Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20274.4-2008 English PDF (GBT20274.4-2008)

GB/T 20274.4-2008 English PDF (GBT20274.4-2008)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 20274.4-2008 to get it for Purchase Approval, Bank TT...

GB/T 20274.4-2008: Information security technology -- Evaluation framework for information systems security assurance -- Part 4: Engineering assurance

This Part of GB/T 20274 establishes the framework for information system security engineering assurance and the guide; general principle for the organization starting, implementing, maintaining, evaluating and improving information security engineering. This Part defines and explains the security engineering capability level that reflects the information security engineering assurance capability of the organization in the information system security engineering assurance work, and provides the security engineering assurance control class requirements of the organization information security engineering assurance contents.
GB/T 20274.4-2008
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology -
Evaluation Framework for Information Systems
Security Assurance - Part 4. Engineering Assurance
ISSUED ON. JULY 18, 2008
IMPLEMENTED ON. DECEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection
and Quarantine of the PEOPLE Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 5
4 Structure of This Part ... 6
5 Framework of Information Systems Security Engineering Assurance ... 6 5.1 Overview??of??Information??Systems??Security??Engineering??Assurance??...??6 5.2 Information??Systems??Security??Engineering??Assurance??Control??...??7 5.3 Information??System??Security??Engineering??Capability??Maturity??Level??...??10 6 Structure of Information Security Engineering Assurance Control Class ... 11 6.1 General??...??11
6.2 Structure??of??Security??Engineering??Assurance??Control??Class??...??11 6.3 Structure??of??Security??Engineering??Assurance??Control??Subclass??...??12 6.4 Structure??of??Security??Engineering??Assurance??control??module??...??13 7 PRM Security Engineering Assurance Control Class. Process of Risk ... 14 7.1 Introduction??of??Security??Engineering??Assurance??Control??Class??in??Process??of??Risk??...??14 7.2 System??Definition??(PRM_SDF)??...??15
7.3 Assess??Threat??(PRM_ATT)??...??16
7.4 Assess??Vulnerability??(PRM_AVL)??...??20
7.5 Assess??Impact??(PRM_AIM)??...??25
7.6 Assess??Security??Risk??(PRM_ASR)??...??29
8 PEN Security Engineering Assurance Control Class. Engineering Process ... 33 8.1 Introduction??of??Engineering??Process??of??Engineering??Process??Security??Control??Class??...??33 8.2 Identify??Security??Requirements??(PEN_ISR)??...??34
8.3 High?€?level??Security??Design??(PEN_HSD)??...??40
8.4 Detailed??Security??Design??(PEN_DSD)??...??42
8.5 Security??Engineering??Execution??(PEN_SEE)??...??45
8.6 Provide??Security??Input??(PEN_PSI)??...??49
8.7 Monitor??Security??Posture??(PEN_MSP)??...??54
8.8 Manage??Security??Control??(PEN_MSC)??...??61
8.9 Coordination??of??Security??(PEN_COS)??...??66
9 PAS Security Engineering Assurance Control Class. Assurance Process ... 69 9.1 Introduction??to??Security??Engineering??Assurance??Control??Class??in??Assurance??Process??...??69 9.2 Verify??and??Validate??Security??(PAS_VVS)??...??71
9.3 Establish??Assurance??Evidence??(PAS_EAE)??...??74
10 Capability Level of Security Engineering Assurance Control Class ... 78 10.1 General??...??78
10.2 Description??of??Security??Engineering??Capability??Levels??...??79
10.3 Requirements??of??Capability??Level??of??Information??System??Security??Engineering??...??84 Bibliography ... 85
Figure 1 Security Engineering Process Life Cycle ... 9
Figure 2 Composition of Security Engineering Assurance Control Class ... 11 Figure 3 Composition of Security Engineering Assurance Control Subclass ... 12 Figure 4 Composition of Security Engineering Assurance Control Component ... 13 Figure 5 Description of Process of Risk ... 15
Figure 6 Composition of Security Engineering Assurance Control Subclass for System Definition (PRM_SDF) ... 15
Figure 7 Composition of Security Engineering Assurance Control Subclass for Assessing Threat (PRM_ATT) ... 17
Figure 8 Composition of Security Engineering Assurance Control Subclass for Assessing Vulnerability (PRM_AVL) ... 21
Figure 9 Composition of Security Engineering Assurance Control Subclass for Assessing Influence (PRM_AIM) ... 25
Figure 10 Composition of Security Engineering Assurance Control Subclass for Assessing Security Risk (PRM_ASR) ... 30
Figure 11 Introduction of Engineering Process Of Security Engineering Assurance Control Class ... 34
Figure 12 Composition of Security Engineering Assurance Control Subclass for Identifying Security Requirements (PEN_ISR) ... 35
Figure 13 Composition of Security Engineering Assurance Control Subclass for High- level Security Design (PEN_HSD) ... 40
Figure 14 Composition of Security Engineering Assurance Control Subclass for Detailed Security Design (PEN_DSD) ... 42
Figure 15 Composition of Security Engineering Assurance Control Subclass for Security Engineering Execution (PEN_SEE) ... 45
Figure 16 Composition of Security Engineering Assurance Control Subclass for Providing Security Input (PEN_PSI) ... 49
Figure 17 Composition of Security Engineering Assurance Control Subclass for Monitoring Security Posture (PEN_MSP) ... 55
Figure 18 Composition of Security Engineering Assurance Control Subclass for Managing Security Control (PEN_MSC) ... 61
Figure 19 Composition of Security Engineering Assurance Control Subclass for Coordination of Security (PEN_COS) ... 67
Figure 20 Description of Security Engineering Assurance Control Class in Assurance Process ... 70
Figure 21 Composition of Security Engineering Assurance Control Subclass for Verifying and Validating Security (PAS_VVS) ... 71
Figure 22 Composition of Security Engineering Assurance Control Subclass for Establishing Assurance Evidence (PAS_EAE) ... 75
Figure 23 Required Capability Level of Information System Safety Engineering ... 84 Table 1 Relationship between Security Engineering Life Cycle and Process Domain ... 9 Foreword
GB/T 20274 "Information Security Technology - Evaluation Framework for Information Systems Security Assurance" is divided into the flowing four parts.
- Part 1. Introduction and General Model
- Part 2. Technical Assurance
- Part 3. Management Assurance
- Part 4. Engineering Assurance
This Part is Part 4 of GB/T 20274.
This Part was proposed by and shall be under the jurisdiction of the National Technical Committee on Information Tec...

View full details