|
US$679.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20276-2016: Information security technology -- Security requirements for embedded software in IC card with CPU
Status: Valid GB/T 20276: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 20276-2016 | English | 679 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology -- Security requirements for embedded software in IC card with CPU
| Valid |
GB/T 20276-2016
|
| GB/T 20276-2006 | English | RFQ |
ASK
|
6 days [Need to translate]
|
Information security technology -- Security requirements for smartcard embedded software (EAL4+)
| Obsolete |
GB/T 20276-2006
|
PDF similar to GB/T 20276-2016
Basic data | Standard ID | GB/T 20276-2016 (GB/T20276-2016) | | Description (Translated English) | Information security technology -- Security requirements for embedded software in IC card with CPU | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 34,368 | | Date of Issue | 2006-05-31 | | Date of Implementation | 2017-03-01 | | Older Standard (superseded by this standard) | GB/T 20276-2006 | | Regulation (derived from) | National Standard Announcement 2016 No.14 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 20276-2016: Information security technology -- Security requirements for embedded software in IC card with CPU
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Security requirements for embedded software in IC card with CPU
ICS 35.040
L80
National Standards of People's Republic of China
Replacing GB/T 20276-2006
Information Security Technology
IC card embedded software with central processing unit
Safety technical requirements
2016-08-29 released
2017-03-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People 's Republic of China
China National Standardization Management Committee released
Directory
Preface I
Introduction II
1 Scope 1
2 normative reference document 1
3 terms and definitions, abbreviations 1
3.1 Terms and definitions 1
3.2 Abbreviations 1
4 IC card embedded software description 2
5 Definition of security issues 2
5.1 Assets 2
5.2 Threats 3
5.3 Organizational Security Strategy 4
5.4 Hypothesis 4
6 safety purpose 5
6.1 TOE Safety Purpose 5
6.2 Environmental Safety Purpose 6
7 Safety requirements 6
7.1 Safety Function Requirements 6
7.2 security requirements 11
Basic principles
Basic principles of safety purposes
8.2 Safety Requirements Fundamentals 26
Component Dependency
Reference 30
Foreword
This standard is drafted in accordance with the rules given in GB/T 1.1-2009.
This standard replaces GB/T 20276-2006 "Information security technology Smart card embedded software security technical requirements (EAL4 enhanced
level)". This standard compared with GB/T 20276-2006, the main changes are as follows.
--- the standard name will be changed to "information security technology with IC processor IC card embedded software security technical requirements";
- Chapter 3 updates the term;
--- Chapter 4 re-describes the IC card embedded software structure and application environment, and a more clear TOE scope definition;
- Chapter 5 defines and simplifies the definition of security issues, defining six threats, three organizational security policies, and five
Hypothesis
- Chapter 6 updates the description of TOE security objectives in accordance with the new security issue definition;
- Chapter 7 adjusts the safety function requirements to refine the new safety purpose description, clearly indicating that EAL4 and
EAL5 should meet the safety function requirements; and security requirements have been adjusted to increase the EAL5 requirements
Safeguards components;
- Chapter 8 Definition of new security issues and safety objectives, safety objectives and safety requirements of the relationship between the basic principles of re-
Conducted a comb, but also analyzed the dependencies between components.
This standard is proposed by the National Information Security Standardization Technical Committee (SAC/TC260).
The drafting of this standard. China Information Security Evaluation Center, Beijing Duo Si Technology Industrial Park Co., Ltd., the world of financial technology shares
Limited company, Beijing University of Posts and Telecommunications, Jilin Information Security Evaluation Center.
The main drafters of this standard. Zhang Chongbin, Shi Hongsong, Gao Jinping, Yang Yongsheng, Wang Yuhang, Rao Huayi, Wang Yannan, Chen Jiazhe, Li Dongsheng,
Li Ming, Cao Chunchun, Shen Minfeng, Cui Baojiang, Zhao Jingling, Tang Xiqing, Liu Zhanfeng, Liu Li, Zou Zhaoliang.
This standard replaced the previous version of the standard release.
--- GB/T 20276-2006.
Introduction
IC card application scope of the expansion and application of the complexity of the environment, requiring IC card embedded software has a stronger security protection.
The EAL4 of this standard is based on EAL4 to enhance AVA_VAN.3 to AVA_VAN.4; EAL5 is
EAL5 is based on AVA_VAN.4 enhanced to AVA_VAN.5, and ALC_DVS.1 enhanced to ALC_DVS.2.
Information Security Technology
IC card embedded software with central processing unit
Safety technical requirements
1 Scope
This standard provides for the EAL4 enhanced level and EAL5 enhanced level with the central processing unit IC card embedded software security
The safety requirements of the nurseries, including the definition of safety issues, safety objectives, safety requirements, basic principles and so on.
This standard is applicable to the testing, evaluation and procurement of IC card embedded software products with central processing units, and can also be used to guide such
Product development and development.
2 normative reference documents
The following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article
Pieces. For undated references, the latest edition (including all modifications) applies to this document.
GB/T 18336 (all parts) Information technology Security technology Information technology safety assessment criteria
Information security technical terminology GB/T 25069-2010
3 terms and definitions, abbreviations
3.1 Terms and definitions
GB/T 25069-2010 and GB/T 18336.1 and the following terms and definitions apply to this document.
3.1.1
Personalized data Personalizationdata
Data written during the personalization of IC card embedded software for configuring parameters related to a particular application or user.
3.2 abbreviations
The following abbreviations apply to this document.
CM. Configuration Management (Configuration Management)
EAL. Evaluation Support Level (EvaluationAssuranceLevel)
EEPROM. Electrically Erasable Programmable Read Only Memory (Electricaly-ErasableProgrammableRead-onlyMemory)
IC. Integrated circuit (IntegratedCircuit)
I/O. Input/Output (Input/Output)
RAM. random access memory (Random-AccessMemory)
ROM. Read-only memory (Read-OnlyMemory)
ST. Security target (SecurityTarget)
TOE. Evaluation object (Target ofEvaluation)
TSF. TOE security function (TOESecurityFunctionality)
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20276-2016_English be delivered?Answer: Upon your order, we will start to translate GB/T 20276-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 20276-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20276-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 20276-2016?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20276-2016 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|