HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (11 Jan 2025)

GB/T 21028-2007 English PDF

GB/T 21028-2007_English: PDF (GB/T21028-2007)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 21028-2007English380 Add to Cart 0--9 seconds. Auto-delivery Information security technology -- Security techniques requirement for server Obsolete GB/T 21028-2007


BASIC DATA
Standard ID GB/T 21028-2007 (GB/T21028-2007)
Description (Translated English) Information security technology. Security techniques requirement for server
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 33,381
Date of Issue 2007-06-29
Date of Implementation 2007-12-01
Drafting Organization Langchao Electronic Information Industry Co., Ltd.
Administrative Organization National Standardization Technical Committee for Information Security
Regulation (derived from) China National Standard Announcement 2007 No.7 (Total No.107) - National-Standard-Commission
Proposing organization National Safety Standardization Technical Committee
Issuing agency(ies) Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China; Standardization Administration of China
Summary This standard specifies the server needed safety requirements, different security technologies and security requirements of each level. This standard applies to the design level of server security level by five GB 17859-1999 demands being conducted, realization, purchase and use. Five test according to GB 17859-1999 security level requirements for server security conducted, management may refer to use.


GB/T 21028-2007 NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information Security Technology – Security Techniques Requirements for Server ISSUED ON: JUNE 29, 2007 IMPLEMENTED ON: DECEMBER 01, 2007 Issued by: General Administration of Quality Supervision, Inspection and Quarantine Standardization Administration of PRC. Table of Contents Foreword ... 4 Introduction ... 5 1 Scope ... 6 2 Normative References ... 6 3 Terms, Definitions and Abbreviations ... 7 3.1 Terms and definitions ... 7 3.2 Abbreviation ... 8 4 Requirements for Server Security Function ... 8 4.1 Device security ... 8 4.1.1 Device label ... 8 4.1.2 Support for reliable operation of device ... 9 4.1.3 Monitoring the working status of the device ... 9 4.1.4 Device electromagnetic protection ... 9 4.2 Operation security... 9 4.2.1 Security monitoring ... 9 4.2.2 Security audit ... 10 4.2.3 Malicious code protection ... 13 4.2.4 Backup and fault recovery ... 13 4.2.5 Trusted technical support ... 14 4.2.6 Trusted timestamp ... 14 4.3 Data security ... 15 4.3.1 ID authentication ... 15 4.3.2 Discretionary access control ... 16 4.3.3 Label ... 17 4.3.4 Mandatory access control ... 19 4.3.5 Data integrity ... 21 4.3.6 Data confidentiality ... 21 4.3.7 Dataflow control ... 22 4.3.8 Trusted path ... 22 5 Requirements of Server Security Classification ... 23 5.1 Level-1: user discretionary protection level ... 23 5.1.1 Security function requirements ... 23 5.1.2 Security assurance requirements ... 25 5.2 Level-2: system audit protection level ... 26 5.2.1 Security function requirements ... 26 5.2.2 Security assurance requirements ... 30 5.3 Level-3: security label protection level ... 31 5.3.1 Security function requirements ... 31 5.3.2 Security assurance requirements ... 36 5.4 Level-4: structured protection level ... 38 5.4.1 Security function requirements ... 38 5.4.2 Security assurance requirements ... 44 5.5 Level-5: access verification protection level ... 45 5.5.1 Security function requirements ... 45 5.5.2 Security assurance requirements ... 51 Appendix A (Informative) Relevant Concept Explanation ... 53 A.1 Composition and interrelationship ... 53 A.2 Special requirements for server security ... 53 A.3 Further explanation of subject and object ... 54 A.4 SSOS, SSF, SSP, SFP, and their relationships ... 55 A.5 Explanation on cryptographic technique ... 55 A.6 Explanation on electromagnetic protection ... 55 Bibliography ... 56 Information Security Technology – Security Techniques Requirements for Server 1 Scope This Standard specifies, based on the five security protection levels specified in GB 17859-1999, the security technical requirements required by the server and the different security technical requirements for each security protection level. This Standard is applicable to the design, implementation, purchase and use of the hierarchical server in accordance with the requirements of the five security protection levels specified in GB 17859-1999. The testing and management of server security according to the requirements of the five security protection levels specified in GB 17859-1999 can be referred to. 2 Normative References The provisions in following documents become the provisions of this Standard through reference in this Standard. For dated references, the subsequent amendments (excluding corrigendum) or revisions do not apply to this Standard, however, parties who reach an agreement based on this Standard are encouraged to study if the latest versions of these documents are applicable. For undated references, the latest edition of the referenced document applies. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System GB/T 20272-2006 Information Security Technology - Security Techniques Requirement for Operating System GB/T 20273-2006 Information Security Technology - Security Techniques Requirement for Database Management System GB/T 20520-2006 Information Security Technology - Public Key Infrastructure - Time Stamp Specification use, etc.; and provide monitoring data analysis functions, if necessary. 