Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20282-2006 English PDF (GBT20282-2006)

GB/T 20282-2006 English PDF (GBT20282-2006)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 20282-2006 to get it for Purchase Approval, Bank TT...

GB/T 20282-2006: Information security technology -- Information system security engineering management requirements

This Standard specifies management requirements for information system security engineering (hereinafter referred to as security engineering) as the instructions for construction of information system safety engineering by the owner, the developer and the third party, upon which all parties can base security engineering management system.
GB/T 20282-2006
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.020
L 09
Information Security Technology - Information
System Security Engineering Management
Requirements
ISSUED ON. MAY 31, 2006
IMPLEMENTED ON. DECEMBER 1, 2006
Issued by.
General Administration of Quality Supervision, Inspection
and Quarantine of the PEOPLE Republic of China;
Standardization Administration of the PEOPLE Republic of
China.
Table of Contents
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 6
4 Security Engineering System ... 7
4.1 Overview ... 7
4.2 Goal of Security Engineering ... 8
4.3 Fundamental Relation ... 8
5 Qualification Assurance Requirements ... 8
5.1 System Integration Qualification Requirement ... 8
5.2 Personnel Qualification Requirement ... 8
5.3 Third-party Service Requirement ... 8
5.4 Security Product Requirement ... 8
5.5 Engineering Supervision Requirement ... 9
5.6 Requirement for Compliance with Laws, Regulations and Policies ... 9 6 Organizational Assurance Requirements ... 9
6.1 Define Organizational Process of System Engineering ... 9
6.2 Improve Organizational Process of System Engineering ... 10
6.3 Manage the Evolution of Series of Products ... 10
6.4 Manage Support Environment of System Engineering ... 12
6.5 Host Training ... 13
6.6 Coordinate with Supplier ... 14
7 Engineering Implementation Requirements ... 15
7.1 Manage Security Control ... 15
7.2 Assess Impacts ... 16
7.3 Assess Security Risk ... 17
7.4 Assess Threats ... 18
7.5 Assess Vulnerability ... 19
7.6 Build Assurance Argument ... 20
7.7 Coordinate Security ... 21
7.8 Monitor Security Posture ... 22
7.9 Provide Security Input ... 23
7.10 Specify Security Requirements ... 25
7.11 Verify and Validate Security ... 26
8 Project Implementation Requirements ... 27
8.1 Quality Assurance ... 27
8.2 Manage Configuration ... 29
8.3 Manage Project Risk ... 30
8.4 Monitor Technical Activities... 31
8.5 Plan Technical Activities ... 33
9 Grading Requirements for Security Engineering Management ... 35
9.1 Level 1. the User's Discretionary Protection Level ... 35
9.2 Level 2. System Audit Protection Level ... 37
9.3 Level 3. Security Label Protection Level ... 40
9.4 Level 4. Structured Protection Level ... 44
9.5 Level 5. Access Verification Protection Level ... 46
9.6 Comparison Table of Security Protection Level Classification and Security Engineering Requirements ... 49
10 Process and Requirements of Security Engineering ... 49
10.1 Security Engineering Process ... 49
10.2 Security Engineering Requirements of Security Engineering Process in Each Stage ... 56
Appendix A (Informative) Corresponding Relationship between Security Engineering Requirements and Security Protection Level/Security Engineering Process ... 57 References ... 62
Foreword
Appendix A of this Standard is informative.
This Standard was proposed by and is under the jurisdiction of National Committee on Information Security of Standardization Administration of China.
Drafting organizations of this Standard. the 30th Research Institute of China Electronics Technology Group Corporation (CETC 30), Shanghai 30wish Information Security Co., Ltd. and Shanghai Institute of Standardization.
Main drafters of this Standard. Zhang Jianjun, Wei Zhong, Ye Ming, Chen Changsong and Kong Yitong.
Information Security Technology - Information
System Security Engineering Management
Requirements
1 Scope
This Standard specifies management requirements for information system security engineering (hereinafter referred to as security engineering) as the instructions for construction of information system safety engineering by the owner, the developer and the third party, upon which all parties can base security engineering management system.
This Standard, in accordance with five security protection levels specified in GB 17859-1999, specifies different requirements for management of information system security engineering.
This Standard is applicable for the owner and the developer of information system to manage security engineering, which can be referred by all parties concerned. 2 Normative References
The provisions in following documents become the provisions of this Standard through reference in this Standard. For dated references, the subsequent amendments (excluding corrections) or revisions do not apply to this Standard, however, parties who reach an agreement based on this Standard are encouraged to study if the latest versions of these documents are applicable. For undated references, the latest edition of the referenced document applies.
GB 17859-1999 Classified Criteria for Security Protection of Computer
Information System
GB/T 20269-2006 Information Security Technology - Information System Security Management Requirements
GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System
3 Terms and Definitions
For the purposes of this Standard, the following terminologies and definitions apply. 3.1
Security engineering
The process of system engineering that ensures confidentiality, integrity and availability of information system.
3.2
Security engineering lifecycle
Activities that relate to security engineering throughout the lifecycle of information system, including concept formation, concept development and definition, verification and validation, engineering implementation development and manufacture, production and deployment, operation and support, and termination.
3.3
Security engineering guide
Guiding information that is defined by engineering group on how to select, design and implement engineering system structure.
3.4
Vulnerability
...

View full details