1
/
of
7
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GB/T 37956-2019 English PDF (GB/T37956-2019)
GB/T 37956-2019 English PDF (GB/T37956-2019)
Regular price
$160.00
Regular price
Sale price
$160.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GB/T 37956-2019: Information security technology - Technology requirement for website security cloud protection platform
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 37956-2019 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 37956-2019
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 37956-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technology
requirement for website security cloud protection
platform
ISSUED ON: AUGUST 30, 2019
IMPLEMENTED ON: MARCH 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 5
5 Overview ... 6
6 Platform function requirements ... 6
6.1 Website security protection ... 6
6.2 Website compliance check ... 10
6.3 Resource management ... 10
6.4 Policy management ... 11
6.5 Statistical analysis ... 12
6.6 System expansion ... 12
7 Platform security requirements ... 12
7.1 System and communication protection ... 12
7.2 Access control ... 13
7.3 Configuration management ... 13
7.4 Security incident handling ... 13
7.5 Platform disaster recovery backup ... 13
7.6 User data protection ... 14
7.7 Audit ... 15
References ... 16
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of the contents of this document may involve patents.
The issuing organization of this document is not responsible for identifying
these patents.
This Standard shall be under the jurisdiction of National Information Security
Standardization Technical Committee (SAC/TC 260).
The drafting organizations of this Standard: China Industrial Control Systems
Cyber Emergency Response Team, Beijing Kownsec Information Technology
Co., Ltd., Third Research Institute of the Ministry of Public Security of PRC,
China Information Security Research Institute Co., Ltd., Legendsec Information
Technology (Beijing) Inc., Alibaba Cloud Computing Co. Ltd., Hangzhou
DBAPPSecurity Co., Ltd., Sangfor Technologies Inc.
The drafters of this Standard: Zhang Ge, Yu Meng, Zhang Zheyu, Zhao
Guangming, Song Haohao, Yin Libo, He Xiaolong, Liu Ying, Zuo Xiaodong, Gu
Jian, Yang Chen, Wang Pengtao, Wang Xiaoqing, Zhou Jun, Song Zhiming,
Chen Xuexiu, Li Hongpei, Wu Yanyan, Tang Wang, Jiang Hao, Liu Wensheng,
Xiao Junfang, Li Jun, Guo Xian, Zhao Wei, Zhou Xin, Liu Bozhong, Chen Yan,
Lu Zhen, Mao Runhua, Zhang Chi.
Information security technology - Technology
requirement for website security cloud protection
platform
1 Scope
This Standard specifies the technical requirements of the website security cloud
protection platform, including platform functional requirements and platform
security requirements.
This Standard is applicable to the development, operation, and use of website
security cloud protection platforms, and provides a reference for government
departments, enterprises, public organizations, and other organizations or
individuals to purchase website security cloud protection platforms.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 25069-2010, Information security technology - Glossary
GB/T 31167-2014, Information security technology - Security guide of cloud
computing services
GB/T 31168-2014, Information security technology - Security capability
requirements of cloud computing services
GB/T 32917-2016, Information security technology - Security technique
requirements and testing and evaluation approaches for WEB application
firewall
3 Terms and definitions
Terms and definitions determined by GB/T 25069-2010 and the following ones
are applicable to this document.
3.1 Website security cloud protection platform
The collection of security protection nodes that provides website security
protection by the cloud service model, and uses centralized management and
control, collaborative defense, and other methods to update protection policies
and rules in a timely manner, and to detect, analyze, and filter the website
access requests and responses.
3.2 Website security protection cloud platform providers
Organizations or institutions which are responsible for establishing and
operating the infrastructure, network topology, and protection function
components that are related to the website security cloud protection platform,
and perform security protection and ensure website security on this platform.
3.3 Website security cloud protection platform users
Organizations or individuals that use the website security cloud protection
platform.
3.4 Platform users website data
Website-related data of website security cloud protection platform users.
Note: It includes website information, original access traffic, access logs,
operation logs, attack logs, etc.
3.5 Website operators
Organizations or individuals that are responsible for the later operation,
maintenance and management of the website.
4 Abbreviations
The following abbreviations apply to this document.
