1
/
of
12
PayPal, credit cards. Download editable-PDF & invoice In 1 second!
GB/T 20277-2015 English PDF (GBT20277-2015)
GB/T 20277-2015 English PDF (GBT20277-2015)
Regular price
$245.00 USD
Regular price
Sale price
$245.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 20277-2015
Historical versions: GB/T 20277-2015
Preview True-PDF (Reload/Scroll if blank)
GB/T 20277-2015: Information security technology -- Testing and evaluation approaches of network and terminal separation products
GB/T 20277-2015
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Replacing GB/T 20277-2006
Information Security Technology -
Testing and Evaluation Approaches of Network
and Terminal Separation Products
ISSUED ON. MAY 15, 2015
IMPLEMENTED ON. JANUARY 1, 2016
Issued by.
General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Testing Environment and Tool ... 5
4.1 Security Function and Environmental Adaptation Testing Environment ... 5
4.2 Performance Testing Environment ... 6
5 Security Function Testing ... 7
5.1 Overall Description ... 7
5.2 Terminal Separation Products ... 7
5.3 Network Separation Products ... 19
5.4 Network Unilateral Transmission Products ... 59
6 Assessment of Security Assurance Requirements ... 108
6.1 Base-level Testing ... 108
6.2 Enhanced-Level Testing ... 116
7 Environmental Adaptation Testing ... 134
7.1 Next Generation Internet Support ... 134
7.2 IPv6 Transition Network Environment Support ... 139
8 Performance Testing ... 141
8.1 Exchange Rate... 141
8.2 Hardware Switching Time ... 142
References ... 143
Foreword
This Standard was drafted according to the rules given in GB/T 1.1-2009.
This Standard replaces GB/T 20277-2006 “Information Security Technology - Testing
and Evaluation Techniques of Separation Components of Network and Terminal
Equipment”.
Compared with GB/T 20277-2006, this Standard has the main differences as follows.
— Classification was amended into terminal separation products, network
separation products and network unilateral transmission products;
— Level was uniformly divided into base level and enhanced level;
— Add testing contents of next generation Internet Protocol support capability.
Please note that some of the content of this document may involve patents. The
issuing organization of this document does not undertake the responsibility to identify
any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of National
Technical Committee on Information Technology Security of Standardization
Administration of China (SAC/TC 260).
Drafting organizations of this Standard. Quality Supervision Testing Center of
Computer Information System Security Products of the Ministry of Public Security,
Zhuhai Victory Idea Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd. AND The
Third Research Institute of Ministry of Public Security.
Main drafters of this Standard. Lu Zhen, Gu Jian, Yu You, Li Xuan, Deng Qi, Zuo Anji,
Lu Wenli and Liu Bin.
The previous edition of the standard superseded by this Standard is as follows.
— GB/T 20277-2006.
Information Security Technology -
Testing and Evaluation Approaches of Network and
Terminal Separation Products
1 Scope
This Standard specifies testing and evaluation approaches of network and terminal
separation products according to technical requirements of GB/T 20279-2015.
This Standard is applicable to testing and evaluation of network and terminal
separation products developed according to security class requirements of GB/T
20279-2015.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this standard.
GB 17859-1999 Classified Criteria for Security Protection of Computer
Information System
GB/T 20279-2015 Information Security Technology - Security Technical
Requirements of Network and Terminal Separation Products
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
For the purpose of this Standard, terms and definitions established in GB 17859-1999,
GB/T 25069-2010 and GB/T 20279-2015 apply.
5 Security Function Testing
5.1 Overall Description
5.1.1 Classification of testing and evaluation approaches
In this Standard, according to technical requirements of GB/T 20279-2015,
requirements for testing and evaluation approaches of network and terminal
separation products are classified into four categories. security function, security
assurance, environmental adaptation and performance requirements.
5.1.2 Security level
Corresponding to GB/T 20279-2015, security level is classified into base level and
enhanced level in this Standard. Compared with contents of base level, added or
changed contents of requirements for the enhanced level are expressed in "bold Song
typeface" in the main body.
5.2 Terminal Separation Products
5.2.1 Base-level testing
5.2.1.1 Access control
5.2.1.1.1 Definition of security attribute
Testing and evaluation approaches and expected results of the definition of security
attribute of terminal separation products are as follows.
a) Testing and evaluation approaches.
Documents provided by developers are assessed; for information storage
and transmission components, security attribute necessary for terminal
separation products is assessed and specific contents are stated. Definition
of security attribute of products is tested, tested results are recorded and it is
judged whether the results are fully in accordance with the requirements for
the above testing and evaluation approaches.
b) Expected results.
For the products, security attribute shall be able to be set and shall at least
include network switching mode in different security domains, security zones
of such storage devices as optical drive and floppy drive, network equipment
access type and other security attributes mentioned in documents of the
developers.
5.2.1.1.2 Attribute modification
Testing and evaluation approaches and expected results of attribute modification of
terminal separation products are as follows.
a) Testing and evaluation approaches
Documents provided by developers are assessed, including detailed
description on attribute modification. Modification operation is conducted for
the security attribute and functions of product modification and
security-related attribute parameters are tested, including security domain
network switching. Testing results are recorded and it is judged whether such
results are fully in accordance with the requirements for the above testing
and evaluation approaches.
b) Expected results.
For the products, parameters of security-related attribute shall be able to be
modified and shall at least include security domain network switching.
5.2.1.1.3 Attribute query
Testing and evaluation approaches and expected results of attribute query of terminal
separation products are as follows.
a) Testing and evaluation approaches.
Documents provided by developers are assessed, including detailed
description on attribute modification. Query operation is conducted for the
security attribute and query functions of security attribute by terminal
separation product users are tested, including query on one security domain
network state. Testing results are recorded and it is judged whether such
results are fully in accordance with the requirements for the above testing
and evaluation approaches.
b) E...
