Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB 17859-1999 PDF English

US$90.00 · In stock · Download in 9 seconds
GB 17859-1999: Classified criteria for security protection of computer information system
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GB 17859-199990 Add to Cart Auto, 9 seconds. Classified criteria for security protection of computer information system  

Similar standards

GB 4943.21   GB 4943.23   GB 8898   GB/T 43786   

GB 17859-1999: Classified criteria for security protection of computer information system

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GB17859-1999
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.020 L 09 Classified Criteria for Security Protection of Computer Information System Issued on. SEPTEMBER 13, 1999 Implemented on. JANUARY 1, 2001 Issued by. State Quality Technical Supervision Bureau

Table of Contents

Foreword... 3 1 Scope... 4 2 Normative References... 4 3 Definitions... 4 4 Level Classification Criteria... 5

Foreword

This Standard has three main goals. firstly, providing reference for the formulation of safety codes for computer information system and the supervision and inspection by law-enforcing departments; secondly, providing technical support for safety products development; and thirdly, providing technical guidance for construction and management of safety system. This Standard is prepared by reference to American trusted computer system evaluation criterion (DoD 5200.28-STD) and explanation on computer network system (NCSC-TG-005). In the text of this Standard, those in bold represent the performance requirements that are not appeared in lower level or being strengthened. This Standard is the first part of serial standards for security protection of computer information system. The serial standards for security protection level of computer information system cover. Classified Criteria for Security Protection of Computer Information System; Guideline for Application of Classified Criteria for Security Protection of Computer Information System; Evaluation Criteria for Security Protection of Computer Information System; ... This Standard shall be implemented in accordance with specifications of the supporting national standards. This Standard was proposed by and shall be under the jurisdiction of the Ministry of Public Security of the People's Republic of China. Drafting organizations of this Standard. Tsinghua University, Peking University AND Chinese Academy of Sciences. Chief drafting staffs of this Standard. Hu Daoyuan, Wang Lifu, Qing Sihan, Jing Qianyuan, Na Risong, Li Zhipeng, Cai Qingming, Zhu Weiguo and Chen Zhong. This Standard shall be implemented from January 1, 2001. The Ministry of Public Security of the People's Republic of China is responsible for the interpretation of this Standard. 3.1 Computer information system A man-machine system that is composed of computer and associated and supporting equipment and facility (including network) to collect, process, store, transmit and retrieve the information according to certain application goals and rules. 3.2 Trusted computing base of computer information system The generic term for the protection devices in computer system, which includes hardware, firmware, software, and assembly responsible for the implementation of security policy, establishes a basic protection environment and provides additional user service required by a trusted computing system. 3.3 Object Carrier of the information. 3.4 Subject Person, process or equipment etc. which cause flow of information among objects. 3.5 Sensitivity label A group of information that expresses the objects security level and describes the object data sensitivity; sensitivity label is adopted as the reference for mandatory access control decision in trusted computing base. 3.6 Security policy Laws, specifications and enforcement regulations in management, protection and issuing of sensitive information. 3.7 Channel Path for information transmission in system. 3.8 Covert channel Communication channel which allows the process transmits information in the mode to damage system security strategy. 3.9 Reference monitor Component for monitoring the authorization access relation between subject and object. 4.1 Level 1.the user's discretionary protection level Trusted computing base of computer information system at this level enables the user to be possessed of security protection capability by isolating user from data, and is provided with the controlling capability in multiple forms to perform access control for the user, i.e., provide feasible means to the user to protect information of the user and the user group as well as avoid illegal read/write and destroy concerning data by other users. 4.1.1 Discretionary access control Trusted computing base of computer information system defines and controls the access to named object by named user in the system. Implementation mechanism (for example. access control list) allows the named user, under the identity of user and (or) user group, to specify and control sharing by object as well as prevents unauthorized user reading sensitive information. 4.1.2 Identity authentication In the initial implementation by trusted computing base of computer information system, it is first required the user to label his own identity and authenticate the user's identity by protection mechanism (e.g.. password), then prevent unauthorized user to access user identity authentication data. 4.1.3 Data integrity Trusted computing base of computer information system prevents unauthorized user modifying or destroying sensitive information by way of discretionary integrity policy. 4.2 Level 2.system audit protection level Compared with the user's discretionary protection level, trusted computing base of computer information system at this level implements discretionary access control with finer granularity, and makes the user to be responsible for itself by logging in regulations, auditing security dependent event and isolating resources. 4.2.1 Discretionary access control Trusted computing base of computer information system defines and controls the access to named object by named user in the system. Implementation mechanism (for example. access control list) allows the named user, under identity of user and (or) user group, to specify and control sharing by objects as well as prevents unauthorized user reading sensitive information and controls access authority spreading. Discretionary access control mechanism prevents unauthorized user accessing object according to method designated by user or default mode. The granularity of access control is single user. For the user without access authority, only the authorized user is allowed to designate the access authority to object. 