4.2.1.2 Network security monitoring The server shall monitor the incoming and outgoing network data flow in real time at its network interface unit. According to the different requirements of different security level against the network security monitoring, the network security monitoring shall: a) Do not depend on the server operating system, and is not unavailable due to the non-power-off failure of the server; b) The incoming and outgoing network data flow is tested according to the established security policies and rules; c) Support security policies and rules for user-defined network security monitoring; d) Have the function of monitoring the classification of network application behavior, and have the ability to provide alarm and interruption according to the security policies; e) Provide centralized management functions in order to receive the security policies and rules issued by the network security monitoring centralized management platform; and provide audit data source to the network security monitoring centralized management platform. 4.2.2 Security audit 4.2.2.1 Response of security audit The security audit SSF shall respond to the audit events as follows: a) Audit log records: when a security invasion event is detected, the audit data shall be recorded in the audit log; b) Real-time alarm generation: when a security invasion event is detected, the real- time alarm information shall be generated, and alarm selectively according to the setting of the alarm switch; c) Termination of the offending process: when a security invasion event is detected, the offending process shall be terminated; d) Service cancellation: when a security invasion event is detected, the current service shall be cancelled; e) User account disconnection and invalidation: when a security invasion event is detected, the current user account shall be disconnected, and invalidated. current activities and the established usage model. When the user’s challenge level exceeds the threshold condition, it can indicate that a threat to security is about to occur. c) Simple attack detection: it can detect the occurrence of the signature events that pose a significant threat to the implementation of SSF. Thus, the SSF shall maintain and indicate the internal representation of the signature events that invaded the SSF; compare the detected system behavior records and the signature events, when a match is found between the two ones, then an attack on the SSF is imminent. d) Complex attack detection: on the basis of the above simple attack detection, multiple steps of invasion can be detected; a complete invasion situation can be simulated based on a known sequence of events; point out a signature event or time for event sequence that indicate a potential invasion of the SSF. 4.2.2.4 Security audit review According to the different requirements of different security levels against the security audit review, the security audit review can be divided into: a) Basic audit review: provide the ability to read information from audit records, namely, provide the ability for the authorized user to obtain and interpret the audit information. When the user is a person, the information must be expressed in a human-readable manner; when the user is an external IT entity, the audit information must be expressed electronically without ambiguity. b) Limited audit review: on the basis of basic audit review, the users without read and access rights shall be prohibited from reading audit information. c) Optional audit review: on the basis of limited audit review, it shall have the function of selecting audit data to be reviewed according to criteria; and provide the ability to search, classify, sort audit data according to some logical relationship standard. 4.2.2.5 Selection of security audit event Auditable events shall be selected according to the following attributes: a) Object ID, user ID, subject ID, host ID, and event type; b) Additional attributes that serve as the basis for audit selectivity. 4.2.2.6 Storage of security audit event According to the different requirements of different security levels against the security audit event, the storage of security audit event is divided into: b) Incremental information backup and recovery: it shall provide the function of regularly backing up newly added information in the operating system, database system and application system; when some information in the system is lost or destroyed due to some reasons, user is provided with the function of information recovery according to the information reserved by the incremental information backup; c) Local system backup and recovery: it shall provide the function of regularly backing up the operating status of some important local system sin the operating system, database system and application system; when certain local system occurs failure due to some reasons, user shall be provided with the function of local system recovery according to the operating status reserved by the local system backup; d) System-wide backup and recovery: it shall provide the function of backing up the system-wide operating status of important servers; when the system-wide failure of server occurs due to some reasons, user shall provide support for the system- wide recovery according to the operating status reserved by the system-wide backup; e) Tightly coupled cluster structure: the key servers shall adopt multi-server tightly coupled cluster structure, so that ensure when one of the servers occurs failure and stops operating, the business application system can run uninterrupted on the remaining servers; f) Remote backup and recovery: for key servers, remote backup and recovery functions shall be set up according to the different requirements of business continuity to ensure that when the server is interrupted due to catastrophic failure, the business application system can restore operation within the required time range. 