|
US$1019.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20283-2020: Information security technology - Guide for the production of protection profiles and security targets
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 20283-2020 | English | 1019 |
Add to Cart
|
7 days [Need to translate]
|
Information security technology - Guide for the production of protection profiles and security targets
| Valid |
GB/T 20283-2020
|
PDF similar to GB/T 20283-2020
Basic data | Standard ID | GB/T 20283-2020 (GB/T20283-2020) | | Description (Translated English) | Information security technology - Guide for the production of protection profiles and security targets | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 55,581 | | Date of Issue | 2020-09-29 | | Date of Implementation | 2021-04-01 | | Older Standard (superseded by this standard) | GB/Z 20283-2006 | | Regulation (derived from) | National Standard Announcement No. 20 of 2020 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 20283-2020: Information security technology - Guide for the production of protection profiles and security targets
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Guide for the production of protection profiles and security targets
ICS 35.040
L80
National Standards of People's Republic of China
Replace GB /Z 20283-2006
Information Security Technology
Guidelines for the generation of protection profiles and safety goals
2020-09-29 released
Implementation on 2021-04-01
State Administration for Market Regulation
Issued by the National Standardization Management Committee
Table of contents
Preface Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Abbreviations 1
5 Overview of protection profile and safety objectives 2
5.1 Brief description 2
5.2 Reader 2
5.3 Use of protective contours and safety goals 2
5.4 Protection profile/safety goal development process 6
5.5 Reading and understanding the protection profile and safety goals 6
6 Introduction to protection profile/safety goal 10
7 Declaration of conformity 11
8 Definition of security issues 11
8.1 Brief description 11
8.2 Identify informal safety requirements 12
8.3 Identifying and determining threats 14
8.4 Identifying and determining strategies 18
8.5 Identifying and determining assumptions 19
8.6 Complete the definition of security issues 20
9 Security purpose 21
9.1 Brief description 21
9.2 Building threats, strategies and assumptions 22
9.3 Identifying non-IT operating environment security objectives 22
9.4 Identify the security objectives of the IT operating environment 23
9.5 Identify TOE Security Purpose 23
9.6 The basic principle of generating a security purpose 24
10 Expansion component definition 25
11 Safety requirements 26
11.1 Brief introduction 26
11.2 Safety paradigm 28
11.3 Determine safety function requirements 34
11.4 Determine safety assurance requirements 43
12 TOE Summary Specification 44
13 Protection profile and safety goals of the TOE of the combination and component 45
13.1 Combined TOE 45
13.2 Parts TOE 47
14 Special circumstances 47
14.1 Low-assurance protection profile and safety objectives 47
14.2 Function and Guarantee Package 48
Appendix A (informative appendix) Expansion component definition example 49
Information Security Technology
Guidelines for the generation of protection profiles and safety goals
1 Scope
This standard gives a description of the content of each part of the protection profile and safety target document, and provides an overview of the protection profile and safety target, and
Protection profile/safety goal introduction, declaration of conformity, safety issue definition, safety purpose, extended component definition, safety requirements, TOE outline specification
The protection profile, safety objectives, special circumstances and other information of the TOE of the fan, combination and component.
This standard applies to the testing, evaluation, and procurement of information technology products, and the use of protection profiles for product users, developers, and testers
And safety goals.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 18336-2015 (all parts) Information technology security technology information technology security assessment criteria
GB/T 25069-2010 Information Security Technical Terms
3 Terms and definitions
The terms and definitions defined in GB/T 25069-2010 and GB/T 18336.1-2015 apply to this document.
4 Abbreviations
The following abbreviations apply to this document.
5 Overview of protection profile and safety objectives
5.1 Brief description
This chapter is an overview of the readers, purpose, development process and use of PP and ST to illustrate the use of GB/T 18336-
The role of PP and ST in the.2015 (all parts) information security assessment.
