1
/
su
10
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 37378-2019 English PDF (GBT37378-2019)
GB/T 37378-2019 English PDF (GBT37378-2019)
Prezzo di listino
$185.00 USD
Prezzo di listino
Prezzo scontato
$185.00 USD
Prezzo unitario
/
per
Spese di spedizione calcolate al check-out.
Impossibile caricare la disponibilità di ritiro
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 37378-2019
Historical versions: GB/T 37378-2019
Preview True-PDF (Reload/Scroll if blank)
GB/T 37378-2019: Transportation -- Information security specification
GB/T 37378-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 03.220.20
R 85
Transportation - Information Security Specification
ISSUED ON: MAY 10, 2019
IMPLEMENTED ON: DECEMBER 1, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 7
5 Transport Information System Security Technology Architecture ... 7
6 General Security Technology Requirements of Transport Information System
... 8
7 Security Technology Requirements for User Terminal ... 11
8 Security Technology Requirements for Vehicle Side Unit ... 13
9 Security Technology Requirements for Infrastructure Side Unit ... 15
10 Security Technology Requirements for Computing Center ... 17
11 Security Technology Requirements for Network and Communication ... 21
Bibliography ... 25
Transportation - Information Security Specification
1 Scope
This Standard stipulates transport information security technology architecture and
general technology requirements, including general and special technology
requirements for information security of various basic constituent parts that constitute
transport information system, such as: user terminal, vehicle side unit, infrastructure
side unit, computing center, network and communication.
This Standard is applicable to guide operators of transport information system to
propose specific information security standards, specifications and implementation
guidelines for specific information security demands of unclassified system. It may also
be adopted to guide the implementation of planning, design, construction, operation
and maintenance, and evaluation of information security technology system.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB/T 20839-2007 Intelligent Transport Systems - General Terminology
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
What is defined in GB/T 20839-2007 and GB/T 25069-2010, and the following terms
and definitions are applicable to this document. For ease of use, some terms and
definitions in GB/T 20839-2007 and GB/T 25069-2010 are repeatedly listed out.
3.1 Transport Information System
Transport information system refers to a system in the field of transportation which is
constituted of computer or other information terminals and related equipment and
networks that collects, stores, transmits, exchanges and processes information in
accordance with certain rules and procedures. Generally speaking, it is completely or
partially constituted of terminal, vehicle side unit, infrastructure side unit, computing
center, network and communication, etc.
3.2 Information Security
a) Identity identification and authentication shall be conducted towards log-in
users; users’ identity identification shall have the requirement for uniqueness;
users’ identity authentication information shall have the requirement for
complexity;
b) When users log in for the first time, the initial password set by the system shall
be altered and periodically changed;
c) Two or above two combinations of authentication technology should be
adopted to identify users; one of the authentication technologies shall be
implemented by means of cryptographic technology;
d) When performing remote management, necessary measures shall be
adopted to avoid clear text transmission of authentication information;
e) The function of login failure processing shall be possessed; related necessary
protection measures, such as: ending session, limiting the number of illegal
logins and automatically logging out when the login connection times out, shall
be allocated and enabled;
f) When user identity authentication information is lost or invalid, authentication
information resetting, or other technological measures shall be adopted to
ensure system security;
g) In accordance with the principle of “real-name in the background, voluntary in
the front-end”, users shall be requested to register their real-name identity
(based on name, ID number, VIN number, mobile phone number, etc.) in
various transportation applications, and the system shall verify the real-name
condition.
6.2 Access Control
The technology requirements for access control include:
a) The function of access control shall be provided to assign accounts and
permissions to logged-in users;
b) Default accounts shall be renamed or deleted; default passwords of the
default accounts shall be altered;
c) Excess and expired accounts shall be deleted in a timely manner;
d) Minimum permissions required to complete the respective tasks shall be
granted to different accounts; a mutually restrictive relationship shall be
formed among them;
e) Access control policy shall be configurated by authorized subject; the access
control policy shall specify the subject’s access rules to the object;
b) Key transport information system shall adopt cryptographic technology to
ensure that the application system implements security functions like identity
authentication and access control, and ensure the security of audit records,
data storage and communication;
c) Give priority to SM series cryptographic algorithms;
d) Cryptographic products approved by the national cryptography competent
department shall be adopted;
e) Information systems that simultaneously run on the Internet and private
networks must adopt cryptographic technology to ensure that the network
system implements secure access paths, access control and identity
authentication functions;
f) Cryptographic technology shall be adopted to ensure that host equipment and
network equipment implement identity authentication, access control, audit
record, data transmission security, data storage security and program security;
g) Cryptographic technology shall be adopted to implement access
authentication for special-purpose terminal, vehicle side unit and
infrastructure side unit.
7 Security Technology Requirements for User Terminal
7.1 Equipment and Host Security
The technology requirements for equipment and host security include:
a) Special user terminal shall be equipped with physical protection measures
that are suitable for the working environment, and necessary anti-squeezing
and waterproofing capabilities;
b) The identity identification device of special user terminal shall be equipped
with the functions of preventing physical disassembly, logical destruction and
forgery. When abnormal identification is found, the service shall be stopped,
and warning information shall be issued and uploaded;
c) Special mobile terminal, and card and certificate read-write equipment shall
have a unique and addressable identifier; when information transmission is
initiated, self-identity identification shall be performed;
d) Full-lifecycle management of the activation, maintenance and disposal of
special user terminal shall be conducted;
e) Special user terminal shall receive security test before the startup;
7.4 Intrusion Prevention
The techno...