4.2.5 Trusted technical support By setting up a password-based trusted technical support module on the server, in order to establish a trusted chain on the server from system booting and loading to application services, so that ensure the authenticity of various running program, and provide the support for security functions such as realizing the data confidentiality and integrity protection by using password mechanisms, as well as for the authentication of server user ID, and connected device authentication. 4.2.6 Trusted timestamp The server shall provide a reliable clock and clock synchronization system for its operation; and provide a trusted timestamp service according to the requirement of GB/T 20520-2006. classification are the basis for implementing multilevel security model. 4.3.3.3 Output of label When data is output from the SSC inside to the outside its control scope, the sensitive labels of the data may be retained or not retained as required. According to the different requirements of different security levels against the label output, the label output can be divided into: a) Output of user data without sensitive label: when outputting user data outside the SSC under the control of SFP, there shall be no sensitive label associated with the data; b) Output of user data with sensitive label: when outputting user data outside the SSC under the control of SFP, there shall be sensitive label associated with the data; and ensure that the sensitive label is associated with the output data. 4.3.3.4 Input of label When data is input from outside the SSF control scope to its inside control scope, there shall be corresponding sensitive label so that the input data can be protected. According to the different requirements of different security levels against the label input, the label input can be divided into: a) Input of user data without sensitive label: the SSF shall: --- When inputting user data from outside the SSC under the control of SFP, the access control of SFP shall be performed; --- Omit any sensitive labels related to data input from outside the SSC; --- Implement additional input control rules and set sensitive label for input data. b) Input of user data with sensitive label: the SSF shall: --- When inputting user data from outside the SSC under the control of SFP, the access control SFP shall be performed; --- The SSF shall use the sensitive label related to the input data; --- The SSF shall provide the exact link between the sensitive label and the received user data; --- The SSF shall ensure that the interpretation of sensitive label for the input user data is consistent with the interpretation of the original sensitive label. For the user data transmitted between different SSFs or between users on different SSFs, according to the different confidentiality requirements of different data types, perform the confidentiality protection at different level, ensuring the data is not leaked or stolen during transmission. 4.3.6.3 Security reuse of object In a system that dynamically manages resources, the remaining information in the object resources (recording media such as registers, memory and disks) shall not cause information leakage. According to the different requirements of different security levels against the user data confidentiality protection, the security reuse of object includes: a) Subset information protection: the object resources of a certain subset within the scope of SSOS security control, when released and reassigned to certain user or a process running on behalf of such user, shall not leak the original information of such object; b) Complete information protection: all object resources within the scope of SSOS security control, when released and reassigned to certain user or a process running on behalf of such user, shall not leak the original information of such object; c) Special information protection: on the basis of complete information protection, for certain information that requires special protection, special methods shall be taken to completely remove the residual information in the object resources, such as the removal of residual magnetism. 4.3.7 Dataflow control In a server that implements the data flow in a dataflow manner, the dataflow control mechanism shall be used to achieve the security control of data flow, and prevent data information with a high-level security from flowing the low-level areas. 4.3.8 Trusted path The trusted path between the user and the SSF shall: a) Provide true endpoint identification; and protect the communication data from modification and leakage; b) Initiate the communication using the trusted path by SSF itself, local user or remote user; c) Use trusted path for identification of the original user or the requirements for other services of the trusted path. According to the requirements in 5.1.1 of GB/T 20273-2006, design, achieve and purchaser the database management system required by the server at the user discretionary protection level from the following aspects: a) ID authentication: according to the description in 4.3.1, ensure the uniqueness and authenticity of the ID of user logged in the database management system; b) Discretionary access control: according to the description in 4.3.2, control the access of the database management system; allow