Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 32921-2016 PDF English

US$110.00 · In stock · Download in 9 seconds
GB/T 32921-2016: Information security technology - Security criterion on supplier conduct of information technology products
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GB/T 32921-2016110 Add to Cart Auto, 9 seconds. Information security technology - Security criterion on supplier conduct of information technology products Valid

Similar standards

GB/T 32918.5   GB/T 32918.4   GB/T 32918.3   GB/T 32916   

GB/T 32921-2016: Information security technology - Security criterion on supplier conduct of information technology products


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT32921-2016
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Security criterion on supplier conduct of information technology products ISSUED ON: AUGUST 29, 2016 IMPLEMENTED ON: MARCH 01, 2017 Issued by: General Administration of Quality Supervision, Inspection and Quarantine; Standardization Administration of the People's Republic of China.

Table of Contents

Foreword ... 3 Introduction ... 4 1 Scope ... 5 2 Normative references ... 5 3 Terms and definitions ... 5 4 Supplier code of conduct and safety ... 6 Bibliography ... 10 Information security technology - Security criterion on supplier conduct of information technology products

1 Scope

This Standard specifies the basic guidelines that information technology product suppliers shall abide by, so as to protect user-related information and maintain user information security in the process of providing information technology products. This Standard applies to the management of supplier behavior in the supply, operation or maintenance of information technology products. It can also provide a basis for the research and development, operation and maintenance, and evaluation of information technology products.

2 Normative references

The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 25069-2010, Information security technology - Glossary

3 Terms and definitions

For the purposes of this document, the terms and definitions defined in GB/T 25069-2010 as well as the followings apply. 3.1 information technology product hardware, software, systems and services with the functions of collecting, storing, processing, transmitting, controlling, exchanging, and displaying data or information NOTE: Information technology products include computers and their auxiliary equipment, communication equipment, network equipment, automatic control equipment, operating systems, databases, application software and services and so on. 3.2 information technology product supplier an organization that provides information technology products NOTE: Information technology product suppliers include manufacturers, sellers, agents, integrators, and service providers. 3.3 user related information information related to natural or legal persons and data defining and describing such information NOTE: User related information includes user identity information, as well as user- generated documents, programs, multimedia materials, user communication content, address, time, product configuration, operation and location data, and logs generated during system operation, and so on. 3.4 expressed consent the user information subject clearly authorizes consent and retains evidence 3.5 remote control control activities implemented on user products through remote connection NOTE: Remote control activities include realizing product start and stop, changing product configuration, changing product operating status, popping up dialog boxes, automatic remote upgrades, and pushing business data, and so on. 3.6 national critical information infrastructure basic information networks and important information systems related to the national economy and people's livelihood; when these networks or systems are attacked and damaged, they will harm national network security, economic security, public interests, public safety, and so on

4 Supplier code of conduct and safety

4.1 General In principle, information technology product supplier shall not collect, store, and process user-related information, and remotely control the products that have been provided to users and the information systems where the products are located. When really necessary, the principles of express authorization, minimum sufficient usage, minimum authority, safety and credibility shall be followed. 4.2 Safety guidelines for the collection and processing of user related information with foreign laws. 4.3 Safety guidelines for remotely controlling user products When the supplier remotely controls the user's product: a) Before the user purchases and uses the product, the user shall be clearly informed of the purpose and usage of the remote-control behavior; b) Before the user purchases and uses the product, a method to prohibit remote control shall be provided. The user shall be informed of the missing features of the product after the remote control is prohibited; c) The user's product can be controlled remotely only after the user's expressed consent. Display prompt information when remotely controlling the user's product; d) The remote control activities shall be used only for the purpose and use agreed by the user. Strictly limit the frequency of remote control activities and the range of product systems involved; e) No hidden interface shall be set in the product. Components that can disable or bypass security mechanisms shall not be loaded; f) There shall be no unspecified functional modules in the product; g) Users shall be informed to test or maintain the interface. Provide users with a way to close the test or maintain the interface; h) Necessary technical and management measures shall be taken to ensure the safety of the remote control process. Provide security features that can only be accessed using a specific account within a limited time window; i) Record all input and output data of remote control. Log the remote control activities implemented for future audits; j) It shall provide detection and verification methods for remote control of user products and data interaction between products and suppliers. If encryption technology is used, information such as encryption algorithm shall be provided during the inspection and verification of the third-party organization. The port and protocol used by the third-party organization shall be notified. 4.4 Other behavioral safety guidelines The supplier: ......

Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GB/T 32921-2016 be delivered?Answer: The full copy PDF of English version of GB/T 32921-2016 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 32921-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 32921-2016_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 32921-2016 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 32921-2016?

A step-by-step guide to download PDF of GB/T 32921-2016_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 32921-2016".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9