ACK: Acknowledgement
API: Application programming interface
CC: Challenge Collapsar
DNS: Domain Name System
HTTP: Hyper Text Transfer Protocol
ICMP: Internet Control Message Protocol
IP: Internet Protocol
SYN: Synchronous
TCP: Transport Control Protocol
UDP: User Datagram Protocol
URL: Uniform Resource Locator
WEB: World Wide Web
5 Overview
The website security cloud protection platform is composed of interconnected
and uniformly-dispatched security protection nodes. Through the cloud service
model, the platform centrally and quickly deploys and updates protection
policies, filters and cleans malicious requests on websites, and improves the
ability of website security protection.
The technical requirements of the website security cloud protection platform are
divided into two aspects: platform functional requirements and platform security
requirements. The functional requirements include website security protection,
website compliance checking, resource management, and policy management;
the security requirements include system and communication protection,
access control, configuration management, security incident handling, and
platform disaster recovery backup.
According to the sensitivity of the business and information that are carried by
the protection website, the technical requirements of the website security cloud
protection platform are divided into general requirements and enhanced
requirements. The general requirements are the basic functions and security
requirements that a website security cloud protection platform shall have in
developing a website security protection business. The enhanced requirements
are supplements and enhancements to the general requirements. Website
security cloud protection platform users can choose the website security cloud
protection platform of corresponding security requirements according to the
sensitivity of their own business type and the carried information. 6.3 and 6.4 of
GB/T 31167-2014 give corresponding methods to determine the sensitivity of
the business type and the carried information.
6 Platform function requirements
6.1 Website security protection
6.1.1 WEB attack defense
6.1.1.1 General requirements
It shall support the identification of WEB attack types and block direct or indirect
attacks, including:
a) security protection functions that are required by 4.1.1.2.2 in GB/T 32917-
2016;
b) brute-force protection;
c) Webshell identification and interception;
d) directory traversal protection;
e) Cookie injection attack protection;
f) malicious code execution protection.
6.1.1.2 Enhanced requirements
It shall have other WEB attack protection functions.
6.1.2 DDoS attack defense
6.1.2.1 General requirements
It shall support DDoS cleaning, and have the functions to prevent denial of
service attacks such as SYN Flood, ACK Flood, ICMP Flood, UDP Flood, HTTP
Flood, DNS Flood, and CC attack.
6.1.2.2 Enhanced requirements
None.
6.1.3 Protection policy configuration
6.1.3.1 General requirements
It shall meet the following requirements:
a) provide default security protection policies;
b) provide strategy models, such as detection and protection;
c) support platform users to configure and select protection policies.
6.1.3.2 Enhanced requirements
It shall support platform users to review blocked access requests and
corresponding protection policies, and to report false negatives and false
positives.
6.1.4 Cooperative defense
6.1.4.1 General requirements
It shall meet the following requirements:
a) Support the identification of attack of common domain names, IP
addresses, and other information; record and analyze attacker behaviors;
block malicious attacker IP addresses and the like across the entire cloud
protection scope;
b) For the malicious attack of IP addresses and other information that are
provided by trusted third parties, it shall support identification, analysis and
block within the entire cloud protection scope.
6.1.4.2 Enhanced requirements
None.
6.1.5 Content security
6.1.5.1 Sensitive information filtration
6.1.5.1.1 General requirements
It shall support custom sensitive words, and filter the sensitive words in the text
content of the website.
6.1.5.1.2 Enhanced requirements
It can support the filtration of contents such as pictures involving sensitive
information.
6.1.5.2 Error page handling
6.1.5.2.1 General requirements
It shall meet the following requirements:
a) Support the customization of the error page that is returned by the website
server; the error message cannot leak the content that is related to the
security of the website;
b) Support showing error messages to authorized personnel only.
6.1.5.2.2 Enhanced requirements
None.
6.1.5.3 Tamper response
6.1.5.3.1 General requirements
It shall support the function of providing a platform user-designated untampered
page mirror within a predefined time and alerting when an abnormality is found.
6.1.5.3.2 Enhanced requirements
It shall support automatic monitoring to detect page tampering within a
predefined time.
6.1.6 Website monitoring
6.1.6.1 General requirements
It shall meet the following requirements:
a) It shall support website availability monitoring;
b) It shall monitor and record the situation where the website is attacked,
including attack type and attack time, and alert the platform users when
abnormalities are found.
6.1.6.2 Enhanced requirements
None.