the legitimate operations and deny the illegal operations; c) Data integrity: according to the description in 4.3.5, the user data transmitted within the database management system shall be provided with functions to ensure the integrity of the user data. 5.1.1.4 Application system 5.1.1.4.1 ID authentication According to the description in 4.3.1, as per the requirements of 6.1.3.1 in GB/T 20271-2006, design and achieve the ID authentication function of the application system from the following aspects: a) ID identification: any user who needs to enter the application system shall be identified (create an account); the user identification of the application system generally sues a user name or user identifier (UID); b) ID authentication: use password for authentication; authentication is performed every time a user logs in to the application system; the password shall be invisible, and securely protected when stored; for the users registered in the application system, associate the user with its served subject through the user-subject binding function. 5.1.1.4.2 Discretionary access control According to the description in 4.3.2, as per the requirements in 6.1.3.2 of GB/T 20271-2006, design and achieve the discretionary access control function of the application system from the following aspects: a) Allow the named users to control the sharing of the objects as users and/or user groups and prevent the unauthorized users from sharing objects; b) The granularity of discretionary access control is coarse-grained. 5.1.1.4.3 Data integrity b) Distribution and operation: according to the requirements in 6.1.5.2 of GB/T 20271-2006, achieve the distribution and operation of server user discretionary operation level; c) Development: according to the requirements in 6.1.5.3 of GB/T 20271-2006, achieve the development of server user discretionary protection level; d) Guidance documents: according to the requirements in 6.1.5.4 of GB/T 20271-2006, achieve the guidance documents of server user discretionary protection level; e) Life cycle support: according to the requirements in 6.1.5.5 of GB/T 20271- 2006, achieve the life cycle support of server user discretionary protection level; f) Test: according to the requirements in 6.1.5.6 of GB/T 20271-2006, achieve the test of server user discretionary protection level. 5.1.2.3 SSOS security management According to the requirements of 6.1.6 of GB/T 20271-2006, achieve the SSOS security management of server user discretionary protection level. 5.2 Level-2: system audit protection level 5.2.1 Security function requirements 5.2.1.1 Hardware system 5.2.1.1.1 Device label According to the requirements of device labels and component labels in 4.1.1, design and achieve the security function of server device labels; and take protective measures for the labels (such as stamping the official seal). 5.2.1.1.2 Support for reliable operation of device According to the requirements of basic operation support and security available support in 4.1.2, design and achieve the security function supported by the reliable operation of server device. The minimum configuration of server hardware shall meet the requirements of software system operation; the key components (including hard disk, motherboard, memory, processor, network card, etc.) shall be matched with their labels, ensure their security, and prevent the replacement and removal; the chassis panel shall be protected, for instance lock protection. 5.2.1.1.3 Electromagnetic protection of device According to the requirements of host software protection in 4.2.3, design and achieve the malicious code protection functions. 5.2.1.5.2 Backup and failure recovery According to the requirements of self-information backup and recovery, incremental information backup and recovery, and local system backup and recovery in 4.2.4, design and achieve the server backup and failure recovery functions. 5.2.2 Security assurance requirements 5.2.2.1 SSOS self-security protection a) SSF physical security protection: it should, according to the requirements in 6.2.4.1 of GB/T 20271-2006, achieve the SSF physical security protection of server system audit protection level; b) SSF operation security protection: it should, according to the requirements in 6.2.4.2 of GB/T 20271-2006, achieve the SSF operation security protection of server system audit protection level; c) SSF data security protection: it should, according to the requirements in 6.2.4.3 of GB/T 20271-2006, achieve the SSF data security protection of server system audit protection level; d) Resource utilization: it should, according to the requirements in 6.2.4.4 of GB/T 20271-2006, achieve the resource utilization of server system audit protection level; e) SSOS access control: it should, according to the requirements in 6.2.4.5 of GB/T 20271-2006, achieve the SSOS access control of server system audit protection level. 5.2.2.2 SSOS design and achievement a) Configuration management: it should, according to the requirements in 6.2.5.1 of GB/T 20271-2006, achieve the configuration management of server system audit protection level; b) distribution and operation: it should, according to the requirements in 6.2.5.2 of GB/T 20271-2006, achieve the distribution and operation of server system audit protection level; c) Development: it should, according to the requirements in 6.2.5.3 of GB/T 20271- 2006, achieve the development of server system audit protection level; d) Guidance document: it should, according to the requirements in 6.2.5.4 of GB/T authentication/token-based dynamic password authentication/ biometric authentication/digital certificate authentication and other mechanisms are used for ID authentication; authentication shall be performed every time the user logs in the application system; the authentication information shall be invisible; encryption technology shall be taken to protect the authentication information; for users registered in the application system, users shall be associated with the served subjects through the user-subject binding function. 