Get QUOTATION in 1-minute: Click GB/T 20277-2015
Historical versions: GB/T 20277-2015
Preview True-PDF (Reload/Scroll if blank)
GB/T 20277-2015: Information security technology -- Testing and evaluation approaches of network and terminal separation products
GB/T 20277-2015
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Replacing GB/T 20277-2006
Information Security Technology -
Testing and Evaluation Approaches of Network
and Terminal Separation Products
ISSUED ON. MAY 15, 2015
IMPLEMENTED ON. JANUARY 1, 2016
Issued by.
General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Testing Environment and Tool ... 5
4.1 Security Function and Environmental Adaptation Testing Environment ... 5
4.2 Performance Testing Environment ... 6
5 Security Function Testing ... 7
5.1 Overall Description ... 7
5.2 Terminal Separation Products ... 7
5.3 Network Separation Products ... 19
5.4 Network Unilateral Transmission Products ... 59
6 Assessment of Security Assurance Requirements ... 108
6.1 Base-level Testing ... 108
6.2 Enhanced-Level Testing ... 116
7 Environmental Adaptation Testing ... 134
7.1 Next Generation Internet Support ... 134
7.2 IPv6 Transition Network Environment Support ... 139
8 Performance Testing ... 141
8.1 Exchange Rate... 141
8.2 Hardware Switching Time ... 142
References ... 143
Foreword
This Standard was drafted according to the rules given in GB/T 1.1-2009.
This Standard replaces GB/T 20277-2006 “Information Security Technology - Testing
and Evaluation Techniques of Separation Components of Network and Terminal
Equipment”.
Compared with GB/T 20277-2006, this Standard has the main differences as follows.
— Classification was amended into terminal separation products, network
separation products and network unilateral transmission products;
— Level was uniformly divided into base level and enhanced level;
— Add testing contents of next generation Internet Protocol support capability.
Please note that some of the content of this document may involve patents. The
issuing organization of this document does not undertake the responsibility to identify
any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of National
Technical Committee on Information Technology Security of Standardization
Administration of China (SAC/TC 260).
Drafting organizations of this Standard. Quality Supervision Testing Center of
Computer Information System Security Products of the Ministry of Public Security,
Zhuhai Victory Idea Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd. AND The
Third Research Institute of Ministry of Public Security.
Main drafters of this Standard. Lu Zhen, Gu Jian, Yu You, Li Xuan, Deng Qi, Zuo Anji,
Lu Wenli and Liu Bin.
The previous edition of the standard superseded by this Standard is as follows.
— GB/T 20277-2006.
Information Security Technology -
Testing and Evaluation Approaches of Network and
Terminal Separation Products
1 Scope
This Standard specifies testing and evaluation approaches of network and terminal
separation products according to technical requirements of GB/T 20279-2015.
This Standard is applicable to testing and evaluation of network and terminal
separation products developed according to security class requirements of GB/T
20279-2015.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this standard.
GB 17859-1999 Classified Criteria for Security Protection of Computer
Information System
GB/T 20279-2015 Information Security Technology - Security Technical
Requirements of Network and Terminal Separation Products
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
For the purpose of this Standard, terms and definitions established in GB 17859-1999,
GB/T 25069-2010 and GB/T 20279-2015 apply.
5 Security Function Testing
5.1 Overall Description
5.1.1 Classification of testing and evaluation approaches
In this Standard, according to technical requirements of GB/T 20279-2015,
requirements for testing and evaluation approaches of network and terminal
separation products are classified into four categories. security function, security
assurance, environmental adaptation and performance requirements.
5.1.2 Security level
Corresponding to GB/T 20279-2015, security level is classified into base level and
enhanced level in this Standard. Compared with contents of base level, added or
changed contents of requirements for the enhanced level are expressed in "bold Song
typeface" in the main body.
5.2 Terminal Separation Products
5.2.1 Base-level testing
5.2.1.1 Access control
5.2.1.1.1 Definition of security attribute
Testing and evaluation approaches and expected results of the definition of security
attribute of terminal separation products are as follows.
a) Testing and evaluation approaches.
Documents provided by developers are assessed; for information storage
and transmission components, security attribute necessary for terminal
separation products is assessed and specific contents are stated. Definition
of security attribute of products is tested, tested results are recorded and it is
judged whether the results are fully in accordance with the requirements for
the above testing and evaluation approaches.
b) Expected results.
For the products, security attribute shall be able to be set and shall at least
include network switching mode in different security domains, security zones
of such storage devices as optical drive and floppy drive, network equipment
access type and other security attributes mentioned in documents of the
developers.
5.2.1.1.2 Attribute modification
Testing and evaluation approaches and expected results of attribute modification of
terminal separation products are as follows.
a) Testing and evaluation approaches
Documents provided by developers are assessed, including detailed
description on attribute modification. Modification operation is conducted for
the security attribute and functions of product modification and
security-related attribute parameters are tested, including security domain
network switching. Testing results are recorded and it is judged whether such
results are fully in accordance with the requirements for the above testing
and evaluation approaches.
b) Expected results.
For the products, parameters of security-related attribute shall be able to be
modified and shall at least include security domain network switching.
5.2.1.1.3 Attribute query
Testing and evaluation approaches and expected results of attribute query of terminal
separation products are as follows.
a) Testing and evaluation approaches.
Documents provided by developers are assessed, including detailed
description on attribute modification. Query operation is conducted for the
security attribute and query functions of security attribute by terminal
separation product users are tested, including query on one security domain
network state. Testing results are recorded and it is judged whether such
results are fully in accordance with the requirements for the above testing
and evaluation approaches.
b) E...
Share
