GB/T 38561-2020 English PDF (GBT38561-2020)
GB/T 38561-2020 English PDF (GBT38561-2020)
Regular price
$145.00 USD
Regular price
Sale price
$145.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 38561-2020
Historical versions: GB/T 38561-2020
Preview True-PDF (Reload/Scroll if blank)
GB/T 38561-2020: Information security technology -- Technical requirements for cybersecurity management support system
GB/T 38561-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology -
Technical requirements for cybersecurity
management support system
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Acronyms ... 6
5 Overview ... 6
6 System function requirements ... 7
6.1 Security objective management ... 7
6.2 Emergency plan management ... 7
6.3 Object management ... 7
6.4 Monitoring of information security event ... 8
6.5 Operational monitoring ... 8
6.6 Process processing ... 8
6.7 Statistical analysis ... 9
6.8 Assessment management ... 9
6.9 Release and display ... 10
6.10 Acquisition and processing ... 10
6.11 Data exchange ... 10
6.12 Backup and recovery... 11
7 Self-security requirements ... 11
7.1 Identity authentication ... 11
7.2 Access control ... 11
7.3 Rights management ... 12
7.4 Data security ... 12
7.5 Security audit... 12
8 Security assurance requirements ... 13
8.1 Configuration management assurance ... 13
8.2 Development ... 13
8.3 Testing assurance ... 13
8.4 Delivery and operation-maintenance assurance ... 14
8.5 Guidance documents ... 14
8.6 Vulnerability analysis ... 14
8.7 Life cycle support ... 14
Information security technology -
Technical requirements for cybersecurity
management support system
1 Scope
This standard specifies the technical requirements of the cybersecurity
management support system, including system function requirements, self-
security requirements, security assurance requirements.
This standard applies to the planning, design, development and testing of
cybersecurity management support systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/Z 20986-2007 Information security technology - Guidelines for the
category and classification of information security incidents
3 Terms and definitions
The terms and definitions as defined in GB/Z 20986-2007 as well as the
following apply to this document.
3.1
Cybersecurity management support system
Based on the organization's security goals, objects, processes, etc., the
system that supports the organization's cybersecurity management work.
3.2
Object
An entity in cybersecurity management.
6 System function requirements
6.1 Security objective management
The support system has the management functions for organization’s security
objective and shall meet the following requirements:
a) Add, delete, query, modify security objective;
b) Perform classified management of security objective;
c) Publish and display security objective.
6.2 Emergency plan management
The support system has emergency plan management functions and shall meet
the following requirements:
a) Add, delete, query and modify emergency plan information;
b) Perform classified and hierarchical management of emergency plans.
6.3 Object management
The support system has object management functions and shall meet the
following requirements:
a) Modify, delete and query the information of the object;
b) Support automatic and manual acquisition of object’s information;
c) Management of hardware assets, software assets, data assets,
organizational personnel and other information, including:
1) Manage hardware asset information, including but not limited to IP
address, MAC address, hardware model, etc.;
Note 1: Hardware assets mainly include computers, network
equipment, security equipment, storage equipment, security protection
equipment, office equipment.
2) Manage software asset information, including but not limited to software
version, installation location, installation time, etc.;
Note 2: Software assets mainly include security systems, operating
6.12 Backup and recovery
The support system has data backup and recovery functions, which shall meet
the following requirements:
a) Recover all data within six months, including but not limited to information
security incidents, operational monitoring, alarms, processes, statistics
and assessments;
b) The stored record data is not overwritten and deleted; an alarm is issued
before storage resources are exhausted.
7 Self-security requirements
7.1 Identity authentication
The identity authentication of the support system shall:
a) During user registration, use the user name and user identifier to identify
the user.
b) When the user logs in, use a controlled password or other mechanism
with corresponding security strength to authenticate the user.
c) Adopt at least two kinds of identity authentication mechanisms, including
but not limited to: "user name + password" authentication method, digital
certificate authentication method, biometric authentication method.
d) When using the "user name + password" authentication method, ensure
the password’s complexity; set the user login’s attempt threshold. When
the user's unsuccessful login attempt exceeds the threshold, lock the
administrator account and generate an audit log.
7.2 Access control
Support system’s access control shall:
a) Allow or forbid access to system functions and data assets based on
administrator user’s roles and permissions;
b) Record and alert for illegal operations and attempted unauthorized access.
data output. The system log is managed by the security auditor;
b) Detect the working status of each functional module of the support system;
issue alarm when the working status is abnormal.
8 Security assurance requirements
8.1 Configuration management assurance
Configuration management assurance shall meet the following requirements:
a) Provide unique authorization identifier for different users;
b) Provide corresponding configuration management documents according
to different users.
8.2 Development
The support system’s development shall meet the following requirements:
a) Describe the security functions of the system;
b) Describe the purpose and use of all security function interfaces;
c) Describe all parameters related to each security function interface;
d) Describe the security function implementation behavior related to the
security function interface;
e) Describe direct error messages caused by the behavioral processing of
security functions;
f) Provide system design documents.