5.3.1.4.2 Discretionary access control It shall, according to the description in 4.3.2, as per the requirements in 6.3.3.3 of GB/T 20271-2006, design and achieve the discretionary access control of application system from the following aspects: a) Allow the named users to control the sharing of the objects as users; and prevent the unauthorized users form sharing objects; b) Use the access control list to access, control and determine the subjects’ access permissions to the objects; c) The granularity of discretionary access control shall be medium granularity; d) The discretionary access control shall be combined with ID authentication and audit; through confirming the authenticity of the user’s ID and recording various successful and unsuccessful accesses by the user, so that the users can assume clear responsibility for their actions. 5.3.1.4.3 Label It shall, according to the description in 4.3.3, as per the requirements in 6.3.3.4 of GB/T 20271-2006, design and achieve the label function of the application system from the following aspects: a) The sensitivity label of the application system users shall be set by the system security officer after the user creates a registered account; b) The sensitive label of the application system object shall be generated by default or by security officer through the operation interface when the data is entered into the security control scope. 5.3.1.4.4 Mandatory access control It shall, according to the description in 4.3.4, as per the requirements in 6.3.3.5 of GB/T 20271-2006, design and achieve the mandatory access control function of the application system from the following aspects: a) The scope of the mandatory access control shall be limited to the defined system form the following aspects: a) When accessing the service, check the integrity of the user data submitted to the application system as a string; b) For the data transmission within the application system, for instance, inter- process communication, the functions ensuring the data integrity shall be provided; c) For the user data processed in the application system, corresponding security functions hall be designed according to the requirements of rollback; perform the transaction rollback of the abnormal conditions to ensure the integrity of the data. 5.3.1.4.8 Data confidentiality It shall, according to the description in 4.3.6, as per the requirements in 6.3.3.8 of GB/T 20271-2006, design and achieve the user data confidentiality function of the application system. 5.3.1.5 Safe operation 5.3.1.5.1 Security monitoring According to the requirements of host security monitoring and network security monitoring in 4.2.1, design and achieve the server security monitoring functions. 5.3.1.5.2 Malicious code protection According to the requirements of host software protection and overall protection in 4.2.3, design and achieve the malicious code protection functions. 5.3.1.5.3 Backup and failure recovery According to the requirements of user self-information backup and recovery, incremental information backup and recovery, local system backup and recovery, and full system backup and recovery in 4.2.4, design and achieve the server backup and failure recovery functions. 5.3.1.5.4 Trusted timestamp According to the requirements of trusted timestamp in 4.2.6, design and achieve the trusted timestamp functions of server. 5.3.2 Security assurance requirements 5.3.2.1 SSOS self-security protection a) SSF physical security protection: it shall, according to the requirements in 5.3.2.3 SSOS management It shall, according to the requirements in 6.3.6 of GB/T 20271-2006, achieve the SSOS security management of server security label protection level. 5.4 Level-4: structured protection level 5.4.1 Security function requirements 5.4.1.1 Hardware system 5.4.1.1.1 Device label It shall, according to the requirements of device label and component label in 4.1.1, design and achieve the security functions of server device label; take protective measures (for instance, stamping official seal) on the label; the component label shall take the digital label. 5.4.1.1.2 Support of device reliable operation It shall, according to the requirements of basic operation support, security available support, and uninterrupted operation support in 4.1.2, design and achieve the security functions of server device reliable operation support; the minimum configuration of the server hardware shall meet the requirements of software system operation; key components shall be matched with their labels to ensure their security, and prevent the replacement and removal; the chassis panel shall be provided protective measures. Uninterpreted operation requirements shall satisfy the key components with security functions such as fault tolerance, redundancy, and hot plugging, etc. Components that support the hot plugging function include hard disk, fan, power supply, PCI adapter, network card, memory, CUP, et...... ......

Similar standards: GB/T 15843.2-2024  GB/T 15843.4-2024  GB/T 15852.2-2024  
Similar PDFs (Auto-delivered in 9 seconds): GB/T 20984-2022  GB/T 20281-2020  GB/T 20281-2015  GB/T 20279-2015  GB/T 20278-2013