|
US$689.00 ยท In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 42589-2023: Information security technology - Specification for electronic credential service security
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 42589-2023 | English | 689 |
Add to Cart
|
6 days [Need to translate]
|
Information security technology - Specification for electronic credential service security
| Valid |
GB/T 42589-2023
|
PDF similar to GB/T 42589-2023
Basic data | Standard ID | GB/T 42589-2023 (GB/T42589-2023) | | Description (Translated English) | Information security technology - Specification for electronic credential service security | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 36,397 | | Date of Issue | 2023-05-23 | | Date of Implementation | 2023-12-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 42589-2023: Information security technology - Specification for electronic credential service security
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS35:030
CCSL80
National Standards of People's Republic of China
Information Security Technology Electronic Credential Service Security Specification
service security
Released on 2023-05-23
2023-12-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface III
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 3
5 Overview 3
5:1 Service Framework 3
5:2 Basic Security Services 4
6 Safety technical requirements 5
6:1 General requirements 5
6:2 External Service Security Requirements 7
6:3 Internal Service Security Requirements 9
7 Safety management requirements 9
7:1 Management control requirements 9
7:2 Network Access Management Requirements 10
7:3 Personnel Registration and Management System Requirements 10
7:4 Disaster backup and emergency plan system requirements 10
7:5 Safety management education and training system requirements 10
8 Security Evaluation 11
8:1 Evaluation object 11
8:2 Evaluation method 11
8:3 Evaluation process 21
8:4 Evaluation Conclusion 21
Appendix A (informative) Example of typical electronic credential business process, password/on-line on-demand service process and evaluation record form 22
Reference 28
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents:
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260):
This document was drafted by: Xidian University, Institute of Information Engineering, Chinese Academy of Sciences, Aerospace Information Corporation, Beijing
Lisichen New Technology Co:, Ltd:, China Electronics Standardization Institute, Shanghai Jiaotong University, Elephant Huiyun Information Technology Co:, Ltd:, Guoxin
Electronic Bill Platform Information Service Co:, Ltd:, Beijing Haitai Fangyuan Technology Co:, Ltd:
The main drafters of this document: Li Hui, Li Fenghua, Zhao Xingwen, Wang Zhu, Li Shaowei, Hou Haibo, Wang Huili, Qiu Weidong, Zhu Yanchao, Yue Qiang,
Geng Kui, Zhou Shuguang, Zhu Hui, Fang Liang, Luo Yurong, Jia Baogang, Cao Jin, Kou Wenlong, Song Qipeng:
Information Security Technology Electronic Credential Service Security Specification
1 Scope
This document specifies the security requirements and evaluation of services such as electronic credential issuance, issuance, delivery, storage, approval, inspection, and status management:
method:
This document is applicable to the design, deployment, provision and evaluation of electronic credential services, and can also provide reference for the supervision of electronic credential services:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
GB/T 22239-2019 Basic Requirements for Network Security Level Protection of Information Security Technology
GB/T 25069-2022 Information Security Technical Terminology
GB/T 28449-2018 Information Security Technology Network Security Classified Protection Evaluation Process Guide
GB/T 32924-2016 Information Security Technology Network Security Early Warning Guidelines
GB/T 35273-2020 Personal Information Security Specifications for Information Security Technology
GB/T 36635-2018 Basic Requirements and Implementation Guidelines for Network Security Monitoring of Information Security Technology
GB/T 37092-2018 Security requirements for cryptographic modules of information security technology
GM/T 0031-2014 Technical Specifications for Secure Electronic Signature Password
3 Terms and Definitions
The following terms and definitions defined in GB/T 25069-2022 apply to this document:
3:1
electronic credential electroniccredential
Electronic data records that record activities such as economic transactions:
Examples: Electronic invoices, passenger tickets, financial settlement notes for public institutions, administrative fee receipts, bank receipts, etc:
3:2
Business processes related to electronic credentials provided by service recipients:
Note: Electronic credential services include issuance, issuance, delivery, inspection, status management, etc:
3:3
Entity entity
Any concrete or abstract thing that exists or may exist, including the relationship between these things:
Examples: person, object, event, idea, process:
NOTE: The existence of an entity is independent of the availability of data related to it:
[Source: GB/T 5271:17-2010,17:02:05]
|