8.3 Testing assurance
While providing the support system, provide the test documentation of the
system. The test documentation shall include:
a) Determine the function of the system under test and describe the test
objectives;
b) The test plan, test process’s description, test results and comparison of
expected test results with test results;
Get QUOTATION in 1-minute: Click GB/T 38561-2020
Historical versions: GB/T 38561-2020
Preview True-PDF (Reload/Scroll if blank)
GB/T 38561-2020: Information security technology -- Technical requirements for cybersecurity management support system
GB/T 38561-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology -
Technical requirements for cybersecurity
management support system
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Acronyms ... 6
5 Overview ... 6
6 System function requirements ... 7
6.1 Security objective management ... 7
6.2 Emergency plan management ... 7
6.3 Object management ... 7
6.4 Monitoring of information security event ... 8
6.5 Operational monitoring ... 8
6.6 Process processing ... 8
6.7 Statistical analysis ... 9
6.8 Assessment management ... 9
6.9 Release and display ... 10
6.10 Acquisition and processing ... 10
6.11 Data exchange ... 10
6.12 Backup and recovery... 11
7 Self-security requirements ... 11
7.1 Identity authentication ... 11
7.2 Access control ... 11
7.3 Rights management ... 12
7.4 Data security ... 12
7.5 Security audit... 12
8 Security assurance requirements ... 13
8.1 Configuration management assurance ... 13
8.2 Development ... 13
8.3 Testing assurance ... 13
8.4 Delivery and operation-maintenance assurance ... 14
8.5 Guidance documents ... 14
8.6 Vulnerability analysis ... 14
8.7 Life cycle support ... 14
Information security technology -
Technical requirements for cybersecurity
management support system
1 Scope
This standard specifies the technical requirements of the cybersecurity
management support system, including system function requirements, self-
security requirements, security assurance requirements.
This standard applies to the planning, design, development and testing of
cybersecurity management support systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/Z 20986-2007 Information security technology - Guidelines for the
category and classification of information security incidents
3 Terms and definitions
The terms and definitions as defined in GB/Z 20986-2007 as well as the
following apply to this document.
3.1
Cybersecurity management support system
Based on the organization's security goals, objects, processes, etc., the
system that supports the organization's cybersecurity management work.
3.2
Object
An entity in cybersecurity management.
6 System function requirements
6.1 Security objective management
The support system has the management functions for organization’s security
objective and shall meet the following requirements:
a) Add, delete, query, modify security objective;
b) Perform classified management of security objective;
c) Publish and display security objective.
6.2 Emergency plan management
The support system has emergency plan management functions and shall meet
the following requirements:
a) Add, delete, query and modify emergency plan information;
b) Perform classified and hierarchical management of emergency plans.
6.3 Object management
The support system has object management functions and shall meet the
following requirements:
a) Modify, delete and query the information of the object;
b) Support automatic and manual acquisition of object’s information;
c) Management of hardware assets, software assets, data assets,
organizational personnel and other information, including:
1) Manage hardware asset information, including but not limited to IP
address, MAC address, hardware model, etc.;
Note 1: Hardware assets mainly include computers, network
equipment, security equipment, storage equipment, security protection
equipment, office equipment.
2) Manage software asset information, including but not limited to software
version, installation location, installation time, etc.;
Note 2: Software assets mainly include security systems, operating
6.12 Backup and recovery
The support system has data backup and recovery functions, which shall meet
the following requirements:
a) Recover all data within six months, including but not limited to information
security incidents, operational monitoring, alarms, processes, statistics
and assessments;
b) The stored record data is not overwritten and deleted; an alarm is issued
before storage resources are exhausted.
7 Self-security requirements
7.1 Identity authentication
The identity authentication of the support system shall:
a) During user registration, use the user name and user identifier to identify
the user.
b) When the user logs in, use a controlled password or other mechanism
with corresponding security strength to authenticate the user.
c) Adopt at least two kinds of identity authentication mechanisms, including
but not limited to: "user name + password" authentication method, digital
certificate authentication method, biometric authentication method.
d) When using the "user name + password" authentication method, ensure
the password’s complexity; set the user login’s attempt threshold. When
the user's unsuccessful login attempt exceeds the threshold, lock the
administrator account and generate an audit log.
7.2 Access control
Support system’s access control shall:
a) Allow or forbid access to system functions and data assets based on
administrator user’s roles and permissions;
b) Record and alert for illegal operations and attempted unauthorized access.
data output. The system log is managed by the security auditor;
b) Detect the working status of each functional module of the support system;
issue alarm when the working status is abnormal.
8 Security assurance requirements
8.1 Configuration management assurance
Configuration management assurance shall meet the following requirements:
a) Provide unique authorization identifier for different users;
b) Provide corresponding configuration management documents according
to different users.
8.2 Development
The support system’s development shall meet the following requirements:
a) Describe the security functions of the system;
b) Describe the purpose and use of all security function interfaces;
c) Describe all parameters related to each security function interface;
d) Describe the security function implementation behavior related to the
security function interface;
e) Describe direct error messages caused by the behavioral processing of
security functions;
f) Provide system design documents.
8.3 Testing assurance
While providing the support system, provide the test documentation of the
system. The test documentation shall include:
a) Determine the function of the system under test and describe the test
objectives;
b) The test plan, test process’s description, test results and comparison of
expected test results with test results;