Get QUOTATION in 1-minute: Click GB/T 37378-2019
Historical versions: GB/T 37378-2019
Preview True-PDF (Reload/Scroll if blank)
GB/T 37378-2019: Transportation -- Information security specification
GB/T 37378-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 03.220.20
R 85
Transportation - Information Security Specification
ISSUED ON: MAY 10, 2019
IMPLEMENTED ON: DECEMBER 1, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 7
5 Transport Information System Security Technology Architecture ... 7
6 General Security Technology Requirements of Transport Information System
... 8
7 Security Technology Requirements for User Terminal ... 11
8 Security Technology Requirements for Vehicle Side Unit ... 13
9 Security Technology Requirements for Infrastructure Side Unit ... 15
10 Security Technology Requirements for Computing Center ... 17
11 Security Technology Requirements for Network and Communication ... 21
Bibliography ... 25
Transportation - Information Security Specification
1 Scope
This Standard stipulates transport information security technology architecture and
general technology requirements, including general and special technology
requirements for information security of various basic constituent parts that constitute
transport information system, such as: user terminal, vehicle side unit, infrastructure
side unit, computing center, network and communication.
This Standard is applicable to guide operators of transport information system to
propose specific information security standards, specifications and implementation
guidelines for specific information security demands of unclassified system. It may also
be adopted to guide the implementation of planning, design, construction, operation
and maintenance, and evaluation of information security technology system.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB/T 20839-2007 Intelligent Transport Systems - General Terminology
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
What is defined in GB/T 20839-2007 and GB/T 25069-2010, and the following terms
and definitions are applicable to this document. For ease of use, some terms and
definitions in GB/T 20839-2007 and GB/T 25069-2010 are repeatedly listed out.
3.1 Transport Information System
Transport information system refers to a system in the field of transportation which is
constituted of computer or other information terminals and related equipment and
networks that collects, stores, transmits, exchanges and processes information in
accordance with certain rules and procedures. Generally speaking, it is completely or
partially constituted of terminal, vehicle side unit, infrastructure side unit, computing
center, network and communication, etc.
3.2 Information Security
a) Identity identification and authentication shall be conducted towards log-in
users; users’ identity identification shall have the requirement for uniqueness;
users’ identity authentication information shall have the requirement for
complexity;
b) When users log in for the first time, the initial password set by the system shall
be altered and periodically changed;
c) Two or above two combinations of authentication technology should be
adopted to identify users; one of the authentication technologies shall be
implemented by means of cryptographic technology;
d) When performing remote management, necessary measures shall be
adopted to avoid clear text transmission of authentication information;
e) The function of login failure processing shall be possessed; related necessary
protection measures, such as: ending session, limiting the number of illegal
logins and automatically logging out when the login connection times out, shall
be allocated and enabled;
f) When user identity authentication information is lost or invalid, authentication
information resetting, or other technological measures shall be adopted to
ensure system security;
g) In accordance with the principle of “real-name in the background, voluntary in
the front-end”, users shall be requested to register their real-name identity
(based on name, ID number, VIN number, mobile phone number, etc.) in
various transportation applications, and the system shall verify the real-name
condition.
6.2 Access Control
The technology requirements for access control include:
a) The function of access control shall be provided to assign accounts and
permissions to logged-in users;
b) Default accounts shall be renamed or deleted; default passwords of the
default accounts shall be altered;
c) Excess and expired accounts shall be deleted in a timely manner;
d) Minimum permissions required to complete the respective tasks shall be
granted to different accounts; a mutually restrictive relationship shall be
formed among them;
e) Access control policy shall be configurated by authorized subject; the access
control policy shall specify the subject’s access rules to the object;
b) Key transport information system shall adopt cryptographic technology to
ensure that the application system implements security functions like identity
authentication and access control, and ensure the security of audit records,
data storage and communication;
c) Give priority to SM series cryptographic algorithms;
d) Cryptographic products approved by the national cryptography competent
department shall be adopted;
e) Information systems that simultaneously run on the Internet and private
networks must adopt cryptographic technology to ensure that the network
system implements secure access paths, access control and identity
authentication functions;
f) Cryptographic technology shall be adopted to ensure that host equipment and
network equipment implement identity authentication, access control, audit
record, data transmission security, data storage security and program security;
g) Cryptographic technology shall be adopted to implement access
authentication for special-purpose terminal, vehicle side unit and
infrastructure side unit.
7 Security Technology Requirements for User Terminal
7.1 Equipment and Host Security
The technology requirements for equipment and host security include:
a) Special user terminal shall be equipped with physical protection measures
that are suitable for the working environment, and necessary anti-squeezing
and waterproofing capabilities;
b) The identity identification device of special user terminal shall be equipped
with the functions of preventing physical disassembly, logical destruction and
forgery. When abnormal identification is found, the service shall be stopped,
and warning information shall be issued and uploaded;
c) Special mobile terminal, and card and certificate read-write equipment shall
have a unique and addressable identifier; when information transmission is
initiated, self-identity identification shall be performed;
d) Full-lifecycle management of the activation, maintenance and disposal of
special user terminal shall be conducted;
e) Special user terminal shall receive security test before the startup;
7.4 Intrusion Prevention
The techno...
Share









