Path:
Home >
GB/T >
Page206 > GB/T 43698-2024
Price & Delivery
US$439.00 · In stock · Download in 9 secondsGB/T 43698-2024: Cybersecurity technology - Security requirements for software supply chain
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 43698-2024 | English | 439 |
Add to Cart
|
4 days [Need to translate]
|
Cybersecurity technology - Security requirements for software supply chain
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 43698-2024 (GB/T43698-2024) |
| Description (Translated English) | Cybersecurity technology - Security requirements for software supply chain |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.030 |
| Word Count Estimation | 22,233 |
| Date of Issue | 2024-04-25 |
| Date of Implementation | 2024-11-01 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 43698-2024: Cybersecurity technology - Security requirements for software supply chain
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030
CCSL80
National Standards of People's Republic of China
Cybersecurity Technology Software Supply Chain Security Requirements
Released on 2024-04-25
2024-11-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of Contents
Preface I
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Software Supply Chain Security Objectives 2
5 Software Supply Chain Security Protection Framework 2
6 Software Supply Chain Security Risk Management Requirements 3
6:1 Basic Process 3
6:2 Software Supply Chain Security Map 3
6:3 Software Supply Chain Security Risk Assessment 4
6:4 Software Supply Chain Security Risk Management 4
7 Buyer's security requirements 4
7:1 Organization and Management 4
7:2 Supply Activity Management 5
8 Supplier safety requirements 7
8:1 Organization and Management 7
8:2 Supply Activity Management 8
Appendix A (Informative) Overview of Software Supply Chain Security 11
Appendix B (Informative) Key Software Assets 15
Appendix C (Informative) Organizational Business Scenario Classification 16
Appendix D (Informative) Software Supply Chain Security Map 17
References 19
Foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for standardization work Part 1: Structure and drafting rules for standardization documents"
Drafting:
Please note that some of the contents of this document may involve patents: The issuing organization of this document does not assume the responsibility for identifying patents:
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260):
This document was drafted by: China Information Security Evaluation Center, China Electronics Technology Standardization Institute, Huawei Technologies Co:, Ltd:, National Planning Commission
Computer Network Emergency Technical Processing Coordination Center, China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology), Nokia
Asia Communication System Technology (Beijing) Co:, Ltd:, Qi'anxin Wangshen Information Technology (Beijing) Co:, Ltd:, Sangfor Technologies Co:, Ltd:,
Ning Ge, Zhang Tao, Yuan Mingkun, Yang Tingfeng, Wang Qi, Wang Weiqi, Yang Mutian, Li Yue, Li Teng, Wan Juan, Wu Jingzheng, Wang Zhenyuan, Liu Jingqiang, Xiao Yang,
Liang Dagong, Wan Xiaolan, Cai Yibing, Liang Lulu, Zhao Xiaohui, Peng Chen, Yang Yi, Zhang Yong, Feng Quanbao, Cheng Yan, Nie Wanquan, Fu Yanyan, Huo Shanshan, Liu Yang,
Wong Jing, Quan Xiaowen, Zhou Haowei:
Cybersecurity Technology Software Supply Chain Security Requirements
1 Scope
This document establishes software supply chain security goals, specifies software supply chain security risk management requirements and organizational management of both supply and demand sides:
and supply activities management security requirements:
This document is applicable to guiding both the supply and demand sides in the software supply chain to carry out risk management, organizational management and supply activity management:
It provides a basis for institutions to conduct software supply chain security testing and assessment, and is used as a reference for competent regulatory authorities:
2 Normative references
The contents of the following documents constitute the essential clauses of this document through normative references in this document:
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document:
GB/T 25069-2022 Information Security Technical Terminology
GB/T 36637-2018 Information Security Technology ICT Supply Chain Security Risk Management Guide
3 Terms and definitions
The terms and definitions defined in GB/T 25069-2022 and GB/T 36637-2018 and the following apply to this document:
3:1
Software Productsoftwareproduct
Software embedded in computer software, information systems or equipment, or when providing technical services such as computer information system integration and application services
Provided computer software:
Note 1: A software product consists of computer program code, procedures, associated data, documentation and related services:
Note 2: In this document, software products are referred to as software:
[Source: GB/T 36475-2018, 3:1:1, modified]
3:2
A general term for information such as software product version, logo, source, authorization, and associated software:
3:3
acquirer
An organization that acquires software products from other organizations:
Note: In this document, the purchaser refers to the purchaser and user of the software product:
[Source: GB/T 36637-2018, 3:1, modified]
3:4
Supplier
An organization that carries out life cycle activities such as software product development, delivery, operation and maintenance, and retirement:
Note 1: In this document, suppliers refer to the first-tier (direct) suppliers of the purchaser; in addition, they also include software product developers, sales and agents at all levels, system integrators,
It also includes software or application stores, code hosting platforms, third-party download sites, and organizations that provide software products based on open source code:
Note 2: The open source community itself is not a supplier:
...
