1
/
von
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 36958-2018 English PDF (GBT36958-2018)
GB/T 36958-2018 English PDF (GBT36958-2018)
Normaler Preis
$370.00 USD
Normaler Preis
Verkaufspreis
$370.00 USD
Grundpreis
/
pro
Versand wird beim Checkout berechnet
Verfügbarkeit für Abholungen konnte nicht geladen werden
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 36958-2018
Historical versions: GB/T 36958-2018
Preview True-PDF (Reload/Scroll if blank)
GB/T 36958-2018: Information security technology -- Technical requirements of security management center for classified protection of cybersecurity
GB/T 36958-2018
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
ISSUED ON: DECEMBER 28, 2018
IMPLEMENTED ON: JULY 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview of security management center ... 6
5.1 General description ... 6
5.2 Function description ... 8
6 Technical requirements for the second-level security management center ... 9
6.1 Functional requirements ... 9
6.2 Interface requirements ... 14
6.3 Self-security requirements ... 15
7 Technical requirements for the third-level security management center ... 17
7.1 Functional requirements ... 17
7.2 Interface requirements ... 26
7.3 Self-security requirements ... 26
8 Technical requirements for the fourth-level security management center ... 29
8.1 Functional requirements ... 29
8.2 Interface requirements ... 40
8.3 Self-security requirements ... 41
9 Technical requirements for fifth-level security management center ... 44
10 Technical requirements for security management center of cross-grading
system ... 44
Appendix A (Normative) Correspondence between security management
center and cybersecurity classified protection object’s level ... 46
Appendix B (Normative) Classification of technical requirements of security
management center ... 47
Appendix C (Informative) Normalized security event attributes... 49
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
1 Scope
This standard specifies the technical requirements for the cybersecurity
classified protection for security management center.
This standard is applicable to guide security manufacturers and operating and
using organizations to design, construct and operate security management
centers in accordance with the requirements of this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 5271.8 Information technology - Vocabulary - Part 8: Security
GB 17859-1999 Computer information system -- Criteria for classifying
security protection level
GB/T 25069 Information security technology - Glossary
GB/T 25070 Information security technology - Technical requirements of
security design for information system classified protection
3 Terms and definitions
The terms and definitions as defined in GB 17859-1999, GB/T 5271.8, GB/T
25069, GB/T 25070 as well as the following terms and definitions apply to this
document.
3.1
Data acquisition interface
corresponding types of security audit mechanisms to be turned on and off
according to time periods; performing storage, management, inquiry, etc. of
various types of audit records. The security auditor analyzes the audit records
and processes them in a timely manner based on the analysis results.
6 Technical requirements for the second-level security
management center
6.1 Functional requirements
6.1.1 System management requirements
6.1.1.1 User identity management
User identity management shall meet the following requirements:
a) Be able to authenticate the system administrator of the managed object;
check the complexity of the identity and authentication information;
b) In the Internet of Things system, the system administrator of the managed
object shall conduct unified identity management on the perception
equipment, perception layer gateway, etc.
6.1.1.2 Data protection
6.1.1.2.1 Data confidentiality
Data confidentiality shall meet the following requirements:
a) Before establishing a connection between the security management
center and the managed object, password technology can be used for
session initialization verification;
b) Cryptographic technology can be used to protect the confidentiality of the
entire message or session in the communication process between the
security management center and the managed object;
c) Encryption or other protection measures can be used to realize the storage
confidentiality of the authentication information and configuration
management data of the managed object.
6.1.1.2.2 Data integrity
Data integrity shall meet the following requirements:
Security event alarms shall have an alarm function, which can generate alarms
based on preset thresholds when abnormalities are found.
6.1.1.3.3 Security incident response
Security incident response shall meet the following requirements:
a) It can provide the function of work order management; support the
circulation process of creating work orders based on alarm response
actions;
b) It shall provide security notification function, which can create or import
security risk notification, including the content of the notification,
description information, CVE number, affected operating system, etc.;
c) Provide a list of affected protected assets based on the operating system
affected by the security risk indicated in the notification.
6.1.1.3.4 Statistical analysis report
The statistical analysis report shall meet the following requirements:
a) Be able to query security events according to conditions such as time and
event type;
b) Can provide statistical analysis and report generation functions.
6.1.1.4 Risk management
6.1.1.4.1 Asset management
Asset management shall meet the following requirements:
a) Realize the management of the assets of the managed objects; provide
asset addition, modification, deletion, query and statistics functions;
b) Asset management information shall include asset attributes such as
asset name, asset IP address, asset type, asset owner, asset business
value, asset confidentiality, integrity, availability assignment;
c) Support the customization of asset attributes;
d) Support manual entry of asset records or batch asset import based on
specified templates.
6.1.1.4.2 Threat management
Threat management shall meet the following requirements:
b) It can show the operating status of key equipment (including network
equipment, security equipment, server host, etc.) and links in the current
network environment, such as network traffic, network protocol statistical
analysis and other indicators.
6.1.2 Audit management requirements
6.1.2.1 Centralized management of audit policy
Centralized management of audit policy shall be able to view the configuration
of audit policy of host operating system, database system, network equipment,
security equipment, including whether the policy is on, whether the parameter
facility complies with the security policy, etc.
