Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20274.4-2008 English PDF (GBT20274.4-2008)

GB/T 20274.4-2008 English PDF (GBT20274.4-2008)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 20274.4-2008
Historical versions: GB/T 20274.4-2008
Preview True-PDF (Reload/Scroll if blank)

GB/T 20274.4-2008: Information security technology -- Evaluation framework for information systems security assurance -- Part 4: Engineering assurance
GB/T 20274.4-2008
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology -
Evaluation Framework for Information Systems
Security Assurance - Part 4. Engineering Assurance
ISSUED ON. JULY 18, 2008
IMPLEMENTED ON. DECEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection
and Quarantine of the People’s Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 4 
1 Scope ... 5 
2 Normative References ... 5 
3 Terms and Definitions ... 5 
4 Structure of This Part ... 6 
5 Framework of Information Systems Security Engineering Assurance ... 6 
5.1    Overview of Information Systems Security Engineering Assurance ... 6 
5.2    Information Systems Security Engineering Assurance Control ... 7 
5.3    Information System Security Engineering Capability Maturity Level ... 10 
6 Structure of Information Security Engineering Assurance Control Class ... 11 
6.1    General ... 11 
6.2    Structure of Security Engineering Assurance Control Class ... 11 
6.3    Structure of Security Engineering Assurance Control Subclass ... 12 
6.4    Structure of Security Engineering Assurance control module ... 13 
7 PRM Security Engineering Assurance Control Class. Process of Risk ... 14 
7.1    Introduction of Security Engineering Assurance Control Class in Process of Risk ... 14 
7.2    System Definition (PRM_SDF) ... 15 
7.3    Assess Threat (PRM_ATT) ... 16 
7.4    Assess Vulnerability (PRM_AVL) ... 20 
7.5    Assess Impact (PRM_AIM) ... 25 
7.6    Assess Security Risk (PRM_ASR) ... 29 
8 PEN Security Engineering Assurance Control Class. Engineering Process ... 33 
8.1    Introduction of Engineering Process of Engineering Process Security Control Class ... 33 
8.2    Identify Security Requirements (PEN_ISR) ... 34 
8.3    High‐level Security Design (PEN_HSD) ... 40 
8.4    Detailed Security Design (PEN_DSD) ... 42 
8.5    Security Engineering Execution (PEN_SEE) ... 45 
8.6    Provide Security Input (PEN_PSI) ... 49 
8.7    Monitor Security Posture (PEN_MSP) ... 54 
8.8    Manage Security Control (PEN_MSC) ... 61 
8.9    Coordination of Security (PEN_COS) ... 66 
9 PAS Security Engineering Assurance Control Class. Assurance Process ... 69 
9.1    Introduction to Security Engineering Assurance Control Class in Assurance Process ... 69 
9.2    Verify and Validate Security (PAS_VVS) ... 71 
9.3    Establish Assurance Evidence (PAS_EAE) ... 74 
10 Capability Level of Security Engineering Assurance Control Class ... 78 
10.1    General ... 78 
10.2    Description of Security Engineering Capability Levels ... 79 
10.3    Requirements of Capability Level of Information System Security Engineering ... 84 
Bibliography ... 85 
Figure 1 Security Engineering Process Life Cycle ... 9 
Figure 2 Composition of Security Engineering Assurance Control Class ... 11 
Figure 3 Composition of Security Engineering Assurance Control Subclass ... 12 
Figure 4 Composition of Security Engineering Assurance Control Component ... 13 
Figure 5 Description of Process of Risk ... 15 
Figure 6 Composition of Security Engineering Assurance Control Subclass for System
Definition (PRM_SDF) ... 15 
Figure 7 Composition of Security Engineering Assurance Control Subclass for
Assessing Threat (PRM_ATT) ... 17 
Figure 8 Composition of Security Engineering Assurance Control Subclass for
Assessing Vulnerability (PRM_AVL) ... 21 
Figure 9 Composition of Security Engineering Assurance Control Subclass for
Assessing Influence (PRM_AIM) ... 25 
Figure 10 Composition of Security Engineering Assurance Control Subclass for
Assessing Security Risk (PRM_ASR) ... 30 
Figure 11 Introduction of Engineering Process Of Security Engineering Assurance
Control Class ... 34 
Figure 12 Composition of Security Engineering Assurance Control Subclass for
Identifying Security Requirements (PEN_ISR) ... 35 
Figure 13 Composition of Security Engineering Assurance Control Subclass for High-
level Security Design (PEN_HSD) ... 40 
Figure 14 Composition of Security Engineering Assurance Control Subclass for
Detailed Security Design (PEN_DSD) ... 42 
Figure 15 Composition of Security Engineering Assurance Control Subclass for
Security Engineering Execution (PEN_SEE) ... 45 
Figure 16 Composition of Security Engineering Assurance Control Subclass for
Providing Security Input (PEN_PSI) ... 49 
Figure 17 Composition of Security Engineering Assurance Control Subclass for
Monitoring Security Posture (PEN_MSP) ... 55 
Figure 18 Composition of Security Engineering Assurance Control Subclass for
Managing Security Control (PEN_MSC) ... 61 
Figure 19 Composition of Security Engineering Assurance Control Subclass for
Coordination of Security (PEN_COS) ... 67 
Figure 20 Description of Security Engineering Assurance Control Class in Assurance
Process ... 70 
Figure 21 Composition of Security Engineering Assurance Control Subclass for
Verifying and Validating Security (PAS_VVS) ... 71 
Figure 22 Composition of Security Engineering Assurance Control Subclass for
Establishing Assurance Evidence (PAS_EAE) ... 75 
Figure 23 Required Capability Level of Information System Safety Engineering ... 84 
Table 1 Relationship between Security Engineering Life Cycle and Process Domain ... 9 
Foreword
GB/T 20274 "Information Security Technology - Evaluation Framework for Information
Systems Security Assurance" is divided into the flowing four parts.
- Part 1. Introduction and General Model
- Part 2. Technical Assurance
- Part 3. Management Assurance
- Part 4. Engineering Assurance
This Part is Part 4 of GB/T 20274.
This Part was proposed by and shall be under the jurisdiction of the National Technical
Committee on Information Tec...

View full details