1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 28448-2019 English PDF (GBT28448-2019)
GB/T 28448-2019 English PDF (GBT28448-2019)
Regular price
$2,405.00 USD
Regular price
Sale price
$2,405.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get Quotation: Click GB/T 28448-2019 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 28448-2019
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 28448-2019: Information security technology - Evaluation requirement for classified protection of cybersecurity
GB/T 28448-2019
Information security technology--Evaluation requirement for classified protection of cybersecurity
ICS 35.040
L80
National Standards of People's Republic of China
Replace GB/T 28448-2012
Information Security Technology
Network security level protection evaluation requirements
2019-05-10 release
2019-12-01 Implementation
State Administration of Market Supervision and Administration
Issued by China National Standardization Management Committee
Contents
Foreword Ⅲ
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Acronyms 2
5 Overview of rating assessment 2
5.1 Level assessment method 2
5.2 Single assessment and overall assessment 3
6 Level 1 assessment requirements 3
6.1 General requirements for safety assessment 3
6.2 Cloud computing security assessment extension requirements 19
6.3 Extended Requirements for Mobile Internet Security Evaluation 22
6.4 Extended requirements for IoT security assessment 23
6.5 Extended requirements for safety assessment of industrial control systems 25
7 Level 2 assessment requirements 27
7.1 General requirements for safety assessment 27
7.2 Extended requirements for cloud computing security assessment 64
7.3 Extended Requirements for Mobile Internet Security Evaluation 72
7.4 Extended Requirements for Internet of Things Security Evaluation 75
7.5 Extended requirements for safety evaluation of industrial control systems 77
8 Level 3 assessment requirements 81
8.1 General requirements for safety assessment 81
8.2 Cloud computing security assessment extension requirements 138
8.3 Extended Requirements for Mobile Internet Security Evaluation 151
8.4 Extended Requirements for Internet of Things Security Evaluation 156
8.5 Extended requirements for safety assessment of industrial control systems 162
9 Level 4 assessment requirements 167
9.1 General requirements for safety assessment 167
9.2 Expansion requirements for cloud computing security assessment 228
9.3 Extended requirements for mobile internet security assessment
9.4 Extended requirements for IoT security assessment 247
9.5 Extended Requirements for Safety Evaluation of Industrial Control Systems 253
10 Level 5 assessment requirements 259
11 Overall evaluation 259
11.1 Overview
11.2 Evaluation of safety control points 260
11.3 Evaluation between security control points 260
11.4 Interregional assessment 260
12 Evaluation conclusion 260
12.1 Risk analysis and evaluation 260
12.2 Level evaluation conclusion 260
Appendix A (informative appendix) Measuring strength 262
Appendix B (informative appendix) Big data can refer to security assessment method 264
Appendix C (Normative Appendix) Description of the evaluation unit number 284
References 285
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard replaces GB/T 28448-2012 "Information Security Technology Information System Security Level Protection Evaluation Requirements", and
Compared with GB/T 28448-2012, the main changes are as follows.
--- Change the name of the standard to "Requirements for the Evaluation of Information Security Technology Network Security Level Protection";
--- Each level adds cloud computing security assessment extension requirements, mobile internet security assessment extension requirements, and IoT security assessment extensions
Requirements and extended requirements for safety evaluation of industrial control systems;
--- Added relevant terms and definitions such as grade evaluation, evaluation objects, cloud service providers and cloud service customers (see Chapter 3,.2012 edition)
Chapter 3);
--- Fine-tuned the unit evaluation for the control point to a single evaluation for the required items, and deleted the "evaluation framework" (see.2012
Version 4.1) and "level assessment content" (see the.2012 version 4.2);
--- Added big data can refer to the safety assessment method (see Appendix B) and the description of the evaluation unit number (see Appendix C).
Please note that some content of this document may involve patents. The issuer of this document does not assume responsibility for identifying these patents.
