PayPal, credit cards. Download editable-PDF & invoice In 1 second!
GA/T 1393-2017 English PDF (GAT1393-2017)
GA/T 1393-2017 English PDF (GAT1393-2017)
Precio habitual
$210.00 USD
Precio habitual
Precio de oferta
$210.00 USD
Precio unitario
/
por
Los gastos de envío se calculan en la pantalla de pago.
No se pudo cargar la disponibilidad de retiro
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GA/T 1393-2017
Historical versions: GA/T 1393-2017
Preview True-PDF (Reload/Scroll if blank)
GA/T 1393-2017: Information security technology--Security technical requirements for computer security reinforcement systems
GA/T 1393-2017
GA
PUBLIC SECURITY STANDARD OF
THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.240
A 90
Information security technology - Security technical
requirements for computer security reinforcement
systems
ISSUED ON: APRIL 19, 2017
IMPLEMENTED ON: APRIL 19, 2017
Issued by: The Ministry of Public Security of the People’s Republic of
China
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Description of computer security reinforcement systems ... 4
5 General description ... 5
6 Security function requirements ... 6
7 Security assurance requirements ... 10
8 Classification requirements ... 15
Information security technology - Security technical
requirements for computer security reinforcement
systems
1 Scope
This Standard specifies the security function requirements, security assurance
requirements and classification requirements for computer security
reinforcement systems.
This Standard applies to the design, development and testing of computer
security reinforcement systems.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 18336.3-2015, Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance components
GB/T 25069-2010, Information security technology glossary
3 Terms and definitions
Terms and definitions determined by GB/T 18336.3-2015 and GB/T 25069-
2010 are applicable to this document.
4 Description of computer security reinforcement
systems
The computer security reinforcement system is based on the general operating
system. It enhances the security functions of the operating system by marking
the host and object of the operating system, adding mandatory access control,
integrity protection and other technical means, to make up for the security of
the general-purpose operating system, and to improve the security protection
capabilities of the operating system.
development, guidance documents, life cycle support, test, vulnerability
assessment.
5.2 Security grade
According to the strength of the security function requirements of the computer
security reinforcement systems and GB/T 18336.3-2015, divide the security
grade of the computer security reinforcement systems. The security grade is
divided into basic grade and enhanced grade. The strength of security functions
and the level of security assurance requirements are the specific basis for
gradation; the security grade highlights the security feature.
6 Security function requirements
6.1 Authentication
The product's reinforcement requirements for the operating system's identity
authentication function shall meet:
a) The operating system user identification shall use the user name and user
identification (UID), and achieve the unique identification of the user
throughout the life cycle of the operating system, and the consistency
between the user name, UID, etc.;
b) For operating system users, use enhanced password management and/or
token-based dynamic passwords and/or biometric authentication and/or
digital certificates for identity authentication;
c) For operating system users, use the two-factor authentication technology
in 6.1b) to authenticate users.
6.2 Security identification
The product's reinforcement requirements for the operating system security
identification shall meet:
a) Set sensitivity labels on subjects and objects within the control range of
operating system security functions;
b) When information is input from outside the control range of the operating
system to the control range, its sensitivity label shall be marked by a label;
c) Set sensitivity labels on all subjects and objects of the operating system;
d) When information is input from within the control range of the operating
system to outside the control range, the sensitivity label of the data shall
be clearly marked.
e) Provide functions such as termination of illegal processes, simple attack
detection, and measures to prevent audit data loss;
f) Audit records include the date, time, type, subject identification, object
identification and results of the event.
6.5 Integrity protection
The product's reinforcement requirements for the operating system integrity
protection shall meet:
a) Be able to set integrity labels for subjects and objects within the control
range of operating system security functions; establish integrity protection
strategy models; protect the integrity of important files during storage,
transmission and processing;
b) Have measures to recover after detecting that the integrity has been
damaged;
c) Ensure that low-integrity data cannot be inserted or overwritten to high-
integrity data;
d) Ensure that the level of data integrity is not reduced during processing;
e) Establish a semi-formal integrity security policy model.
6.6 Remaining information protection
The product's reinforcement requirements for the operating system remaining
information protection shall meet:
a) Ensure that the storage space where the authentication information of
operating system users is located is completely cleared before being
released or redistributed to other users, regardless of whether the
information is stored on the hard disk or in the memory;
b) Ensure that the storage space where resources such as files and
directories in the system are located is completely cleared before being
released or reallocated to other users.
6.7 Administrator security management
6.7.1 Initialization of administrator properties
The product shall provide the ability to initialize the attributes of the authorized
administrator.
6.7.2 The unique identifier of the administrator
It shall protect the data that is transmitted through the network between product
components, so as to prevent unauthorized access.
6.9 Audit log management
The product shall provide the following functions to manage audit logs:
a) Perform a combined query of audit logs according to date, time, user
identification, application resource identification and other conditions;
b) There are certain measures to prevent the loss of audit logs;
c) Back up the audit log and clear it after backup.
7 Security assurance requirements
7.1 Development
7.1.1 Security architecture
The developer shall provide a description of the security architecture of the
product security functions; the description of the security architecture shall meet
the following requirements:
a) Be consistent with the grade of abstract description of the security function
that is implemented in the product design document;
b) Describe the security domain of the product security function that is
consistent with the security function requirements;
c) Describe why the product security function initialization process is secure;
d) Verify that the product security function can prevent damage;
e) Verify that the product security function can prevent the security feature
from being bypassed.