5.2 Readers
This standard applies to two types of readers.
a) IT professionals. They have certain security knowledge, but are not experts in information security assessment, and are
2015 (all parts) not much knowledge;
b) Information security experts. They fully understand GB/T 18336-2015 (all parts), and regard the development of PP and ST as their work content.
For IT professionals, this chapter will provide them with information to understand the purpose and structure of PP and ST, as well as to facilitate their reading and understanding
Background information on PP and ST. The specific content of each part of PP and ST will be explained in detail below, and it is assumed that the reader has the GB/T 18336-
Knowledge of.2015 (all parts).
For information security experts, they should already be familiar with the content of this chapter and can use the methods, techniques and practical skills provided in the subsequent chapters to achieve
Prepare PP and ST in an efficient and consistent way.
If the reader is not an expert in information security, you can also use this standard to develop PP or ST. But users still need to query and read
And understand the published PP or ST that has similar requirements, and you can also consider seeking help from others who have the necessary domain expertise and experience.
5.3 Use of protection contours and safety goals
5.3.1 Brief description
The main purpose of GB/T 18336-2015 (all parts) is to evaluate the security of IT products. The term "IT product" is not used in
It is actually defined in GB/T 18336-2015 (all parts), but it can be used to understand any entity constructed using information technology, including
A complete IT system used by an organization, or produced by a product manufacturer and sold to many different or unrelated customers
COTS. When this standard refers to “IT products” or only “products” and other terms, it is recommended to apply to the above mentioned entities, but when it comes to certain products
When there are limitations, it will be expressed in system, COTS or other specific terms.
IT products can be used in multiple environments in a variety of ways, and the concept of security will vary with the product. Therefore, by GB/T 18336-
The final assessment result produced in.2015 (all parts) is by no means "this IT product is safe", but "this IT product meets this security specification."
GB/T 18336-2015 (all parts) standardizes safety regulations to facilitate the implementation of two tasks.
--- Mandatory analysis of specific content when evaluating products in accordance with safety regulations;
---Allows to compare the safety regulations of different products.
GB/T 18336-2015 (all parts) specifies two different types of safety specifications. protection contours and safety goals. Between the two
The difference lies in the different roles it plays, that is, when a customer wants to buy a product from the developer, the protection profile and safety goal are purchased here.
Played different roles in the process.
The concepts of customer, developer, and product are abstract. Customers are people who want to buy products, which can be individuals, single organizations, group groups
Organizations, government departments, etc. A developer is a person who wants to sell a product. It can be a programmer, a small company, a large company, a group company, etc.
The product can be as small as an application software or smart card, as large as an operating system or a complex computer system with hundreds of different components.
When a customer wants to purchase a product, there are basically two processes.
---Standard-based procurement process. that is, the customer puts forward a demand to the developer, and the developer develops a product that meets the customer's demand. Adopt this
This method is expensive, but the customer gets the product he wants.
---Purchasing process based on selection. that is, customers can choose a product from existing products. The cost of adopting this method is relatively low,
However, the final product selected by the customer may or may not fully satisfy his needs.
When IT security requirements are very important, for general customers, these two procurement processes also bring other difficulties to them.
---It is difficult to determine what type of IT security it needs;
--- It is more difficult to determine whether a given product that claims to have IT security is available or effectively meets its needs;
--- What is more difficult to determine is how to judge that the claimed safety attributes of the product are true.
In order to help customers solve the above difficulties, GB/T 18336-2015 (all parts) can be used to evaluate the product, while protecting the profile and safety
Goals will play an important role in this process. The following two sections will explain the role of evaluation in the procurement process.
IT products do not work in isolation, they can be used by users in an operating environment that includes security measures, and it is assumed that they are in the operating environment.
There are certain types of security features in the environment, and these assumptions are also part of PP or ST.
