US$6914.00 · In stock Delivery: <= 25 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 30270-2024: Cybersecurity technology - Methodology for IT security evaluation Status: Valid GB/T 30270: Evolution and historical versions
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
GB/T 30270-2024 | English | 6914 |
Add to Cart
|
25 days [Need to translate]
|
Cybersecurity technology - Methodology for IT security evaluation
| Valid |
GB/T 30270-2024
|
GB/T 30270-2013 | English | RFQ |
ASK
|
10 days [Need to translate]
|
Information technology -- Security technology -- Methodology for IT security evaluation
| Obsolete |
GB/T 30270-2013
|
PDF similar to GB/T 30270-2024
Basic data Standard ID | GB/T 30270-2024 (GB/T30270-2024) | Description (Translated English) | Cybersecurity technology - Methodology for IT security evaluation | Sector / Industry | National Standard (Recommended) | Classification of Chinese Standard | L80 | Classification of International Standard | 35.030 | Word Count Estimation | 346,383 | Date of Issue | 2024-04-25 | Date of Implementation | 2024-11-01 | Older Standard (superseded by this standard) | GB/T 30270-2013 | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 30270-2024: Cybersecurity technology - Methodology for IT security evaluation---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030
CCSL80
National Standards of People's Republic of China
Replace GB/T 30270-2013
Cybersecurity Technology
Information Technology Security Assessment Methods
Released on 2024-04-25
2024-11-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of Contents
Preface IX
Introduction Ⅹ
1 Scope 1
2 Normative references 1
3 Terms and Definitions 2
4 Abbreviations 4
5 Writing style 5
6 Verb Usage 5
7 Overall Assessment Guidelines 5
8 Relationship between ISO /IEC 15408 and the structure of this document 6
9 Evaluation process and related tasks 6
9:1 Overview 6
9:2 Overview of the evaluation process 7
9:2:1 Purpose 7
9:2:2 Role Responsibilities 7
9:2:3 Role Relationship 7
9:2:4 General evaluation model 7
9:2:5 Assessor's decision 8
9:3 Evaluating Input Tasks 9
9:3:1 Purpose 9
9:3:2 Application Notes 9
9:3:3 Management of the Evidence Assessment Subtask 9
9:4 Evaluation sub-activity 10
9:5 Evaluation Output Task 10
9:5:1 Purpose 10
9:5:2 Evaluation Output Management 10
9:5:3 Application Note 10
9:5:4 Writing OR subtask 10
9:5:5 Writing ETR subtask 11
10 APE category: PP assessment 18
10:1 Overview 18
10:2 Reuse of certified PP assessment results 18
10:3 PP Introduction (APE_INT) 18
10:3:1 Assessment sub-activity (APE_INT:1) 18
10:4 Declaration of Conformity (APE_CCL) 19
10:4:1 Assessment sub-activity (APE_CCL:1) 19
10:5 Security Problem Definition (APE_SPD) 27
10:5:1 Assessment sub-activity (APE_SPD:1) 27
10:6 Security Objectives (APE_OBJ) 28
