Path:
Home >
GB/T >
Page206 > GB/T 45409-2025
Price & Delivery
US$759.00 · In stock · Download in 9 secondsGB/T 45409-2025: Cybersecurity technology - Technical specifications for operation and maintenance security management products
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 45409-2025 | English | 759 |
Add to Cart
|
6 days [Need to translate]
|
Cybersecurity technology - Technical specifications for operation and maintenance security management products
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 45409-2025 (GB/T45409-2025) |
| Description (Translated English) | Cybersecurity technology - Technical specifications for operation and maintenance security management products |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.040 |
| Word Count Estimation | 38,365 |
| Date of Issue | 2025-03-28 |
| Date of Implementation | 10/1/2025 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 45409-2025: Cybersecurity technology - Technical specifications for operation and maintenance security management products
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.040
CCSL80
National Standard of the People's Republic of China
Network security technology operation and maintenance security management products
Technical Specifications
Released on 2025-03-28
2025-10-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of contents
Preface III
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 General 2
6 Safety technical requirements 3
6.1 Security Function Requirements 3
6.2 Self-security requirements 6
6.3 Security requirements 8
7 Test and evaluation methods 9
7.1 General description and test environment 9
7.2 Safety function evaluation 10
7.3 Self-security assessment 16
7.4 Security Assessment 23
Appendix A (Normative) Technical requirements for operation and maintenance safety management products and corresponding test evaluation methods 28
A.1 Classification of safety technical requirements 28
A.2 Test evaluation method 29
Appendix B (Informative) Typical Application Scenarios of Operation and Maintenance Security Management Products 31
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. The Third Research Institute of the Ministry of Public Security, Zhejiang Qizhi Technology Co., Ltd., Institute of Software of the Chinese Academy of Sciences, Huawei Technologies
Technology Co., Ltd., Shanghai Chenrui Information Technology Co., Ltd., China Cybersecurity Review and Certification and Market Supervision Big Data Center, National Industrial Information
Information Security Development Research Center, Qi'anxin Wangshen Information Technology (Beijing) Co., Ltd., Beijing Tianrongxin Network Security Technology Co., Ltd.,
Beijing Shenzhou Green Alliance Technology Co., Ltd., Xi'an Jiaotong University Jabil Network Technology Co., Ltd., Beijing University of Posts and Telecommunications, Hangzhou Zhonger Network Technology Co., Ltd.
Company, Blue Elephant Standard (Beijing) Technology Co., Ltd., Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd., Sangfor Technologies Co., Ltd.
Ltd., Changyang Technology (Beijing) Co., Ltd., Hangzhou Anheng Information Technology Co., Ltd., Beijing Times Newway Information Technology Co., Ltd.
Company, Beijing Venusstar Information Security Technology Co., Ltd., Shanghai Sanling Guard Information Security Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd.
Co., Ltd., Shanghai Guanan Information Technology Co., Ltd., Guangdong Anchuang Information Technology Development Co., Ltd., Blue Shield Information Security Technology Co., Ltd.
Co., Ltd., Beijing Zhiyou Network Security Technology Co., Ltd., Shaanxi Network and Information Security Evaluation Center, Henan Zhongke Ernst & Young Technology Co., Ltd.
Company, State Grid Blockchain Technology (Beijing) Co., Ltd., Guangdong Information Security Evaluation Center, Guangdong Radio and Television Measurement and Testing Group Co., Ltd., Inner Mongolia
Gu Digital Economic Security Technology Co., Ltd. and State Grid Xinjiang Electric Power Co., Ltd. Electric Power Science Research Institute.
The main drafters of this document are. Zhang Yan, Zou Chunming, Hu Jinming, Zhao Ge, Shen Liang, Xu Peng, Wu Qiang, Cai Yongjuan, Yan Min, Yang Chen, Wang Feng, Wang Xi,
Shen Yongbo, Wang Chonghua, Song Xiaobao, Jiang Wei, Zhou Jin, He Jianfeng, Ma Xiangliang, Ge Fangjun, Zhang Debao, Wang Chengyi, Liu Chen, Wang Yizhou, Wu Yan,
Wang Lianqiang, Zhou Ruiqun, Liu Biao, Yan Yuheng, Xie Jiang, Zhong Yingnan, Liu Qiang, Han Yun, Feng Yanfei, Guo Junwu, Shi Zhuyu, Ye Jinhong, Tang Di, Cai Yuyuan,
Gajdar Gingers.
Introduction
In order to implement Article 23 of the Cybersecurity Law of the People's Republic of China, GB 42250 "Information Security Technology Network Security Special Products
The Security Technical Requirements specifies the baseline requirements that both network security-specific products and their providers must meet.
This document is a supporting standard for GB 42250.GB 42250 and this document are used together to guide the research and development, production and operation of operation and maintenance safety management products.
Production, service, testing and certification.
Network security technology operation and maintenance security management products
Technical Specifications
1 Scope
This document specifies the security function requirements, inherent security requirements, security assurance requirements and testing and evaluation methods of operation and maintenance security management products.
And put forward product grade classification requirements.
This document applies to the design, research and development, production, service, testing and certification of operation and maintenance safety management products.
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 18336 (all parts) Cybersecurity technology Information technology security assessment criteria
GB/T 22239-2019 Information security technology - Basic requirements for cybersecurity level protection
GB/T 25069 Information security technical terms
GB/T 36626-2018 Information security technology Information system security operation and maintenance management guide
GB/T 39786-2021 Information security technology Basic requirements for the application of cryptography in information systems
GB/T 39837-2021 Information technology remote operation and maintenance technical reference model
GB 42250-2022 Information security technology - Safety technical requirements for network security products
3 Terms and definitions
GB/T 18336 (all parts), GB/T 25069 and the following terms and definitions apply to this document.
3.1
Provide a unified identity authentication interface and multiple remote operation and maintenance management methods for operation and maintenance users, and centrally manage assets and their accounts.
A product that authorizes, monitors and audits the operation and maintenance process, and issues alarms and blocks any illegal operations.
3.2
Information assets that are protected by operation and maintenance security management products and are remotely operated and managed through operation and maintenance security management products.
Note. Common operation and maintenance objects include operating systems, database management systems, network equipment, security equipment, etc.
3.3
Users (personnel or automated operation and maintenance tools) who operate, maintain and manage information assets through operation and maintenance security management products.
Note. Operation and maintenance users usually use their accounts as user identification, and the accounts are managed and maintained by operation and maintenance security management products.
3.4
Administrators who manage the operation and maintenance security management product itself.
Note. Authorized administrators include system administrators, security administrators, and audit administrators, and their responsibilities are limited to the management of the operation and maintenance security management product itself.
...
