Search result: GB/T 35282-2023 (GB/T 35282-2017 Older version)
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 35282-2023 | English | 579 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology - Security technology specifications of mobile e-government system
| Valid |
GB/T 35282-2023
|
| GB/T 35282-2017 | English | 559 |
Add to Cart
|
3 days [Need to translate]
|
Information security technology -- Security technology specifications of mobile e-government system
| Obsolete |
GB/T 35282-2017
|
| Standard ID | GB/T 35282-2023 (GB/T35282-2023) | | Description (Translated English) | Information security technology -- Security technology specifications of mobile e-government system | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 28,247 | | Date of Issue | 2023-05-23 | | Date of Implementation | 2023-12-01 | | Older Standard (superseded by this standard) | GB/T 35282-2017 | | Issuing agency(ies) | State Administration for Market Regulation, National Standardization Management Committee |
GB/T 35282-2023: Information security technology e-government mobile office system security technical specification
ICS 35:030
CCSL80
National Standards of People's Republic of China
Replacing GB/T 35282-2017
Information Security Technology
Security technical specification for e-government mobile office system
Released on 2023-05-23
2023-12-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface III
1 Range 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Overview 2
5:1 E-government mobile office system reference architecture 2
5:2 Security technical framework of e-government mobile office system 3
6 Mobile Terminal Security Requirements 4
6:1 Terminal basic environment security 4
6:2 Mobile government application security 5
7 Mobile Communication Security Requirements 6
7:1 Secure communication network 6
7:2 Secure Communication Protocol 6
8 Mobile access security requirements 6
8:1 Boundary protection 6
8:2 Identification 6
8:3 Access Control 7
8:4 Intrusion Prevention 7
9 Server Security Requirements 7
9:1 Identification 7
9:2 Access Control 7
9:3 Security Audit 7
9:4 Intrusion Prevention 7
9:5 Data Security 8
9:6 Security isolation and exchange 8
9:7 Mobile Terminal Virtualization 9
10 System Security Management Requirements 9
10:1 Mobile Terminal Management 9
10:2 Mobile Application Management 9
10:3 Data Security Management 9
10:4 Safety Monitoring 9
10:5 Security Audit 10
11 Test evaluation method 10
11:1 Mobile Terminal Security Requirements 10
11:2 Mobile communication security requirements 13
11:3 Mobile access security requirements 14
11:4 Server Security Requirements 15
11:5 System security management requirements 18
Appendix A (informative) Major security risks faced by e-government mobile office systems 21
Appendix B (Informative) Division of Technical Requirements for E-government Mobile Office System 22
Reference 23
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
This document replaces GB/T 35282-2017 "Information Security Technology E-Government Mobile Office System Security Technical Specifications", and
Compared with GB/T 35282-2017, except for structural adjustment and editorial changes, the main technical changes are as follows:
---Changed the "Scope" chapter (see Chapter 1, Chapter 1 of the:2017 edition);
---Changed the definitions of terms such as mobile terminal, mobile terminal management, and mobile application management, and added government affairs data and mobile government affairs application
Terms and definitions such as procedures (see Chapter 3, Chapter 3 of the:2017 edition);
---Changed the structure of the mobile access area and server in the "Basic Structure of E-government Mobile Office System" diagram, increasing system security
Management (see Chapter 5, Chapter 5 of the:2017 edition);
--- Increased the relevant content of the main security risks of the e-government mobile office system, and changed the "Security of the e-government mobile office system"
"Full Technology Framework" (see Chapter 5 and Appendix A, Chapter 5 of the:2017 edition);
---Changed the specific security technical requirements in mobile terminal security, mobile communication security, mobile access security, and server security (see Section
Chapter 6, Chapter 7, Chapter 8, Chapter 9, Chapter 7, Chapter 8, Chapter 9, Chapter 10 of the:2017 edition);
--- Increased the chapter "System Security Management Requirements", and increased the relevant technical requirements for system office security monitoring (see Chapter 10);
---Added the chapter "Testing and Evaluation Methods", and proposed mobile terminal security, mobile communication security, mobile access security, server security
The testing and evaluation methods of the overall and system safety management (see Chapter 11):
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260):