7.1.2 Functional specification
The developer shall provide a complete functional specification; the functional
specification shall meet the following requirements:
a) Fully describe the security funct...
Get QUOTATION in 1-minute: Click GA/T 1393-2017
Historical versions: GA/T 1393-2017
Preview True-PDF (Reload/Scroll if blank)
GA/T 1393-2017: Information security technology--Security technical requirements for computer security reinforcement systems
GA/T 1393-2017
GA
PUBLIC SECURITY STANDARD OF
THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.240
A 90
Information security technology - Security technical
requirements for computer security reinforcement
systems
ISSUED ON: APRIL 19, 2017
IMPLEMENTED ON: APRIL 19, 2017
Issued by: The Ministry of Public Security of the People’s Republic of
China
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Description of computer security reinforcement systems ... 4
5 General description ... 5
6 Security function requirements ... 6
7 Security assurance requirements ... 10
8 Classification requirements ... 15
Information security technology - Security technical
requirements for computer security reinforcement
systems
1 Scope
This Standard specifies the security function requirements, security assurance
requirements and classification requirements for computer security
reinforcement systems.
This Standard applies to the design, development and testing of computer
security reinforcement systems.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 18336.3-2015, Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance components
GB/T 25069-2010, Information security technology glossary
3 Terms and definitions
Terms and definitions determined by GB/T 18336.3-2015 and GB/T 25069-
2010 are applicable to this document.
4 Description of computer security reinforcement
systems
The computer security reinforcement system is based on the general operating
system. It enhances the security functions of the operating system by marking
the host and object of the operating system, adding mandatory access control,
integrity protection and other technical means, to make up for the security of
the general-purpose operating system, and to improve the security protection
capabilities of the operating system.
development, guidance documents, life cycle support, test, vulnerability
assessment.
5.2 Security grade
According to the strength of the security function requirements of the computer
security reinforcement systems and GB/T 18336.3-2015, divide the security
grade of the computer security reinforcement systems. The security grade is
divided into basic grade and enhanced grade. The strength of security functions
and the level of security assurance requirements are the specific basis for
gradation; the security grade highlights the security feature.
6 Security function requirements
6.1 Authentication
The product's reinforcement requirements for the operating system's identity
authentication function shall meet:
a) The operating system user identification shall use the user name and user
identification (UID), and achieve the unique identification of the user
throughout the life cycle of the operating system, and the consistency
between the user name, UID, etc.;
b) For operating system users, use enhanced password management and/or
token-based dynamic passwords and/or biometric authentication and/or
digital certificates for identity authentication;
c) For operating system users, use the two-factor authentication technology
in 6.1b) to authenticate users.
6.2 Security identification
The product's reinforcement requirements for the operating system security
identification shall meet:
a) Set sensitivity labels on subjects and objects within the control range of
operating system security functions;
b) When information is input from outside the control range of the operating
system to the control range, its sensitivity label shall be marked by a label;
c) Set sensitivity labels on all subjects and objects of the operating system;
d) When information is input from within the control range of the operating
system to outside the control range, the sensitivity label of the data shall
be clearly marked.
e) Provide functions such as termination of illegal processes, simple attack
detection, and measures to prevent audit data loss;
f) Audit records include the date, time, type, subject identification, object
identification and results of the event.
6.5 Integrity protection
The product's reinforcement requirements for the operating system integrity
protection shall meet:
a) Be able to set integrity labels for subjects and objects within the control
range of operating system security functions; establish integrity protection
strategy models; protect the integrity of important files during storage,
transmission and processing;
b) Have measures to recover after detecting that the integrity has been
damaged;
c) Ensure that low-integrity data cannot be inserted or overwritten to high-
integrity data;
d) Ensure that the level of data integrity is not reduced during processing;
e) Establish a semi-formal integrity security policy model.
6.6 Remaining information protection
The product's reinforcement requirements for the operating system remaining
information protection shall meet:
a) Ensure that the storage space where the authentication information of
operating system users is located is completely cleared before being
released or redistributed to other users, regardless of whether the
information is stored on the hard disk or in the memory;
b) Ensure that the storage space where resources such as files and
directories in the system are located is completely cleared before being
released or reallocated to other users.
6.7 Administrator security management
6.7.1 Initialization of administrator properties
The product shall provide the ability to initialize the attributes of the authorized
administrator.
6.7.2 The unique identifier of the administrator
It shall protect the data that is transmitted through the network between product
components, so as to prevent unauthorized access.
6.9 Audit log management
The product shall provide the following functions to manage audit logs:
a) Perform a combined query of audit logs according to date, time, user
identification, application resource identification and other conditions;
b) There are certain measures to prevent the loss of audit logs;
c) Back up the audit log and clear it after backup.
7 Security assurance requirements
7.1 Development
7.1.1 Security architecture
The developer shall provide a description of the security architecture of the
product security functions; the description of the security architecture shall meet
the following requirements:
a) Be consistent with the grade of abstract description of the security function
that is implemented in the product design document;
b) Describe the security domain of the product security function that is
consistent with the security function requirements;
c) Describe why the product security function initialization process is secure;
d) Verify that the product security function can prevent damage;
e) Verify that the product security function can prevent the security feature
from being bypassed.
7.1.2 Functional specification
The developer shall provide a complete functional specification; the functional
specification shall meet the following requirements:
a) Fully describe the security funct...
Share
