GB/T 20274.1-2023 PDF English
Price & Delivery
US$185.00 · In stock · Download in 9 secondsGB/T 20274.1-2023: Information security technology - Evaluation framework for information systems security assurance - Part 1: Introduction and general model
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
GB/T 20274.1: Historical versions
| Standard ID | USD | BUY PDF | Delivery | Standard Title (Description) | Status |
| GB/T 20274.1-2023 | 185 | Add to Cart | Auto, 9 seconds. | Information security technology - Evaluation framework for information systems security assurance - Part 1: Introduction and general model | Valid |
| GB/T 20274.1-2006 | 145 | Add to Cart | Auto, 9 seconds. | Information security technology -- Evaluation framework for information systems security assurance -- Part 1: Introduction and general model | Obsolete |
Click to Preview this PDF
Similar standards
GB/T 20274.1-2023: Information security technology - Evaluation framework for information systems security assurance - Part 1: Introduction and general model
---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20274.1-2023
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.030 CCS L 80 Replacing GB/T 20274.1-2006 Information Security Technology - Evaluation Framework for Information Systems Security Assurance - Part 1. Introduction and General Model Issued on. MARCH 17, 2023 Implemented on. OCTOBER 1, 2023 Issued by. State Administration for Market Regulation; Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword... 3 Introduction... 6 1 Scope... 7 2 Normative References... 7 3 Terms and Definitions... 7 4 Overview... 8 5 Information System Security Assurance Model and Level... 9 5.1 Concept of Assurance... 9 5.2 Assurance Model... 10 5.3 Assurance Capability Level... 11 6 Information System Security Assurance Elements... 12 6.1 Structure of Information System Security Assurance Elements... 12 6.2 Generation of Information System Security Assurance Elements... 14 7 Evaluation Framework for Information System Security Assurance... 17 7.1 Concept and Relations of Evaluation of Information System Security Assurance... 17 7.2 Evaluation Content of Information System Security Assurance... 18 7.3 Judgment of Information System Security Assurance Evaluation... 20 Bibliography... 221 Scope
This document provides the basic concept and model of information system security assurance, and proposes the evaluation framework for information system security assurance. This document is applicable to guide system builders, operators, service providers and evaluators in carrying out information system security assurance work.2 Normative References
The contents of the following documents constitute indispensable clauses of this document through the normative references in the text. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 18336.1-2015 Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 1.Introduction and General Model GB/T 25069-2022 Information Security Techniques - Terminology3 Terms and Definitions
What is defined in GB/T 25069-2022 and GB/T 18336.1-2015, and the following terms and definitions are applicable to this document. 3.1 information system Information system refers to a combination of applications, services, information technology assets or other information processing components. 3.2 information system security assurance Information system security assurance refers to a series of appropriate behaviors or processes that guarantee the security attributes, functions and efficiency of information system.4 Overview
The relevant parties related to the evaluation of information system security assurance generally include information system builders, information system operators, service providers and evaluators, etc.5 Information System Security Assurance Model and Level
5.1 Concept of Assurance Information system operates in a specific real environment. It belongs to a certain organization, and is constrained by the internal and external environment of the organization. Hence, in addition to putting forward corresponding requirements on the basis of thoroughly analyzing the technology, business and management characteristics of the information system itself, the security assurance of information system must also consider the requirements arising from these constraint conditions. 5.3 Assurance Capability Level The information system security assurance capability level includes elements of two dimensions. The first dimension is information system security assurance elements (including technical assurance requirements, management assurance requirements and engineering assurance requirements) selected based on risk evaluation. The identification of these security assurance elements, which is carried out throughout the life cycle process, can reduce the risk to an acceptable level (that is, the adequacy of assurance countermeasures).6 Information System Security Assurance Elements
6.1 Structure of Information System Security Assurance Elements In accordance with the differences of the fields of security techniques, security management and security engineering, the security assurance elements are divided into security technical assurance requirements, security management assurance requirements and security engineering assurance requirements. The security assurance elements adopt a hierarchical structure of “class - subclass - component”. Users shall select specific security assurance requirements based on the results of risk evaluation. The relations between different structures of the security assurance elements are shown in Figure 3. 6.2 Generation of Information System Security Assurance Elements 6.2.1 Generation process of security assurance elements Figure 4 provides an example of a method for confirming the information system security assurance elements, through which, security assurance elements can be derived. The example provided does not limit the specific analysis process, development method and evaluation system of generating the information system security assurance elements. 6.2.5 Confirmation of security assurance elements The security assurance elements of the information system are to subdivide the security assurance goals into a series of security assurance requirements of the information system and its environment. Once these requirements are satisfied, it can be guaranteed that the information system can achieve its security assurance goals.7 Evaluation Framework for Information System Security Assurance
7.1 Concept and Relations of Evaluation of Information System Security Assurance The evaluation of information system security assurance is to conduct an objective evaluation of the specific work and activities of information system security assurance in the operating environment where the information system is located. 7.2 Evaluation Content of Information System Security Assurance In the information system security assurance model, the life cycle level and the security assurance element level of the information system are not isolated from each other, but interrelated and inseparable. Their relations are shown in Figure 6. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
