|
US$499.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 42884-2023: Information security technology - Guidelines for life cycle security management of mobile Internet applications(App)
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 42884-2023 | English | 499 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology - Guidelines for life cycle security management of mobile Internet applications(App)
| Valid |
GB/T 42884-2023
|
PDF similar to GB/T 42884-2023
Basic data | Standard ID | GB/T 42884-2023 (GB/T42884-2023) | | Description (Translated English) | Information security technology - Guidelines for life cycle security management of mobile Internet applications(App) | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 26,243 | | Date of Issue | 2023-08-06 | | Date of Implementation | 2024-03-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 42884-2023: Information security technology - Guidelines for life cycle security management of mobile Internet applications(App)
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standards of People's Republic of China
Information Security Technology Mobile Internet Application (App)
Lifecycle Security Management Guide
Published on 2023-08-06
2024-03-01 Implementation
State Administration for Market Regulation
Released by the National Standardization Administration Committee
Table of contents
Preface III
1 Scope 1
2 Normative reference documents 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Overview 2
5.1 Security issues in App 2
5.2 App life cycle security management 2
6 Life cycle stage management process 3
6.1 Requirements Analysis Phase 3
6.2 Development and design stage 4
6.3 Test verification phase 5
6.4 Shelf release stage 6
6.5 Installation and operation phase 7
6.6 Update Maintenance Phase 7
6.7 Termination of Operations Phase 8
6.8 Other security support processes 8
7 Risk Monitoring and Management Process 9
7.1 Risk data management9
7.2 Security vulnerability management 10
Appendix A (informative) Classification and description of security issues in App 13
A.1 Classification and description of malicious programs13
A.2 Classification and description of personal information risks13
A.3 Classification and description of application behavior risks14
A.4 Classification and description of security vulnerabilities15
Appendix B (informative) The relationship between the security issues existing in the App and the response to security management activities 16
Appendix C (Informative) Security Development 17
C.1 Program safety17
C.2 Security 20
Reference 21
Foreword
This document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents"
Drafting.
Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents.
This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260).
This document was drafted by. Wuhan Antiy Information Technology Co., Ltd., Beijing Saixi Technology Development Co., Ltd., China Information Communications
Information Research Institute, Huawei Technologies Co., Ltd., Vivo Mobile Communications Co., Ltd., 360 Technology Group Co., Ltd., OPPO Guangdong Mobile Communications
Xin Co., Ltd., Beijing Xiaomi Mobile Software Co., Ltd., Third Research Institute of the Ministry of Public Security, National Computer Virus Emergency Response Center, China Software
Evaluation Center, National Computer Network Emergency Technology Coordination Center, Institute of Information Engineering, Chinese Academy of Sciences, Venus Information Technology Center
Tuan Group Co., Ltd., Lenovo (Beijing) Co., Ltd., Midea Group Co., Ltd., Hisense Group Holdings Co., Ltd., Ant Technology
Group Co., Ltd., China Southern Power Grid Digital Grid Research Institute Co., Ltd., Beijing Zhiyou Network Security Technology Co., Ltd., Hangzhou Anheng Information Technology
Technology Co., Ltd., Beijing Zhizhangyi Technology Co., Ltd., Beijing Baidu Netcom Technology Co., Ltd., Beijing Edition Information and Communication Technology Co., Ltd., Beijing
Jingkuaishou Technology Co., Ltd., Shaanxi Information Engineering Research Institute, Beijing Bangbang Security Technology Co., Ltd.
The main drafters of this document. Pan Xuanchen, Xu Yuna, Chen Cheng, Wang Songhe, Yuan Zhongju, Cheng Mingjiang, Yao Yinan, Li Teng, Lu Wei, Chen Jialin,
Zhang Yan, Tian Yuan, Liu Yan, Cai Yiming, Qin Xiaolei, He Nengqiang, Lu Zhigang, Yu Lina, Sun Haiyan, Shi Jing, Li Ruxin, Yang Kun, Zhang Jueyi, Wang Xin,
Bai Xiaoyuan, Mu Tianshi, Han Yun, Li Xianzhen, Li Biao, Tang Jiawei, Dong Hong, Pan Zhengtai, Fang Ning, Yi Qiang, Du Dan, Jia Ke, Luo Hongwei, Yang Minghui,
Xu Xiangzhi, Bi Kaifeng.
Information Security Technology Mobile Internet Application (App)
Lifecycle Security Management Guide
1 Scope
This document provides security management of the mobile Internet application (App) life cycle stage management process and risk monitoring management process.
guide.
This document is applicable to life cycle security management of App development and operation by App providers, App distribution platform managers and mobile
Intelligent terminal manufacturers and other reference use.
2 Normative reference documents
The contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations
For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to
this document.
GB/T 25069-2022 Information security technical terms
GB/T 28458-2020 Information security technology network security vulnerability identification and description specifications
GB/T 38674-2020 Information Security Technology Application Software Security Programming Guide
GB/T 39720-2020 Information security technology mobile intelligent terminal security technical requirements and test evaluation methods
GB/T 41391-2022 Information Security Technology Basic Requirements for Mobile Internet Applications (Apps) to Collect Personal Information
3 Terms and definitions
GB/T 25069-2022, GB/T 38674-2020, GB/T 39720-2020 and GB/T 41391-2022 and
The following terms and definitions apply to this document.
3.1
smart mobile terminal smart mobile terminal
A mobile terminal that has an open system that can provide application development interfaces and can install and run third-party application software.
[Source. GB/T 39720-2020,3.1]
3.2
Application software that runs on mobile smart terminals to provide information services to users.
Note. Including downloaded, installed and run applications and small programs, referred to as App.
[Source. GB/T 41391-2022, 3.1, with modifications]
3.3
The process of app evolution over time from demand analysis to termination of operation.
3.4
An organization or individual who designs, develops or operates an App.
|