Standard Briefing:Stadard ID: GB/T 20278-2022
Stadard Title: Information security technology - Security technical requirements and testing assessment approaches for network vulnerability scanners
Price (USD): 1239
Lead day (Deliver True-PDF English version): 8 days [Need to translate]
Status: ValidEvolution and Historical Versions:
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 20278-2022 | English | 1239 |
Add to Cart
|
8 days [Need to translate]
|
Information security technology - Security technical requirements and testing assessment approaches for network vulnerability scanners
| Valid |
GB/T 20278-2022
|
| GB/T 20278-2013 | English | 125 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Information security technology -- Security technical requirements for network vulnerability scanners
| Obsolete |
GB/T 20278-2013
|
| GB/T 20278-2006 | English | 919 |
Add to Cart
|
6 days [Need to translate]
|
The technical requirements of the information security technology for network vulnerability scanning products
| Obsolete |
GB/T 20278-2006
|
PDF Samples:
Basic Data: | Standard ID | GB/T 20278-2022 (GB/T20278-2022) | | Description (Translated English) | | | Sector / Industry | National Standard (Recommended) | Contents, Scope, and Excerpt:GB/T 20278-2022
Information security technology - Security technical requirements and testing assessment approaches for network vulnerability scanners
ICS 35.030
CCSL80
National Standards of People's Republic of China
Replacing GB/T 20278-2013, GB/T 20280-2006
Information Security Technology Network Vulnerability Scanning Products
Safety technical requirements and test evaluation methods
Published on 2022-03-09
2022-10-01 Implementation
State Administration for Market Regulation
Released by the National Standardization Administration
directory
Preface I
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 1
5 Network Vulnerability Scanning Product Description 2
6 Safety technical requirements 2
6.1 Overview 2
6.2 Basic level security requirements5
6.3 Enhanced security requirements 11
7 Test evaluation methods 20
7.1 Test Environment 20
7.2 Test tools 20
7.3 Basic level test evaluation method 21
7.4 Enhanced test evaluation method 36
Reference 59
foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents"
drafted.
This document replaces GB/T 20278-2013 "Information Security Technology Network Vulnerability Scanning Product Security Technical Requirements" and
GB/T 20280-2006 "Information Security Technology Network Vulnerability Scanning Product Testing and Evaluation Method", which is related to GB/T 20278-2013
In addition to structural adjustments and editorial changes, the main technical changes are as follows.
a) Added the content of "Network Vulnerability Scanning Product Description" (see Chapter 5);
b) Added the requirement of "scanning message identification" (see 6.2.1.5.3 and 6.3.1.5.3);
c) Added the requirement of "concurrent scanning" (see 6.2.1.7 and 6.3.1.7);
d) Added the requirement of "support system safety" (see 6.2.2.4 and 6.3.2.5);
e) Added the requirement of "communication confidentiality" (see 6.3.2.4);
f) Added the content of "Environmental adaptability requirements (if applicable)", which mainly clarifies the product's ability to support IPv6, including
Including scanning ability to support pure IPv6 network environment, self-management ability in IPv6 network environment and requirements of dual protocol stack
(see 6.2.3 and 6.3.3);
g) Added the content of "Test Evaluation Method" (see Chapter 7);
h) removed the requirement of "scanning IP address restrictions" (see 8.1.8 of the.2013 edition);
i) The requirement of "Ease of Use" was deleted (see 8.2.2.2 of the.2013 edition);
j) Revised "Content of Vulnerability Scanning", and rearranged the 15 scanning requirements required in the original standard into 5 types of scanning requirements (see
6.2.1.2 and 6.3.1.2, 7.1.2 of the.2013 edition), in the enhanced level, the target object of cloud environment and industrial control equipment is also proposed.
scanning requirements (see 6.3.1.2.6 and 6.3.1.2.7);
k) Modify the "safety assurance requirements" at all levels to "safety assurance requirements" (see 6.2.4 and 6.3.4, 7.3 and 8.3 of the.2013 edition).
Please note that some content of this document may be patented. The issuing agency of this document assumes no responsibility for identifying patents.
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This document is drafted by. The Third Research Institute of the Ministry of Public Security, Beijing Shenzhou Lvmeng Technology Co., Ltd., Netsun Information Technology (Beijing) Co., Ltd.
Company, Beijing Tianrongxin Network Security Technology Co., Ltd., Qixingchen Information Technology Group Co., Ltd., Shanghai International Technology and Trade Co., Ltd.
Co., Ltd., China Network Security Review Technology and Certification Center, Xi'an Jiaotong University Jabil Network Technology Co., Ltd., Beijing Zhongke Wangwei Information Technology
Co., Ltd., Shanghai Information Security Evaluation and Certification Center, Computer and Microelectronics Development Research Center of the Ministry of Industry and Information Technology (China Software Review
Testing Center), New H3C Technology Co., Ltd., China Electronics Technology Group Corporation 15th Research Institute (Information Industry Information Security Evaluation Center), National
National Industrial Information Security Development Research Center, Shaanxi Provincial Network and Information Security Evaluation Center, State Grid Xinjiang Electric Power Co., Ltd. Electric Power Research
Institute of Information Engineering, Chinese Academy of Sciences, Information and Communication Research Institute of China Electric Power Research Institute Co., Ltd., China Academy of Information and Communication Technology,
Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd., Beijing Tonghe Beneficial Telecommunications Science and Technology Research Institute Co., Ltd., Shanghai Douxiangxin
Information Technology Co., Ltd., Shenzhen Liansoft Technology Co., Ltd., Beijing Zhichuangyu Information Technology Co., Ltd.
The main drafters of this document. Gu Jianxin, Song Haohao, Lu Zhen, Gu Jian, Shen Liang, Yin Hang, Chen Xinyu, Xiong Yi, Qin Lan, Cao Ning, Shen Yongbo,
He Jianfeng, Song Wei, Xu Tonghai, Guo Yongzhen, Yang Hongqi, Liu Jian, Liu Zhiyao, Ju Tengfei, Li Mingxuan, Chen Jia, Yan Zhaoteng, Yan Minhui, Xu Zixian,
Yu Zhongchen, Wen Lei, Xie Chen, Hou Jun, and Cui Zhao.
The previous versions of this document and its superseded documents are as follows.
---First published in.2006 as GB/T 20278-2006, first revised in.2013;
---This is the second revision, incorporating GB/T 20280-2006 "Information Security Technology Network Vulnerability Scanning Product Test Evaluation"
Price Method".
Information Security Technology Network Vulnerability Scanning Products
Safety technical requirements and test evaluation methods
ScopeThis document specifies the security technical requirements and testing and evaluation methods for network vulnerability scanning products.
This document applies to the design, development and testing of vulnerability scanning products.
Normative ReferencesThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations
documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to
this document.
GB/T 25069 Information Security Technical Terminology
Terms and DefinitionsThe terms and definitions defined in GB/T 25069 and the following apply to this document.
3.1
scan scan
The process of using technical tools to detect the target system and find the security weaknesses in the target system.
3.2
Remotely detect the security weaknesses of the target system through the network, check and analyze their security vulnerabilities, so as to find out the possible exploits of intruders.
The security weaknesses used, and some preventive and remedial measures are proposed.
3.3
flag banner
A piece of information sent by an application.
Note. Usually includes information such as welcome words, application name and version.
3.4
supporting system
The operating system that supports the network vulnerability scanning device running.
4 Abbreviations
The following abbreviations apply to this document.
|