5.3.2 Specification-based procurement process
5.3.2.1 Overview
In the specification-based procurement process, the customer submits the written specification to the developer, and the developer develops the product based on this specification. This process
It includes the following steps.
a) Customers should determine their safety requirements in an informal way;
b) Customers should convert these informal security requirements into more formal specifications suitable for developers to use;
c) Developers should develop products based on this specification.
The quality of each step should be strictly controlled so that customers can understand that this product is what they need.
5.3.2.2 Informal safety requirements
The step of determining informal security requirements is to determine "what is the security problem and how to solve this problem".
Beyond the scope of GB/T 18336-2015 (all parts), so it does not fall within the scope of this standard.
GB/T 18336-2015 (all parts) assumes that the customer has the ability to determine their informal safety requirements, otherwise, the customer ultimately purchases
Products may not meet real safety requirements.
Once the customer's requirements are written, there are often security issues related to it. Informal customer requirements usually have the following characteristics.
a) Incomplete. Failure to indicate all requirements, such as lack of products to deal with important threats;
b) Non-embedded. the specific environment where the product is not fully coordinated, or the description of its environment is not specific enough;
c) Implied. Some product requirements are causal, but these causal relationships themselves are not included. The developer may not include these
Implied requirements are taken into account;
d) Untestable. The requirements are too vague, so it is impossible to verify whether the product meets the requirements;
e) Too much detail. Actually, the implementation measures have been written, but it is not written why they are implemented in this way. When the requirements are changed later,
It is often uncertain how these changes should be implemented;
f) Vague words. such as "communication should be secure", but does not define what is "secure";
g) Inconsistent. Safety requirements are contradictory.
If such customer requirements are submitted to the developer, it may cause the developer to misunderstand and cause other problems. The evaluator’s requirements
The interpretation may also be different from the customer and the developer, leading to other problems in the security assessment.
In the entire specification-based procurement process, an important step is to formalize customer requirements, that is, based on GB/T 18336-2015
The safety requirements of (all parts) are formalized using PP documents. PP documents define customers in a formal and standardized way
Security requirements.
5.3.2.3 Use PP as a specification
PP contains many parts, but as a safety specification, the most important thing is "safety function requirements". GB/T 18336-2015 (all
Part) requires the use of clearly defined language in the standard to describe these requirements. This language can ensure that PP has the following characteristics.
a) Unambiguous. The language contains very clear terms, so that developers can understand and correctly interpret the requirements;
b) Testable. The language limits only testable requirements, so it can be evaluated later whether the product really meets the PP;
c) Not limited to details. The language is abstract to a certain extent. This is closely related to customer requirements, and customers want to know what they have done
What, but no need to know how to do it;
d) More complete. The language contains some specific structures to ensure that implicit requirements are also included (for example. "If this function is needed, then
Other functions of this function are also needed").
5.3.2.4 Build products through PP
Customers can give their formal requirements through a PP and submit them to relevant developers. Developers use this PP as the starting point for product development
Click and write the corresponding ST.
ST is very similar to PP. PP defines customer requirements and is written by customers, while ST is a product specification and written by developers.
Developers are not allowed to submit an ST at will to respond to the customer’s PP. The ST should comply with the PP, that is, the products provided by the developer should cover
All customer requirements.
Compared with PP, ST has the following characteristics.
---ST stipulates more content than PP. Compared with customer requirements, the product will provide more security functions, but additional functions are not allowed
Not compatible with PP;
---ST contains more details than PP. PP clarifies "what is safe", ST explains "how to do", that is, the developer passes
ST pointed out how it fulfilled the customer's requirements.
PP allows ST writers to flexibly express security functions, see 5.5.6 for more details.
ST defines the safety function of the product for developers, and ST will also serve as the "safety requirement specification" for the subsequent development process.
The final result of the development process should be a product that can be submitted to the customer, and the customer can also install and use it. Of course, the product
Should behave as described by ST.