This document is drafted by: State Information Center, Beijing Bangbang Security Technology Co:, Ltd:, Shanghai Yinglian Information Technology Co:, Ltd:, Beijing
Jingzhiyou Network Security Technology Co:, Ltd:, China Mobile Communications Group Co:, Ltd:, Huawei Technologies Co:, Ltd:, AsiaInfo Technology (Chengdu) Co:, Ltd:,
Beijing Beixinyuan Software Co:, Ltd:, Tongzhi Weiye Software Co:, Ltd:, Hangzhou Ying Hi-Tech Co:, Ltd:, Shanghai Guanan Information Technology Co:, Ltd:
Technology Co:, Ltd:, Xi'an Jiaotong University Jabil Network Technology Co:, Ltd:, Beijing Tianrongxin Network Security Technology Co:, Ltd:, Yuanxin Information Technology
Group Co:, Ltd:, Beijing Jinshan Office Software Co:, Ltd:, China Academy of Information and Communications Technology, Fujian Provincial Economic Information Center, Zhongguancun:com
Network Security and Information Industry Alliance, Sangfor Technology Co:, Ltd:, Jilin Information Security Evaluation Center, Xi'an University of Posts and Telecommunications, Wuhan Antiy
Information Technology Co:, Ltd:, Shaanxi Provincial Network and Information Security Evaluation Center, Qi Anxin Wangshen Information Technology (Beijing) Co:, Ltd:,
Zhengzhou Xinda Jiean Information Technology Co:, Ltd:, Shenyang Neusoft System Integration Engineering Co:, Ltd:, Shenzhen Haiyunan Network Security Technology Co:, Ltd:
Company, New H3C Technology Co:, Ltd:, China Software Evaluation Center, China Trade Promotion Information Technology Co:, Ltd:
The main drafters of this document: Liu Bei, Cheng Hao, Bao Lina, Xu Jin, Yan Guixun, Yuan Sen, Li Kun, Wu Aming, Han Yun, Zhao Haiyan, Huang Jing,
Huang Min, Liao Shuangxiao, Jiang Guohui, Wang Yongqi, Sun Jianshan, He Tao, Liu Hao, Xie Jiang, He Jianfeng, Zhang Chao, Jiang Zhe, Zhang Shuling, Ning Hua, Liu Tao,
Zhang Xiaosheng, Wang Ke, Yang Zhigang, Liu Zhanfeng, Zhang Yong, Chen Cheng, Tian Jiahao, Zhao Chunlei, Liang Songtao, Zhao Chunpeng, Xie Chaohai, Wan Xiaolan, Li Yutian,
Zhao Tian:
The release status of previous versions of this document and the documents it replaces are as follows:
---First published as GB/T 35282-2017 in:2017;
--- This is the first revision:
Information Security Technology
Security technical specification for e-government mobile office system
1 Scope
This document specifies the mobile terminal security, mobile communication security, mobile access security, and server security of the e-government mobile office system:
And the technical requirements of each part, such as system safety management, etc:, and the test and evaluation methods are given:
This document is applicable to the security design, construction implementation, security management and test evaluation of the e-government mobile office system:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
GB/T 20279-2015 Information Security Technology Network and Terminal Isolation Product Security Technical Requirements
GB/T 22239-2019 Basic Requirements for Network Security Level Protection of Information Security Technology
GB/T 25069-2022 Information Security Technical Terminology
GB/T 28448-2019 Information Security Technology Network Security Level Protection Evaluation Requirements
GB/T 35281-2017 Information Security Technology Mobile Internet Application Server Security Technical Requirements
GB/T 37952-2019 Technical requirements for information security technology mobile terminal security management platform
GB/T 38636-2020 Information Security Technology Transport Layer Cryptography Protocol (TLCP)
GB/T 39786 Basic Requirements for Cryptography Application in Information Security Technology Information System
3 Terms and Definitions
The following terms and definitions defined in GB/T 25069-2022 apply to this document:
3:1
mobile terminalmobileterminal
Mobile communication terminal products that are connected to the public mobile communication network, have an operating system, and can be installed and uninstalled by users themselves:
[Source: GB/T 37952-2019, 3:1]
3:2
E-government mobile office system mobilee-governmentsystem
Users use mobile terminals and mobile communication networks to access the e-government office system for mobile office information systems:
3:3
For mobile terminals, it provides remote security control and management of the whole life cycle from registration, activation, use to disposal:
3:4
For mobile application software, it provides security management for the whole process from distribution, installation, use, upgrade to uninstallation:
3:5
Government data governmentdata
Various data resources collected, generated, stored, and managed by government departments at all levels and their technical support units in accordance with the law in the course of performing their duties:
[Source: GB/T 38664:1-2020, 3:1]
......