4.2.2 Identity authentication In the initial implementation by trusted computing base of computer information system, it firstly requires the user to label his own identity and authenticates the user's identity by protection mechanism (e.g.. password), then prevents unauthorized user to access user identity authentication data. Trusted computing base of computer information system is capable of making the user to be responsible for itself by providing unique label to the user. 4.2.3 Object reusing In the idle space for object storing in trusted computing base of computer information system, before a subject is designated initially, assigned or re-assigned to object, all authorizations of the information contained in such object shall be revoked. In case a subject obtains the authority to access the released object, the current subject cannot obtain any information generated by activities by the original subject. 4.2.4 Auditing Trusted computing base of computer information system can create and maintain the access audit trial records of the object protected, also prevent unauthorized user accessing or destroying the object protected. Trusted computing base of computer information system can record the following events. adopting identity authentication mechanism; introducing the object in the user's address space (for example. file opening and program initialization); deleting object; actions implemented by operator, system administrator or (and) system security administrator, and other events relative to system security. 4.2.5 Data integrity Trusted computing base of computer information system prevents unauthorized user from modifying or destroying sensitive information by way of discretionary integrity policy. 4.3 Level 3.security label protection level Trusted computing base of computer information system at this level is provided with all functions which are possessed at system audit protection level. Moreover, informal description concerning security policy model, data tag and mandatory access control on object by subject shall also be provided; capability to label the output information accurately is provided; any error discovered through test is eliminated. 4.3.1 Discretionary access control Trusted computing base of computer information system defines and controls the access to named object by named user in the system. 4.3.3 Labeling Trusted computing base of computer information system shall maintain sensitivity labels relative to subject and storage objects (e.g. process, file, segment, equipment) under subject control, and these labels are the basis for implementing mandatory access. In order to input data not with security label, trusted computing base of computer information system requires the security level of these data from the authorized user and then accept. 4.5 Level 5.access verification protection level Trusted computing base of computer information system at this level meets reference monitor demand. Reference monitor arbitrates all the access to object by subject. Reference monitor has tamper resistance itself, and it must be small enough and capable of analysis and testing. In order to meet reference monitor demand, trusted computing base of computer information system eliminates those codes unnecessary to security policy implementing in case of structuring; 4.5.1 Discretionary access control Trusted computing base of computer information system defines and controls the access to named object by named user in the system. Implementation mechanism (for example. access control list) allows the named user, under identity of user and (or) user group, to specify and control sharing by objects as well as prevents unauthorized user reading sensitive information and controls the spreading of access authority. Discretionary access control mechanism prevents unauthorized user accessing object according to method designated by user or default mode. The granularity of access control is single user. 4.5.3 Labeling Trusted computing base of computer information system maintains sensitivity labels relative to computer information system resources (e.g.. subject, storage object and read only memory) which may be accessed directly or indirectly by external subject. These sensitivity labels are the basis for implementing mandatory access. In order to input data not with security label, trusted computing base of computer information system requires the security level of the said data from the authorized user and then accepts such security level which may also be audited by trusted computing base of computer information system. 4.5.4 Identity authentication In the initial implementation by trusted computing base of computer information system, it is first required the user to label his own identity, besides, trusted computing base of computer information system maintains user identity authentication data and determines user access authority and authorization data. 4.5.5 Object reusing In the idle space for object storing in trusted computing base of computer information system, before a subject is designated initially, assigned or re-assigned to object, all authorizations of the information contained in such object shall be revoked. In case a subject obtains the authority to access the released object, the current subject cannot obtain any information generated by activities by the original subject. 4.5.6 Auditing Trusted computing base of computer information system can create and maintain the access audit trial records of the object protected, and prevent unauthorized user accessing or destroying the object protected. 4.5.7 Data integrity Trusted computing base of computer information system prevents unauthorized user modifying or destroying sensitive information by way of discretionary and mandatory integrity policy. In network environment, integrity sensitivity labels are adopted to assure the information is not damaged in transmission. 4.5.8 Covert channel analysis System developer shall search the covert storage channel thoroughly and determine the maximum bandwidth labeled with channel one by one according to actual measurement or engineering estimate. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GB 17859-1999 be delivered?Answer: The full copy PDF of English version of GB 17859-1999 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB 17859-1999_English with my colleagues?Answer: Yes. The purchased PDF of GB 17859-1999_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB 17859-1999 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB 17859-1999?

A step-by-step guide to download PDF of GB 17859-1999_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB 17859-1999".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9