HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (7 Jun 2025)

English GB/T 20279-2024 PDF (GB/T 20279-2015: Older version)

Search result: GB/T 20279-2024 (GB/T 20279-2015 Older version)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 20279-2024English999 Add to Cart 7 days [Need to translate] Cybersecurity technology - Technical specification for network and terminal separation products Valid GB/T 20279-2024
GB/T 20279-2015English135 Add to Cart 0--9 seconds. Auto-delivery Information security technology -- Security technical requirements of network and terminal separation products Valid GB/T 20279-2015
GB/T 20279-2006EnglishRFQ ASK 9 days [Need to translate] Safety technology requirements for information security, network and terminal equipment across the high parts Obsolete GB/T 20279-2006


BASIC DATA
Standard ID GB/T 20279-2024 (GB/T20279-2024)
Description (Translated English) Cybersecurity technology - Technical specification for network and terminal separation products
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.030
Word Count Estimation 50,576
Date of Issue 2024-09-29
Date of Implementation 2025-04-01
Older Standard (superseded by this standard) GB/T 20279-2015,GB/T 20277-2015
Issuing agency(ies) State Administration for Market Regulation, National Standardization Administration


GB/T 20279-2024. Network security technology network and terminal isolation product technical specification ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 20279-2015, GB/T 20277-2015 Network security technology network and terminal isolation products Technical Specifications 2025-04-01 Implementation State Administration for Market Regulation The National Standardization Administration issued Table of Contents Preface III 1 Range 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 General 3 6 Safety technical requirements 5 6.1 Security Function Requirements 5 6.2 Self-security requirements 9 6.3 Performance requirements 10 6.4 Security requirements 11 7 Evaluation Methods 13 7.1 Safety function evaluation 13 7.2 Self-security assessment 23 7.3 Performance Evaluation 26 7.4 Security Assessment 26 Appendix A (Normative) Classification of network and terminal isolation products and classification of security technical requirements 33 Appendix B (Normative) Classification and evaluation methods of network and terminal isolation products 39 Preface This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 20279-2015 "Information security technology network and terminal isolation product security technical requirements" and GB/T 20277- 2015 "Information Security Technology Network and Terminal Isolation Product Test and Evaluation Method", GB/T 20279-2015 and GB/T 20277-2015 Compared with the previous version, in addition to structural adjustments and editorial changes, the main technical changes are as follows. --- Changed the product classification of network isolation products (see Chapter 5, Chapter 4 of GB/T 20279-2015 edition); --- Added general rules (see Chapter 5); --- Changed the information flow control strategy requirements (see 6.1.1.1, 5.2.2.1.1.1, 5.2.2.2.1.1, --- Changed the information flow control function requirements (see 6.1.1.2, 5.2.2.1.1.2, 5.2.2.2.1.2, --- Added application and protocol support requirements (see 6.1.2); --- Added information filtering requirements (see 6.1.3); --- Change the anti-attack requirements to attack protection requirements (see 6.1.5, 5.2.2.1.2, 5.2.2.2.2, 5.2.3.1.2 and 5.2.3.2.2); ---Change the domain isolation requirement to the security isolation requirement (see 6.1.6, 5.2.2.1.6, 5.2.2.2.6, 5.2.3.1.6 and 5.2.3.2.6); ---Change the fault tolerance requirement to high availability requirement (see 6.1.7, 5.2.2.1.7, 5.2.2.2.7 and 5.2.3.2.7); --- Added linkage requirements (see 6.1.10); ---Change the environmental adaptability requirements to IPv6 support requirements (see 6.1.11, 5.4 of GB/T 20279-2015 edition); ---Added virtualization deployment requirements (see 6.1.12); --- Added its own safety requirements (see 6.2); --- Changed the performance requirements (see 6.3, 5.5 of GB/T 20279-2015 edition); --- Changed the safety assurance requirements (see 6.4, 5.3 of GB/T 20279-2015 edition); --- Added the classification of network and terminal isolation products and the classification of security technical requirements (see Appendix A); ---Added the classification of network and terminal isolation products and the level classification of evaluation methods (see Appendix B). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. the Third Research Institute of the Ministry of Public Security, the National Industrial Information Security Development Research Center, China Cybersecurity Review and Certification and Market Supervision Big Data Center, China Electronics Technology Standardization Institute, Beijing Topsec Network Security Technology Co., Ltd., Beijing Anmeng Information Technology Co., Ltd., Zhongfu Information Co., Ltd., Tsinghua University, Shenzhen Lipu Information Technology Co., Ltd., Venusstar Information Technology Technology Group Co., Ltd., Zhuhai Special Economic Zone Weisi Co., Ltd., Torui Tianxing Network Security Information Technology Co., Ltd., Qi'anxin Network Shen Information Technology (Beijing) Co., Ltd., Institute of Software, Chinese Academy of Sciences, First Research Institute of the Ministry of Public Security, Tencent Cloud Computing (Beijing) Co., Ltd. Responsible company, Xi'an Jiaotong University Jabil Network Technology Co., Ltd., Beijing Shuanxing Technology Co., Ltd., Shandong Shouhan Information Technology Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., H3C Technologies Co., Ltd., State Grid Block Chain Technology (Beijing) Co., Ltd., Blue Shield Information Security Technology Co., Ltd., Guangzhou Tianmao Information System Co., Ltd., China Southern Power Grid Electric Power Technology Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd., Blue Elephant Standard (Beijing) Technology Co., Ltd., Hangzhou Lingxin Digital Information Technology Co., Ltd., and Chengdu Saibo Security Technology Development Co., Ltd. The main drafters of this document are. Lu Zhen, Zhu Guobang, Li Xuan, Gu Jian, Gu Jianxin, Shen Liang, An Gaofeng, Liu Zhifei, Ma Ao, Yang Chen, Sun Yan, Zhang Dongju, Wang Chonghua, Shen Yongbo, Shen Wenjie, Jiang Jun, Lu Wenli, Jiao Mengmeng, Zuo Anji, Zhang Xiyu, Lu Dongliang, Yan Min, Yang Chunhua, Hu Weina, Wang Luhan, Zhang Lingyun, Qiao Huayang, Yu Guo, Liu Yuhong, Yang Geng, Zhao Hua, Liu Weihua, He Jianfeng, Shi Zhuyu, Jiao Shaobo, Wan Xiaolan, Li Shiqi, Chang Yuanyuan, Liu Qiang, Zou Kai, Lin Di, Li Kepeng, Han Xiude, Zhang Dawei, Zhao Huimin, Qian Yunjie, Ding Wensuo, Yang Wei, Zhang Zhenyu, Lin Dansheng, Li Huimin and Guo Aibo. The previous versions of this document and the documents it replaces are as follows. ---GB/T 20279, first issued in.2006 and first revised in.2015; ---GB/T 20277, first issued in.2006 and first revised in.2015; ---This is the second revision. Network security technology network and terminal isolation products Technical Specifications 1 Scope This document specifies the classification, grading, security technical requirements and evaluation methods of network and terminal isolation products. This document applies to the design, development, and testing of network and endpoint isolation products. 2 Normative references The contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 18336.3-2024 Cybersecurity technology Information technology security assessment criteria Part 3.Security assurance components GB/T 25069-2022 Information Security Technical Terminology GB/T 30279-2020 Information security technology - Guidelines for the classification and grading of network security vulnerabilities GB 42250-2022 Information security technology - Safety technical requirements for network security products 3 Terms and definitions GB/T 18336.3-2024, GB/T 25069-2022, GB/T 30279-2020 and GB 42250-2022 and the following The following terms and definitions apply to this document. 3.1 securitydomain A collection of assets and resources that are subject to a common security policy. [Source. GB/T 25069-2022, 3.36] 3.2 A technology that uses physical methods to ensure that different security domains cannot be connected directly or indirectly. Note. Implement physical disconnection of different security domains, including disconnection in physical conduction and physical storage. 3.3 protocol conversionprotocolconversion A technology that extracts application data from public protocols based on the network and encapsulates it into a system-specific private protocol for data transmission. 3.4 Information ferry informationferry The information is transmitted from the security domain where the information source is located to the intermediate cache area, and then the information in the intermediate cache area is transmitted to the security domain where the information destination is located. Global data transmission technology. Note. At any one time, the intermediate cache area is connected to only one security domain. ......


