. Access control and security exchange; --- Part 3. Identity and authorization management; --- Part 4. Terminal Security. This section GB /Z 24294 Part 2. This section drafted in accordance with GB/T 1.1-2009 given rules. Part of this section instead of GB /Z 24294-2009 "Information Security Technology Internet-based e-government information security implementation guidelines," and GB /Z 24294-2009 compared to the main technical changes are as follows. --- given access control structure and implementation methods; --- Access control functions, network adaptability put forward new basic requirements, detailed details of the access authentication, access control rules and Access control management requirements, more suitable for e-government security access control needs; --- Added to the security exchange information security exchange mode classification; --- For security exchange to complement the custom data security exchange mode technical requirements and data flow security exchange mode technical requirements. Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents. This part of the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This part of the drafting unit. People's Liberation Army Information Engineering University, China Electronics Standardization Institute, Beijing Tian Rong Xin Technology Co., Ltd. Zheng Dazhou Great Information Technology Co., Ltd. The main drafters of this section. Chen Xingyuan, Du Xuehui, Sun Yi, Xia Chuntao, Cao Li-feng, Zhang Dongwei, Ren Zhiyu, Luo Feng surplus, Shangguan Xiao Li, Dong Guohua. This part replaces the standards previously issued as. --- GB /Z 24294-2009.IntroductionAs an important information infrastructure of e-government in our country, the Internet has improved the efficiency of office and saved resources and costs Internet openness, access to users, access terminals, diversification of access means, e-government system security requirements and e-government system The contradiction between openness and so on, will make the e-government system is facing illegal access, unauthorized access, information can not be safely shared Question, should be given high priority. To ensure that government users can legally access Internet e-government system security area to prevent illegal access and Unauthorized access, as well as inter-domain information security exchange specially formulated this part to promote the Internet in our e-government security applications. This section puts forward the safety function requirements of security access and security exchange in two stages. Based on the Internet e-government information security department System structure design, network access, information security sharing to provide guidance. This section first of all the domain control and inter-domain information security exchange mode Described, and then separately from the access control and information security exchange technology two stages described. In the access control phase, the first access Control mode is described, a clear access control of the composition, function and access requirements; then access authentication, sub-domain control to Seeking to regulate, clear the access authentication, access equipment functions and other requirements, and describes the implementation of sub-domain control rules; Finally, access control rules Then, the access management has been described, clear access control policies and security management requirements under different circumstances. In the security exchange phase, first of all Describe the security needs of Internet e-government information security exchange; Define the model based on Internet e-government information security exchange Then, the paper puts forward the key aspects of implementing information security exchange in the mode of secure exchange of customized data and the secure exchange of data stream respectively related requirements. This section is mainly applicable to no e-government outside the network line or not leased communication network line conditions of organizations, based on the Internet To carry out e-government construction that does not involve state secrets, when construction needs are met, it can be securely docked with the e-government extranet in accordance with the security strategy. Information Security Technology Internet-based e-government information security implementation guidelines Part 2. Access control and security exchange1 ScopeGB /Z 24294 of this part of a clear Internet e-government sub-domain control of two stages, access control phase, access control Structure, access safety equipment functions, access certification, access control rules, access control management and other aspects of the guidelines given recommendations; in safety Exchange phase, the safety of the exchange mode, custom data security exchange requirements, data flow safety requirements for the exchange of guidance to give recommendations. This section applies to no e-government outside the green line or not leased communication network dedicated line organization, based on the Internet E-government security access control strategy design, engineering implementation and system research and development that do not involve state secrets, for managers, engineers and technicians, Information Security Products Providers Provide Management and Technical Reference for Information Security Planning and Construction. Involving state secrets, or the storage, handling, Transmission of information gathering may involve state secrets, in accordance with national security regulations and standards.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. GM/T 0022-2014 IPsec VPN Technical Specifications3 Terms and definitionsThe following terms and definitions apply to this document. 3.1 Access authentication method accessauthenticationmethod Access to the main body of the legitimacy of the inspection methods and means used to ensure the legitimacy of access. 3.2 Access control rules accesscontrolrule For different access agents, develop appropriate security rules to prevent access to the internal network resources of unauthorized access and ultra vires access. 3.3 Access the main group accesssubjectgroup Users, hosts, subnets, address segments, physical network interfaces, services and the like belonging to the same security domain belong to the same access attribute For the same group, the resources accessed by members in each group are the same, and the group is identified by the group object name. 3.4 Access subject accesssubject Can access to the internal network of end users, equipment, regions, network segments. Visitors who access the internal network have their own Name, the alias is called the object name. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ24294.2-2017_English be delivered?Answer: Upon your order, we will start to translate GBZ24294.2-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GBZ24294.2-2017_English with my colleagues?Answer: Yes. The purchased PDF of GBZ24294.2-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
