1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 20271-2006 English PDF (GBT20271-2006)
GB/T 20271-2006 English PDF (GBT20271-2006)
Regular price
$145.00 USD
Regular price
Sale price
$145.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 20271-2006
Historical versions: GB/T 20271-2006
Preview True-PDF (Reload/Scroll if blank)
GB/T 20271-2006: Information security technology -- Common security techniques requirement for information system
GB/T 20271-2006
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology –
Common Security Techniques Requirement for
Information System
ISSUED ON. MAY 31, 2006
IMPLEMENTED ON. DECEMBER 1, 2006
Issued by.
General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Table of Contents
1 Scope ... 14
2 Normative References ... 14
3 Terms, Definitions and Abbreviations ... 14
3.1 Terms and Definitions ... 14
3.2 Abbreviations ... 20
4 Technical Requirements for Security Function ... 21
4.1 Physical Security ... 21
4.1.1 Environmental Security ... 21
4.1.1.1 Security protection for central machine room ... 21
4.1.1.1.1 Site selection for machine room ... 21
4.1.1.1.3 Fire protection for machine room ... 22
4.1.1.1.4 Power supply and distribution of machine room ... 23
4.1.1.1.5 Air conditioning and cooling of machine room ... 24
4.1.1.1.6 Waterproofing and moisture proofing for machine room ... 24
4.1.1.1.7 Static protection for machine room ... 25
4.1.1.1.8 Earthing and lightning protection for machine room ... 26
4.1.1.1.9 Electromagnetic protection for machine room ... 26
4.1.1.2 Security protection for communication line ... 27
4.1.2 Equipment Security ... 27
4.1.2.1 Burglary prevention and crash protection for equipment ... 27
4.1.2.2 Security and availability of equipment ... 28
4.1.3 Record Medium Security ... 28
4.2 Operation Security ... 29
4.2.1 Risk Analysis ... 29
4.2.2 Test and Analysis of Information System Security ... 30
4.2.3 Information System Security Monitoring ... 31
4.2.4 Security Audit ... 31
4.2.4.1 Response of security audit ... 31
4.2.4.2 Generation of security audit data ... 31
4.2.4.3 Security audit analysis ... 32
4.2.4.4 Security audit review ... 33
4.2.4.5 Selection of security audit event ... 33
4.2.4.6 Storage of security audit event ... 33
4.2.4.7 Security audit of network environment ... 34
4.2.5 Security Protection for Information System Boundary ... 34
4.2.6 Backup and Fault Recovery ... 35
4.2.7 Malicious Code Protection ... 36
4.2.8 Emergency Handling of Information System ... 37
4.2.9 Trusted Computing and Trusted Connecting Technology ... 37
4.3 Data Security ... 38
4.3.1 Identity Authentication ... 38
4.3.1.1 User identification and authentication ... 38
4.3.1.1.1 User identification ... 38
4.3.1.1.2 User authentication ... 38
4.3.1.1.3 Authentication failure handling ... 39
4.3.1.2 User-subject binding ... 39
4.3.1.3 Concealing ... 39
4.3.1.4 Equipment identification and authentication ... 40
4.3.1.4.1 Equipment identification ... 40
4.3.1.4.2 Equipment authentication ... 40
4.3.1.4.3 Authentication failure handling ... 40
4.3.2 Non-repudiation ... 40
4.3.2.1 Non-repudiation of origin ... 40
4.3.2.2 Non-repudiation of receipt ... 41
4.3.3 Discretionary Access Control ... 41
4.3.3.1 Access control policy ... 41
4.3.3.2 Access control function ... 42
4.3.3.3 Scope of access control... 42
4.3.3.4 Granularity of access control ... 42
4.3.4 Label ... 43
4.3.4.1 Subject label ... 43
4.3.4.2 Object label ... 43
4.3.4.3 Output of label ... 43
4.3.4.4 Input of label ... 43
4.3.5 Mandatory Access Control ... 44
4.3.5.1 Access control policy ... 44
4.3.5.2 Access control function ... 45
4.3.5.3 Scope of access control... 45
4.3.5.4 Granularity of access control ... 45
4.3.5.5 Access control environment ... 46
4.3.6 Integrity Protection for User Data ... 46
4.3.6.1 Integrity of stored data ... 46
4.3.6.2 Integrity of transported data ... 46
4.3.6.3 Integrity of processed data ... 47
4.3.7 Confidentiality Protection for User Data ... 47
4.3.7.1 Confidentiality protection for stored data ... 47
4.3.7.2 Confidentiality protection for transported data ... 47
4.3.7.3 Secure reusing of object ... 47
4.3.8 Data Flow Control ... 48
4.3.9 Trusted Path ... 48
4.3.10 Password Support ... 48
5 Technical Requirements of Security Assurance... 48
5.1 SSOIS Self-security Protection ... 48
5.1.1 SSF Physical Security Protection ... 48
5.1.1.1 Physical attack test ... 48
5.1.1.2 Automatic report of physical attack ... 48
5.1.1.3 Physical attack resistance ... 48
5.1.2 SSF Operation Security Protection ... 49
5.1.2.1 Security operation test ...
Get QUOTATION in 1-minute: Click GB/T 20271-2006
Historical versions: GB/T 20271-2006
Preview True-PDF (Reload/Scroll if blank)
GB/T 20271-2006: Information security technology -- Common security techniques requirement for information system
GB/T 20271-2006
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology –
Common Security Techniques Requirement for
Information System
ISSUED ON. MAY 31, 2006
IMPLEMENTED ON. DECEMBER 1, 2006
Issued by.