This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted by. The Third Research Institute of the Ministry of Public Security (Information Security Level Protection Evaluation Center of the Ministry of Public Security), China Electronics Technology Standardization Research Institute
Research Institute, National Information Center, Institute of Information Engineering, Chinese Academy of Sciences (State Key Laboratory of Information Security), Peking University, Xinhua Technology
Limited company, Chengdu Kelai Software Co., Ltd., China Mobile Communications Group Co., Ltd., Beijing Dingpu Technology Co., Ltd., Beijing Weibu in
Wire Technology Co., Ltd., Beijing Bangbang Safety Technology Co., Ltd., Beijing Xunda Yuncheng Technology Co., Ltd., China Electronics Technology Group Corporation
Fifteen Research Institute (Information Industry Information Security Evaluation Center), the First Research Institute of the Ministry of Public Security, Beijing Information Security Evaluation Center, National Energy Administration
Information Center (Power Industry Information Security Level Protection Evaluation Center), Global Energy Internet Research Institute, Beijing Zhuozhi Network Security Technology Co., Ltd.
Division, China Electric Power Research Institute, Nanjing Nanrui Group Company, Guodian Nanjing Automation Co., Ltd., China Southern Power Grid Research Institute, China
The Sixth Research Institute of China National Electronic Information Industry Group Corporation, Computer and Microelectronics Development Research Center of the Ministry of Industry and Information Technology (China Software Evaluation
Heart), Venus Star Information Technology Group Co., Ltd., Beijing Fengyun Internet Technology Co., Ltd., Huapu Science and Technology (Beijing) Co., Ltd.
The main drafters of this standard. Chen Guangyong, Li Ming, Li Shuilin, Ma Li, Qu Jie, Yu Dongsheng, Ai Chundi, Guo Qiquan, Ge Bowei, Zhu Guobang,
Lu Lei, Zhang Yuxiang, KPMG, Sha Miaomiao, Li Sheng, Hu Hongsheng, Chen Xuehong, Yuan Jing, Zhang Heng, Zhang Yi, Mao Shu, Wang Bin, Yin Xiangpei, Wang Yong, Gao Yanan,
Jiao Anchun, Zhao Jintao, Yu Junjie, Xu Yanlong, Ma Xiaobo, Jiang Lei, Huang Shunjing, Zhu Jianxing, Su Yanfang, Lu Kai, He Shen, Huo Shanshan, Yu Yuntao,
Chen Zhen, Ren Weihong, Sun Huiping, Wan Xiaolan, Ma Hongxia, Xue Feng, Zhao Linlin, Liu Jingang, Hu Yuening, Zhou Xiaoxue, Li Yajun, Yang Hongqi, Meng Zhaorui,
Li Fei, Wang Jiangbo, Kan Zhigang, Liu Jian, Tao Yuan, Li Qiuxiang, Xu Fengkai, Wang Shaojie, Li Chenyang, Li Ling, Zhu Shishun, Zhang Wuyi, Chen Huajun, Zhang Jiexin,
Zhang Biao, Li Wangwei, Wang Xue, Cai Xuelin, Hu Juan, Liu Jing, Zhou Feng, Hao Xin, Ma Min, Duan Weiheng.
The previous versions of the standard replaced by this standard are as follows.
--- GB/T 28448-2012.
introduction
In order to cooperate with the implementation of the "Cyber Security Law of the People's Republic of China", it is also suitable for cloud computing, mobile Internet, Internet of Things and industrial control, etc.
Under the circumstances of new technologies and new applications, the development of network security level protection needs to be revised to GB/T 28448-2012. At the same time, as
GB/T 22239-2008, which quotes the evaluation indicators, has also started revision work. The revised ideas and methods are based on GB/T 22239
The entire content provides general requirements for safety evaluation in response to common security protection needs, and is aimed at cloud computing, mobile Internet, Internet of Things and industrial control, etc.
The personalized security protection needs of new technologies and new application fields put forward expanded requirements for security evaluation, forming a new "Information Security Technology Network Security"
"Level Protection Evaluation Requirements" standard.
This standard is one of a series of standards related to network security level protection.
Standards related to this standard include.
--- GB/T 25058 Information Security Technology Information System Security Level Protection Implementation Guide;
--- GB/T 22240 Information Security Technology Information System Security Level Protection Rating Guidelines;
--- GB/T 22239 Information security technology network security level protection basic requirements;
--- GB/T 25070 information security technology network security level protection security design technical requirements;
--- GB/T 28449 Information security technology network security level protection evaluation process guide.
Information Security Technology
Network security level protection evaluation requirements
1 Scope
This standard stipulates the general requirements and extended requirements for safety evaluation of different levels of protection objects.
This standard is applicable to the safety assessment service organizations, the operation and use units of graded protection objects and the competent departments for the safety of graded protection objects
The situation is subject to security evaluation and guidance, and it is also suitable for network security functional departments to use when referring to network security level protection supervision and inspection.
Note. The fifth level protection object is a very important supervision and management object, which has special management mode and safety evaluation requirements, so it is not in this standard
Describe it.
2 Normative references
The following documents are essential for the application of this document. For dated references, only the dated version applies to this article
Pieces. For the cited documents without date, the latest version (including all amendments) applies to this document.
GB 17859-1999 Computer information system security protection level classification criteria
GB/T 22239-2019 Information security technology network security level protection basic requirements
GB/T 25069 Information Security Technical Terms
GB/T 25070-2019 Information Security Technology Network Security Level Protection Security Design Technical Requirements
GB/T 28449-2018 Information Security Technology Network Security Level Protection Evaluation Process Guide
GB/T 31167-2014 Information Security Technology Cloud Computing Service Security Guide
GB/T 31168-2014 Information Security Technology Cloud Computing Service Security Capability Requirements
GB/T 32919-2016 Information Security Technology Industrial Control System Security Control Application Guide
3 Terms and definitions
GB 17859-1999, GB/T 25069, GB/T 22239-2019, GB/T 25070-2019, GB/T 31167-2014,
The terms and definitions defined in GB/T 31168-2014 and GB/T 32919-2016 and the following apply to this document. For ease of use,
The following repeatedly lists some terms and definitions in GB/T 31167-2014 and GB/T 31168-2014.
3.1
Interview
The evaluator helps the evaluator to understand, guide the relevant personnel of the level protection object to carry out purposeful (targeted) communication
The process of clarifying or obtaining evidence.
3.2
Verification
The evaluation personnel observe, check and analyze the evaluation objects (such as system documents, various types of equipment and related safety configurations, etc.) to help
Help the evaluation staff understand, clarify or obtain evidence.
3.3
Test test
The testers use predetermined methods/tools to make the test objects (various types of equipment or safety configurations) produce specific results, and compare the running results with
The process of comparing expected results.
3.4
Evaluate
The process of comprehensive evaluation and prediction of the possible threats and possible consequences of the evaluation objects.
3.5
Evaluation object targetoftestingandevaluation
The objects of different evaluation methods in the process of grade evaluation mainly involve related supporting system documents, equipment and personnel.
3.6
Rating evaluation testing and evaluation for classified cybersecurity protection
According to the provisions of the national network security level protection system, the evaluation agency shall, in accordance with the relevant management norms and technical standards, treat non-related state secrets.
The activity of testing and evaluating the protection status of the network security level.
3.7
Cloud service provider
The provider of cloud computing services.
Note. Cloud service providers manage, operate, and support computing infrastructure and software for cloud computing, and deliver cloud computing resources through the network.
[GB/T 31167-2014, definition 3.3]
3.8
Cloudservicecustomer
Participants who establish business relationships with cloud service providers for using cloud computing services.
[GB/T 31168-2014, definition 3.4]
3.9
Hypervisor
The middle software layer running between the basic physical server and the operating system allows multiple operating systems and applications to share hardware.
3.10
Host machine
The physical server running the virtual machine monitor.
4 Acronyms
The following abbreviations apply to this document.
AP. Wireless Access Point (WirelessAccessPoint)
APT. Advanced Persistent Threat
DDoS. Distributed Denial of Service (Distributed Denial of Service)
SSID. Service Set Identifier (ServiceSetIdentifier)
WEP. Wired Equivalent Privacy (WiredEquivalentPrivacy)
WiFi. Wireless Fidelity (WirelessFidelity)
WPS. WiFi Protected Setup (Wi-FiProtectedSetup)
5 Overview of rating assessment
5.1 Rating evaluation method
The basic method of grade evaluation implementation is to target specific evaluation objects, adopt related evaluation methods, and follow certain evaluation procedures to obtain
Take the required evidence data and give a judgement as to whether a certain level of safety protection capability is reached. See the detailed process and method for the implementation of rating assessment
GB/T 28449-2018.
The evaluation of each requirement in this ...
Get Quotation: Click GB/T 28448-2019 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 28448-2019
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 28448-2019: Information security technology - Evaluation requirement for classified protection of cybersecurity
GB/T 28448-2019
Information security technology--Evaluation requirement for classified protection of cybersecurity
ICS 35.040
L80
National Standards of People's Republic of China
Replace GB/T 28448-2012
Information Security Technology
Network security level protection evaluation requirements
2019-05-10 release
2019-12-01 Implementation
State Administration of Market Supervision and Administration
Issued by China National Standardization Management Committee
Contents
Foreword Ⅲ
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Acronyms 2
5 Overview of rating assessment 2
5.1 Level assessment method 2
5.2 Single assessment and overall assessment 3
6 Level 1 assessment requirements 3
6.1 General requirements for safety assessment 3
6.2 Cloud computing security assessment extension requirements 19
6.3 Extended Requirements for Mobile Internet Security Evaluation 22
6.4 Extended requirements for IoT security assessment 23
6.5 Extended requirements for safety assessment of industrial control systems 25
7 Level 2 assessment requirements 27
7.1 General requirements for safety assessment 27
7.2 Extended requirements for cloud computing security assessment 64
7.3 Extended Requirements for Mobile Internet Security Evaluation 72
7.4 Extended Requirements for Internet of Things Security Evaluation 75
7.5 Extended requirements for safety evaluation of industrial control systems 77
8 Level 3 assessment requirements 81
8.1 General requirements for safety assessment 81
8.2 Cloud computing security assessment extension requirements 138
8.3 Extended Requirements for Mobile Internet Security Evaluation 151
8.4 Extended Requirements for Internet of Things Security Evaluation 156
8.5 Extended requirements for safety assessment of industrial control systems 162
9 Level 4 assessment requirements 167
9.1 General requirements for safety assessment 167
9.2 Expansion requirements for cloud computing security assessment 228
9.3 Extended requirements for mobile internet security assessment
9.4 Extended requirements for IoT security assessment 247
9.5 Extended Requirements for Safety Evaluation of Industrial Control Systems 253
10 Level 5 assessment requirements 259
11 Overall evaluation 259
11.1 Overview
11.2 Evaluation of safety control points 260
11.3 Evaluation between security control points 260
11.4 Interregional assessment 260
12 Evaluation conclusion 260
12.1 Risk analysis and evaluation 260
12.2 Level evaluation conclusion 260
Appendix A (informative appendix) Measuring strength 262
Appendix B (informative appendix) Big data can refer to security assessment method 264
Appendix C (Normative Appendix) Description of the evaluation unit number 284
References 285
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard replaces GB/T 28448-2012 "Information Security Technology Information System Security Level Protection Evaluation Requirements", and
Compared with GB/T 28448-2012, the main changes are as follows.
--- Change the name of the standard to "Requirements for the Evaluation of Information Security Technology Network Security Level Protection";
--- Each level adds cloud computing security assessment extension requirements, mobile internet security assessment extension requirements, and IoT security assessment extensions
Requirements and extended requirements for safety evaluation of industrial control systems;
--- Added relevant terms and definitions such as grade evaluation, evaluation objects, cloud service providers and cloud service customers (see Chapter 3,.2012 edition)
Chapter 3);
--- Fine-tuned the unit evaluation for the control point to a single evaluation for the required items, and deleted the "evaluation framework" (see.2012
Version 4.1) and "level assessment content" (see the.2012 version 4.2);
--- Added big data can refer to the safety assessment method (see Appendix B) and the description of the evaluation unit number (see Appendix C).
Please note that some content of this document may involve patents. The issuer of this document does not assume responsibility for identifying these patents.
