|
US$579.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 35282-2023: Information security technology - Security technology specifications of mobile e-government system
Status: Valid GB/T 35282: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 35282-2023 | English | 579 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology - Security technology specifications of mobile e-government system
| Valid |
GB/T 35282-2023
|
| GB/T 35282-2017 | English | 559 |
Add to Cart
|
3 days [Need to translate]
|
Information security technology -- Security technology specifications of mobile e-government system
| Obsolete |
GB/T 35282-2017
|
PDF similar to GB/T 35282-2023
Basic data | Standard ID | GB/T 35282-2023 (GB/T35282-2023) | | Description (Translated English) | Information security technology - Security technology specifications of mobile e-government system | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 28,275 | | Date of Issue | 2023-05-23 | | Date of Implementation | 2023-12-01 | | Older Standard (superseded by this standard) | GB/T 35282-2017 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 35282-2023: Information security technology - Security technology specifications of mobile e-government system
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030
CCSL80
National Standards of People's Republic of China
Replacing GB/T 35282-2017
Information Security Technology
Security technical specification for e-government mobile office system
Released on 2023-05-23
2023-12-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface III
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Overview 2
5:1 E-government mobile office system reference architecture 2
5:2 Security technical framework of e-government mobile office system 3
6 Mobile Terminal Security Requirements 4
6:1 Terminal basic environment security 4
6:2 Mobile government application security 5
7 Mobile Communication Security Requirements 6
7:1 Secure communication network 6
7:2 Secure Communication Protocol 6
8 Mobile access security requirements 6
8:1 Boundary protection 6
8:2 Identification 6
8:3 Access Control 7
8:4 Intrusion Prevention 7
9 Server Security Requirements 7
9:1 Identification 7
9:2 Access Control 7
9:3 Security Audit 7
9:4 Intrusion Prevention 7
9:5 Data Security 8
9:6 Security isolation and exchange 8
9:7 Mobile Terminal Virtualization 9
10 System Security Management Requirements 9
10:1 Mobile Terminal Management 9
10:2 Mobile Application Management 9
10:3 Data Security Management 9
10:4 Safety Monitoring 9
10:5 Security Audit 10
11 Test evaluation method 10
11:1 Mobile Terminal Security Requirements 10
11:2 Mobile communication security requirements 13
11:3 Mobile access security requirements 14
11:4 Server Security Requirements 15
11:5 System security management requirements 18
Appendix A (informative) Major security risks faced by e-government mobile office systems 21
Appendix B (Informative) Division of Technical Requirements for E-government Mobile Office System 22
Reference 23
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
This document replaces GB/T 35282-2017 "Information Security Technology E-Government Mobile Office System Security Technical Specifications", and
Compared with GB/T 35282-2017, except for structural adjustment and editorial changes, the main technical changes are as follows:
---Changed the "Scope" chapter (see Chapter 1, Chapter 1 of the:2017 edition);
---Changed the definitions of terms such as mobile terminal, mobile terminal management, and mobile application management, and added government affairs data and mobile government affairs application
Terms and definitions such as procedures (see Chapter 3, Chapter 3 of the:2017 edition);
---Changed the structure of the mobile access area and server in the "Basic Structure of E-government Mobile Office System" diagram, increasing system security
Management (see Chapter 5, Chapter 5 of the:2017 edition);
--- Increased the relevant content of the main security risks of the e-government mobile office system, and changed the "Security of the e-government mobile office system"
"Full Technology Framework" (see Chapter 5 and Appendix A, Chapter 5 of the:2017 edition);
---Changed the specific security technical requirements in mobile terminal security, mobile communication security, mobile access security, and server security (see Section
Chapter 6, Chapter 7, Chapter 8, Chapter 9, Chapter 7, Chapter 8, Chapter 9, Chapter 10 of the:2017 edition);
--- Increased the chapter "System Security Management Requirements", and increased the relevant technical requirements for system office security monitoring (see Chapter 10);
---Added the chapter "Testing and Evaluation Methods", and proposed mobile terminal security, mobile communication security, mobile access security, server security
The testing and evaluation methods of the overall and system safety management (see Chapter 11):
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260):
This document is drafted by: State Information Center, Beijing Bangbang Security Technology Co:, Ltd:, Shanghai Yinglian Information Technology Co:, Ltd:, Beijing