5.3.2.5 The role of assessment in the specification-based procurement process
In the specification-based procurement process, the developer clarified the following information to the customer.
a) The developer's ST complies with the customer's PP;
b) The developer's product complies with the developer's ST;
c) The developer's product meets the customer's PP and meets the customer's requirements.
If the customer accepts these statements, the procurement process can be over.
If the customer requires independent verification of these statements, they can rely on a third party (such as an evaluation agency) in accordance with GB/T 18336-
2015 (all parts) safety assessment to check these conformity declarations. In this process, the evaluation agency can pass PP, ST, product and
GB/T 18336-2015 (all parts) to evaluate the following two statements.
a) ST complies with PP;
b) The product complies with ST.
After the evaluation, there are still two noteworthy aspects.
a) The process of transforming customers' informal safety requirements into PP. This conversion process does not belong to GB/T 18336-2015 (all parts
If the conversion is wrong, PP will not meet the customer's requirements, and the product may also not meet the customer's requirements.
b) Evaluation does not "prove" compliance. GB/T 18336-2015 (all parts) evaluation does not provide an absolute guarantee
If the product meets PP, it can only provide a certain degree of protection based on the depth and breadth specified by PP or ST.
5.3.3 Procurement process based on selection
5.3.3.1 Overview
In the case that the customer cannot afford the cost of the customized product, it should choose from the existing products. The procurement process based on the selection is as follows.
a) Developers should develop products and corresponding specifications and provide them to customers;
b) Customers should determine whether the product is most suitable for the product they want to buy according to this specification.
The quality of each step should be strictly controlled so that customers can understand that this product is what they need.
5.3.3.2 Use the specifications provided by the developer
In the selection-based procurement process, customers should use the specifications provided by the developer.
If the specification is informal, then it has the same shortcomings as the informal customer needs discussed in 5.3.2.2.Based on,
The specification also needs to be formalized, and ST should be used as discussed in 5.3.2.4.The ST here is the same as the ST discussed in 5.3.2.4
The same, but there is an obvious difference. Since the ST is not based on the customer's PP, the ST cannot claim to be PP.
Because developers do not know the specific needs of customers, they will have to first estimate what the market needs, and then write ST, which cannot match any customer.
Specific requirements of the user.
Developers develop products based on ST, and the process is similar to the specification-based procurement process.
5.3.3.3 Compare safety goals
Customers can compare the ST of a certain number of products and choose the one that best meets their requirements (may also consider non-safety requirements, such as
price). Customers should find a way to find out their own informal safety requirements (see 5.3.2.2) and compare them with the various STs provided to them.
Compare. If there are one or more products that meet the customer’s requirements, that’s the best, otherwise the customer will have to choose the "closest" product or find
Some other solutions (for example, changing customer requirements).
As mentioned in 5.3.2, the process of generating informal customer safety requirements is not in GB/T 18336-2015 (all parts) and this standard.
Within the range. The comparison between the requirements and ST is not within the scope of GB/T 18336-2015 (all parts).
5.3.3.4 The role of evaluation in the selection-based procurement process
Similar to the specification-based procurement process, developers can simply declare that their products meet ST, and if the customer accepts it, then
The purchasing process is over.
The developer will provide a certificate to prove that an independent third party (evaluation agency) has verified ST, and in accordance with GB/T 18336-2015 (all
Some) implemented a safety assessment to confirm that the product does meet ST.
After the evaluation, there are still two noteworthy aspects.
a) Prove that the customer’s informal security requirements are equivalent to ST. This process does not belong to GB/T 18336-2015
The scope of (all parts), if the proof is wrong, ST will not meet the customer's requirements, and the product may also not meet
Customer requirements.
b) The assessment does not "prove" compliance. GB/T 18336-2015 (all parts) evaluation does not provide an absolute guarantee to illustrate
The product meets ST, it can only provide a certain degree of guarantee based on the depth and breadth specified by ST.