6.1.7 Website access control
6.1.7.1 General requirements
It shall meet the following requirements:
a) support the setting of IP address whitelist or website URL whitelist to
reserve access channels for website visitors;
b) support the setting of IP address blacklist to block visitors who are included
in the IP address blacklist;
c) support the implementation of access control of any access request to the
website within a predefined time period, to set to block/ pass;
d) support to set access requests for predefined URL pages to block/ pass;
e) a combination of the above access control policies.
6.1.7.2 Enhanced requirements
None.
6.2 Website compliance check
6.2.1 General requirements
It shall support compliance checks before accessing the website, and refuse
non-compliant access such as undocumented sites.
6.2.2 Enhanced requirements
It shall support regular review of the compliance of accessed websites.
6.3 Resource management
6.3.1 Resource operation monitoring
6.3.1.1 General requirements
It shall meet the following requirements:
a) Support unified monitoring of software and hardware platform resources
such as DNS, bandwidth, and protection nodes that support the platform's
operation;
b) Support unified detection of resource usage such as network bandwidth,
traffic processing delay, host system load, and site access success rate of
the protection node/ host;
c) Support timely detection of abnormal use of resources and alarm;
d) Support regular analysis of resource usage and platform bearing business
volume; assess current business, platform user capacity expansion and new
user access needs; generate analysis reports;
e) It shall provide query, statistics and report output functions for resource
usage records.
6.3.1.2 Enhanced requirements
None.
6.3.2 Centralized management and control of resources
6.3.2.1 General requirements
It shall meet the following requirements:
a) Support the centralized deployment of platform resources such as DNS,
bandwidth, and protection nodes that support the platform's operation;
b) Support the deployment of website access traffic via DNS in the WAN or
the protection node according to the analysis results of the protection
node/ host resource usage;
c) Support centralized analysis and maintenance of website and user
configuration information, platform log information and other resources;
d) Support the centralized deployment of platform resources under
uninterrupted service.
6.3.2.2 Enhanced requirements
None.
6.4 Policy management
6.4.1 Centralized policy management and control
6.4.1.1 General requirements
It shall meet the requirements of centralized maintenance and management of
website protection policies, and support centralized addition, modification, and
deactivation of policy configuration.
6.4.1.2 Enhanced requirements
None.
6.4.2 Policy optimization update
6.4.2.1 General requirements
It shall meet the following requirements:
a) Support timely optimization of website security protection policies;
b) Support the timely tracking, discovery and response to unknown attack
methods and web security vulnerabilities;
c) Support timely addition of corresponding security protection rules or
update of security protectio...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 37956-2019 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 37956-2019
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 37956-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technology
requirement for website security cloud protection
platform
ISSUED ON: AUGUST 30, 2019
IMPLEMENTED ON: MARCH 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 5
5 Overview ... 6
6 Platform function requirements ... 6
6.1 Website security protection ... 6
6.2 Website compliance check ... 10
6.3 Resource management ... 10
6.4 Policy management ... 11
6.5 Statistical analysis ... 12
6.6 System expansion ... 12
7 Platform security requirements ... 12
7.1 System and communication protection ... 12
7.2 Access control ... 13
7.3 Configuration management ... 13
7.4 Security incident handling ... 13
7.5 Platform disaster recovery backup ... 13
7.6 User data protection ... 14
7.7 Audit ... 15
References ... 16
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of the contents of this document may involve patents.
The issuing organization of this document is not responsible for identifying
these patents.
This Standard shall be under the jurisdiction of National Information Security
Standardization Technical Committee (SAC/TC 260).
The drafting organizations of this Standard: China Industrial Control Systems
Cyber Emergency Response Team, Beijing Kownsec Information Technology
Co., Ltd., Third Research Institute of the Ministry of Public Security of PRC,
China Information Security Research Institute Co., Ltd., Legendsec Information
Technology (Beijing) Inc., Alibaba Cloud Computing Co. Ltd., Hangzhou
DBAPPSecurity Co., Ltd., Sangfor Technologies Inc.
The drafters of this Standard: Zhang Ge, Yu Meng, Zhang Zheyu, Zhao
Guangming, Song Haohao, Yin Libo, He Xiaolong, Liu Ying, Zuo Xiaodong, Gu
Jian, Yang Chen, Wang Pengtao, Wang Xiaoqing, Zhou Jun, Song Zhiming,
Chen Xuexiu, Li Hongpei, Wu Yanyan, Tang Wang, Jiang Hao, Liu Wensheng,
Xiao Junfang, Li Jun, Guo Xian, Zhao Wei, Zhou Xin, Liu Bozhong, Chen Yan,
Lu Zhen, Mao Runhua, Zhang Chi.
