HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GA/T 1140-2014 English PDF

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GA/T 1140-2014English839 Add to Cart 4 days [Need to translate] Information security technology. Security technical requirements for web application firewall Obsolete GA/T 1140-2014

PDF similar to GA/T 1140-2014


Standard similar to GA/T 1140-2014

GB/T 37230   GA/T 1059   GB 13954   GA/T 1137   GA/T 1138   GA/T 1136   

Basic data

Standard ID GA/T 1140-2014 (GA/T1140-2014)
Description (Translated English) Information security technology. Security technical requirements for web application firewall
Sector / Industry Public Security (Police) Industry Standard (Recommended)
Classification of Chinese Standard A90
Classification of International Standard 35.240
Word Count Estimation 21,268
Quoted Standard GB 17859-1999; GB/T 25069-2010; GB/T 18336.1-2008; GB/T 18336.2-2008; GB/T 18336.3-2008
Regulation (derived from) Announcement on Releasing Public Safety Industry Standard (Year of 2014)
Issuing agency(ies) Ministry of Public Security
Summary This standard specifies the security functional requirements, security assurance requirements and classification requirements for web application firewalls. This standard applies to web application firewall design, development and testing.

GA/T 1140-2014: Information security technology. Security technical requirements for web application firewall


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology.Security technical requirements for web application firewall ICS 35.240 A90 People's Republic of China Public Security Industry Standards Information Security Technology web application firewall security technical requirements Issued on. 2014-03-12 2014-03-12 implementation People's Republic of China Ministry of Public Security

Table of Contents

Introduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Abbreviations 1 5 web application firewall Description 2 2 6 Security Environment 6.1 Hypothesis 2 6.2 Threat 2 6.3 3 Organization for Security Policy 7 security objectives 3 7.1 Product Safety Objective 3 7.2 Objective 4 Environmental Safety 8 security functional requirements 4 8.1 protection 4 8.2 Protection Strategy 5 8.3 response processing 5 Reports and statistics 8.4 5 8.5 HTTPS Support 6 8.6 Bypass function 6 8.7 pairs of hot standby 6 6 8.8 upgrade capability 8.9 identification and authentication 6 8.10 Security 7 8.11 Audit Logs 7 8 9 Security assurance requirements 9.1 Configuration Management 8 9.2 Delivery and Operation 9 9.3 Development 9 9.4 guidance document 10 11 9.5 Life Cycle Support 9.6 Test 11 9.7 Vulnerability assessment 12 10 basic principles of technical requirements 13 10.1 13 basic principles of security functional requirements 10.2 14 basic principles of security assurance requirements 11 Classification of claim 14 11.1 Overview 14 11.2 Classification of security functional requirements 14 11.3 Classification of security assurance requirements 15

Foreword

This standard was drafted in accordance with GB/T 1.1-2009 given rules. This standard was proposed by the Ministry of Public Security Network Security Protection Agency. This standard is under the jurisdiction of the Ministry of Public Security Information System Standardization Technical Committee. This standard was drafted. Ministry of Public Security of Computer Information System Security Product Quality Supervision and Inspection Center, Hangzhou Hengxin Information Technology Co., Division, Digital Network (Beijing) Co., Ltd., Beijing Science and Technology Development Co., Ltd. Linktrust, Beijing China Green League of information security technology shares Ltd., Blue Shield Information Security Technology Co., Ltd., Shanghai-day Thai Network Technology Co., Ltd., Third Institute of Ministry of Public Security. The main drafters of this standard. Excellent Yu, Lu Zhen, Li, Gu Jian, Zhang smiled, Zhang Yan, Yang Yuan, Yuan Fan, Sun Xiaoping, Huang Jian, high Jiming, Qin Bo, Yang Yubin, Ye Zhiqiang.

Introduction

This standard is described in detail and web application firewall security environment-related assumptions, threats and organizational security policies should define the web Use a firewall for security purposes and its supporting environment, demonstrated safety and functional requirements can be traced back cover product safety purposes, safety purposes can Traceability and safety covering environment-related assumptions, threats and organizational security policies. The standard base-level reference to GB/T 18336.3-2008 prescribed level EAL2 security assurance requirements, and enhance the level at EAL4 level Security assurance requirements based on the vulnerability analysis requires upgrade to an attacker can withstand moderate attack potential attack. This standard gives only a web application firewall security technologies should meet the requirements, but the specific technical implementations of web application firewall Type, method is not required. Information Security Technology web application firewall security technical requirements

1 Scope

This standard specifies the security requirements of web application firewall functionality, security assurance requirements and grading requirements. This standard applies to the design, development and testing web application firewall.

2 Normative references

The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB 17859-1999 computer information system security protection classification criterion GB/T 18336-2008 (all parts), Information technology - Security techniques - Information Technology Security Evaluation Guidelines GB/T 25069-2010 Information security technology terms

3 Terms and Definitions

GB 17859-1999, GB/T 18336-2008 (all parts) and GB/T 25069-2010 defined and the following terms and definitions Meaning applicable to this document. 3.1 web application firewall webapplicationfirewal Deployed between the web client and the web server, through the analysis of communications web application layer, according to pre-defined filtering rules and Protection policies, to achieve web application protection products. 3.2 SQL injection SQLinjection The SQL commands inserted into a web form to submit arguments or page request to fool the server to execute malicious SQL commands Behavior purposes. 3.3 Cross-site scripting crosssitescripting A malicious attacker to insert malicious web page using HTML code, when a user browses the page, embedded inside a web page HTML code will be executed, so as to achieve the purpose of malicious user behavior. 3.4 Bypass function bypassfunction When the web application firewall exception occurs (power failure, failure, etc.), enables network connection on web application firewall with each other Turned on.

4 Abbreviations

The following abbreviations apply to this document.