GB/T 36958-2018 PDF EnglishUS$370.00 · In stock · Download in 9 seconds
GB/T 36958-2018: Information security technology - Technical requirements of security management center for classified protection of cybersecurity Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGB/T 36958-2018: Information security technology - Technical requirements of security management center for classified protection of cybersecurity---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT36958-2018 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Technical requirements of security management center for classified protection of cybersecurity Issued on. DECEMBER 28, 2018 Implemented on. JULY 01, 2019 Issued by. State Administration for Market Regulation; Standardization Administration of PRC. Table of ContentsForeword... 3 Introduction... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions... 5 4 Abbreviations... 6 5 Overview of security management center... 6 6 Technical requirements for the second-level security management center... 9 7 Technical requirements for the third-level security management center... 17 8 Technical requirements for the fourth-level security management center... 29 9 Technical requirements for fifth-level security management center... 44 10 Technical requirements for security management center of cross-grading system... 44 Appendix A (Normative) Correspondence between security management center and cybersecurity classified protection object’s level... 46 Appendix B (Normative) Classification of technical requirements of security management center... 47 Appendix C (Informative) Normalized security event attributes... 49ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This standard was proposed by and shall be under the jurisdiction of the National Information Security Standardization Technical Committee (SAC/TC 260). Drafting organizations of this standard. The 15th Research Institute of China Electronics Technology Group Corporation (Information Industry Information Security Evaluation Center), the Third Research Institute of the Ministry of Public Security, the First Research Institute of the Ministry of Public Security, Wangshen Information Technology (Beijing) Co., Ltd. The main drafters of this standard. Huo Shanshan, Ren Weihong, Liu Jian, Zhang Yi, Dong Jingjing, Liu Kaiming, Zheng Guogang, Tao Yuan, Chen Guangyong, Li Qiuxiang, Lu Qing, Wang Gang.1 ScopeThis standard specifies the technical requirements for the cybersecurity classified protection for security management center. This standard is applicable to guide security manufacturers and operating & using organizations to design, construct and operate security management centers in accordance with the requirements of this standard.2 Normative referencesThe following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 5271.8 Information technology - Vocabulary - Part 8.Security GB 17859-1999 Computer information system -- Criteria for classifying security protection level GB/T 25069 Information security technology - Glossary GB/T 25070 Information security technology - Technical requirements of security design for information system classified protection3 Terms and definitionsThe terms and definitions as defined in GB 17859-1999, GB/T 5271.8, GB/T 25069, GB/T 25070 as well as the following terms and definitions apply to this document. 3.1 Data acquisition interface An interface that collects security events, vulnerabilities, related configuration and status information on monitoring objects such as host operating systems, database systems, network devices, security devices in the network environment.4 AbbreviationsThe following abbreviations apply to this document. CPU. Central Processing Unit CVE. Common Vulnerabilities & Exposures DDoS. Distributed Denial of Service5 Overview of security management center5.1 General description The security management center, as a system platform for unified management of the security policies of the cybersecurity classified protection objects and the security mechanism of the secure computing environment, the security area boundary and the secure communication network, realizes unified management, unified monitoring, unified audit, comprehensive analysis, collaborative protection. 5.2 Function description System management mainly uses administrators to configure, control and manage system resources and operations, including user identity management, system resource configuration, system loading and startup, abnormal handling of system operation, support for managing local and remote disaster backup and recovery.6 Technical requirements for the second-level security management center6.1 Functional requirements 6.1.1 System management requirements 6.1.1.2 Data protection 6.1.1.2.1 Data confidentiality Data confidentiality shall meet the following requirements. 6.1.1.2.2 Data integrity Data integrity shall meet the following requirements. 6.1.1.2.3 Data backup and recovery Data backup and recovery shall meet the following requirements. 6.1.1.3 Security incident management 6.1.1.3.2 Security event alarm Security event alarms shall have an alarm function, which can generate alarms based on preset thresholds when abnormalities are found. 6.1.1.3.3 Security incident response Security incident response shall meet the following requirements. 6.1.1.4 Risk management 6.1.1.4.1 Asset management Asset management shall meet the following requirements. 6.1.1.4.2 Threat management Threat management shall meet the following requirements. 6.1.1.4.3 Vulnerability management Vulnerability management shall allow the creation and maintenance of asset vulnerability lists; support the merging and updating of vulnerability lists. 