General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Table of Contents
1 Scope ... 14
2 Normative References ... 14
3 Terms, Definitions and Abbreviations ... 14
3.1 Terms and Definitions ... 14
3.2 Abbreviations ... 20
4 Technical Requirements for Security Function ... 21
4.1 Physical Security ... 21
4.1.1 Environmental Security ... 21
4.1.1.1 Security protection for central machine room ... 21
4.1.1.1.1 Site selection for machine room ... 21
4.1.1.1.3 Fire protection for machine room ... 22
4.1.1.1.4 Power supply and distribution of machine room ... 23
4.1.1.1.5 Air conditioning and cooling of machine room ... 24
4.1.1.1.6 Waterproofing and moisture proofing for machine room ... 24
4.1.1.1.7 Static protection for machine room ... 25
4.1.1.1.8 Earthing and lightning protection for machine room ... 26
4.1.1.1.9 Electromagnetic protection for machine room ... 26
4.1.1.2 Security protection for communication line ... 27
4.1.2 Equipment Security ... 27
4.1.2.1 Burglary prevention and crash protection for equipment ... 27
4.1.2.2 Security and availability of equipment ... 28
4.1.3 Record Medium Security ... 28
4.2 Operation Security ... 29
4.2.1 Risk Analysis ... 29
4.2.2 Test and Analysis of Information System Security ... 30
4.2.3 Information System Security Monitoring ... 31
4.2.4 Security Audit ... 31
4.2.4.1 Response of security audit ... 31
4.2.4.2 Generation of security audit data ... 31
4.2.4.3 Security audit analysis ... 32
4.2.4.4 Security audit review ... 33
4.2.4.5 Selection of security audit event ... 33
4.2.4.6 Storage of security audit event ... 33
4.2.4.7 Security audit of network environment ... 34
4.2.5 Security Protection for Information System Boundary ... 34
4.2.6 Backup and Fault Recovery ... 35
4.2.7 Malicious Code Protection ... 36
4.2.8 Emergency Handling of Information System ... 37
4.2.9 Trusted Computing and Trusted Connecting Technology ... 37
4.3 Data Security ... 38
4.3.1 Identity Authentication ... 38
4.3.1.1 User identification and authentication ... 38
4.3.1.1.1 User identification ... 38
4.3.1.1.2 User authentication ... 38
4.3.1.1.3 Authentication failure handling ... 39
4.3.1.2 User-subject binding ... 39
4.3.1.3 Concealing ... 39
4.3.1.4 Equipment identification and authentication ... 40
4.3.1.4.1 Equipment identification ... 40
4.3.1.4.2 Equipment authentication ... 40
4.3.1.4.3 Authentication failure handling ... 40
4.3.2 Non-repudiation ... 40
4.3.2.1 Non-repudiation of origin ... 40
4.3.2.2 Non-repudiation of receipt ... 41
4.3.3 Discretionary Access Control ... 41
4.3.3.1 Access control policy ... 41
4.3.3.2 Access control function ... 42
4.3.3.3 Scope of access control... 42
4.3.3.4 Granularity of access control ... 42
4.3.4 Label ... 43
4.3.4.1 Subject label ... 43
4.3.4.2 Object label ... 43
4.3.4.3 Output of label ... 43
4.3.4.4 Input of label ... 43
4.3.5 Mandatory Access Control ... 44
4.3.5.1 Access control policy ... 44
4.3.5.2 Access control function ... 45
4.3.5.3 Scope of access control... 45
4.3.5.4 Granularity of access control ... 45
4.3.5.5 Access control environment ... 46
4.3.6 Integrity Protection for User Data ... 46
4.3.6.1 Integrity of stored data ... 46
4.3.6.2 Integrity of transported data ... 46
4.3.6.3 Integrity of processed data ... 47
4.3.7 Confidentiality Protection for User Data ... 47
4.3.7.1 Confidentiality protection for stored data ... 47
4.3.7.2 Confidentiality protection for transported data ... 47
4.3.7.3 Secure reusing of object ... 47
4.3.8 Data Flow Control ... 48
4.3.9 Trusted Path ... 48
4.3.10 Password Support ... 48
5 Technical Requirements of Security Assurance... 48
5.1 SSOIS Self-security Protection ... 48
5.1.1 SSF Physical Security Protection ... 48
5.1.1.1 Physical attack test ... 48
5.1.1.2 Automatic report of physical attack ... 48
5.1.1.3 Physical attack resistance ... 48
5.1.2 SSF Operation Security Protection ... 49
5.1.2.1 Security operation test ...
Share