GB/T 20279-2015 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 20279-2006 Information Security Technology - Security Technical Requirements of Network and Terminal Separation Products ISSUED ON. MAY 15, 2015 IMPLEMENTED ON. JANUARY 1, 2016 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China; Standardization Administration of the People's Republic of China. Table of Contents 1 Scope ... 4  2 Normative References ... 4  3 Terms and Definitions ... 4  4 Description of Network and Terminal Separation Products ... 6  5 Security Technical Requirements ... 9  5.1 Overall Description ... 9  5.1.1 Classification of Security Technical Requirements ... 9  5.1.2 Security Level ... 9  5.2 Security Function Requirements ... 10  5.2.1 Terminal Separation Products... 10  5.2.2 Network Separation Product ... 13  5.2.3 Network Unilateral Transmission Product ... 30  5.3 Security Assurance Requirements ... 45  5.3.1 Requirements for Basic-level ... 45  5.3.2 Requirements for Enhanced-level ... 49  5.4 Environmental Adaptation Requirements ... 57  5.4.1 Next generation internet Support (if any) ... 57  5.4.2 Support IPv6 Transition Network Environment (optional) ... 58  5.5 Performance Requirements ... 59  5.5.1 Exchange Rate ... 59  5.5.2 Hardware Switching Time ... 59  Bibliography ... 60  Foreword This Standard was drafted according to the rules specified in GB/T 1.1-2009. Please pay attention that some contents of this document may involve patents. The issuing organization of this Standard does not undertake the responsibility to identify these patents. This Standard replaces GB/T 20279-2006 "Information Security Technology Security Techniques Requirements of Separation Components of Network and Terminal Equipment". The main differences between this Standard and GB/T 20279-2006 are as follows. - The products were classified into terminal separation products, network separation products and network unilateral transmission products; - The products were uniformly divided into basic-level and enhanced-level; - The description of terminal separation products, network separation products and network unilateral transmission products were added; - The requirement of the capability of supporting next generation internet protocol was added; - The basic principles of technical requirements were added in appendix, including basic principles of security function requirements and basic principles of security assurance requirements. This Standard was proposed by and shall be under the jurisdiction of National Technical Committee on Information Technology Security of Standardization Administration of China (SAC/TC 260). Drafting organizations of this Standard. Quality Supervision Testing Center of Computer Information System Security Products of the Ministry of Public Security, Zhuhai Victory Idea Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd. AND The Third Research Institute of Ministry of Public Security. Chief drafters of this Standard. Lu Zhen, Gu Jian, Yu You, Li Xuan, Deng Qi, Zuo Anji, Lu Wenli and Liu Bin. Information Security Technology-Security Technical Requirements of Network and Terminal Separation Products 1 Scope This Standard specifies the security function requirements, security assurance requirements, environmental adaptation requirements and performance requirements of network and terminal separation products. This Standard is applicable to the design, development and test of network and terminal separation products. 2 Normative References The following documents are essential for the application of this document. For the dated references, only the dated editions apply to this document. For undated references, the latest editions (including amendments) apply to this document. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria For IT Security - Part 3. Security Assurance Requirements GB/T 25069-2010 Information Security Technology - Glossary 3 Terms and Definitions For the purpose of this Standard, the following terms and definitions as well as those defined in GB 17859-1999 and GB/T 25069-2010 apply. 3.1 Security domain The computer or network area with the same security protection demand and security policy. 3.2 Physical disconnection The case that the networks in different security domains cannot be directly or indirectly connected. Note. In one physical network environment, the physical disconnection of networks in different security domains shall technically ensure disconnection of information in physical transmission and physical storage. 3.3 Protocol conversion The separation and reestablishment of protocol. Separate the application data in the network-based common protocol from one end of separation product in a certain security domain, package to transmit special system protocol to the other end of separation product in other security domain, then separate the special protocol and package it into the required format. 3.4 Protocol separation The networks in different security domains are physically connected, it is ensured that the protected information is logically separated through protocol conversion, and only the information with limited content required by the system for transmission may pass through. 3.5 Information ferry It is a mode of information exchange, physical transmission channel only exists during transmission. Note. During data transmission, the information is transmitted to the middle cache, the connection between middle cache and the security domain of the information destination is cut; and then connect the transmission channel between middle cache and the security domain of the information destination, transmit the information to the security domain of the information destination, and physically cut the connection between the security domain of information source and middle cache. Middle cache is only connected with security domain at one end at any one time. 3.6 Unilateral transmission unit A pair of transmission units with physical unilateral transmission characteristic, this transmission unit consists of a pair of independent sending and receiving units, which can only work in simplex mode, sending unit only has single sending function, and receiving unit only has single receiving function, they form a creditable unilateral channel, which is free from any feedback information. 3.7 Terminal separation product The security separation card or security separation computer which connects two different security domains simultaneously and achieves physical separation of security domains by adopting physical disconnection technology. 3.8 Network separation product The product between two different security domains and achieving security separation of security domains and information exchange on network by adopting protocol separation technology. 3.9 Network unilateral transmission product The only channel between two different security domains and achieving unilateral transmission of structure information physically, and it is ensured that only the information to which security policy permits for transmission may pass through, without any data transmission or feedback in the opposite direction. 4 Description of Network and Terminal Separation Products According to form and function, network and terminal separation products may be classified into terminal separation products, network separation products and network unilateral transmission products, the purpose is to establish security control point between different network terminals and network security domains to provide controllable access service among different network terminals and network security domains. In addition, the protocol stack of network and terminal separation products of the next generation Internet network environment shall not only support IPv4 technology, but also I... ......