6.2 Interface requirements 6.2.1 Third-party plug-in/agent interface protocol requirements The security management center shall support conventional interfaces such as SNMP Trap, Syslog, Web Service, customized interfaces, third-party plug-in or agent interfaces, to implement data exchange between components and third- party platforms. 6.3 Self-security requirements 6.3.1 Identity authentication The administrator identity authentication of the security management center console shall meet the following requirements. 6.3.2 Access control The access control of the security management center console shall meet the following requirements. 6.3.3 Security audit The security audit of the security management center console shall meet the following requirements. 6.3.4 Software fault tolerance The software fault tolerance of the security management center console shall provide the data validity check function, to ensure that the data format or length input through the man-machine interface or through the interface meets the system setting requirements. 6.3.7 Data security The data security of the security management center console shall meet the following requirements.7 Technical requirements for the third-level security management center7.1 Functional requirements 7.1.1 System management requirements 7.1.1.2 Data protection 7.1.1.2.1 Data confidentiality Data confidentiality shall meet the following requirements. 7.1.1.2.2 Data integrity Data integrity shall meet the following requirements. 7.1.1.2.3 Data backup and recovery Data backup and recovery shall meet the following requirements. 7.1.1.2.4 Remaining information protection The remaining information protection shall ensure that the storage space where the identification information of the subject and object is located is completely cleared before being released or redistributed to other subjects, regardless of whether the information is stored on the hard disk or in the memory. 7.1.1.3 Security event management 7.1.1.3.2 Security event alarm Security event alarms shall meet the following requirements. 7.1.1.3.4 Event correlation analysis Event correlation analysis shall meet the following requirements. 7.1.1.3.5 Statistical analysis report The statistical analysis report shall meet the following requirements. 7.1.1.4 Risk management 7.1.1.4.1 Asset management Asset management shall meet the following requirements. 7.1.1.4.2 Asset business value assessment Asset business value evaluation shall support custom asset business value evaluation models, which can form asset business value levels based on parameters such as asset type, asset importance, impact after damage, scope involved. 7.1.1.5 Resource monitoring 7.1.1.5.1 Availability monitoring Availability monitoring shall meet the following requirements. 7.2 Interface requirements 7.3 Self-security requirements 7.3.1 Identity authentication The administrator identity authentication of the security management center console shall meet the following requirements.8 Technical requirements for the fourth-level security management center8.1 Functional requirements 8.1.1 System management requirements 8.1.2.3 Equipment policy management 8.1.2.3.1 Security configuration policy Equipment management shall meet the following requirements. 8.1.2.3.2 Intrusion prevention Intrusion prevention shall meet the following requirements. 8.1.2.3.3 Malicious code prevention Malware prevention shall meet the following requirements. 8.1.2.4 Password guarantee Password guarantee shall provide guarantee for the correctness, compliance and effectiveness of the cryptographic technology, products, services of the managed objects. In the IoT system platform, the security administrator shall conduct unified management of the keys used in the system, including the generation, distribution, update, storage, backup, destruction of the keys; meanwhile take necessary measures to ensure the security of the keys. 8.1.3 Audit management requirements 8.2 Interface requirements 8.2.1 Third-party plug-in/agent interface protocol requirements The interface protocol requirements shall meet the following requirements. 8.2.2 Interface security requirements Interface security requirements shall meet the following requirements. 8.3 Self-security requirements 8.3.1 Identity authentication The administrator’s identity authentication of the security management center console shall meet the following requirements. 8.3.7 Resource control The resource control of the security management center console shall meet the following requirements. 8.3.8 Intrusion prevention The intrusion prevention of the security management center console shall meet the following requirements. 8.3.9 Data security The data security of the security management center console shall meet the following requirements.9 Technical requirements for fifth-level security management centerThe technical requirements for the fifth-level security management center shall be formulated separately. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB/T 36958-2018 be delivered?Answer: The full copy PDF of English version of GB/T 36958-2018 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB/T 36958-2018_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 36958-2018_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 36958-2018 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GB/T 36958-2018?A step-by-step guide to download PDF of GB/T 36958-2018_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB/T 36958-2018". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
