GB/T 36627-2018 PDF EnglishUS$255.00 · In stock · Download in 9 seconds
GB/T 36627-2018: Information security technology - Testing and evaluation technical guide for classified cybersecurity protection Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGB/T 36627-2018: Information security technology - Testing and evaluation technical guide for classified cybersecurity protection---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT36627-2018 NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Testing and evaluation technical guide for classified cybersecurity protection Issued on. SEPTEMBER 17, 2018 Implemented on. APRIL 01, 2019 Issued by. State Administration for Market Regulation; Standardization Administration of the People's Republic of China. Table of ContentsForeword... 3 Introduction... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions, abbreviations... 5 4 General... 7 5 Requirements for classified testing and evaluation... 8 Annex A (informative) Activities after testing and evaluation... 17 Annex B (informative) Description on relevant concept of penetration test... 19 Bibliography... 25ForewordThis Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of National Technical Committee on Information Security of Standardization Administration of China (SAC/TC 260). The drafting organizations of this Standard. Third Institute of Ministry of Public Security, China Information Security Research Institute Co., Ltd., Shanghai Information Security Evaluation and Certification Center, China Electronics Technology Standardization Institute, China Information Security Certification Center. Main drafters of this Standard. Zhang Yan, Lu Zhen, Yang Chen, Gu Jian, Xu Qing, Shen Liang, Yu You, Zhang Xiaoxiao, Xu Yuna, Jin Mingyan, Gao Zhixin, Zou Chunming, Chen Yan, Hu Yalan, Zhao Ge, Bi Qiang, He Yongliang, Li Chen, Sheng Luyi.1 ScopeThis Standard provides classifications and definitions of relevant testing and evaluation technology in testing and evaluation for classified cybersecurity protection (hereinafter referred to as “classified testing and evaluation”). It proposes key elements, principle of technical testing and evaluation and makes recommendations for analysis and application of testing and evaluation results. This Standard is applicable to classified testing and evaluation that is performed by testing and evaluation authority to classified cybersecurity protection target (hereinafter referred to as “classified protection target”). It is also applicable to security evaluation on classified security protection that is performed by supervising department and operation using authority of classified protection target to classified protection target.2 Normative referencesThe following referenced files are indispensable for the application of this file. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced file (including any amendments) applies. GB 17859-1999, Classified criteria for security protection of computer information system GB/T 25069-2010, Information security technology - Glossary3 Terms and definitions, abbreviations3.1 Terms and definitions Terms and definitions defined in GB 17859-1999 and GB/T 25069-2010 as well as the followings apply to this file. 3.2 Abbreviations The following abbreviations apply to this file. CNVD. China National Vulnerability Database4 General4.1 Technical classification Testing and evaluation technology that can be used to classified testing and evaluation can be divided into the following three categories. 4.2 Selection of technology When selecting and determining technology method that is used for classified testing and evaluation activities, the factors that shall be considered mainly include but not limited to target of testing and evaluation, applicability of testing and evaluation technology, security risk that might be introduced by testing and evaluation technology to target of testing and evaluation, so as to select a suitable technology method.5 Requirements for classified testing and evaluation5.1 Check technology 5.1.1 File check Main function of file check is based on files that are provided by operation authority of classified protection target, to evaluate technical accuracy and integrity of file policy and procedures. When performing file check, the following 5.1.2 Log check Main function of log check is to verify whether security control measures record appropriate information such as information system of target of testing and evaluation, use of equipment and devices, history record of configuration and modification, whether operation using authority of classified protection target adhere to log management policy. 5.1.3 Rule set check Main function of rule set check is to discover vulnerability of security control measures based on rule set. Check targets include access control list, policy set of network equipment, security equipment, database, operating system and application system. Level-three and above protection targets shall also include mandatory access control mechanism. When performing rule set check, it shall consider the following evaluation key elements and evaluation principles. 5.2.2 Network port and service identification Main function of network port and service identification is to identify open port, relevant service and application program on active device. When performing network port and service identification, it shall consider the following evaluation key elements and evaluation principles. 5.2.3 Vulnerability scanning Main function of vulnerability scanning is to identify known vulnerability of host and open port, to provide suggestion so as to reduce vulnerability risk. At the same time, it helps to identify outdated software version, missing patches and misconfiguration. Verify compliance with organizational security policy. When performing vulnerability scanning, it shall consider the following evaluation key elements and evaluation principles. 5.2.4 Wireless scanning Main function of wireless scanning is to identify situation where there is no physical connection (such as a network cable or peripheral cable) in testing environment to make one or more devices communicate, help organization assesses and analyzes security risks that wireless technology poses for scanning target. 5.3.3 Remote access test Main function of remote access test is to evaluate vulnerabilities in remote access method to discover unauthorized access method. When performing remote access test, it shall consider the following evaluation key elements and evaluation principles. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB/T 36627-2018 be delivered?Answer: The full copy PDF of English version of GB/T 36627-2018 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB/T 36627-2018_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 36627-2018_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 36627-2018 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GB/T 36627-2018?A step-by-step guide to download PDF of GB/T 36627-2018_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB/T 36627-2018". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
