GB 40050-2021 PDF EnglishUS$175.00 · In stock · Download in 9 seconds
GB 40050-2021: Critical network devices security common requirements Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGB 40050-2021: Critical network devices security common requirements---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GB40050-2021GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 CCS L 80 Critical network devices security common requirements Issued on. FEBRUARY 20, 2021 Implemented on. AUGUST 01, 2021 Issued by. State Administration for Market Regulation; Standardization Administration of PRC. Table of ContentsForeword... 3 1 Scope... 4 2 Normative references... 4 3 Terms and definitions... 4 4 Abbreviations... 6 5 Security function requirements... 7 5.1 Device identification security... 7 5.2 Redundancy, backup recovery and anomaly detection... 7 5.3 Prevention of vulnerabilities and malicious programs... 8 5.4 Security of startup and update of pre-installed software... 8 5.5 User identification and authentication... 9 5.6 Access control security... 10 5.7 Log audit security... 10 5.8 Communication security... 11 5.9 Data security... 12 5.10 Password requirements... 12 6 Security guarantee requirements... 12 6.1 Design and development... 12 6.2 Production and delivery... 13 6.3 Operation and maintenance... 14 References... 16ForewordThis document was drafted in accordance with GB/T 1.1-2020 "Directives for standardization - Part 1.Rules for the structure and drafting of standardizing documents". Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This document was proposed by AND shall be under the jurisdiction of the Ministry of Industry and Information Technology of the People's Republic of China. Critical network devices security common requirements1 ScopeThis document specifies the general security function requirements and security assurance requirements for critical network device. This document applies to critical network device; provides a basis for network operators to purchase critical network device; is also suitable for guiding the research and development, testing, and service of critical network device.2 Normative referencesThe provisions in following documents become the provisions of this Standard through reference in this Standard. For the dated references, the subsequent amendments (excluding corrections) or revisions do not apply to this Standard; however, parties who reach an agreement based on this Standard are encouraged to study if the latest versions of these documents are applicable. For undated references, the latest edition of the referenced document applies. GB/T 25069 Information security technology - Glossary3 Terms and definitionsThe terms and definitions as defined in GB/T 25069, as well as the following terms and definitions, apply to this document. 3.1 Component A module or component, that is composed of several parts, which are assembled together AND can realize a specific function. 3.2 Malicious program A program, which is specifically designed to attack the system, damage or destroy the confidentiality, integrity, or availability of the system. Note. Common malicious programs include viruses, worms, Trojan horses, spyware, etc. 3.3 Vulnerability Weaknesses in assets or controls, that may be exploited. 3.4 Sensitive data The data which, once leaked, illegally provided or misused, may endanger network security. 3.5 Robustness The extent to which the functions of critical network device or components can maintain correct operation, under invalid data input OR high-intensity input environment. 3.6 Private protocol Dedicated, non-universal protocol.4 AbbreviationsThe following abbreviations apply to this document. HTTP. Hypertext Transfer Protocol IP. Internet Protocol MAC. Media Access Control SNMP. Simple Network Management Protocol SSH. Secure Shell TCP. Transmission Control Protocol UDP. User Datagram Protocol5 Security function requirements5.1 Device identification security The identification of critical network device shall meet the following security requirements. 5.2 Redundancy, backup recovery and anomaly detection The redundancy, backup recovery and anomaly detection functions of critical network device shall meet the following security requirements. 5.3 Prevention of vulnerabilities and malicious programs The critical network device shall meet the following requirements for preventing vulnerabilities and malicious programs. 5.4 Security of startup and update of pre-installed software The pre-installed software startup and update functions of critical network device shall meet the following security requirements. 5.5 User identification and authentication The user identification and authentication functions of critical network device shall meet the following security requirements. 5.6 Access control security The access control function of critical network device shall meet the following security requirements. 5.7 Log audit security The log audit function of critical network device shall meet the following security requirements. 5.8 Communication security The critical network device shall meet the following communication security requirements. 5.9 Data security Critical network device shall meet the following data security requirements. 5.10 Password requirements The relevant content of this document, which involves cryptographic algorithms, shall be implemented in accordance with relevant national provisions.6 Security guarantee requirements6.1 Design and development Providers of critical network device shall meet the following requirements in the design and development of critical network device. 6.2 Production and delivery Providers of critical network device shall meet the following requirements, in the production and delivery of critical network device. 6.3 Operation and maintenance Providers of critical network device shall meet the following requirements, in the operation and maintenance of critical network device. a) It shall identify the device's own security risks (not including the network environment security risks) existing in the operation link, as well as the security risks introduced when the device is maintained; formulate a security strategy. b) It shall establish and implement the emergency response mechanisms and procedures for device security incidents; allocate corresponding resources for emergency response. c) When the device is found to have security risks such as security defects, loopholes, etc., it shall take remedial measures such as repair or alternative plans; notify the user in time according to relevant requirements AND report to the relevant competent authority. d) When performing remote maintenance on the device, it shall clearly state the maintenance content, risks and countermeasures; keep an unchangeable remote maintenance log record. The record content shall at least include maintenance time, maintenance content, maintenance personnel, remote maintenance methods and tools. e) When performing remote maintenance on device, it shall obtain the user authorization; support the users to suspend remote maintenance. It shall keep the authorization records. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB 40050-2021 be delivered?Answer: The full copy PDF of English version of GB 40050-2021 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB 40050-2021_English with my colleagues?Answer: Yes. The purchased PDF of GB 40050-2021_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB 40050-2021 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GB 40050-2021?A step-by-step guide to download PDF of GB 40050-2021_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB 40050-2021". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
