GB/T 20270-2006 PDF EnglishUS$145.00 · In stock · Download in 9 seconds
GB/T 20270-2006: Information security technology -- Basis security techniques requirement for network Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGB/T 20270-2006: Information security technology -- Basis security techniques requirement for network---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20270-2006 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information Security Technology – Basis Security Techniques Requirement for Network Issued on. MAY 31, 2006 Implemented on. DECEMBER 1, 2006 Issued by. General Administration of Quality Supervision, Inspection and Quarantine; Standardization Administration of the People's Republic of China. Table of ContentsForeword... 5 Introduction... 6 1 Scope... 8 2 Normative References... 8 3 Terms, Definitions and Abbreviations... 8 4 Composition and Interrelationship of Network Security... 10 5 Basic Requirements for Network Security Function... 12 6 Requirements for Network Security Function at Each Grade and Layer... 21 7 Grading Requirements for Network Security Technology... 33 Appendix A... 62 Bibliography... 671 ScopeThis Standard specifies basis security techniques requirements necessary for network system of every security grade according to the division of five security protection grades in GB 17859-1999 and the roles of network system in information system. This Standard is applicable to design and realization of network system according to the requirements of hierarchy and for reference for testing and management of network system security as required.2 Normative ReferencesThe provisions in the following documents, through reference in this Standard, constitute the provisions of this Standard. For dated reference, the subsequent amendments, excluding corrigendum, or revisions of these publications do not apply. However, all parties who enter into an agreement according to this Standard are encouraged to study whether the latest editions of these documents are applicable. For undated references, the latest edition of the normative document referred to applies. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 20271-2006 Information Security Technology Common Security Techniques Requirement for Information System3 Terms, Definitions and Abbreviations3.1 Terms and definitions For the purpose of this Standard, the terms and definitions given in GB/T 17859-1999 AND the following ones apply. 3.2 Abbreviation For the purpose of this Standard, the following abbreviations apply to this Standard. SFP security function policy SSC SSF scope of control SSFSSON SSON security function SSP SSON security policy SSON security subsystem of network4 Composition and Interrelationship of Network SecurityAccording to OSI reference model and security protection grades and security element prescribed in GB 17859-1999, the composition and interrelationship of network security are detailed in Table 1.5 Basic Requirements for Network Security Function5.1 Identity Authentication 5.1.1 User Identification 5.1.2 User Authentication 5.1.3 User-Subject Binding When another subject (such as progress) shall be activated for one identified and authenticated user so that SSF can complete a certain task under the SSON security function control range, the users shall be related to the subject by user - subject binding to correlate the user's identity to its all the auditable actions. 5.2 Discretionary Access Control 5.2.1 Access Control Policy SSF shall design according to established discretionary access control security policy to control the operation between subject and object. 5.2.3 Scope of Access Control Discretionary access control coverage in network system includes. 5.2.4 Granularity of Access Control Granularity of discretionary access control in network system includes. 5.3 Tag 5.3.1 Subject Tag Mandatory access control subject shall be designated with a sensitive tag which is a reference to execute mandatory access control. For example, sensitive tag for combination of grade classification and non-grade classification is a basis to execute multi-layer security model. 5.3.4 Output of Information with Tag SSON shall indicate single stage or multiple stages for each communication channel and I/O equipment and any change of tag shall be realized by authorized users and permissibly audited by SSON. SSON shall maintain and be able to audit any change of security protection grades or make security audit for security protection grades involved with communication channel or I/O equipment. 5.4 Mandatory Access Control 5.5 Data Flow Control In the network to realize data flow by way of data flow, the data flow control mechanism shall be adopted to realize the data flow control, in order to prevent data information with high security grade flowing to the area with low security grade. 5.6 Security Audit 5.6.1 Response of Security Audit Security audit SSF shall respond to audit event in accordance with the following requirements. 5.6.2 Generation of Security Audit Data SSF shall generate audit data in accordance with the following requirements. 5.8 User Data Confidentiality 5.8.1 Confidentiality of Storage Data The user data stored in SSC shall be subjected to confidentiality protection. 5.9 Trusted Path Trusted path between the users and SSF shall be as follows.6 Requirements for Network Security Function at Each Grade and Layer6.1 Identity Authentication Function The identity authentication security mechanism shall be designed in accordance with the requirements of user identification and user authentication. 6.2 Discretionary Access Control Function The required access control policy shall be selected in accordance with the requirements for access control policy and the required discretionary access control function shall be designed and achieved in accordance with the requirements for access control function. 6.3 Tag Function The tag shall be designed in accordance with the requirements for subject tag and object tag. 6.11 Network Security Monitoring Function Security monitoring function shall be provided for network system operation. Network security monitoring mechanism collect security-related information by setting distributed detector at each critical part of the network environment, and then network security monitoring center collect and analyze to find various violation behavior timely.7 Grading Requirements for Network Security Technology7.1 Grade 1.the User's Discretionary Protection Grade 7.1.1 Grade 1 Security Function Requirements 7.1.2.3 SSON security management SSON security management of the user's discretionary protection grade of network system is realized according to the requirements of 6.1.6 in GB/T 20271-2006. 7.2 Grade 2.System Audit Protection Grade 7.2.1 Grade 2 Security Function Requirements 7.2.1.5 Session layer 7.2.1.6 Presentation layer 7.3 Grade 3.Security Tag Protection Grade 7.3.1 Grade 3 Security Function Requirements 7.5.2 Grade 5 Security Assurance Requirements 7.5.2.1 SSON self-security protection a) SSF physical security protection. the physical security protection for SSF of access verification protection grade of network system shall be realized according to the requirements of 6.5.4.1 in GB/T 20271-2006; b) SSF operation security protection. the operation security protection for SSF of access verification protection grade of network system shall be realized according to 6.5.4.2 in GB/T 20271-2006; c) SSF data security protection. the data security protection for SSF of access verification protection grade of network system shall be realized according to the requirements of 6.5.4.3 in GB/T 20271-2006; d) Resource utilization. the resource utilization of access verification protection grade of network system shall be realized according to the requirements of 6.5.4.4 in GB/T 20271-2006; e) SSON access control. the SSON access control of access verification protection grade of network system shall be realized according to the requirements of 6.5.4.5 in GB/T 20271-2006. 7.5.2.2 SSON design and realization 7.5.2.3 SSON security management SSON security management of access verification protection grade of network system shall be realized according to the requirements of 6.5.6 in GB/T 20271-2006. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB/T 20270-2006 be delivered?Answer: The full copy PDF of English version of GB/T 20270-2006 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB/T 20270-2006_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20270-2006_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 20270-2006 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GB/T 20270-2006?A step-by-step guide to download PDF of GB/T 20270-2006_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB/T 20270-2006". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |