1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 36958-2018 English PDF (GB/T36958-2018)
GB/T 36958-2018 English PDF (GB/T36958-2018)
Regular price
$370.00 USD
Regular price
Sale price
$370.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get Quotation: Click GB/T 36958-2018 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 36958-2018
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 36958-2018: Information security technology - Technical requirements of security management center for classified protection of cybersecurity
GB/T 36958-2018
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
ISSUED ON: DECEMBER 28, 2018
IMPLEMENTED ON: JULY 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview of security management center ... 6
5.1 General description ... 6
5.2 Function description ... 8
6 Technical requirements for the second-level security management center ... 9
6.1 Functional requirements ... 9
6.2 Interface requirements ... 14
6.3 Self-security requirements ... 15
7 Technical requirements for the third-level security management center ... 17
7.1 Functional requirements ... 17
7.2 Interface requirements ... 26
7.3 Self-security requirements ... 26
8 Technical requirements for the fourth-level security management center ... 29
8.1 Functional requirements ... 29
8.2 Interface requirements ... 40
8.3 Self-security requirements ... 41
9 Technical requirements for fifth-level security management center ... 44
10 Technical requirements for security management center of cross-grading
system ... 44
Appendix A (Normative) Correspondence between security management
center and cybersecurity classified protection object’s level ... 46
Appendix B (Normative) Classification of technical requirements of security
management center ... 47
Appendix C (Informative) Normalized security event attributes... 49
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
1 Scope
This standard specifies the technical requirements for the cybersecurity
classified protection for security management center.
This standard is applicable to guide security manufacturers and operating and
using organizations to design, construct and operate security management
centers in accordance with the requirements of this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 5271.8 Information technology - Vocabulary - Part 8: Security
GB 17859-1999 Computer information system -- Criteria for classifying
security protection level
GB/T 25069 Information security technology - Glossary
GB/T 25070 Information security technology - Technical requirements of
security design for information system classified protection
3 Terms and definitions
The terms and definitions as defined in GB 17859-1999, GB/T 5271.8, GB/T
25069, GB/T 25070 as well as the following terms and definitions apply to this
document.
3.1
Data acquisition interface
corresponding types of security audit mechanisms to be turned on and off
according to time periods; performing storage, management, inquiry, etc. of
various types of audit records. The security auditor analyzes the audit records
and processes them in a timely manner based on the analysis results.
6 Technical requirements for the second-level security
management center
6.1 Functional requirements
6.1.1 System management requirements
6.1.1.1 User identity management
User identity management shall meet the following requirements:
a) Be able to authenticate the system administrator of the managed object;
check the complexity of the identity and authentication information;
b) In the Internet of Things system, the system administrator of the managed
object shall conduct unified identity management on the perception
equipment, perception layer gateway, etc.
6.1.1.2 Data protection
6.1.1.2.1 Data confidentiality
Data confidentiality shall meet the following requirements:
a) Before establishing a connection between the security management
center and the managed object, password technology can be used for
session initialization verification;
b) Cryptographic technology can be used to protect the confidentiality of the
entire message or session in the communication process between the
security management center and the managed object;
c) Encryption or other protection measures can be used to realize the storage
confidentiality of the authentication information and configuration
management data of the managed object.
6.1.1.2.2 Data integrity
Data integrity shall meet the following requirements:
Security event alarms shall have an alarm function, which can generate alarms
based on preset thresholds when abnormalities are found.
6.1.1.3.3 Security incident response
Security incident response shall meet the following requirements:
a) It can provide the function of work order management; support the
circulation process of creating work orders based on alarm response
actions;
b) It shall provide security notification function, which can create or import
security risk notification, including the content of the notification,
description information, CVE number, affected operating system, etc.;
c) Provide a list of affected protected assets based on the operating system
affected by the security risk indicated in the notification.
6.1.1.3.4 Statistical analysis report
The statistical analysis report shall meet the following requirements:
a) Be able to query security events according to conditions such as time and
event type;
b) Can provide statistical analysis and report generation functions.
6.1.1.4 Risk management
6.1.1.4.1 Asset management
Asset management shall meet the following requirements:
a) Realize the management of the assets of the managed objects; provide
asset addition, modification, deletion, query and statistics functions;
b) Asset management information shall include asset attributes such as
asset name, asset IP address, asset type, asset owner, asset business
value, asset confidentiality, integrity, availability assignment;
c) Support the customization of asset attributes;
d) Support manual entry of asset records or batch asset import based on
specified templates.
6.1.1.4.2 Threat management
Threat management shall meet the following requirements:
b) It can show the operating status of key equipment (including network
equipment, security equipment, server host, etc.) and links in the current
network environment, such as network traffic, network protocol statistical
analysis and other indicators.
6.1.2 Audit management requirements
6.1.2.1 Centralized management of audit policy
Centralized management of audit policy shall be able to view the configuration
of audit policy of host operating system, database system, network equipment,
security equipment, including whether the policy is on, whether the parameter
facility complies with the security policy, etc.
6.1.2.2 Centralized management of audit data
6.1.2.2.1 Audit data collection
Audit data collection shall meet the following requirements:
a) It can realize the normalization of audit data; the content shall cover date,
time, subject identification, object identification, type, result, IP address,
port and other information;
b) Support setting query conditions for audit data query;
c) Support filtering and processing various audit data according to rules;
d) Support the consolidation of data collection information according to
specific rules.
6.1.2.2.2 Audit data collection objects
Audit data collection objects shall meet the following requirements:
a) Support audit data collection of network equipment (such as switches,
routers, traffic management, load balancing and other network
infrastructure equipment);
b) Support the collection of audit data on host devices (such as server
operating systems and other application support platforms and desktop
computers, laptops, handheld terminals and other terminal users used to
access information systems);
c) Support the collection of audit data from the database;
d) Support the collection of audit data of security equipment (such as
firewalls, intrusion monitoring systems, anti-denial of service attack
equipment, anti-virus systems, application security audit systems, access
6.3 Self-security requirements
6.3.1 Identity authentication
The administrator identity authentication of the security management center
console shall meet the following requirements:
a) Provide a dedicated login control module to identify and authenticate the
administrator;
b) Provide complexity check functions for unique and authentication
information of administrator user identity, to ensure that there is no
duplicate user identity, meanwhile the identity authentication information
is not easy to be fraudulently used;
c) Provides login failure processing functions, which can take measures such
as ending the session, limiting the number of illegal logins and automatic
logout.
6.3.2 Access control
The access control of the security management center console shall meet the
following requirements:
a) Provide independent access control functions; control administrators'
access to various functions according to security policies;
b) The coverage of autonomous access control shall include all
administrators, functions and operations between them;
c) The authorized administrator configures the access control policy and
prohibits the access of the default account.
6.3.3 Security audit
The security audit of the security management center console shall meet the
following requirements:
a) Provide a security audit function covering each administrator; record all
administrators to audit important operations and security events;
b) Ensure that the audit process cannot be interrupted alone; that audit
records cannot be deleted, modified or overwritten;
c) The content of the audit record shall at least include the date, time, initiator
information, type, description and results of the event;
a) It can detect that the integrity of management data and authentication
information is damaged during transmission and storage;
b) Use cryptographic technology or other protection measures to realize the
confidentiality of data transmission and storage of management data and
authentication information.
7 Technical requirements for the third-level security
management center
7.1 Functional requirements
7.1.1 System management requirements
7.1.1.1 User identity management
User identity management shall meet the following requirements:
a) Be able to identify the subject in the environment of the managed
object;
b) Able to use two or more combinations of authentication technologies
to authenticate users;
c) Be able to authenticate the system administrator of the managed object;
check the complexity of the identity and authentication information;
d) In the Internet of Things system, the system administrator of the managed
object shall manage the unified identity identification of the sensing device
and the sensing layer gateway.
7.1.1.2 Data protection
7.1.1.2.1 Data confidentiality
Data confidentiality shall meet the following requirements:
a) Before establishing a connection between the security management
center and the managed object, it shall use the cryptographic technology
for verification of session initialization;
b) It shall use the cryptographic technology to protect the confidentiality of
the entire message or session in the communication process between the
security management center and the managed object;
Security event collection shall meet the following requirements:
a) Support security event monitoring and collection functions; timely discover
and collect security events that occur;
b) Able to normalize security events; convert original events composed of
different sources, different formats, different contents into a standard
event format;
c) The content of the security event shall include date, time, subject
identification, object identification, type, result, IP address, port and other
information;
d) The scope of security event collection shall cover host equipment, network
equipment, databases, security equipment, various middleware, computer
room environmental control systems, etc.;
e) Able to centrally store the collected raw data of security events.
Note: Refer to Appendix C for the attributes of security events.
7.1.1.3.2 Security event alarm
Security event alarms shall meet the following requirements:
a) It has an alarm function, which can generate an alarm according to a
preset threshold when an abnormality is found;
b) When an alarm is generated, it shall be able to trigger the pre-set
event analysis rules and execute the predefined alarm response
actions, such as: console dialog box alarm, console alarm sound,
email alarm, mobile phone SMS alarm, creating work order, publish
alarm events through Syslog or SNMP Trap, etc.;
c) It has the ability to combine alarms for the same security events that
occur frequently to avoid alarm storms.
7.1.1.3.3 Security event response
Security event response shall meet the following requirements:
a) It can provide the function of work order management; support the
circulation process of creating work orders based on alarm response
actions;
b) It can provide the security notification function; create or import a security
risk notification. The notification shall include the content of the notification,
description information, CVE number, affected operating system, etc.;
damage, scope involved.
7.1.1.4.3 Threat management
Threat management shall meet the following requirements:
a) Have pre-defined security threat classification;
b) Support customized security threat classification, su...
Get Quotation: Click GB/T 36958-2018 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 36958-2018
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 36958-2018: Information security technology - Technical requirements of security management center for classified protection of cybersecurity
GB/T 36958-2018
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
ISSUED ON: DECEMBER 28, 2018
IMPLEMENTED ON: JULY 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview of security management center ... 6
5.1 General description ... 6
5.2 Function description ... 8
6 Technical requirements for the second-level security management center ... 9
6.1 Functional requirements ... 9
6.2 Interface requirements ... 14
6.3 Self-security requirements ... 15
7 Technical requirements for the third-level security management center ... 17
7.1 Functional requirements ... 17
7.2 Interface requirements ... 26
7.3 Self-security requirements ... 26
8 Technical requirements for the fourth-level security management center ... 29
8.1 Functional requirements ... 29
8.2 Interface requirements ... 40
8.3 Self-security requirements ... 41
9 Technical requirements for fifth-level security management center ... 44
10 Technical requirements for security management center of cross-grading
system ... 44
Appendix A (Normative) Correspondence between security management
center and cybersecurity classified protection object’s level ... 46
Appendix B (Normative) Classification of technical requirements of security
management center ... 47
Appendix C (Informative) Normalized security event attributes... 49
Information security technology - Technical
requirements of security management center for
classified protection of cybersecurity
1 Scope
This standard specifies the technical requirements for the cybersecurity
classified protection for security management center.
This standard is applicable to guide security manufacturers and operating and
using organizations to design, construct and operate security management
centers in accordance with the requirements of this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 5271.8 Information technology - Vocabulary - Part 8: Security
GB 17859-1999 Computer information system -- Criteria for classifying
security protection level
GB/T 25069 Information security technology - Glossary
GB/T 25070 Information security technology - Technical requirements of
security design for information system classified protection
3 Terms and definitions
The terms and definitions as defined in GB 17859-1999, GB/T 5271.8, GB/T
25069, GB/T 25070 as well as the following terms and definitions apply to this
document.