10:6:1 Assessment sub-activity (APE_OBJ:1) 28
10:6:2 Assessment sub-activity (APE_OBJ:2) 29
10:7 Extended Component Definition (APE_ECD) 31
10:7:1 Evaluation sub-activity (APE_ECD:1) 31
10:8 Security Requirements (APE_REQ) 34
10:8:1 Assessment sub-activity (APE_REQ:1) 34
10:8:2 Assessment sub-activity (APE_REQ:2) 38
11 ACE category: PP configuration evaluation 42
11:1 Overview 42
11:2 PP-Module Introduction (ACE_INT) 43
11:2:1 Evaluation sub-activity (ACE_INT:1) 43
11:3 PP-Module Declaration of Conformity (ACE_CCL) 45
11:3:1 Sub-activity evaluation (ACE_CCL:1) 45
11:4 PP-Module Security Problem Definition (ACE_SPD) 48
11:4:1 Evaluation sub-activity (ACE_SPD:1) 48
11:5 PP-Module Security Objective (ACE_OBJ) 49
11:5:1 Evaluation sub-activity (ACE_OBJ:1) 49
11:5:2 Evaluation sub-activity (ACE_OBJ:2) 50
11:6 PP-Module Extension Component Definition (ACE_ECD) 52
11:6:1 Evaluation sub-activity (ACE_ECD:1) 52
11:7 PP-Module Safety Requirements (ACE_REQ) 55
11:7:1 Evaluation sub-activity (ACE_REQ:1) 55
11:7:2 Evaluation sub-activity (ACE_REQ:2) 59
11:8 PP-Module Conformance (ACE_MCO) 63
11:8:1 Evaluation sub-activity (ACE_MCO:1) 63
11:9 PP-Configuration Consistency (ACE_CCO) 66
11:9:1 Evaluation sub-activity (ACE_CCO:1) 66
12 ASE Category: Safety Objective Assessment 73
12:1 Overview 73
12:2 Application Note 73
12:2:1 Reusing the evaluation results of a certified PP 73
12:3 ST Introduction (ASE_INT) 73
12:3:1 Evaluation sub-activity (ASE_INT:1) 73
12:4 Declaration of Conformity (ASE_CCL) 76
12:4:1 Evaluation sub-activity (ASE_CCL:1) 76
12:5 Security Problem Definition (ASE_SPD) 86
12:5:1 Evaluation sub-activity (ASE_SPD:1) 86
12:6 Security Objectives (ASE_OBJ) 87
12:6:1 Evaluation sub-activity (ASE_OBJ:1) 87
12:6:2 Evaluation sub-activity (ASE_OBJ:2) 88
12:7 Extended Component Definition (ASE_ECD) 90
12:7:1 Evaluation sub-activity (ASE_ECD:1) 90
12:8 Security Requirements (ASE_REQ) 93
12:8:1 Evaluation sub-activity (ASE_REQ:1) 93
12:8:2 Evaluation sub-activity (ASE_REQ:2) 97
12:9 TOE Summary Specification (ASE_TSS) 102
12:9:1 Evaluation sub-activity (ASE_TSS:1) 102
12:9:2 Evaluation sub-activity (ASE_TSS:2) 102
12:10 Composite Product Safety Objective Conformance (ASE_COMP) 103
12:10:1 Overview 103
12:10:2 Evaluation sub-activity (ASE_COMP:1) 104
13 ADV category: Development 107
13:1 Overview 107
13:2 Application Note 107
13:3 Security Architecture (ADV_ARC) 108
13:3:1 Evaluation sub-activity (ADV_ARC:1) 108
13:4 Functional Specification (ADV_FSP) 111
13:4:1 Evaluation sub-activity (ADV_FSP:1) 111
13:4:2 Evaluation sub-activity (ADV_FSP:2) 114
13:4:3 Evaluation sub-activity (ADV_FSP:3) 117
13:4:4 Evaluation sub-activity (ADV_FSP:4) 121
13:4:5 Evaluation sub-activity (ADV_FSP:5) 125
13:4:6 Evaluation sub-activity (ADV_FSP:6) 130
13:5 Implementation Representation (ADV_IMP) 130