Information security technology - Technology
requirement for website security cloud protection
platform
1 Scope
This Standard specifies the technical requirements of the website security cloud
protection platform, including platform functional requirements and platform
security requirements.
This Standard is applicable to the development, operation, and use of website
security cloud protection platforms, and provides a reference for government
departments, enterprises, public organizations, and other organizations or
individuals to purchase website security cloud protection platforms.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 25069-2010, Information security technology - Glossary
GB/T 31167-2014, Information security technology - Security guide of cloud
computing services
GB/T 31168-2014, Information security technology - Security capability
requirements of cloud computing services
GB/T 32917-2016, Information security technology - Security technique
requirements and testing and evaluation approaches for WEB application
firewall
3 Terms and definitions
Terms and definitions determined by GB/T 25069-2010 and the following ones
are applicable to this document.
3.1 Website security cloud protection platform
The collection of security protection nodes that provides website security
protection by the cloud service model, and uses centralized management and
control, collaborative defense, and other methods to update protection policies
and rules in a timely manner, and to detect, analyze, and filter the website
access requests and responses.
3.2 Website security protection cloud platform providers
Organizations or institutions which are responsible for establishing and
operating the infrastructure, network topology, and protection function
components that are related to the website security cloud protection platform,
and perform security protection and ensure website security on this platform.
3.3 Website security cloud protection platform users
Organizations or individuals that use the website security cloud protection
platform.
3.4 Platform users website data
Website-related data of website security cloud protection platform users.
Note: It includes website information, original access traffic, access logs,
operation logs, attack logs, etc.
3.5 Website operators
Organizations or individuals that are responsible for the later operation,
maintenance and management of the website.
4 Abbreviations
The following abbreviations apply to this document.
ACK: Acknowledgement
API: Application programming interface
CC: Challenge Collapsar
DNS: Domain Name System
HTTP: Hyper Text Transfer Protocol
ICMP: Internet Control Message Protocol
IP: Internet Protocol
SYN: Synchronous
TCP: Transport Control Protocol
UDP: User Datagram Protocol
URL: Uniform Resource Locator
WEB: World Wide Web
5 Overview
The website security cloud protection platform is composed of interconnected
and uniformly-dispatched security protection nodes. Through the cloud service
model, the platform centrally and quickly deploys and updates protection
policies, filters and cleans malicious requests on websites, and improves the
ability of website security protection.
The technical requirements of the website security cloud protection platform are
divided into two aspects: platform functional requirements and platform security
requirements. The functional requirements include website security protection,
website compliance checking, resource management, and policy management;
the security requirements include system and communication protection,
access control, configuration management, security incident handling, and
platform disaster recovery backup.
According to the sensitivity of the business and information that are carried by
the protection website, the technical requirements of the website security cloud
protection platform are divided into general requirements and enhanced
requirements. The general requirements are the basic functions and security
requirements that a website security cloud protection platform shall have in
developing a website security protection business. The enhanced requirements
are supplements and enhancements to the general requirements. Website
security cloud protection platform users can choose the website security cloud
protection platform of corresponding security requirements according to the
sensitivity of their own business type and the carried information. 6.3 and 6.4 of
GB/T 31167-2014 give corresponding methods to determine the sensitivity of
the business type and the carried information.
6 Platform function requirements
6.1 Website security protection
6.1.1 WEB attack defense
6.1.1.1 General requirements
It shall support the identification of WEB attack types and block direct or indirect
attacks, including:
a) security protection functions that are required by 4.1.1.2.2 in GB/T 32917-
2016;
b) brute-force protection;
c) Webshell identification and interception;
d) directory traversal protection;
e) Cookie injection attack protection;
f) malicious code execution protection.
6.1.1.2 Enhanced requirements
It shall have other WEB attack protection functions.
6.1.2 DDoS attack defense
6.1.2.1 General requirements
It shall support DDoS cleaning, and have the functions to prevent denial of
service attacks such as SYN Flood, ACK Flood, ICMP Flood, UDP Flood, HTTP
Flood, DNS Flood, and CC attack.
6.1.2.2 Enhanced requirements
None.
6.1.3 Protection policy configuration
6.1.3.1 General requirements
It shall meet the following requirements:
a) provide default security protection policies;
b) provide strategy models, such as detection and protection;
c) support platform users to configure and select protection policies.