3.1
Data acquisition interface
corresponding types of security audit mechanisms to be turned on and off
according to time periods; performing storage, management, inquiry, etc. of
various types of audit records. The security auditor analyzes the audit records
and processes them in a timely manner based on the analysis results.
6 Technical requirements for the second-level security
management center
6.1 Functional requirements
6.1.1 System management requirements
6.1.1.1 User identity management
User identity management shall meet the following requirements:
a) Be able to authenticate the system administrator of the managed object;
check the complexity of the identity and authentication information;
b) In the Internet of Things system, the system administrator of the managed
object shall conduct unified identity management on the perception
equipment, perception layer gateway, etc.
6.1.1.2 Data protection
6.1.1.2.1 Data confidentiality
Data confidentiality shall meet the following requirements:
a) Before establishing a connection between the security management
center and the managed object, password technology can be used for
session initialization verification;
b) Cryptographic technology can be used to protect the confidentiality of the
entire message or session in the communication process between the
security management center and the managed object;
c) Encryption or other protection measures can be used to realize the storage
confidentiality of the authentication information and configuration
management data of the managed object.
6.1.1.2.2 Data integrity
Data integrity shall meet the following requirements:
Security event alarms shall have an alarm function, which can generate alarms
based on preset thresholds when abnormalities are found.
6.1.1.3.3 Security incident response
Security incident response shall meet the following requirements:
a) It can provide the function of work order management; support the
circulation process of creating work orders based on alarm response
actions;
b) It shall provide security notification function, which can create or import
security risk notification, including the content of the notification,
description information, CVE number, affected operating system, etc.;
c) Provide a list of affected protected assets based on the operating system
affected by the security risk indicated in the notification.
6.1.1.3.4 Statistical analysis report
The statistical analysis report shall meet the following requirements:
a) Be able to query security events according to conditions such as time and
event type;
b) Can provide statistical analysis and report generation functions.
6.1.1.4 Risk management
6.1.1.4.1 Asset management
Asset management shall meet the following requirements:
a) Realize the management of the assets of the managed objects; provide
asset addition, modification, deletion, query and statistics functions;
b) Asset management information shall include asset attributes such as
asset name, asset IP address, asset type, asset owner, asset business
value, asset confidentiality, integrity, availability assignment;
c) Support the customization of asset attributes;
d) Support manual entry of asset records or batch asset import based on
specified templates.
6.1.1.4.2 Threat management
Threat management shall meet the following requirements:
b) It can show the operating status of key equipment (including network
equipment, security equipment, server host, etc.) and links in the current
network environment, such as network traffic, network protocol statistical
analysis and other indicators.
6.1.2 Audit management requirements
6.1.2.1 Centralized management of audit policy
Centralized management of audit policy shall be able to view the configuration
of audit policy of host operating system, database system, network equipment,
security equipment, including whether the policy is on, whether the parameter
facility complies with the security policy, etc.
6.1.2.2 Centralized management of audit data
6.1.2.2.1 Audit data collection
Audit data collection shall meet the following requirements:
a) It can realize the normalization of audit data; the content shall cover date,
time, subject identification, object identification, type, result, IP address,
port and other information;
b) Support setting query conditions for audit data query;
c) Support filtering and processing various audit data according to rules;
d) Support the consolidation of data collection information according to
specific rules.