13:5:1 Evaluation sub-activity (ADV_IMP:1) 130
13:5:2 Evaluation sub-activity (ADV_IMP:2) 132
13:6 TSF Internal (ADV_INT) 134
13:6:1 Evaluation sub-activity (ADV_INT:1) 134
13:6:2 Evaluation sub-activity (ADV_INT:2) 136
13:6:3 Evaluation sub-activity (ADV_INT:3) 137
13:7 Security Policy Model (ADV_SPM) 139
13:7:1 Evaluation sub-activity (ADV_SPM:1) 139
13:8 TOE Design (ADV_TDS) 144
13:8:1 Evaluation sub-activity (ADV_TDS:1) 144
13:8:2 Evaluation sub-activity (ADV_TDS:2) 147
13:8:3 Evaluation sub-activity (ADV_TDS:3) 150
13:8:4 Evaluation sub-activity (ADV_TDS:4) 157
13:8:5 Evaluation sub-activity (ADV_TDS:5) 164
13:8:6 Evaluation Sub-Activity (ADV_TDS:6) 170
13:9 Composite Design Compliance (ADV_COMP) 170
13:9:1 Overview 170
13:9:2 Evaluation sub-activity (ADV_COMP:1) 171
14 AGD category: Guidance documents 172
14:1 Overview 172
14:2 Application Notes 173
14:3 Operation User Guide (AGD_OPE) 173
14:3:1 Evaluation sub-activity (AGD_OPE:1) 173
14:4 Preparation procedure (AGD_PRE) 175
14:4:1 Evaluation sub-activity (AGD_PRE:1) 175
15 ALC Class: Life Cycle Support 177
15:1 Overview 177
15:2 CM Capability (ALC_CMC) 177
15:2:1 Evaluation sub-activity (ALC_CMC:1) 177
15:2:2 Evaluation sub-activity (ALC_CMC:2) 178
15:2:3 Evaluation sub-activity (ALC_CMC:3) 179
15:2:4 Evaluation sub-activity (ALC_CMC:4) 182
15:2:5 Evaluation sub-activity (ALC_CMC:5) 186
15:3 CM Range (ALC_CMS) 192
15:3:1 Evaluation sub-activity (ALC_CMS:1) 192
15:3:2 Evaluation sub-activity (ALC_CMS:2) 193
15:3:3 Evaluation sub-activity (ALC_CMS:3) 193
15:3:4 Evaluation sub-activity (ALC_CMS:4) 194
15:3:5 Evaluation sub-activity (ALC_CMS:5) 195
15:4 Delivery (ALC_DEL) 196
15:4:1 Evaluation sub-activity (ALC_DEL:1) 196
15:5 Development Security (ALC_DVS) 207
15:5:1 Evaluation sub-activity (ALC_DVS:1) 197
15:5:2 Evaluation sub-activity (ALC_DVS:2):199
15:6 Defect Correction (ALC_FLR):201
15:6:1 Evaluation sub-activity (ALC_FLR:1):201
15:6:2 Evaluation sub-activity (ALC_FLR:2) 203
15:6:3 Evaluation sub-activity (ALC_FLR:3) 206
15:7 Lifecycle Definition (ALC_LCD) 210
15:7:1 Evaluation sub-activity (ALC_LCD:1) 210
15:7:2 Evaluation sub-activity (ALC_LCD:2) 211
15:8 TOE Development Component (ALC_TDA) 212
15:8:1 Evaluation sub-activity (ALC_TDA:1) 212
15:8:2 Evaluation sub-activity (ALC_TDA:2) 215
15:8:3 Evaluation sub-activity (ALC_TDA:3) 218
15:9 Tools and Techniques (ALC_TAT) 221
15:9:1 Evaluation sub-activity (ALC_TAT:1) 221
15:9:2 Evaluation sub-activity (ALC_TAT:2) 223
15:9:3 Evaluation sub-activity (ALC_TAT:3) 225
15:10 Composite Part Integration and Delivery Process Conformity Verification (ALC_COMP) 227
15:10:1 Overview 227
15:10:2 Evaluation sub-activity (ALC_COMP:1) 227
16 ATE category: test 229
16:1 Overview 229
16:2 Application Notes 229
16:2:1 Understanding the Expected Behavior of TOE 230