6.1.3.2 Enhanced requirements
It shall support platform users to review blocked access requests and
corresponding protection policies, and to report false negatives and false
positives.
6.1.4 Cooperative defense
6.1.4.1 General requirements
It shall meet the following requirements:
a) Support the identification of attack of common domain names, IP
addresses, and other information; record and analyze attacker behaviors;
block malicious attacker IP addresses and the like across the entire cloud
protection scope;
b) For the malicious attack of IP addresses and other information that are
provided by trusted third parties, it shall support identification, analysis and
block within the entire cloud protection scope.
6.1.4.2 Enhanced requirements
None.
6.1.5 Content security
6.1.5.1 Sensitive information filtration
6.1.5.1.1 General requirements
It shall support custom sensitive words, and filter the sensitive words in the text
content of the website.
6.1.5.1.2 Enhanced requirements
It can support the filtration of contents such as pictures involving sensitive
information.
6.1.5.2 Error page handling
6.1.5.2.1 General requirements
It shall meet the following requirements:
a) Support the customization of the error page that is returned by the website
server; the error message cannot leak the content that is related to the
security of the website;
b) Support showing error messages to authorized personnel only.
6.1.5.2.2 Enhanced requirements
None.
6.1.5.3 Tamper response
6.1.5.3.1 General requirements
It shall support the function of providing a platform user-designated untampered
page mirror within a predefined time and alerting when an abnormality is found.
6.1.5.3.2 Enhanced requirements
It shall support automatic monitoring to detect page tampering within a
predefined time.
6.1.6 Website monitoring
6.1.6.1 General requirements
It shall meet the following requirements:
a) It shall support website availability monitoring;
b) It shall monitor and record the situation where the website is attacked,
including attack type and attack time, and alert the platform users when
abnormalities are found.
6.1.6.2 Enhanced requirements
None.
6.1.7 Website access control
6.1.7.1 General requirements
It shall meet the following requirements:
a) support the setting of IP address whitelist or website URL whitelist to
reserve access channels for website visitors;
b) support the setting of IP address blacklist to block visitors who are included
in the IP address blacklist;
c) support the implementation of access control of any access request to the
website within a predefined time period, to set to block/ pass;
d) support to set access requests for predefined URL pages to block/ pass;
e) a combination of the above access control policies.
6.1.7.2 Enhanced requirements
None.
6.2 Website compliance check
6.2.1 General requirements
It shall support compliance checks before accessing the website, and refuse
non-compliant access such as undocumented sites.
6.2.2 Enhanced requirements
It shall support regular review of the compliance of accessed websites.
6.3 Resource management
6.3.1 Resource operation monitoring
6.3.1.1 General requirements
It shall meet the following requirements:
a) Support unified monitoring of software and hardware platform resources
such as DNS, bandwidth, and protection nodes that support the platform's
operation;
b) Support unified detection of resource usage such as network bandwidth,
traffic processing delay, host system load, and site access success rate of
the protection node/ host;
c) Support timely detection of abnormal use of resources and alarm;
d) Support regular analysis of resource usage and platform bearing business
volume; assess current business, platform user capacity expansion and new
user access needs; generate analysis reports;
e) It shall provide query, statistics and report output functions for resource
usage records.
6.3.1.2 Enhanced requirements
None.
6.3.2 Centralized management and control of resources
6.3.2.1 General requirements
It shall meet the following requirements:
a) Support the centralized deployment of platform resources such as DNS,
bandwidth, and protection nodes that support the platform's operation;
b) Support the deployment of website access traffic via DNS in the WAN or
the protection node according to the analysis results of the protection
node/ host resource usage;
c) Support centralized analysis and maintenance of website and user
configuration information, platform log information and other resources;
d) Support the centralized deployment of platform resources under
uninterrupted service.
6.3.2.2 Enhanced requirements
None.
6.4 Policy management
6.4.1 Centralized policy management and control
6.4.1.1 General requirements
It shall meet the requirements of centralized maintenance and management of
website protection policies, and support centralized addition, modification, and
deactivation of policy configuration.
6.4.1.2 Enhanced requirements
None.
6.4.2 Policy optimization update
6.4.2.1 General requirements
It shall meet the following requirements:
a) Support timely optimization of website security protection policies;
b) Support the timely tracking, discovery and response to unknown attack
methods and web security vulnerabilities;
c) Support timely addition of corresponding security protection rules or
update of security protectio...
Share