6.1.2.2.2 Audit data collection objects
Audit data collection objects shall meet the following requirements:
a) Support audit data collection of network equipment (such as switches,
routers, traffic management, load balancing and other network
infrastructure equipment);
b) Support the collection of audit data on host devices (such as server
operating systems and other application support platforms and desktop
computers, laptops, handheld terminals and other terminal users used to
access information systems);
c) Support the collection of audit data from the database;
d) Support the collection of audit data of security equipment (such as
firewalls, intrusion monitoring systems, anti-denial of service attack
equipment, anti-virus systems, application security audit systems, access
6.3 Self-security requirements
6.3.1 Identity authentication
The administrator identity authentication of the security management center
console shall meet the following requirements:
a) Provide a dedicated login control module to identify and authenticate the
administrator;
b) Provide complexity check functions for unique and authentication
information of administrator user identity, to ensure that there is no
duplicate user identity, meanwhile the identity authentication information
is not easy to be fraudulently used;
c) Provides login failure processing functions, which can take measures such
as ending the session, limiting the number of illegal logins and automatic
logout.
6.3.2 Access control
The access control of the security management center console shall meet the
following requirements:
a) Provide independent access control functions; control administrators'
access to various functions according to security policies;
b) The coverage of autonomous access control shall include all
administrators, functions and operations between them;
c) The authorized administrator configures the access control policy and
prohibits the access of the default account.
6.3.3 Security audit
The security audit of the security management center console shall meet the
following requirements:
a) Provide a security audit function covering each administrator; record all
administrators to audit important operations and security events;
b) Ensure that the audit process cannot be interrupted alone; that audit
records cannot be deleted, modified or overwritten;
c) The content of the audit record shall at least include the date, time, initiator
information, type, description and results of the event;
a) It can detect that the integrity of management data and authentication
information is damaged during transmission and storage;
b) Use cryptographic technology or other protection measures to realize the
confidentiality of data transmission and storage of management data and
authentication information.
7 Technical requirements for the third-level security
management center
7.1 Functional requirements
7.1.1 System management requirements
7.1.1.1 User identity management
User identity management shall meet the following requirements:
a) Be able to identify the subject in the environment of the managed
object;
b) Able to use two or more combinations of authentication technologies
to authenticate users;
c) Be able to authenticate the system administrator of the managed object;
check the complexity of the identity and authentication information;
d) In the Internet of Things system, the system administrator of the managed
object shall manage the unified identity identification of the sensing device
and the sensing layer gateway.
7.1.1.2 Data protection
7.1.1.2.1 Data confidentiality
Data confidentiality shall meet the following requirements:
a) Before establishing a connection between the security management
center and the managed object, it shall use the cryptographic technology
for verification of session initialization;
b) It shall use the cryptographic technology to protect the confidentiality of
the entire message or session in the communication process between the
security management center and the managed object;
Security event collection shall meet the following requirements:
a) Support security event monitoring and collection functions; timely discover
and collect security events that occur;
b) Able to normalize security events; convert original events composed of
different sources, different formats, different contents into a standard
event format;
c) The content of the security event shall include date, time, subject
identification, object identification, type, result, IP address, port and other
information;
d) The scope of security event collection shall cover host equipment, network
equipment, databases, security equipment, various middleware, computer
room environmental control systems, etc.;
e) Able to centrally store the collected raw data of security events.
Note: Refer to Appendix C for the attributes of security events.
7.1.1.3.2 Security event alarm
Security event alarms shall meet the following requirements:
a) It has an alarm function, which can generate an alarm according to a
preset threshold when an abnormality is found;
b) When an alarm is generated, it shall be able to trigger the pre-set
event analysis rules and execute the predefined alarm response
actions, such as: console dialog box alarm, console alarm sound,
email alarm, mobile phone SMS alarm, creating work order, publish
alarm events through Syslog or SNMP Trap, etc.;
c) It has the ability to combine alarms for the same security events that
occur frequently to avoid alarm storms.
7.1.1.3.3 Security event response
Security event response shall meet the following requirements:
a) It can provide the function of work order management; support the
circulation process of creating work orders based on alarm response
actions;
b) It can provide the security notification function; create or import a security
risk notification. The notification shall include the content of the notification,
description information, CVE number, affected operating system, etc.;
damage, scope involved.
7.1.1.4.3 Threat management
Threat management shall meet the following requirements:
a) Have pre-defined security threat classification;
b) Support customized security threat classification, su...
Share