Jingzhiyou Network Security Technology Co:, Ltd:, China Mobile Communications Group Co:, Ltd:, Huawei Technologies Co:, Ltd:, AsiaInfo Technology (Chengdu) Co:, Ltd:,
Beijing Beixinyuan Software Co:, Ltd:, Tongzhi Weiye Software Co:, Ltd:, Hangzhou Ying Hi-Tech Co:, Ltd:, Shanghai Guanan Information Technology Co:, Ltd:
Technology Co:, Ltd:, Xi'an Jiaotong University Jabil Network Technology Co:, Ltd:, Beijing Tianrongxin Network Security Technology Co:, Ltd:, Yuanxin Information Technology
Group Co:, Ltd:, Beijing Jinshan Office Software Co:, Ltd:, China Academy of Information and Communications Technology, Fujian Provincial Economic Information Center, Zhongguancun:com
Network Security and Information Industry Alliance, Sangfor Technology Co:, Ltd:, Jilin Information Security Evaluation Center, Xi'an University of Posts and Telecommunications, Wuhan Antiy
Information Technology Co:, Ltd:, Shaanxi Provincial Network and Information Security Evaluation Center, Qi Anxin Wangshen Information Technology (Beijing) Co:, Ltd:,
Zhengzhou Xinda Jiean Information Technology Co:, Ltd:, Shenyang Neusoft System Integration Engineering Co:, Ltd:, Shenzhen Haiyunan Network Security Technology Co:, Ltd:
Company, New H3C Technology Co:, Ltd:, China Software Evaluation Center, China Trade Promotion Information Technology Co:, Ltd:
The main drafters of this document: Liu Bei, Cheng Hao, Bao Lina, Xu Jin, Yan Guixun, Yuan Sen, Li Kun, Wu Aming, Han Yun, Zhao Haiyan, Huang Jing,
Huang Min, Liao Shuangxiao, Jiang Guohui, Wang Yongqi, Sun Jianshan, He Tao, Liu Hao, Xie Jiang, He Jianfeng, Zhang Chao, Jiang Zhe, Zhang Shuling, Ning Hua, Liu Tao,
Zhang Xiaosheng, Wang Ke, Yang Zhigang, Liu Zhanfeng, Zhang Yong, Chen Cheng, Tian Jiahao, Zhao Chunlei, Liang Songtao, Zhao Chunpeng, Xie Chaohai, Wan Xiaolan, Li Yutian,
Zhao Tian:
The release status of previous versions of this document and the documents it replaces are as follows:
---First published as GB/T 35282-2017 in:2017;
--- This is the first revision:
Information Security Technology
Security technical specification for e-government mobile office system
1 Scope
This document specifies the mobile terminal security, mobile communication security, mobile access security, and server security of the e-government mobile office system:
And the technical requirements of each part, such as system safety management, etc:, and the test and evaluation methods are given:
This document is applicable to the security design, construction implementation, security management and test evaluation of the e-government mobile office system:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
GB/T 20279-2015 Information Security Technology Network and Terminal Isolation Product Security Technical Requirements
GB/T 22239-2019 Basic Requirements for Network Security Level Protection of Information Security Technology
GB/T 25069-2022 Information Security Technical Terminology
GB/T 28448-2019 Information Security Technology Network Security Level Protection Evaluation Requirements
GB/T 35281-2017 Information Security Technology Mobile Internet Application Server Security Technical Requirements
GB/T 37952-2019 Technical requirements for information security technology mobile terminal security management platform
GB/T 38636-2020 Information Security Technology Transport Layer Cryptography Protocol (TLCP)
GB/T 39786 Basic Requirements for Cryptography Application in Information Security Technology Information System
3 Terms and Definitions
The following terms and definitions defined in GB/T 25069-2022 apply to this document:
3:1
mobile terminalmobileterminal
Mobile communication terminal products that are connected to the public mobile communication network, have an operating system, and can be installed and uninstalled by users themselves:
[Source: GB/T 37952-2019, 3:1]
3:2
E-government mobile office system mobilee-governmentsystem
Users use mobile terminals and mobile communication networks to access the e-government office system for mobile office information systems:
3:3
For mobile terminals, it provides remote security control and management of the whole life cycle from registration, activation, use to disposal:
3:4
For mobile application software, it provides security management for the whole process from distribution, installation, use, upgrade to uninstallation:
3:5
Government data governmentdata
Various data resources collected, generated, stored, and managed by government departments at all levels and their technical support units in accordance with the law in the course of performing their duties:
[Source: GB/T 38664:1-2020, 3:1]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 35282-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 35282-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 35282-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 35282-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 35282-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 35282-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|