This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted by. The Third Research Institute of the Ministry of Public Security (Information Security Level Protection Evaluation Center of the Ministry of Public Security), China Electronics Technology Standardization Research Institute
Research Institute, National Information Center, Institute of Information Engineering, Chinese Academy of Sciences (State Key Laboratory of Information Security), Peking University, Xinhua Technology
Limited company, Chengdu Kelai Software Co., Ltd., China Mobile Communications Group Co., Ltd., Beijing Dingpu Technology Co., Ltd., Beijing Weibu in
Wire Technology Co., Ltd., Beijing Bangbang Safety Technology Co., Ltd., Beijing Xunda Yuncheng Technology Co., Ltd., China Electronics Technology Group Corporation
Fifteen Research Institute (Information Industry Information Security Evaluation Center), the First Research Institute of the Ministry of Public Security, Beijing Information Security Evaluation Center, National Energy Administration
Information Center (Power Industry Information Security Level Protection Evaluation Center), Global Energy Internet Research Institute, Beijing Zhuozhi Network Security Technology Co., Ltd.
Division, China Electric Power Research Institute, Nanjing Nanrui Group Company, Guodian Nanjing Automation Co., Ltd., China Southern Power Grid Research Institute, China
The Sixth Research Institute of China National Electronic Information Industry Group Corporation, Computer and Microelectronics Development Research Center of the Ministry of Industry and Information Technology (China Software Evaluation
Heart), Venus Star Information Technology Group Co., Ltd., Beijing Fengyun Internet Technology Co., Ltd., Huapu Science and Technology (Beijing) Co., Ltd.
The main drafters of this standard. Chen Guangyong, Li Ming, Li Shuilin, Ma Li, Qu Jie, Yu Dongsheng, Ai Chundi, Guo Qiquan, Ge Bowei, Zhu Guobang,
Lu Lei, Zhang Yuxiang, KPMG, Sha Miaomiao, Li Sheng, Hu Hongsheng, Chen Xuehong, Yuan Jing, Zhang Heng, Zhang Yi, Mao Shu, Wang Bin, Yin Xiangpei, Wang Yong, Gao Yanan,
Jiao Anchun, Zhao Jintao, Yu Junjie, Xu Yanlong, Ma Xiaobo, Jiang Lei, Huang Shunjing, Zhu Jianxing, Su Yanfang, Lu Kai, He Shen, Huo Shanshan, Yu Yuntao,
Chen Zhen, Ren Weihong, Sun Huiping, Wan Xiaolan, Ma Hongxia, Xue Feng, Zhao Linlin, Liu Jingang, Hu Yuening, Zhou Xiaoxue, Li Yajun, Yang Hongqi, Meng Zhaorui,
Li Fei, Wang Jiangbo, Kan Zhigang, Liu Jian, Tao Yuan, Li Qiuxiang, Xu Fengkai, Wang Shaojie, Li Chenyang, Li Ling, Zhu Shishun, Zhang Wuyi, Chen Huajun, Zhang Jiexin,
Zhang Biao, Li Wangwei, Wang Xue, Cai Xuelin, Hu Juan, Liu Jing, Zhou Feng, Hao Xin, Ma Min, Duan Weiheng.
The previous versions of the standard replaced by this standard are as follows.
--- GB/T 28448-2012.
introduction
In order to cooperate with the implementation of the "Cyber Security Law of the People's Republic of China", it is also suitable for cloud computing, mobile Internet, Internet of Things and industrial control, etc.
Under the circumstances of new technologies and new applications, the development of network security level protection needs to be revised to GB/T 28448-2012. At the same time, as
GB/T 22239-2008, which quotes the evaluation indicators, has also started revision work. The revised ideas and methods are based on GB/T 22239
The entire content provides general requirements for safety evaluation in response to common security protection needs, and is aimed at cloud computing, mobile Internet, Internet of Things and industrial control, etc.
The personalized security protection needs of new technologies and new application fields put forward expanded requirements for security evaluation, forming a new "Information Security Technology Network Security"
"Level Protection Evaluation Requirements" standard.
This standard is one of a series of standards related to network security level protection.
Standards related to this standard include.
--- GB/T 25058 Information Security Technology Information System Security Level Protection Implementation Guide;
--- GB/T 22240 Information Security Technology Information System Security Level Protection Rating Guidelines;
--- GB/T 22239 Information security technology network security level protection basic requirements;
--- GB/T 25070 information security technology network security level protection security design technical requirements;
--- GB/T 28449 Information security technology network security level protection evaluation process guide.
Information Security Technology
Network security level protection evaluation requirements
1 Scope
This standard stipulates the general requirements and extended requirements for safety evaluation of different levels of protection objects.
