|
US$399.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
RB/T 212-2023: Requirements for evaluation of website security test services
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| RB/T 212-2023 | English | 399 |
Add to Cart
|
4 days [Need to translate]
|
Requirements for evaluation of website security test services
| Valid |
RB/T 212-2023
|
PDF similar to RB/T 212-2023
Basic data | Standard ID | RB/T 212-2023 (RB/T212-2023) | | Description (Translated English) | Requirements for evaluation of website security test services | | Sector / Industry | Chinese Industry Standard (Recommended) | | Classification of Chinese Standard | A00 | | Classification of International Standard | 03.120.20 | | Word Count Estimation | 20,252 | | Date of Issue | 2024-05-20 | | Date of Implementation | 2024-07-01 | | Issuing agency(ies) | National Certification and Accreditation Administration | RB/T 212-2023: Requirements for evaluation of website security test services---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 03.120.20
CCSA00
Certification and Accreditation Industry Standards of the People's Republic of China
Website Security Assessment Service Security Evaluation Requirements
Released on 2024-05-20
2024-07-01 Implementation
The National Certification and Accreditation Administration issued
Published by China Standards Press
Table of Contents
Preface III
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Evaluation Principles 2
5 Evaluation Method 2
6 Evaluation process 3
7 Evaluation content 3
Appendix A (Informative) Website Security Assessment Service Security Risk Analysis 9
Reference 10
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting regulations for standardization documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document is proposed and coordinated by the Certification and Accreditation Administration of the People's Republic of China.
This document was drafted by. China Cybersecurity Review and Certification and Market Supervision Big Data Center, Beijing University of Posts and Telecommunications, China Electronics Technology Group
The 15th Research Institute of the Group, Beijing Information Security Evaluation Center, Beijing Hongrong Xinan Technology Co., Ltd., Beijing Anxin Duole Technology Co., Ltd.
company.
The main drafters of this document are. Fan Hua, Kou Chunxiao, Lu Yueming, Suo Yanfeng, Li Yuan, He Zhiming, Du Lin, Gan Jiefu, Hu Shi, Zheng Xiaoxiao, Zhai Yahong,
Duan Jinghui, Kan Ming, Liu Junjun, Hua Duo.
Introduction
In.2017, the first specialized legislation in the field of cybersecurity in my country, the Cybersecurity Law of the People’s Republic of China, was implemented.
The State promotes the construction of a socialized network security service system and encourages relevant enterprises and institutions to carry out network security certification, testing and risk assessment.
Security Services”, affirming the important role of network security services in ensuring national network security from a legal perspective. The website system is
It provides users with a container for information sharing, browsing, publishing and deploying application systems. With the rapid development of Internet technology, website systems have been greatly
The website system contains a large number of visual web pages, executable programs, and
These important resources are at risk of being illegally tampered with, leaked, lost, etc.
The website security assessment uses technical means to scan the website for vulnerabilities, detect whether the webpage has vulnerabilities, whether the webpage is infected with Trojans, and whether the website is infected with Trojans.
Check whether the page has been tampered with, whether there are fraudulent websites, etc. to ensure the safe operation of the website and improve the security quality of website services.
The evaluation service requires testing the website for web page Trojans, data encryption, web page tampering, and even CC, SQL injection attacks, XSS cross-site attacks, etc.
Immature security assessment technologies and tools, as well as irregular operations, will introduce new security issues. Therefore, it is important to ensure that the assessment service provider works
The security and reliability of a website are the premise and basis for security assessment.
Website Security Assessment Service Security Evaluation Requirements
1 Scope
This document establishes the evaluation principles for website security assessment services, and specifies the evaluation methods, evaluation process and evaluation
Price content.
This document is applicable to third-party evaluation agencies to evaluate the security level of website security evaluation service providers.
Service providers and parties requiring website security assessment services may use this information for their own reference.
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 5271.8-2001 Information technology vocabulary Part 8.Security
GB/T 25069-2022 Information Security Technical Terminology
3 Terms and definitions
The terms and definitions defined in GB/T 5271.8-2001, GB/T 25069-2022 and the following apply to this document.
3.1
website
A system or platform that uses the Internet to publish information, provide online services, and conduct online interactive communication.
Note. This includes pages that provide display and interaction functions for users, as well as applications, middleware, servers, etc. that generate and process pages.
3.2
website security website security
Take a series of measures to prevent websites from being hacked, web pages from being tampered with, data from being leaked, traffic from being hijacked, etc., so as to ensure the security of the website.
security, confidentiality, integrity and availability.
3.3
Website security test websitesecuritytest
Carry out activities to discover problems, verify compliance and effectiveness for website security.
3.4
An organization that provides website security assessment services through professional website security assessment service personnel in accordance with the service agreement.
[Source. GB/T 32914-2016, 3.3, modified]
3.5
Organizations (or individuals) that obtain externally provided website security assessment services to meet website security needs and achieve their own business goals
household).
[Source. GB/T 32914-2016, 3.2, modified]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of RB/T 212-2023_English be delivered?Answer: Upon your order, we will start to translate RB/T 212-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of RB/T 212-2023_English with my colleagues?Answer: Yes. The purchased PDF of RB/T 212-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|