|
US$999.00 ยท In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20279-2024: Cybersecurity technology - Technical specification for network and terminal separation products
Status: Valid GB/T 20279: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 20279-2024 | English | 999 |
Add to Cart
|
7 days [Need to translate]
|
Cybersecurity technology - Technical specification for network and terminal separation products
| Valid |
GB/T 20279-2024
|
| GB/T 20279-2015 | English | 135 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Information security technology -- Security technical requirements of network and terminal separation products
| Valid |
GB/T 20279-2015
|
| GB/T 20279-2006 | English | RFQ |
ASK
|
9 days [Need to translate]
|
Safety technology requirements for information security, network and terminal equipment across the high parts
| Obsolete |
GB/T 20279-2006
|
PDF similar to GB/T 20279-2024
Basic data | Standard ID | GB/T 20279-2024 (GB/T20279-2024) | | Description (Translated English) | Cybersecurity technology - Technical specification for network and terminal separation products | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 50,556 | | Date of Issue | 2024-09-29 | | Date of Implementation | 2025-04-01 | | Older Standard (superseded by this standard) | GB/T 20279-2015,GB/T 20277-2015 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 20279-2024: Cybersecurity technology - Technical specification for network and terminal separation products
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standard of the People's Republic of China
Replaces GB/T 20279-2015, GB/T 20277-2015
Network security technology network and terminal isolation products
Technical Specifications
2025-04-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of Contents
Preface III
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 General 3
6 Safety technical requirements 5
6.1 Security Function Requirements 5
6.2 Self-security requirements 9
6.3 Performance requirements 10
6.4 Security requirements 11
7 Evaluation Methods 13
7.1 Safety function evaluation 13
7.2 Self-security assessment 23
7.3 Performance Evaluation 26
7.4 Security Assessment 26
Appendix A (Normative) Classification of network and terminal isolation products and classification of security technical requirements 33
Appendix B (Normative) Classification and evaluation methods of network and terminal isolation products 39
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
This document replaces GB/T 20279-2015 "Information security technology network and terminal isolation product security technical requirements" and GB/T 20277-
2015 "Information Security Technology Network and Terminal Isolation Product Test and Evaluation Method", GB/T 20279-2015 and GB/T 20277-2015
Compared with the previous version, in addition to structural adjustments and editorial changes, the main technical changes are as follows.
--- Changed the product classification of network isolation products (see Chapter 5, Chapter 4 of GB/T 20279-2015 edition);
--- Added general rules (see Chapter 5);
--- Changed the information flow control strategy requirements (see 6.1.1.1, 5.2.2.1.1.1, 5.2.2.2.1.1,
--- Changed the information flow control function requirements (see 6.1.1.2, 5.2.2.1.1.2, 5.2.2.2.1.2,
--- Added application and protocol support requirements (see 6.1.2);
--- Added information filtering requirements (see 6.1.3);
--- Change the anti-attack requirements to attack protection requirements (see 6.1.5, 5.2.2.1.2, 5.2.2.2.2,
5.2.3.1.2 and 5.2.3.2.2);
---Change the domain isolation requirement to the security isolation requirement (see 6.1.6, 5.2.2.1.6, 5.2.2.2.6,
5.2.3.1.6 and 5.2.3.2.6);
---Change the fault tolerance requirement to high availability requirement (see 6.1.7, 5.2.2.1.7, 5.2.2.2.7 and
5.2.3.2.7);
--- Added linkage requirements (see 6.1.10);
---Change the environmental adaptability requirements to IPv6 support requirements (see 6.1.11, 5.4 of GB/T 20279-2015 edition);
---Added virtualization deployment requirements (see 6.1.12);
--- Added its own safety requirements (see 6.2);
--- Changed the performance requirements (see 6.3, 5.5 of GB/T 20279-2015 edition);
--- Changed the safety assurance requirements (see 6.4, 5.3 of GB/T 20279-2015 edition);
--- Added the classification of network and terminal isolation products and the classification of security technical requirements (see Appendix A);
---Added the classification of network and terminal isolation products and the level classification of evaluation methods (see Appendix B).
