|
US$349.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 32914-2023: Information security technology - Capability requirements of cybersecurity service
Status: Valid GB/T 32914: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 32914-2023 | English | 349 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology - Capability requirements of cybersecurity service
| Valid |
GB/T 32914-2023
|
| GB/T 32914-2016 | English | 439 |
Add to Cart
|
3 days [Need to translate]
|
Information security technology -- Information security service provider management requirements
| Obsolete |
GB/T 32914-2016
|
PDF similar to GB/T 32914-2023
Basic data | Standard ID | GB/T 32914-2023 (GB/T32914-2023) | | Description (Translated English) | Information security technology - Capability requirements of cybersecurity service | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 18,117 | | Date of Issue | 2023-09-07 | | Date of Implementation | 2024-04-01 | | Older Standard (superseded by this standard) | GB/T 32914-2016 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 32914-2023: Information security technology - Capability requirements of cybersecurity service
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standards of People's Republic of China
Replace GB/T 32914-2016
Information security technology network security service capability requirements
Published on 2023-09-07
2024-04-01 Implementation
State Administration for Market Regulation
Released by the National Standardization Administration Committee
Table of contents
Preface III
1 Scope 1
2 Normative reference documents 1
3 Terms and Definitions 1
4 General requirements 2
5 General requirements 2
5.1 Basic conditions 2
5.2 Organizational Management 3
5.3 Project Management 3
5.4 Supply Chain Management5
5.5 Technical capabilities5
5.6 Service Tools 5
5.7 Remote Services 6
5.8 Legal protection6
5.9 Data Security Protection 6
5.10 Service Sustainability7
5.11 Special requirements for testing and evaluation services 7
5.12 Special requirements for security operation and maintenance services 7
6 Enhancement requirements 8
6.1 Basic conditions 8
6.2 Organizational Management 8
6.3 Supply chain management 8
6.4 Technical capabilities 8
6.5 Service Tools 8
6.6 Data security protection 9
6.7 Service Sustainability9
6.8 Special requirements for security operation and maintenance services 9
Appendix A (informative) Common types of tools used in network security services10
Reference 12
Foreword
This document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents"
Drafting.
This document replaces GB/T 32914-2016 "Information Security Technology Information Security Service Provider Management Requirements" and is consistent with
Compared with GB/T 32914-2016, in addition to structural adjustments and editorial changes, the main technical changes are as follows.
a) Changed the term "information security services" to "network security services" and changed the definition (see 3.1, 3.1 of the.2016 version);
b) Added general requirements (see Chapter 4);
c) Change and merge the contents of Chapter 5 and Chapter 6 into "Chapter 5 General Requirements" (see Chapter 5, Chapter 5 and Chapter 6 of the.2016 edition)
Chapter 6);
d) Added “supply chain management” requirements (see 5.4);
e) Added "remote service" requirements (see 5.7);
f) Added “legal protection” requirements (see 5.8);
g) Added “data security protection” requirements (see 5.9);
h) Added "service sustainability" requirements (see 5.10);
i) Added the content of “Special Requirements for Testing and Evaluation Services” (see 5.11);
j) Added the content of “Special Requirements for Security Operation and Maintenance Services” (see 5.12);
k) Added "enhanced requirements" content (see Chapter 6);
l) Added the content of "Common Tool Types Used by Network Security Services" (see Appendix A).
Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents.
This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260).