This standard is applicable to the safety assessment service organizations, the operation and use units of graded protection objects and the competent departments for the safety of graded protection objects
The situation is subject to security evaluation and guidance, and it is also suitable for network security functional departments to use when referring to network security level protection supervision and inspection.
Note. The fifth level protection object is a very important supervision and management object, which has special management mode and safety evaluation requirements, so it is not in this standard
Describe it.
2 Normative references
The following documents are essential for the application of this document. For dated references, only the dated version applies to this article
Pieces. For the cited documents without date, the latest version (including all amendments) applies to this document.
GB 17859-1999 Computer information system security protection level classification criteria
GB/T 22239-2019 Information security technology network security level protection basic requirements
GB/T 25069 Information Security Technical Terms
GB/T 25070-2019 Information Security Technology Network Security Level Protection Security Design Technical Requirements
GB/T 28449-2018 Information Security Technology Network Security Level Protection Evaluation Process Guide
GB/T 31167-2014 Information Security Technology Cloud Computing Service Security Guide
GB/T 31168-2014 Information Security Technology Cloud Computing Service Security Capability Requirements
GB/T 32919-2016 Information Security Technology Industrial Control System Security Control Application Guide
3 Terms and definitions
GB 17859-1999, GB/T 25069, GB/T 22239-2019, GB/T 25070-2019, GB/T 31167-2014,
The terms and definitions defined in GB/T 31168-2014 and GB/T 32919-2016 and the following apply to this document. For ease of use,
The following repeatedly lists some terms and definitions in GB/T 31167-2014 and GB/T 31168-2014.
3.1
Interview
The evaluator helps the evaluator to understand, guide the relevant personnel of the level protection object to carry out purposeful (targeted) communication
The process of clarifying or obtaining evidence.
3.2
Verification
The evaluation personnel observe, check and analyze the evaluation objects (such as system documents, various types of equipment and related safety configurations, etc.) to help
Help the evaluation staff understand, clarify or obtain evidence.
3.3
Test test
The testers use predetermined methods/tools to make the test objects (various types of equipment or safety configurations) produce specific results, and compare the running results with
The process of comparing expected results.
3.4
Evaluate
The process of comprehensive evaluation and prediction of the possible threats and possible consequences of the evaluation objects.
3.5
Evaluation object targetoftestingandevaluation
The objects of different evaluation methods in the process of grade evaluation mainly involve related supporting system documents, equipment and personnel.
3.6
Rating evaluation testing and evaluation for classified cybersecurity protection
According to the provisions of the national network security level protection system, the evaluation agency shall, in accordance with the relevant management norms and technical standards, treat non-related state secrets.
The activity of testing and evaluating the protection status of the network security level.
3.7
Cloud service provider
The provider of cloud computing services.
Note. Cloud service providers manage, operate, and support computing infrastructure and software for cloud computing, and deliver cloud computing resources through the network.
[GB/T 31167-2014, definition 3.3]
3.8
Cloudservicecustomer
Participants who establish business relationships with cloud service providers for using cloud computing services.
[GB/T 31168-2014, definition 3.4]
3.9
Hypervisor
The middle software layer running between the basic physical server and the operating system allows multiple operating systems and applications to share hardware.
3.10
Host machine
The physical server running the virtual machine monitor.
4 Acronyms
The following abbreviations apply to this document.
AP. Wireless Access Point (WirelessAccessPoint)
APT. Advanced Persistent Threat
DDoS. Distributed Denial of Service (Distributed Denial of Service)
SSID. Service Set Identifier (ServiceSetIdentifier)
WEP. Wired Equivalent Privacy (WiredEquivalentPrivacy)
WiFi. Wireless Fidelity (WirelessFidelity)
WPS. WiFi Protected Setup (Wi-FiProtectedSetup)
5 Overview of rating assessment
5.1 Rating evaluation method
The basic method of grade evaluation implementation is to target specific evaluation objects, adopt related evaluation methods, and follow certain evaluation procedures to obtain
Take the required evidence data and give a judgement as to whether a certain level of safety protection capability is reached. See the detailed process and method for the implementation of rating assessment
GB/T 28449-2018.
The evaluation of each requirement in this ...
Share
