Search result: GB/T 37090-2018
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 37090-2018 | English | 759 |
Add to Cart
|
6 days [Need to translate]
|
Information security technology -- Security technical requirements, testing and evaluation methods for antivirus products
| Valid |
GB/T 37090-2018
|
| Standard ID | GB/T 37090-2018 (GB/T37090-2018) | | Description (Translated English) | Information security technology -- Security technical requirements, testing and evaluation methods for antivirus products | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 38,396 | | Date of Issue | 2018-12-28 | | Date of Implementation | 2019-07-01 |
GB/T 37090-2018
Information security technology--Security technical requirements, testing and evaluation methods for antivirus products
ICS 35.040
L80
National Standards of People's Republic of China
Information security technology virus prevention products
Safety technical requirements and test evaluation methods
Informationsecuritytechnology-Securitytechnicalrequirements, testingand
Published on.2018-12-28
2019-07-01 implementation
State market supervision and administration
China National Standardization Administration issued
Content
Foreword I
1 range 1
2 Terms and Definitions 1
3 Abbreviations 3
4 virus control product description 3
4.1 Feature Overview 3
4.2 Overview of the operating environment 3
4.3 Technical Overview 4
5 Technical requirements 4
5.1 General Description 4
5.2 Functional Requirements 5
5.3 Safety requirements 10
5.4 Security Requirements 11
6 Test Evaluation Method 17
6.1 General description 17
6.2 Functional Test 17
6.3 Security Test 25
6.4 Safety Assurance Assessment 27
Appendix A (informative) Product Test Tools 34
Reference 35
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents.
This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted. National Computer Virus Emergency Response Center, National Network and Information Security Information Center, and the Ministry of Public Security
Institute, China Electronics Technology Group Corporation No. 15 Research Institute (Information Industry Information Security Evaluation Center), National Information Center, Tianjin Municipal Government
Security Bureau Security Team.
The main drafters of this standard. Chen Jianmin, Du Zhenhua, Cao Peng, Zhang Rui, Zhang Xiudong, Feng Junliang, Huang Yibin, Jiang Yong, Lu Kai, Liu Jian, Wang Wenyi,
Zhang Wei, Li Ju, Shu Xin, Xu Chao, Hu Guangjun, Liu Wei, Wang Wei, Wang Wei.
Information security technology virus prevention products
Safety technical requirements and test evaluation methods
1 Scope
This standard specifies the technical requirements for virus control products, including functional requirements, safety requirements and safety requirements, and gives tests.
Evaluation method.
This standard applies to the design, development and testing of virus control products.
2 Terms and definitions
The following terms and definitions apply to this document.
2.1
Malware malware
Computer program or generation capable of affecting the integrity, availability, controllability, and confidentiality of computer operating systems, applications, and data
Code software.
2.2
Virus virus
Compile or insert a computer program to destroy computer functions or destroy data, affect the normal use of the computer, and self-recover
A set of computer instructions or program code.
2.3
File infected virus fileviruses
With the file as the host, you can infect the target file by inserting the malicious code contained in it into the target file.
2.4
Macro virus macroviruses
Malicious code that is edited with macro code in the document can be run when the document is opened, while allowing the macro code to run.
2.5
Worm worm
A malicious program that actively spreads through information system vulnerability defects or weaknesses of information system users.
2.6
Trojan horse program trojanhorsesprogram
Actively communicate with the attacker, receive instructions from the attacker, and be able to maliciously perform various malicious operations on the host according to the instructions.
program.
2.7
Spyware spyware
Independent of the attacker's instructions, lurking in the host, collecting specific sensitive information according to pre-set execution conditions and concealing transmission to
The malicious program of the attacker.
2.8
Script malicious program maliciousscriptprogram
A malicious program written in a scripting language and running in a script execution environment.
......
|