RB/T 212-2023 English PDFUS$399.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. RB/T 212-2023: Requirements for evaluation of website security test services Status: Valid
Basic dataStandard ID: RB/T 212-2023 (RB/T212-2023)Description (Translated English): Requirements for evaluation of website security test services Sector / Industry: Chinese Industry Standard (Recommended) Classification of Chinese Standard: A00 Classification of International Standard: 03.120.20 Word Count Estimation: 20,252 Date of Issue: 2024-05-20 Date of Implementation: 2024-07-01 Issuing agency(ies): National Certification and Accreditation Administration RB/T 212-2023: Requirements for evaluation of website security test services---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.ICS 03.120.20 CCSA00 Certification and Accreditation Industry Standards of the People's Republic of China Website Security Assessment Service Security Evaluation Requirements Released on 2024-05-20 2024-07-01 Implementation The National Certification and Accreditation Administration issued Published by China Standards Press Table of ContentsPreface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Evaluation Principles 2 5 Evaluation Method 2 6 Evaluation process 3 7 Evaluation content 3 Appendix A (Informative) Website Security Assessment Service Security Risk Analysis 9 Reference 10ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting regulations for standardization documents" Drafting. Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document is proposed and coordinated by the Certification and Accreditation Administration of the People's Republic of China. This document was drafted by. China Cybersecurity Review and Certification and Market Supervision Big Data Center, Beijing University of Posts and Telecommunications, China Electronics Technology Group The 15th Research Institute of the Group, Beijing Information Security Evaluation Center, Beijing Hongrong Xinan Technology Co., Ltd., Beijing Anxin Duole Technology Co., Ltd. company. The main drafters of this document are. Fan Hua, Kou Chunxiao, Lu Yueming, Suo Yanfeng, Li Yuan, He Zhiming, Du Lin, Gan Jiefu, Hu Shi, Zheng Xiaoxiao, Zhai Yahong, Duan Jinghui, Kan Ming, Liu Junjun, Hua Duo.IntroductionIn.2017, the first specialized legislation in the field of cybersecurity in my country, the Cybersecurity Law of the People’s Republic of China, was implemented. The State promotes the construction of a socialized network security service system and encourages relevant enterprises and institutions to carry out network security certification, testing and risk assessment. Security Services”, affirming the important role of network security services in ensuring national network security from a legal perspective. The website system is It provides users with a container for information sharing, browsing, publishing and deploying application systems. With the rapid development of Internet technology, website systems have been greatly The website system contains a large number of visual web pages, executable programs, and These important resources are at risk of being illegally tampered with, leaked, lost, etc. The website security assessment uses technical means to scan the website for vulnerabilities, detect whether the webpage has vulnerabilities, whether the webpage is infected with Trojans, and whether the website is infected with Trojans. Check whether the page has been tampered with, whether there are fraudulent websites, etc. to ensure the safe operation of the website and improve the security quality of website services. The evaluation service requires testing the website for web page Trojans, data encryption, web page tampering, and even CC, SQL injection attacks, XSS cross-site attacks, etc. Immature security assessment technologies and tools, as well as irregular operations, will introduce new security issues. Therefore, it is important to ensure that the assessment service provider works The security and reliability of a website are the premise and basis for security assessment. Website Security Assessment Service Security Evaluation Requirements1 ScopeThis document establishes the evaluation principles for website security assessment services, and specifies the evaluation methods, evaluation process and evaluation Price content. This document is applicable to third-party evaluation agencies to evaluate the security level of website security evaluation service providers. Service providers and parties requiring website security assessment services may use this information for their own reference.2 Normative referencesThe contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 5271.8-2001 Information technology vocabulary Part 8.Security GB/T 25069-2022 Information Security Technical Terminology3 Terms and definitionsThe terms and definitions defined in GB/T 5271.8-2001, GB/T 25069-2022 and the following apply to this document. 3.1 website A system or platform that uses the Internet to publish information, provide online services, and conduct online interactive communication. Note. This includes pages that provide display and interaction functions for users, as well as applications, middleware, servers, etc. that generate and process pages. 3.2 website security website security Take a series of measures to prevent websites from being hacked, web pages from being tampered with, data from being leaked, traffic from being hijacked, etc., so as to ensure the security of the website. security, confidentiality, integrity and availability. 3.3 Website security test websitesecuritytest Carry out activities to discover problems, verify compliance and effectiveness for website security. 3.4 An organization that provides website security assessment services through professional website security assessment service personnel in accordance with the service agreement. [Source. GB/T 32914-2016, 3.3, modified] 3.5 Organizations (or individuals) that obtain externally provided website security assessment services to meet website security needs and achieve their own business goals household). [Source. GB/T 32914-2016, 3.2, modified] ...... |
