Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20274.1-2006 English PDF (GBT20274.1-2006)

GB/T 20274.1-2006 English PDF (GBT20274.1-2006)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 20274.1-2006 to get it for Purchase Approval, Bank TT...

GB/T 20274.1-2006: Information security technology -- Evaluation framework for information systems security assurance -- Part 1: Introduction and general model

GB/T 20274 describes the model of information systems security assurance; establishes the framework for information systems security assurance; and formulates the general security assurance requirements of information systems from technology, management and engineering of information systems security.
GB/T 20274.1-2006
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology -
Evaluation Framework for Information Systems
Security Assurance -
Part 1. Introduction and General Model
ISSUED ON. MAY 31, 2006
IMPLEMENTED ON. DECEMBER 1, 2006
Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 5
Introduction ... 6
0.1 Meaning??of??Information??Systems??Security??Assurance??...??6
0.2 Purpose and Significance of Compiling Framework for Information Systems Security??Assurance??Evaluation??...??7
1 Scope ... 9
2 Normative References ... 9
3 Terms, Definitions and Abbreviations ... 10
3.1 Terms??and??Definitions??...??10
3.2 Abbreviations??...??14
4 Overview ... 15
4.1 Introduction??...??15
4.2 Target??Readers??of??Evaluation??Framework??for??ISSA??...??16
4.3 Evaluation??Context??...??17
4.4 Document??Structure??of??Evaluation??Framework??for??ISSA??...??18
5 General Model ... 20
5.1 Overview??...??20
5.2 Context??of??Security??Assurance??...??20
5.3 ISSA??Evaluation??...??25
5.4 Generation??of??ISPP??and??ISST??...??29
5.5 Description??Materials??of??Information??Systems??Security??Assurance??(ISSA)??...??33 6 ISSA Evaluation and Evaluation Results ... 39
6.1 Introduction??...??39
6.2 ISPP??and??ISST??Requirements??...??39
6.3 TOE??Requirements??...??40
6.4 Declaration??of??Evaluation??Result??...??41
6.5 Application??of??TOE??Evaluation??Result??...??42
Appendix A (Normative) Information Systems Protection Profile (ISPP) ... 43 A.1 Overview??...??43
A.2 ISPP??Content??...??43
A.2.1 Content??and??Expression??...??43
A.2.2 ISPP??Introduction??...??44
A.2.3 TOE??Description??...??44
A.2.4 TOE??Security??Environment??...??46
A.2.5 Security??Assurance??Purpose??...??46
A.2.6 Information??Systems??Security??Assurance??Requirements??...??47
A.2.7 ISPP??Application??Explanation??...??48
A.2.8 Declaration??of??Conformity??...??48
Appendix B (Normative) Specifications of Information Systems Security Target (ISST) ... 50
B.1 Overview??...??50
B.2 ISST??Content??...??50
B.2.1 Content??and??Form??...??50
B.2.2 ISST??Introduction??...??51
B.2.3 TOE??Description??...??52
B.2.4 TOE??Security??Environment??...??55
B.2.5 Security??Assurance??Purpose??...??55
B.2.6 Security??Assurance??Requirements??...??56
B.2.7 TOE??Summary??Specifications??...??57
B.2.8 ISPP??Declaration??...??58
B.2.9 Declaration??of??Conformity??...??59
Appendix C (Informative) Description of Information System ... 61
C.1 Overview??...??61
C.2 Description??Specifications??of??Information??System??...??61
C.3 Explanation??for??Description??of??Information??System??...??63
Appendix D (Informative) Explanation of Information Systems Assurance Level (ISAL)... 65
D.1 Overview??...??65
D.2 Classification??of??Information??System??Mission??...??65
D.3 Grading??of??Information??System??Threats??...??66
D.4 Information??Systems??Assurance??Level??(ISAL)??Matrix??...??66
D.5 ISAL??Grading??Requirements??...??66
Bibliography ... 69
Figure 1 Evaluation Context ... 18
Figure 2 Concept and Relationship of Information Systems Security ... 21 Figure 3 Model of ISSA ... 22
Figure 4 Security Assurance Elements of ISSA Life Cycle ... 23
Figure 5 Concept and Relationship of ISSA Evaluation ... 26
Figure 6 Description of ISSA Evaluation ... 27
Figure 7 Entirety and Application of ISSA Evaluation ... 29
Figure 8 Generation Process of ISPP and ISST ... 30
Figure 9 Organization and Structure of Security Assurance Control
Requirements ... 34
Figure 10 Application of Security Assurance Requirements ... 37
Figure 11 Evaluation Results ... 39
Figure A.1 ISPP Content ... 45
Figure B.1 ISST Content ... 52
Figure C.1 Description Specifications of Information System for ISSA
Evaluation ... 61
Figure C.2 Technical Reference Model of Information System ... 64
Figure D.1 Example for Requirements of Information System Security
Management Capability Maturity Level ... 67
Figure D.2 Example for Requirements of Information System Securi...

View full details