Path:
Home >
GB/T >
Page206 > GB/T 45406-2025
Price & Delivery
US$199.00 · In stock · Download in 9 secondsGB/T 45406-2025: Security technical requirements for critical network devices - Programmable logic controller(PLC)
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 45406-2025 | English | 199 |
Add to Cart
|
3 days [Need to translate]
|
Security technical requirements for critical network devices - Programmable logic controller(PLC)
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 45406-2025 (GB/T45406-2025) |
| Description (Translated English) | Security technical requirements for critical network devices - Programmable logic controller(PLC) |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.030 |
| Word Count Estimation | 10,178 |
| Date of Issue | 2025-03-28 |
| Date of Implementation | 10/1/2025 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 45406-2025: Security technical requirements for critical network devices - Programmable logic controller(PLC)
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standard of the People's Republic of China
Security technical requirements for key network equipment
Programmable Logic Controller (PLC)
Released on 2025-03-28
2025-10-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of contents
Preface III
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Overview 2
6 Security Function Requirements 2
6.1 General requirements 2
6.2 Equipment identification 2
6.3 Redundancy, backup recovery and anomaly detection 2
6.4 Vulnerabilities and Malware Prevention 3
6.5 Pre-installed software startup and update 3
6.6 User Identification and Authentication 3
6.7 Access Control 3
6.8 Log Audit 3
6.9 Communication 3
6.10 Data 4
7 Security requirements 4
7.1 General requirements 4
7.2 Supply Chain 4
7.3 Design and Development 4
7.4 Production and delivery 4
7.5 User Data Protection 4
References 5
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. National Industrial Information Security Development Research Center, China Electronics Technology Standardization Institute, Machinery Industry Instrument
Representatives include the Institute of Comprehensive Technology and Economics, the Third Research Institute of the Ministry of Public Security, the National Computer Network Emergency Response Technical Processing Coordination Center, and the China Network Security Review Center.
Certification and Market Supervision Big Data Center, China Academy of Information and Communications Technology, National Information Technology Security Research Center, China Electronic Information Industry
The Sixth Research Institute of the Group Co., Ltd., China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology), Chinese Academy of Sciences
Information Engineering Research Institute, Zhongkong Technology Co., Ltd., Ningbo Hollysys Information Security Research Institute Co., Ltd., China Electronics Intelligent Technology Co., Ltd.
Co., Ltd., AoTuo Technology Co., Ltd., Mitsubishi Electric Automation (China) Co., Ltd., Schneider Electric (China) Co., Ltd., Siemens (China
Co., Ltd., Rockwell Automation (China) Co., Ltd., Omron (Shanghai) Co., Ltd., Omron Automation (China) Co., Ltd.
Beijing Tonghe Shiyi Telecommunications Science and Technology Research Institute Co., Ltd., China Southern Power Grid Research Institute Co., Ltd., Zhejiang University, Antiy
Technology Group Co., Ltd., Beijing Winut Technology Co., Ltd., Beijing Huashun Xinan Information Technology Co., Ltd., Venusstar Information Technology
Group Co., Ltd., Fengtai Technology (Beijing) Co., Ltd., China Electric Power Research Institute Co., Ltd., Beijing Zhongguancun Laboratory, Shanghai
Computer software technology development center.
The main drafters of this document are. Zhang Ge, Zhao Ran, Yao Xiangzhen, Wang Yumin, Zhang Yong, Zou Chunming, Zhang Xiaoming, Shen Yongbo, Xia Ji, Liu Zihe,
Zhang Zhibing, Zeng Zhenzhen, Huo Chaobin, Zhou Ruikang, Li Lin, Wang Xiangyu, Yan Zhaoteng, Lu Weijun, Liu Ying, Huo Yuxian, Chen Sining, Cui Longcheng, Wang Yong,
Yan Tao, He Hua, Yu Haibin, Ding Yiping, Zhang Bo, Yuan Yudong, Xu Aidong, Cheng Peng, Wang Naiqing, Zhang Dongqi, Deng Huan, Yuan Zhen, Gong Lianghua, Yan Minhui,
Wang Yazhe, Zhang Jiawei, Li Peng, Wang Aipeng, Zhang Yunan, Wang Fangli, Jing Guoli, Chu Bing, Liao Jian, Pei Yuandou, Wang Yutao, He Minchao, Che Xin, Zhang Wei,
Chunying Guo, Hao Lin, Jianxin Ge, and Juan Han.
Security technical requirements for key network equipment
Programmable Logic Controller (PLC)
1 Scope
This document specifies the security function requirements and security assurance requirements for programmable logic controllers of network critical equipment.
This document is applicable to the research and development, testing, etc. of programmable logic controllers, which are key network equipment.
Note. Critical network equipment refers to equipment whose performance indicators or specifications meet the scope specified in the "Catalogue of Critical Network Equipment and Special Network Security Products".
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 25069-2022 Information Security Technical Terminology
GB 40050-2021 General requirements for security of critical network equipment
3 Terms and definitions
The terms and definitions defined in GB/T 25069-2022 and the following apply to this document.
3.1
Use programmable memory as internal register for user instructions to complete specified functions (such as logic, sequence, timing, counting, operation, etc.)
An electronic system used for digital operation of industrial control that controls various types of machinery or processes through digital or analog I/O.
[Source. GB/T 15969.1-2007, 3.5, modified]
3.2
Pre-installed software
Software installed or provided when the device leaves the factory to ensure normal use of the device.
Note. The pre-installed software for a PLC is usually the device firmware.
[Source. GB 40050-2021, 3.10, modified]
3.3
reading
The process of uploading pre-installed software, programs, status parameters and other data in the programmable logic controller.
3.4
writing
The process of transferring pre-installed software, programs, status parameters and other data to the programmable logic controller.
3.5
Vulnerability
Weaknesses in assets or controls that could be exploited by a threat.
[Source. GB 40050-2021, 3.3]
...
