HOME   Cart(1)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 25063-2010 English PDF

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 25063-2010EnglishRFQ ASK 6 days [Need to translate] Information security technology -- Testing and evaluation requirement for server security Obsolete GB/T 25063-2010

PDF similar to GB/T 25063-2010


Standard similar to GB/T 25063-2010

GB/T 25068.1   GB/T 25058   GB/T 25070   GB/T 25068.4   GB/T 25069   GB/T 25068.3   

Basic data

Standard ID GB/T 25063-2010 (GB/T25063-2010)
Description (Translated English) Information security technology -- Testing and evaluation requirement for server security
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.020
Word Count Estimation 35,352
Date of Issue 2010-09-02
Date of Implementation 2011-02-01
Quoted Standard GB/T 5271.8-2001; GB 17859-1999; GB/T 21028-2007
Regulation (derived from) Announcement of Newly Approved National Standards No. 4 of 2010 (total 159)
Issuing agency(ies) General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China
Summary This standard specifies the server security assessment requirements, including the first level, second level, third level and fourth -level server security evaluation requirements. This standard does not specify the fifth level server security evaluation of the specific content requirements. This standard applies to information security evaluation agencies degree of protection from the point of view of server security evaluation work carried out. Information systems department and operational use of units, servers, hardware and software manufacturers can use and reference.

GB/T 25063-2010: Information security technology -- Testing and evaluation requirement for server security


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology.Testing and evaluation requirement for server security ICS 35.020 L80 National Standards of People's Republic of China Information Security Technology Server security evaluation requirements 2010-09-02 release 2011-02-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of the People 's Republic of China China National Standardization Management Committee released Directory Preface III Introduction IV 1 Scope 1 2 normative reference document 1 3 terms and definitions, abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 1 4 first level safety assessment 2 4.1 hardware system 2 4.2 operating system 2 4.3 database management system 3 4.4 Application System 3 4.5 safe operation 4 4.6 SSOS self-protection 4 4.7 SSOS design and implementation 4 4.8 SSOS Security Management 5 5 second level safety assessment 5 5.1 Hardware system 5 5.2 operating system 6 5.3 database management system 7 5.4 Application System 8 5.5 Operational safety 9 5.6 SSOS own security protection 10 5.7 SSOS design and implementation 5.8 SSOS Security Management 10 6 Level 3 Safety Assessment 6.1 Hardware system 11 6.2 operating system 11 6.3 database management system 13 6.4 Application System 6.5 Operational safety 18 6.6 SSOS own security protection 18 6.7 SSOS design and implementation 6.8 SSOS Security Management 19 7 Level 4 Safety Assessment 7.1 Hardware system 19 7.2 operating system 20 7.3 database management system 7.4 Application System 7.5 Operational safety 27 7.6 SSOS own security protection 28 7.7 SSOS design and implementation 29 7.8 SSOS Security Management 29 8 Level 5 Safety Assessment Reference 30

Foreword

This standard by the National Information Security Standardization Technical Committee proposed and centralized. The drafting unit. Tide Group Co., Ltd., Ministry of Public Security Computer Information System Security Product Quality Supervision and Inspection Center. The main drafters of this standard. Huang Tao, Sun Dajun, Liu Gang, Shen Liang, Li Qingyu, Yan Bin, Gu Jian, Gu Wei.

Introduction

This standard is in line with GB/T 21028-2007 supporting the evaluation criteria to guide the evaluation staff from the information security level protection angle The evaluation of server security. This standard in accordance with GB/T 21028-2007 on the server 5 security level division requirements, respectively, from the hardware system, operation System, database management system, application system, operational security, SSOS own security, SSOS design and implementation and SSOS security management And other aspects of the eight different levels of security requirements of the server. With regard to the step-by-step increase in server security evaluation requirements for different security levels, in the descriptions of Chapters 4 through 7, each level is added Part with "bold". Information Security Technology Server security evaluation requirements

1 Scope

This standard specifies the evaluation criteria for server security, including the first, second, third and fourth level server security evaluation requirements. This standard does not specify the specific requirements of the fifth level server security assessment. This standard is applicable to the evaluation of the security of the server from the perspective of information security level protection. The main information system Management departments and operating units, the server hardware and software manufacturers can also refer to the use.

2 normative reference documents

The terms of the following documents are hereby incorporated by reference into this standard. Whichever is the date of the reference file, which is followed by all (Not including corrigenda) or revisions are not applicable to this standard, however, encourage the parties to reach an agreement under this standard Whether you can use the latest version of these files. For dated references, the latest edition of the document is applicable to this standard. GB/T 5271.8-2001 Information technology - Vocabulary - Part 8. Security (ISO /IEC 2382-8..1998, IDT) Classification rules for the classification of security levels for computer information systems GB 17859-1999 Information security technology - Server security - Technical requirements GB/T 3 terms and definitions, abbreviations 3.1 Terms and definitions GB/T 5271.8-2001, GB 17859-1999 and GB/T 21028-2007 established and the following terms and definitions apply to This standard. 3.1.1 Check the examination Evaluation of the evaluation of objects using observation, inspection, analysis and other methods of static assessment activities. 3.1.2 Testing The evaluator follows the relevant process and uses a predetermined method/tool to measure the object to produce a specific behavior. 3.1.3 Evaluation According to the inspection and testing of the information obtained by the evaluation of the object to conduct a comprehensive analysis to determine whether the technical requirements are consistent activity. 3.2 abbreviations SSOS server security subsystem securitysubsystemofserver SSF SSOS Security Function SSOSsecurityfunction SFP security function strategy securityfunctionpolicy SSC SSF control range SSFscopeofcontrol SSP SSOS security policy SSOSsecuritypolicy