5.3.4 Other uses of PP
There are other uses for the protective profile. For example, a standard-setting body or a supplier association may specify a specific type of application
As the minimum safety standard of best practice, PP is approved and authorized by the government and industry associations. If this situation exists, customers and developers
Everyone may need to comply with these PPs and also need to provide additional security features to meet their specific needs.
The organization designates or approves PP, to ensure that such PP is minimal (only absolutely necessary) and realistic (not
Developers are required to complete functions or guarantees that cannot be achieved).
PP can also express the need for a certain type of security product, even if such a product does not yet exist when it is released. This situation
Next, product developers should use caution when dealing with such PP. Because when the developer has developed a suitable product, the requirements may be out of date, or
It is that the initiators of PP may have found other ways to meet their requirements and do not want to buy such products.
5.4 Protection profile/safety target development process
In Appendix A and Appendix B of GB/T 18336.1-2015 and the content mentioned above, the statement about PP and ST requirements,
It is suggested that the development of PP and ST should be carried out in a "top-down" manner in a logical sequence. For example, the order in ST is.
a) Define security issues;
b) Determine the security purpose corresponding to the security issue;
c) Define the safety requirements that meet the TOE safety purpose;
d) Select safety functions that meet safety requirements.
Do not rule out situations that may need to be repeated. For example, the definition of safety requirements may highlight the safety objectives to be met or
Security issues; there may be some duplication in verifying the relationship between threats, organizational security policies, security objectives, security requirements, and functions; especially
It is that more repetition may occur when constructing the basic principles. After all the problems in the basic principles have been eliminated, the PP or
ST is complete.
During the development of PP or ST, new information other than security issues may appear, and all changes need to be recorded to reflect external
Changes in the environment, such as.
a) Identify new threats;
b) Change the organization's security strategy;
c) Due to cost and time constraints, the division of responsibilities expected to be borne by TOE or TOE environment has changed;
d) Changes in the expected attack potential will affect the definition of TOE security issues.
If TOE is a developed product, and the author of PP or ST may already have a clear thinking about the safety function of TOE, then the safety
The definition of notes and security purposes will inevitably be affected by TOE security solutions. At this time, the development process of PP and ST may be
In a "bottom-up" approach.
5.5 Read and understand the protection profile and safety goals
5.5.1 Brief description
The content of this section may not be provided to experts who already have the knowledge of GB/T 18336-2015 (all parts), and it is specifically provided to
Those readers who know little about PP and ST, these readers need to read PP or ST to understand the safety capabilities of related products. Of this section
The purpose is to highlight potential omissions or shortcomings that may be hidden within the scope of the assessment.
To learn more about the contents of PP and ST, you can read Appendix A and Appendix B of GB/T 18336.1-2015, which provide relevant safety objectives.
Details of the logo and protection profile. At the same time, you can also check other PP and ST that have been published and commonly used.
PP or ST cannot be summarized by a set of simple attributes, which describe a series of complex security attributes. If you don't read PP carefully
Or ST, when purchasing or using the product, it may cause unexpected situations. If there is no reference to GB/T 18336-2015 (all parts)
With in-depth understanding, it is almost difficult to understand some parts of PP or ST. Some of the more understandable chapters in PP or ST contain the key
The information can be used to understand the security attributes required by PP or the products described by ST.
Relevant and easy-to-read chapters include.
a) TOE overview;
b) TOE description;
c) Security purpose in the operating environment;
d) Declaration of conformity.
5.5.2 Read TOE overview
When reading PP or ST, it is generally necessary to read the TOE overview first, because "The purpose of the TOE overview is to help the potential consumption of TOE
In addition, they search for the evaluated TOE or product list to find that their hardware, software, and firmware may meet their security needs.
TOE supported by software”. (See A.4.2 of GB/T 18336.1-2015).
The TOE overview consists of three important parts.
a) The purpose and main safety features of TOE;
b) TOE type;
c) Non-TOE hardware/software/firmware required.
...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20283-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 20283-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 20283-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20283-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|