16:2:2 Testing and Alternative Methods for Verifying Expected Functional Behavior 230
16:2:3 Verification of the adequacy of testing 230
16:3 Coverage (ATE_COV) 231
16:3:1 Evaluation sub-activity (ATE_COV:1) 231
16:3:2 Evaluation sub-activity (ATE_COV:2) 231
16:3:3 Evaluation sub-activity (ATE_COV:3) 232
16:4 Depth (ATE_DPT) 234
16:4:1 Evaluation sub-activity (ATE_DPT:1) 234
16:4:2 Evaluation sub-activity (ATE_DPT:2) 236
16:4:3 Evaluation sub-activity (ATE_DPT:3) 238
16:4:4 Evaluation sub-activity (ATE_DPT:4) 240
16:5 Functional Test (ATE_FUN) 241
16:5:1 Evaluation Sub-Activity (ATE_FUN:1) 241
16:5:2 Evaluation sub-activity (ATE_FUN:2) 243
16:6 Independent Test (ATE_IND) 246
16:6:1 Evaluation sub-activity (ATE_IND:1) 246
16:6:2 Evaluation sub-activity (ATE_IND:2) 249
16:6:3 Evaluation sub-activity (ATE_IND:3) 253
16:7 Composite Function Test (ATE_COMP) 253
16:7:1 Overview 253
16:7:2 Evaluation sub-activity (ATE_COMP:1) 253
17 AVA category: vulnerability assessment 254
17:1 Overview 254
17:2 Vulnerability Analysis (AVA_VAN) 254
17:2:1 Evaluation sub-activity (AVA_VAN:1) 254
17:2:2 Evaluation sub-activity (AVA_VAN:2) 258
17:2:3 Evaluation sub-activity (AVA_VAN:3) 263
17:2:4 Evaluation sub-activity (AVA_VAN:4) 269
17:2:5 Evaluation Sub-Activity (AVA_VAN:5) 274
17:3 Composite Vulnerability Assessment (AVA_COMP) 280
17:3:1 Overview 280
17:3:2 Evaluation sub-activity (AVA_COMP:1) 280
18 ACO Class: Combination 282
18:1 Overview 282
18:2 Application Notes 282
18:3 Combination Basic Principles (ACO_COR) 283
18:3:1 Evaluation sub-activity (ACO_COR:1) 283
18:4 Development Evidence (ACO_DEV) 287
18:4:1 Evaluation Sub-Activity (ACO_DEV:1) 287
18:4:2 Evaluation Sub-Activity (ACO_DEV:2) 288
18:4:3 Evaluation sub-activity (ACO_DEV:3) 289
18:5 Dependencies of Dependent Components (ACO_REL) 291
18:5:1 Evaluation sub-activity (ACO_REL:1) 291
18:5:2 Evaluation sub-activity (ACO_REL:2) 293
18:6 Combined TOE Test (ACO_CTT) 294
18:6:1 Evaluation sub-activity (ACO_CTT:1) 294
18:6:2 Evaluation sub-activity (ACO_CTT:2) 296
18:7 Combined Vulnerability Analysis (ACO_VUL) 299
18:7:1 Evaluation Sub-Activity (ACO_VUL:1) 299
18:7:2 Evaluation Sub-Activity (ACO_VUL:2) 301
18:7:3 Evaluation Sub-Activity (ACO_VUL:3) 304
Appendix A (Informative) General Assessment Guidelines 308
A:1 Purpose 308
A:2 Sampling 308
A:3 Dependencies 309
A:3:1 Overview 309
A:3:2 Dependencies between activities 309
A:3:3 Dependencies between sub-activities 309
A:3:4 Dependencies between behaviors 310
A:4 On-site verification 310
A:4:1 Overview 310
A:4:2 General approach 310
A:5 Guidance on checklists 311
A:5:1 Configuration Management Aspects 311
A:5:2 Development security aspects 311
A:5:3 Checklist Example 312
A:6 Assessment of institutional responsibilities 313
Appendix B (Informative) Vulnerability Assessment (AVA) 315
B:1 What is vulnerability analysis?