This document was drafted by. China Electronics Technology Standardization Institute, China Cybersecurity Review Technology and Certification Center, China Information Security
Assessment Center, National Information Technology Security Research Center, China Electronics Technology Group Corporation 15th Research Institute (Information Industry Information Security Assessment
Center), the First Research Institute of the Ministry of Public Security, the Third Research Institute of the Ministry of Public Security, China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology
Center), the Fifth Research Institute of Electronics of the Ministry of Industry and Information Technology, China Academy of Information and Communications Technology, National Industrial Information Security Development Research Center, Hangzhou
Zhou Anheng Information Technology Co., Ltd., Beijing Anxin Tianxing Technology Co., Ltd., Beijing Shenzhou Lvmeng Technology Co., Ltd., Quanzhi Technology (Hangzhou
State) Co., Ltd., Guangzhou Jingyuan Security Technology Co., Ltd., China Mobile Communications Group Co., Ltd., Beijing Municipal Government Information Security
Security Center (Beijing Information Security Evaluation Center), Qi’anxin Technology Group Co., Ltd., Sangfor Technology Co., Ltd., Beijing Tian
Rongxin Network Security Technology Co., Ltd., Beijing Times Xinwei Information Technology Co., Ltd.
The main drafters of this document. Yang Jianjun, He Yanzhe, Li Youyuan, Cheng Yuqi, Lu Li, Shi Dawei, Huo Shanshan, Li Qiuxiang, Lu Zhen, Chen Qingmin,
Zhu Xuefeng, Li Yanfeng, Chen Xing, He Gang, Fang Xing, Jinda, Wang Yan, Zhang Bin, Xu Kechao, Li Zhiming, Cheng Luyang, Wei Guowen, Qiu Qin, Li Yuan,
Song Hongtao, Chen Hongbo, Ma Li, Bai Xudong, Li Weiqi, Wang Lianqiang, Li Yuran, Chen Guangyong, Zhang Jing, Zhou Dunke, Zhang Tiezheng, Yu Zhengchen, Liu Jian,
Lu Ming, Tang Gang, Wang Xiangyu, Wan Ziqian, Lu Li, Meng Nan, Dai Fangfang, Yu Meng, Zhao Ran, Xu Sijia, Lu Zewei.
The previous versions of this document and the documents it replaces are as follows.
---First published as GB/T 32914-2016 in.2016;
---This is the first revision.
Information security technology network security service capability requirements
1 Scope
This document specifies the capability requirements for network security services, including general requirements and enhanced requirements.
This document is suitable for guiding network security service organizations to carry out network security services and evaluating the capability level of network security service organizations.
It can also provide reference for network security service demanders when choosing network security service agencies.
Note. The network security services described in this document do not include network security services involving state secrets.
2 Normative reference documents
The contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations
For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to
this document.
GB/T 20984 Information Security Technology Information Security Risk Assessment Method
GB/T 22080 Information technology security technology information security management system requirements
GB/T 25069 Information Security Technical Terminology
GB/T 36959 Information security technology network security level protection evaluation agency capability requirements and evaluation specifications
GB/T 39204-2022 Information security technology security protection requirements for critical information infrastructure
GB/T 42446 Basic competency requirements for information security technology and network security practitioners
GB/T 42461 Information security technology network security service cost measurement guide
National Cybersecurity Incident Emergency Plan (Office of the Central Cybersecurity and Informatization Leading Group on January 10,.2017 [2017]
Announced on the 4th)
Regulations on the Management of Network Product Security Vulnerabilities (July 12, 2021, Ministry of Industry and Information Technology, National Internet Information Office, Ministry of Public Security
[2021] Announcement No. 66)
Catalog of key network equipment and network security-specific products (first batch) (State Internet Information Office Industry on June 1,.2017
and the Ministry of Information Technology and the Ministry of Public Security National Certification and Accreditation Supervision and Administration Commission [2017] No. 01)
3 Terms and definitions
The terms and definitions defined in GB/T 25069 and the following apply to this document.
3.1
cybersecurityservicecybersecurityservice
According to the service agreement, based on resources such as service personnel, technology, tools, management and funds, we provide guarantees for network operation security and network information security.
Processes related to full service.
Note 1.Common network security services include detection and evaluation, security operation and maintenance, and security consulting.
Note 2.Cyber security services are usually provided in the form of service projects between supply and demand parties.
Note 3.Network security level protection evaluation and commercial password application security evaluation belong to specific categories of services in testing and evaluation services.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 32914-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 32914-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 32914-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 32914-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 32914-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 32914-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|