GB/T 20279-2006 Safety technology requirements for information security, network and terminal equipment across the high parts ICS 35.040 L80 National Standards of People's Republic of China Information security technology Network and terminal equipment isolation components safety technical requirements Released on.2006-05-31 Implementation of.2006-12-01 General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China China National Standardization Administration issued Content Foreword III Introduction IV 1 range 1 2 Normative references 1 3 Terms and Definitions 1 4 Security environment 2 4.1 Physical aspects 2 4.2 Personnel 2 4.3 Connectivity 2 5 isolation parts classification safety technical requirements 2 5.1 Physical disconnection of the isolation component 2 5.1.1 Basic Level Requirements 2 5.1.2 Enhanced Level Requirements 4 5.2 One-way isolation component 7 5.2.1 Basic level requirements 7 5.2.2 Enhanced Level Requirements 8 5.3 Protocol isolation component 11 5.3.1 Level 1 11 5.3.2 Second level 13 5.3.3 Third level 18 5.4 Gatekeeper isolation component 23 5.4.1 Level 1 23 5.4.2 Second level 26 5.4.3 Third level 30 Reference 37 Foreword This standard is proposed and managed by the National Information Security Standardization Technical Committee. This standard was drafted. Ministry of Public Security Computer Information System Security Product Quality Supervision and Inspection Center. The main drafters of this standard. Zhu Jianping, Lu Yi, Shen Liang, Qiu Yihua, Zhang Wei, Zhang Xiaoxiao, Gu Yu, Shen Tao, Zhao Ting, Zou Chunming, Gu Jian. introduction This standard is an important part of the series of standards for information security level protection technical requirements, to guide designers how to design and implement The isolation component with the required safety level mainly describes the technology from the perspective of dividing the safety protection level of the isolation component. Requirements, which mainly indicate the safety of the isolation components to achieve the safety requirements of each protection level based on GB 17859-1999 Technical measures, as well as differences in the implementation of various security technologies in different security levels. This standard is based on the classification of the safety level of GB 17859-1999, for the technical characteristics of the isolation components, the corresponding safety level The safety function technical requirements and safety assurance technical requirements are described in detail. In this standard text, bold fonts indicate new or enhanced functional requirements in higher levels. Information security technology Network and terminal equipment isolation components safety technical requirements 1 range This standard specifies the detailed technical requirements required for the classification of safety protection for isolated components, and gives each safety guarantee. Different technical requirements for protection levels. This standard is applicable to the design and implementation of isolation components. The testing and management of isolation components can also be used as reference. 2 Normative references The terms in the following documents become the terms of this standard by reference to this standard. All dated references, followed by all Modifications (not including errata content) or revisions do not apply to this standard, however, parties to agreements based on this standard are encouraged to Whether the latest version of these files can be used. For undated references, the latest edition applies to this standard. GB 17859-1999 Computer Information System Security Protection Level Division Guidelines GB/T 20271-2006 Information security technology information system general safety technical requirements 3 Terms and definitions The following terms and definitions established in GB 17859-1999 and GB/T 20271-2006 apply to this standard. 3.1 Refers to networks that are in different security domains that cannot be connected directly or indirectly. In a physical network environment, implementation is not The network of the security domain is physically disconnected, and technically, information should be disconnected from physical conduction and physical storage. 3.2 In the isolation component, the definition of protocol conversion is the stripping and reconstruction of the protocol. At the end of the isolation component of a security domain, based on The application data in the public protocol of the network is stripped out, and the encapsulation is passed to the isolation component of the other security domain of the system-specific protocol. End, then strip the proprietary protocol and package it into the required format. 3.3 Refers to the network in different security domains is physically connected, through the means of protocol conversion to ensure that the protected information is logically Isolated, only content-restricted information that is required to be transmitted by the system can pass. 3.4 One way of information exchange, the physical transport channel exists only when the transmission is in progress. When information is transmitted, the information is first secured by the information source. One end of the domain is transferred to the intermediate cache area, and the connection between the intermediate cache area and the security domain of the information destination is physically disconnected; The transport channel of the cache area and the security domain where the information is destined, transmits the information to the security domain where the information is intended, and is physically broken on the channel. Open the connection between the security domain where the information source resides and the intermediate cache area. At any one time, the intermediate cache area is only connected to one end of the security domain. 3.5 An information security component that physically disconnects information, such as a physical isolation card. ......

Similar standards: GB/T 20281   GB/T 20280   GB/T 20274.1   GB/T 20278