B:2 Assessor performs vulnerability analysis 315
B:3 General Vulnerability Guidelines 315
B:3:1 Bypass 316
B:3:2 Tampering 317
B:3:3 Direct Attack 319
B:3:4 Monitoring 319
B:3:5 Misuse of 320
B:4 Identifying Potential Vulnerabilities 320
B:4:1 Encounter Recognition 321
B:4:2 Analysis and identification 321
B:5 Using Attack Potential 323
B:5:1 Developers 323
B:5:2 Evaluator 323
B:6 Calculating Attack Potential 324
B:6:1 Application of attack potential 324
B:6:2 Characterizing Attack Potential 324
B:7 Calculation Example of Direct Attack 329
Appendix C (Informative) Assessment Techniques and Tools 331
C:1 Semiformal and Formal Methods 331
C:1:1 Overview 331
C:1:2 Description style 331
References 334
Foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for standardization work Part 1: Structure and drafting rules for standardization documents"
Drafting:
This document replaces GB/T 30270-2013 "Information Technology Security Technology Information Technology Security Assessment Methods":
Compared with GB/T 30270-2013, in addition to structural adjustments and editorial changes, the main technical changes are as follows:
--- Deleted the "Overview" section (see Chapter 5 of the:2013 edition);
--- Changed "Document Conventions" (see Chapter 5, Chapter 6, Chapter 7, Chapter 8, Chapter 6 of the:2013 edition);
--- Changed "General Assessment Tasks" (see Chapter 9, Chapter 7 of the:2013 edition);
--- Changed "Protection Profile Assessment" (see Chapter 10, Chapter 8 of the:2013 edition);
--- Changed "ASE Category: Safety Objective Assessment" (see Chapter 12, Chapter 9 of the:2013 edition);
--- Changed the "defect correction sub-activity" (see 15:6, Chapter 14 of the:2013 edition);
--- Deleted "EAL1 evaluation", "EAL2 evaluation", "EAL3 evaluation" and "EAL4 evaluation" (see Chapter 10,:2013 edition,
Chapters 11, 12 and 13);
--- Added "ACE Class: PP-Configuration Evaluation", "ADV Class: Development", "AGD Class: Guidance Document", "ALC Class: Life Cycle Support
"ATE: Testing" "AVA: Vulnerability Assessment" "ACO: Combination" (see Chapters 11, 13, 14, and
Chapter 15, Chapter 16, Chapter 17, Chapter 18):
This document is equivalent to ISO /IEC 18045:2022 "Information security, cybersecurity and privacy protection, information technology security assessment criteria"
Information Technology Security Assessment Methodology:
The following minimal editorial changes were made to this document:
--- In order to coordinate with the existing standards, the name of the standard is changed to "Network Security Technology Information Technology Security Assessment Method";
--- For ease of use, the abbreviations appearing in the text are added to the Abbreviations section:
Please note that some of the contents of this document may involve patents: The issuing organization of this document does not assume the responsibility for identifying patents:
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260):
This document was drafted by: China Information Security Evaluation Center, Tsinghua University, Jilin Information Security Evaluation Center, China Network Security Review Technology
Technology and Certification Center, the 15th Institute of China Electronics Technology Group Corporation, China National Accreditation Service for Conformity Assessment, China Electronics Technology Standards
Institute of Chemical Engineering, Institute of Information Engineering, Chinese Academy of Sciences, Beijing Municipal Government Information Security Center, Huawei Technologies Co:, Ltd:, Beijing Topsec
Network Security Technology Co:, Ltd:, Chengdu Weishitong Information Security Technology Co:, Ltd:, China Science and Technology Information Security Common Technology National Engineering Research Center
Co:, Ltd:, Shandong Provincial Institute of Standardization, Shaanxi Provincial Network and Information Security Evaluation Center, China Automotive Engineering Research Institute Co:, Ltd:,
Inspur Electronic Information Industry Co:, Ltd:, H3C Technologies Co:, Ltd:, and Beijing Blue Elephant Standards Consulting Services Co:, Ltd:
The main drafters of this document are: Yang Yongsheng, Bi Haiying, Zhang Baofeng, Shi Hongsong, Ye Xiaojun, Gao Jinping, Deng Hui, Wang Yuhang, Wang Yanan, Jia Wei,
Li Fengjuan, Xu Yuan, Xie Shihua, Guo Hao, Liu Zhanfeng, Zhang Bin, Wang Feng, Dong Jingjing, Wang Hongxian, Niu Xingrong, Li Hong, Shangguan Xiaoli, Zhu Xuefeng, Du Dan,
