US$519.00 · In stock Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 40473.7-2021: Banking application system - Nonfunctional requirement - Part 7: Security Status: Valid
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
GB/T 40473.7-2021 | English | 519 |
Add to Cart
|
5 days [Need to translate]
|
Banking application system - Nonfunctional requirement - Part 7: Security
| Valid |
GB/T 40473.7-2021
|
PDF similar to GB/T 40473.7-2021
Basic data Standard ID | GB/T 40473.7-2021 (GB/T40473.7-2021) | Description (Translated English) | Banking application system - Nonfunctional requirement - Part 7: Security | Sector / Industry | National Standard (Recommended) | Classification of Chinese Standard | A11 | Word Count Estimation | 26,284 | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 40473.7-2021: Banking application system - Nonfunctional requirement - Part 7: Security---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Banking application system - Nonfunctional requirement - Part 7.Security
ICS 35.240.40
CCSA11
National Standards of People's Republic of China
Non-functional requirements for banking application systems
Part 7.Security
Part 7.Security
Released on 2021-07-20
2022-02-01 implementation
State Administration of Market Supervision and Administration
Issued by the National Standardization Management Committee
Table of contents
Foreword Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Security elements and component levels and description methods 2
4.1 Level 2
4.2 Description mode 8
5 Confidentiality Family (SE_CFD) 8
5.1 Internal non-functional requirements (NFIR) 8
5.1.1 Using algorithm (ISE_CFD.1) 8
5.1.2 Access Control (ISE_CFD.2) 8
5.1.3 Data confidentiality (ISE_CFD.3) 9
5.1.4 Handling confidentiality (ISE_CFD.4) 9
5.1.5 Storage confidentiality (ISE_CFD.5) 9
5.1.6 Communication confidentiality (ISE_CFD.6) 9
5.2 External non-functional requirements (NFOR) 10
5.2.1 Determination of safety requirements (OSE_CFD.1) 10
5.2.2 Operating environment confidentiality (OSE_CFD.2) 10
5.2.3 Running network security (OSE_CFD.3) 11
6 Integrity Family (SE_ITG) 12
6.1 Internal non-functional requirements (NFIR) 12
6.1.1 Network protocol integrity (ISE_ITG.1) 12
6.1.2 Local Data Integrity (ISE_ITG.2) 12
6.2 External non-functional requirements (NFOR) 12
7 Non-repudiation family (SE_NRP) 13
7.1 Internal non-functional requirements (NFIR) 13
7.1.1 Evidence of origin and receipt (ISE_NRP.1) 13
7.1.2 Support digital signature (ISE_NRP.2) 13
7.2 External non-functional requirements (NFOR) 13
8 Verifiable Family (SE_ACN) 13
8.1 Internal non-functional requirements (NFIR) 13
8.2 External non-functional requirements (NFOR) 14
8.2.1 Operating environment audit (OSE_ACN.1) 14
8.2.2 Network Audit (OSE_ACN.2) 14
9 Authenticity Family (SE_AUT) 15
9.1 Internal non-functional requirements (NFIR) 15
9.1.1 User division and identity authentication (ISE_AUT.1) 15
9.1.2 Login Protection (ISE_AUT.2) 16
9.1.3 Digital Certificate (ISE_AUT.3) 16
9.1.4 Digital token (ISE_AUT.4) 17
9.1.5 System connection (ISE_AUT.5) 17
9.2 External non-functional requirements (NFOR) 17
Appendix A (informative) Types of access control 18
A.1 The concept and basic types of access control 18
A.2 Access control mechanism 18
Reference 20
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents"
Drafting.
This document is Part 7 of GB/T 40473 "Non-functional Requirements for Banking Application Systems". GB/T 40473 has been released
Lower part.
---Part 1.Description framework;
---Part 2.Functional suitability;
---Part 3.Performance efficiency;
---Part 4.Compatibility;
---Part 5.Ease of use;
---Part 6.Reliability;
---Part 7.Security;
---Part 8.Maintainability;
---Part 9.Portability.
Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying patents.
This document was submitted by the People's Bank of China.
This document is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180).
Drafting organizations of this document. Science and Technology Department of the People's Bank of China, Agricultural Bank of China Co., Ltd., China Foreign Exchange Trading Center and National Bank of China
Interbank Funding Center, People’s Bank of China Clearing Center, China Construction Bank Co., Ltd., Bank of Communications Co., Ltd., Agricultural
CNCBC Capital Clearing Center Co., Ltd., China Financial Electronics Corporation.
The main drafters of this document. Li Wei, Yang Fuyu, Qu Weimin, Li Kuan, Wang Peng, Ma Jun, Wang Feng, Yang Mingying, Ge Honghui, Cui Wanmin, Zhao Liutao,
Ye Min, Liang Jun, Jing Yun, Wang Canyong, Lu Yuanpeng, Yang Qian, Xie Yanli, Liu Shuyuan, Wang Siyuan.