6.1.2.2 Centralized management of audit data
6.1.2.2.1 Audit data collection
Audit data collection shall meet the following requirements:
a) It can realize the normalization of audit data; the content shall cover date,
time, subject identification, object identification, type, result, IP address,
port and other information;
Get QUOTATION in 1-minute: Click GB/T 36958-2018
Historical versions: GB/T 36958-2018
Preview True-PDF (Reload/Scroll if blank)
GB/T 36958-2018: Information security technology -- Technical requirements of security management center for classified protection of cybersecurity
GB/T 36958-2018
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
ISSUED ON: DECEMBER 28, 2018
IMPLEMENTED ON: JULY 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview of security management center ... 6
5.1 General description ... 6
5.2 Function description ... 8
6 Technical requirements for the second-level security management center ... 9
6.1 Functional requirements ... 9
6.2 Interface requirements ... 14
6.3 Self-security requirements ... 15
7 Technical requirements for the third-level security management center ... 17
7.1 Functional requirements ... 17
7.2 Interface requirements ... 26
7.3 Self-security requirements ... 26
8 Technical requirements for the fourth-level security management center ... 29
8.1 Functional requirements ... 29
8.2 Interface requirements ... 40
8.3 Self-security requirements ... 41
9 Technical requirements for fifth-level security management center ... 44
10 Technical requirements for security management center of cross-grading
system ... 44
Appendix A (Normative) Correspondence between security management
center and cybersecurity classified protection object’s level ... 46
Appendix B (Normative) Classification of technical requirements of security
management center ... 47
Appendix C (Informative) Normalized security event attributes... 49
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
1 Scope
This standard specifies the technical requirements for the cybersecurity
classified protection for security management center.
This standard is applicable to guide security manufacturers and operating and
using organizations to design, construct and operate security management
centers in accordance with the requirements of this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 5271.8 Information technology - Vocabulary - Part 8: Security
GB 17859-1999 Computer information system -- Criteria for classifying
security protection level
GB/T 25069 Information security technology - Glossary
GB/T 25070 Information security technology - Technical requirements of
security design for information system classified protection
3 Terms and definitions
The terms and definitions as defined in GB 17859-1999, GB/T 5271.8, GB/T
25069, GB/T 25070 as well as the following terms and definitions apply to this
document.
3.1
Data acquisition interface
corresponding types of security audit mechanisms to be turned on and off
according to time periods; performing storage, management, inquiry, etc. of
various types of audit records. The security auditor analyzes the audit records
and processes them in a timely manner based on the analysis results.
6 Technical requirements for the second-level security
management center
6.1 Functional requirements
6.1.1 System management requirements
6.1.1.1 User identity management
User identity management shall meet the following requirements:
a) Be able to authenticate the system administrator of the managed object;
check the complexity of the identity and authentication information;
b) In the Internet of Things system, the system administrator of the managed
object shall conduct unified identity management on the perception
equipment, perception layer gateway, etc.
6.1.1.2 Data protection
6.1.1.2.1 Data confidentiality
Data confidentiality shall meet the following requirements:
a) Before establishing a connection between the security management
center and the managed object, password technology can be used for
session initialization verification;
b) Cryptographic technology can be used to protect the confidentiality of the
entire message or session in the communication process between the
security management center and the managed object;
c) Encryption or other protection measures can be used to realize the storage
confidentiality of the authentication information and configuration
management data of the managed object.
6.1.1.2.2 Data integrity
Data integrity shall meet the following requirements:
Security event alarms shall have an alarm function, which can generate alarms
based on preset thresholds when abnormalities are found.
6.1.1.3.3 Security incident response
Security incident response shall meet the following requirements:
a) It can provide the function of work order management; support the
circulation process of creating work orders based on alarm response
actions;
b) It shall provide security notification function, which can create or import
security risk notification, including the content of the notification,
description information, CVE number, affected operating system, etc.;
c) Provide a list of affected protected assets based on the operating system
affected by the security risk indicated in the notification.
6.1.1.3.4 Statistical analysis report
The statistical analysis report shall meet the following requirements:
a) Be able to query security events according to conditions such as time and
event type;
b) Can provide statistical analysis and report generation functions.
6.1.1.4 Risk management
6.1.1.4.1 Asset management
Asset management shall meet the following requirements:
a) Realize the management of the assets of the managed objects; provide
asset addition, modification, deletion, query and statistics functions;
b) Asset management information shall include asset attributes such as
asset name, asset IP address, asset type, asset owner, asset business
value, asset confidentiality, integrity, availability assignment;
c) Support the customization of asset attributes;
d) Support manual entry of asset records or batch asset import based on
specified templates.
6.1.1.4.2 Threat management
Threat management shall meet the following requirements:
b) It can show the operating status of key equipment (including network
equipment, security equipment, server host, etc.) and links in the current
network environment, such as network traffic, network protocol statistical
analysis and other indicators.
6.1.2 Audit management requirements
6.1.2.1 Centralized management of audit policy
Centralized management of audit policy shall be able to view the configuration
of audit policy of host operating system, database system, network equipment,
security equipment, including whether the policy is on, whether the parameter
facility complies with the security policy, etc.
6.1.2.2 Centralized management of audit data
6.1.2.2.1 Audit data collection
Audit data collection shall meet the following requirements:
a) It can realize the normalization of audit data; the content shall cover date,
time, subject identification, object identification, type, result, IP address,
port and other information;
Share