Liu Yuling, Zhu Kelei, He Hai, Yao Junning, Wang Yan, Tan Ru, Wang Xiaonan, Lei Xiaofeng, Wang Yan, Hu Jianxun, Wen Ming, Liu Jinlin, Li Jun, Zhang Heng,
Yi Pengda, Song Guixiang, Liu Yuhan, Zhu Ruijin, Luo Yang, Mao Junjie, Sun Yafei, Pang Bo, Xiong Qi, Rao Huayi, Wang Beibei, Li Hexin, Huang Xiaoli,
Li Jing, Yang Jing, Wan Xiaolan, and Qiao Huayang:
The previous versions of this document and the documents it replaces are as follows:
---First published in:2013 as GB/T 30270-2013;
---This is the first revision:
Introduction
The target audience of this document is primarily assessors who use ISO /IEC 15408 and certifiers who confirm the performance of assessors, and secondarily assessors:
Origins, developers and authors of protection profiles, PP-modules, PP-configurations, security goals, and other parties interested in IT security:
This document does not address all questions regarding IT security assessments, and some questions may require further explanation: These explanations will be provided by
Each assessment system decides how to proceed, even if they are subject to multilateral mutual recognition agreements:
The table is given in Annex A: This document is intended to be used in conjunction with ISO /IEC 15408:
Cybersecurity Technology
Information Technology Security Assessment Methods
1 Scope
This document describes the procedures that assessors are required to perform when conducting an assessment based on the criteria and assessment evidence defined in ISO /IEC 15408:
The minimum set of rows:
This document applies to assessment activities carried out in accordance with ISO /IEC 15408:
2 Normative references
The contents of the following documents constitute the essential clauses of this document through normative references in this document:
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document:
GB/T 18336:1-2024 Cybersecurity technology Information technology security assessment criteria Part 1: Introduction and general model
(ISO /IEC 15408-1:2022, IDT)
GB/T 18336:2-2024 Cybersecurity technology Information technology security assessment criteria Part 2: Security functional components
(ISO /IEC 15408-2:2022, IDT)
GB/T 18336:3-2024 Cybersecurity technology Information technology security assessment criteria Part 3: Security assurance components
(ISO /IEC 15408-3:2022, IDT)
GB/T 18336:5-2024 Cybersecurity technology Information technology security assessment criteria Part 5: Predefined security requirements package
(ISO /IEC 15408-5:2022, IDT)
ISO /IEC 15408-1 Information security, network security and privacy protection Information technology security evaluation criteria Part 1: Introduction and
Note: GB/T 18336:1-2024 Cybersecurity technology Information technology security assessment criteria Part 1: Introduction and general model (ISO /IEC 15408-1:2022, IDT)
ISO /IEC 15408-2 Information security, network security and privacy protection Information technology security evaluation criteria Part 2: Security functions
Note: GB/T 18336:2-2024 Cybersecurity technology Information technology security evaluation criteria Part 2: Security functional components (ISO /IEC 15408-2:
2022, IDT)
ISO /IEC 15408-3 Information security, network security and privacy protection Information technology security evaluation criteria Part 3: Security protection
Note: GB/T 18336:3-2024 Cybersecurity technology Information technology security assessment criteria Part 3: Security assurance components (ISO /IEC 15408-3:
2022, IDT)
ISO /IEC 15408-4 Information security, network security and privacy protection Information technology security evaluation criteria Part 4: Evaluation criteria
Note: GB/T 18336:4-2024 Cybersecurity technology Information technology security assessment criteria Part 4: Normative framework for assessment methods and activities
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 30270-2024_English be delivered?Answer: Upon your order, we will start to translate GB/T 30270-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 20 ~ 25 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 30270-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 30270-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 30270-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 30270-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|