Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF & invoice In 1 second!

GB/T 20277-2015 English PDF (GBT20277-2015)

GB/T 20277-2015 English PDF (GBT20277-2015)

Regular price $245.00 USD
Regular price Sale price $245.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 20277-2015 to get it for Purchase Approval, Bank TT...

GB/T 20277-2015: Information security technology -- Testing and evaluation approaches of network and terminal separation products

This Standard specifies testing and evaluation approaches of network and terminal separation products according to technical requirements of GB/T 20279-2015.
GB/T 20277-2015
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Replacing GB/T 20277-2006
Information Security Technology -
Testing and Evaluation Approaches of Network
and Terminal Separation Products
ISSUED ON. MAY 15, 2015
IMPLEMENTED ON. JANUARY 1, 2016
Issued by.
General Administration of Quality Supervision, Inspection
and Quarantine of the PEOPLE Republic of China;
Standardization Administration of the PEOPLE Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Testing Environment and Tool ... 5
4.1 Security Function and Environmental Adaptation Testing Environment ... 5 4.2 Performance Testing Environment ... 6
5 Security Function Testing ... 7
5.1 Overall Description ... 7
5.2 Terminal Separation Products ... 7
5.3 Network Separation Products ... 19
5.4 Network Unilateral Transmission Products ... 59
6 Assessment of Security Assurance Requirements ... 108
6.1 Base-level Testing ... 108
6.2 Enhanced-Level Testing ... 116
7 Environmental Adaptation Testing ... 134
7.1 Next Generation Internet Support ... 134
7.2 IPv6 Transition Network Environment Support ... 139
8 Performance Testing ... 141
8.1 Exchange Rate... 141
8.2 Hardware Switching Time ... 142
References ... 143
Foreword
This Standard was drafted according to the rules given in GB/T 1.1-2009. This Standard replaces GB/T 20277-2006 ?€?Information Security Technology - Testing and Evaluation Techniques of Separation Components of Network and Terminal Equipment?€?.
Compared with GB/T 20277-2006, this Standard has the main differences as follows. ?€? Classification was amended into terminal separation products, network separation products and network unilateral transmission products;
?€? Level was uniformly divided into base level and enhanced level;
?€? Add testing contents of next generation Internet Protocol support capability. Please note that some of the content of this document may involve patents. The issuing organization of this document does not undertake the responsibility to identify any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of National Technical Committee on Information Technology Security of Standardization Administration of China (SAC/TC 260).
Drafting organizations of this Standard. Quality Supervision Testing Center of Computer Information System Security Products of the Ministry of Public Security, Zhuhai Victory Idea Co., Ltd., Nanjing Shenyi Network Technology Co., Ltd. AND The Third Research Institute of Ministry of Public Security.
Main drafters of this Standard. Lu Zhen, Gu Jian, Yu You, Li Xuan, Deng Qi, Zuo Anji, Lu Wenli and Liu Bin.
The previous edition of the standard superseded by this Standard is as follows. ?€? GB/T 20277-2006.
Information Security Technology -
Testing and Evaluation Approaches of Network and
Terminal Separation Products
1 Scope
This Standard specifies testing and evaluation approaches of network and terminal separation products according to technical requirements of GB/T 20279-2015. This Standard is applicable to testing and evaluation of network and terminal separation products developed according to security class requirements of GB/T 20279-2015.
2 Normative References
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard.
GB 17859-1999 Classified Criteria for Security Protection of Computer
Information System
GB/T 20279-2015 Information Security Technology - Security Technical
Requirements of Network and Terminal Separation Products
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
For the purpose of this Standard, terms and definitions established in GB 17859-1999, GB/T 25069-2010 and GB/T 20279-2015 apply.
5 Security Function Testing
5.1 Overall Description
5.1.1 Classification of testing and evaluation approaches
In this Standard, according to technical requirements of GB/T 20279-2015, requirements for testing and evaluation approaches of network and terminal separation products are classified into four categories. security function, security assurance, environmental adaptation and performance requirements.
5.1.2 Security level
Corresponding to GB/T 20279-2015, security level is classified into base level and enhanced level in this Standard. Compared with contents of base level, added or changed contents of requirements for the enhanced level are expressed in "bold Song typeface" in the main body.
5.2 Terminal Separation Products
5.2.1 Base-level testing
5.2.1.1 Access control
5.2.1.1.1 Definition of security attribute
Testing and evaluation approaches and expected results of the definition of security attribute of terminal separation products are as follows.
a) Testing and evaluation approaches.
Documents provided by developers are assessed; for information storage
and transmission components, security attribute necessary for terminal
separation products is assessed and specific contents are stated. Definition of security attribute of products is tested, tested results are recorded and it is judged whether the results are fully in accordance with the requirements for the above testing and evaluation approaches.
b) Expected results.
For the products, security attribute shall be able to be set and shall at least include network switching mode in different security domains, security zones of such storage devices as optical drive and floppy drive, network equipment access type and other security attributes mentioned in documents of the developers.
5.2.1.1.2 Attribute modification
Testing and evaluation approaches and expected results of attribute modification of terminal separation products are as follows.
a) Testing and evaluation approaches
Documents provided by developers are assessed, including detailed
description on attribute modification. Modification operation is conducted for the security attribute and functions of product modification and
security-related attribute parameters are tested, including security domain network switching. Testing results are recorded and it is judged whether such results are fully in accordance with the requirements for the above testing and evaluation approaches.
b) Expected results.
For the products, parameters of security-related attribute shall be able to be modified and shall at least include security domain network switching.
5.2.1.1.3 Attribute query
Testing and evaluation approaches and expected results of attribute query of terminal separation products are as follows.
a) Testing and evaluation approaches.
Documents provided by developers are assessed, including detailed
description on attribute modification. Query operation is conducted for the security attribute and query functions of security attribute by terminal separation product users are tested, including query on one security domain network state. Testing results are recorded and it is judged whether such results are fully in accordance with the requirements for the above testing and evaluation approaches.
b) Expected results.
Terminal separation product users shall be able to make query on the
security attribute, at least including query on one security domain network state.
5.2.1.1.4 Access authorization and rejection
Testing and evaluation approaches and expected results of access authorization and rejection of terminal separation products are as follows.
a) Testing and evaluation approaches.
Testing is conducted according to the detailed description on access
authorization and rejection provided by developers.
1) Physical conduction and partition testing of information. where terminal separation products are in security domain A network state, they attempt to connect with security domain A net...

View full details