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. the Third Research Institute of the Ministry of Public Security, the National Industrial Information Security Development Research Center, China Cybersecurity Review and Certification and
Market Supervision Big Data Center, China Electronics Technology Standardization Institute, Beijing Topsec Network Security Technology Co., Ltd., Beijing Anmeng Information
Technology Co., Ltd., Zhongfu Information Co., Ltd., Tsinghua University, Shenzhen Lipu Information Technology Co., Ltd., Venusstar Information Technology
Technology Group Co., Ltd., Zhuhai Special Economic Zone Weisi Co., Ltd., Torui Tianxing Network Security Information Technology Co., Ltd., Qi'anxin Network
Shen Information Technology (Beijing) Co., Ltd., Institute of Software, Chinese Academy of Sciences, First Research Institute of the Ministry of Public Security, Tencent Cloud Computing (Beijing) Co., Ltd.
Responsible company, Xi'an Jiaotong University Jabil Network Technology Co., Ltd., Beijing Shuanxing Technology Co., Ltd., Shandong Shouhan Information Technology Co., Ltd.,
Changyang Technology (Beijing) Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., H3C Technologies Co., Ltd., State Grid Block
Chain Technology (Beijing) Co., Ltd., Blue Shield Information Security Technology Co., Ltd., Guangzhou Tianmao Information System Co., Ltd., China Southern Power Grid
Electric Power Technology Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd., Blue Elephant Standard
(Beijing) Technology Co., Ltd., Hangzhou Lingxin Digital Information Technology Co., Ltd., and Chengdu Saibo Security Technology Development Co., Ltd.
The main drafters of this document are. Lu Zhen, Zhu Guobang, Li Xuan, Gu Jian, Gu Jianxin, Shen Liang, An Gaofeng, Liu Zhifei, Ma Ao, Yang Chen, Sun Yan,
Zhang Dongju, Wang Chonghua, Shen Yongbo, Shen Wenjie, Jiang Jun, Lu Wenli, Jiao Mengmeng, Zuo Anji, Zhang Xiyu, Lu Dongliang, Yan Min, Yang Chunhua, Hu Weina,
Wang Luhan, Zhang Lingyun, Qiao Huayang, Yu Guo, Liu Yuhong, Yang Geng, Zhao Hua, Liu Weihua, He Jianfeng, Shi Zhuyu, Jiao Shaobo, Wan Xiaolan, Li Shiqi,
Chang Yuanyuan, Liu Qiang, Zou Kai, Lin Di, Li Kepeng, Han Xiude, Zhang Dawei, Zhao Huimin, Qian Yunjie, Ding Wensuo, Yang Wei, Zhang Zhenyu, Lin Dansheng,
Li Huimin and Guo Aibo.
The previous versions of this document and the documents it replaces are as follows.
---GB/T 20279, first issued in.2006 and first revised in.2015;
---GB/T 20277, first issued in.2006 and first revised in.2015;
---This is the second revision.
Network security technology network and terminal isolation products
Technical Specifications
1 Scope
This document specifies the classification, grading, security technical requirements and evaluation methods of network and terminal isolation products.
This document applies to the design, development, and testing of network and endpoint isolation products.
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 18336.3-2024 Cybersecurity technology Information technology security assessment criteria Part 3.Security assurance components
GB/T 25069-2022 Information Security Technical Terminology
GB/T 30279-2020 Information security technology - Guidelines for the classification and grading of network security vulnerabilities
GB 42250-2022 Information security technology - Safety technical requirements for network security products
3 Terms and definitions
GB/T 18336.3-2024, GB/T 25069-2022, GB/T 30279-2020 and GB 42250-2022 and the following
The following terms and definitions apply to this document.
3.1
securitydomain
A collection of assets and resources that are subject to a common security policy.
[Source. GB/T 25069-2022, 3.36]
3.2
A technology that uses physical methods to ensure that different security domains cannot be connected directly or indirectly.
Note. Implement physical disconnection of different security domains, including disconnection in physical conduction and physical storage.
3.3
protocol conversionprotocolconversion
A technology that extracts application data from public protocols based on the network and encapsulates it into a system-specific private protocol for data transmission.
3.4
Information ferry informationferry
The information is transmitted from the security domain where the information source is located to the intermediate cache area, and then the information in the intermediate cache area is transmitted to the security domain where the information destination is located.
Global data transmission technology.
Note. At any one time, the intermediate cache area is connected to only one security domain.
|