Introduction
GB/T 40473 gives the description framework of the non-functional requirements of banking application systems and the description of the non-functional requirements of various banking application systems.
The template is designed to improve the quality and efficiency of the compilation of non-functional requirements of the banking application system, and reduce the compilation of non-functional requirements of the banking application system.
The threshold and cost are composed of nine parts.
---Part 1.Describe the framework. The purpose is to clarify the scope of the banking application system and establish the non-functional requirements of the banking application system
The description framework of the banking industry clarifies the identification and description of the non-functional requirements of the banking application system, and gives the non-functional requirements of the banking application system
The customized package and customized profile of the bank, propose the technical management and evaluation of the non-functional requirements of the banking application system, and give the banking application
The method of using the XML description of the system's non-functional requirements is the basis for the reading and application of the rest of the parts.
---Part 2.Functional suitability. The purpose is to provide functional fitness including functional completeness, functional correctness and functional suitability
Sexual requirements, these requirements can be seen as functional requirements from the rigorous classification of requirements, but in the research and development of banking application systems,
It is often regarded as a non-functional requirement.
---Part 3.Performance efficiency. The purpose is to give performance efficiency requirements including time characteristics, resource utilization, and capacity.
---Part 4.Compatibility. The purpose is to provide compatibility including coexistence and interoperability.
---Part 5.Ease of use. The purpose is to provide information including identifiability, ease of learning, ease of operation, user error defense, user community
Face comfort and ease of accessibility.
---Part 6.Reliability. The purpose is to provide reliability including maturity, availability, fault tolerance and easy recovery.
---Part 7.Security. The purpose is to provide security including confidentiality, integrity, non-repudiation, verifiability and authenticity.
Fullness.
---Part 8.Maintainability. The purpose is to provide the information including modularity, reusability, easy analysis, easy modification and easy testability.
Maintainability.
---Part 9.Portability. The purpose is to provide portability including adaptability, easy installation and easy replacement.
When the meaning of abbreviations and numbers are not considered, those skilled in the art can basically understand the contents of this document correctly based on their professional knowledge in the field.
Substantive content. However, in the following typical situations, users of this document should first read and understand GB/T 40473.1-2021.
---Prepare the non-functional requirements of the application system;
---Review the non-functional requirements of the application system;
---Verify and confirm the application system developed in accordance with non-functional requirements;
---Static and dynamic testing of the application system developed in accordance with non-functional requirements.
For the non-functional requirements prepared in accordance with this document, if they are described in the form of XML given in GB/T 40473.1-2021, the non-functional requirements will be
Demand brings greater convenience in transmission and processing.
Non-functional requirements for banking application systems
Part 7.Security
1 Scope
This document defines the concept of the security of the banking application system, and specifies the security elements and component levels, description methods, and security categories.
Non-functional requirement templates for confidentiality, integrity, non-repudiation, verifiability, and authenticity.
This document is suitable for the description of security non-functional requirements of various application systems in the banking industry. Information exchange with banking application systems
The changed application system can be used as a reference as needed.
2 Normative references
The contents of the following documents constitute the indispensable clauses of this document through normative references in the text. Among them, dated quotations
Only the version corresponding to that date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
This document.
GB/T 40473.1-2021 Banking industry application system non-functional requirements Part 1.Description framework
3 Terms and definitions
The following terms and definitions defined in GB/T 40473.1-2021 apply to this document.
3.1
Information security
The degree to which the product or system protects information and data so that users, other products or systems have the same authorization type and authorization level
Access to data.
Note 1.Information security is not only applicable to data stored in products or systems or data stored through products or systems, but also applicable to data in transmission.
data.
Note 2.Survivability (the degree to which the product or system provides necessary services in a timely manner and continues to perform its tasks when under attack) is included in the ease of recovery.
Note 3.Immunity (the degree of resistance of the product or system to attack) is included in the integrity.
Note 4.Information security contributes to reliability.
[Source. GB/T 25000.10-2016, 4.3.2.6]
3.2
Confidentiality
The degree to which the product or system ensures that data can only be accessed when authorized.
[Source. GB/T 25000.10-2016, 4.3.2.6.1]
3.3
Integrity
The degree to which a system, product, or component prevents unauthorized access or tampering with computer programs or data.
[Source. GB/T 25000.10-2016, 4.3.2.6.2]
3.4
Non-repudiation
The degree to which an activity or event can be confirmed and cannot be denied after its occurrence.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 40473.7-2021_English be delivered?Answer: Upon your order, we will start to translate GB/T 40473.7-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 40473.7-2021_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 40473.7-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|