GB/T 35282-2017
Information security technology - Security technology specifications of mobile e-government system
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology E-Government Mobile
Office system security technical specifications
Securitytechnology specifications for mobilee-government system
2017-12-29 Posted
2018-07-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Preface Ⅰ
1 range 1
2 Normative references 1
3 Terms and definitions 1
4 Abbreviations 2
5 e-government mobile office system basic structure 2
6 e-government mobile office system security framework 3
6.1 The main system security risks 3
6.2 System Security Technical Framework 4
7 Mobile Terminal Security 4
7.1 General Configuration 4
7.2 digital certificate 5
7.3 VPN Client 5
7.4 MDM Client 5
7.5 MAM client 5
7.6 MCM Client 5
7.7 Mobile Security Application Support Client 6
7.8 Identification 6
7.9 Data Security Storage 6
7.10 Security 6
7.11 Operating environment isolation 6
Channel Security 7
9 Access Security 7
9.1 Access Authentication Gateway 7
9.2 MDM platform 7
9.3 Mobile Security Application Support Platform 8
10 server-side security 8
10.1 MAM platform 8
10.2 MCM platform 9
Reference 10
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard by the National Information Security Standardization Technical Committee (SAC/TC260) and focal point.
This standard was drafted unit. National Information Center, Huawei Technologies Co., Ltd., Shenzhen City, Yanshan Mobile Technology Co., Ltd., Qingdao Economic Development
Exhibition Institute, Xinjiang Uygur Autonomous Region Information Center, Guangxi Zhuang Autonomous Region Economic Information Center, Tianjin e-government information and network center,
China National Offshore Oil Corporation, China Communications Construction Co., Ltd., Beijing North letter Source Software Co., Ltd., Shandong Qian Yun Kai Chong Information
Technology Co., Ltd., Beijing Sanwei Xin'an Technology Development Co., Ltd., ZTE Corporation.
The main drafters of this standard. Li Xinyou, Liu Bei, Fu Hongyan, Wu Yafi, Liu Yi, Zhou Huadong, Caodao Gang, Yang Xingyi, Wen Na, Ma Ming,
Zhao Ruoping, Zhao Jun, Zhou Ming, Jin Fang, Tan Chaohong, Wen Jing, Xu Changjiang, Xu Jinbao, Hou Xiaofeng, Zhou Bin, Feng Xue, Pan Ziyi, Liu Xin, Zhong Li,
Liu Xiaodong.
Information Security Technology E-Government Mobile
Office system security technical specifications
1 Scope
This standard specifies the basic structure of the e-government mobile office system, security framework, and mobile terminal security, channel security, mobile access
Security and service-side security should meet the technical requirements.
This standard applies to non-confidential e-government mobile office system security design, product development, project implementation and operation management, but also for
For non-confidential e-government mobile office system for safety evaluation basis. The enhanced requirements of this standard apply to a higher level of safety
Mobile office systems, such as security level three or more information systems.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
Information technology - Computerized terminal computer core configuration specifications
GB/T 30284-2013 mobile communication intelligent terminal operating system security technology requirements (EAL2 level)
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Mobile terminal mobileterminal
Portable, removable computing device.
Note.Mobile terminals include smart phones, tablets, laptops, with wireless Internet access.
3.2
E-government mobile office system mobilee-governmentystem
Use of mobile terminals, anytime, anywhere through the wireless network access e-government office system for online office applications.
3.3
Mobile terminal management mobiledevicemanagement
For mobile terminals, it provides full life-cycle management from registration, activation, use to discard, such as configuration management of mobile terminals, security
Management, Asset Management, etc., referred to as MDM.
3.4
Mobile app management mobileapplicationmanagement
For mobile applications, it provides monitoring and management of processes and behaviors such as distribution, installation, use, upgrade and uninstallation, or MAM for short.
3.5
Mobile content management mobilecontentmanagement
For mobile terminal access, storage, transmission or processing of data content, providing information filtering, access control, data encryption, security isolation,
Remaining information and other management measures, referred to as MCM.
......
|