Skip to product information
1 of 11

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 42453-2023 English PDF (GBT42453-2023)

GB/T 42453-2023 English PDF (GBT42453-2023)

Regular price $260.00 USD
Regular price Sale price $260.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 42453-2023
Historical versions: GB/T 42453-2023
Preview True-PDF (Reload/Scroll if blank)

GB/T 42453-2023: Information security technology -- General technical requirements for network security situation awareness
GB/T 42453-2023
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Information Security Technology - General Technical
Requirements for Network Security Situation Awareness
ISSUED ON: MARCH 17, 2023
IMPLEMENTED ON: OCTOBER 1, 2023
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 5
5 Technical Framework for Network Security Situation Awareness ... 6
6 Technical Requirements ... 7
6.1 Requirements for Data Aggregation ... 7
6.2 Requirements for Data Analysis ... 10
6.3 Requirements for Situation Display ... 11
6.4 Requirements for Monitoring and Warning ... 15
6.5 Requirements for Data Service Interfaces ... 15
6.6 Requirements for System Management ... 16
Bibliography ... 18
Information Security Technology - General Technical
Requirements for Network Security Situation Awareness
1 Scope
This document provides a technical framework for network security situation awareness and
stipulates the general technical requirements for core components in the framework.
This document is applicable to the planning, design, development, construction and assessment
of network security situation awareness products, systems or platforms.
2 Normative References
The contents of the following documents constitute indispensable clauses of this document
through the normative references in this text. In terms of references with a specified date, only
versions with a specified date are applicable to this document. In terms of references without a
specified date, the latest version (including all the modifications) is applicable to this document.
GB/T 25069-2022 Information Security Techniques - Terminology
GB/T 28458-2020 Information Security Technology - Cybersecurity Vulnerability
Identification and Description Specification
GB/T 28517-2012 Network Incident Object Description and Exchange Format
GB/T 30279-2020 Information Security Technology - Guidelines for Categorization and
Classification of Cybersecurity Vulnerability
GB/T 36643-2018 Information Security Technology - Cyber Security Threat Information
Format
GB/T 37027-2018 Information Security Technology - Specifications of Definition and
Description for Network Attack
3 Terms and Definitions
What is defined in GB/T 25069-2022, and the following terms and definitions are applicable to
this document.
3.1 threat
Threat refers to a potential factor of undesired incident that may cause harm to a system or
organization.
[source: GB/T 25069-2022, 3.628]
3.2 threat information
Threat information is evidence-based knowledge used to describe existing or possible threats,
so as to achieve response and prevention of threats.
NOTE: threat information includes context, attack mechanism, attack indicator and possible impact,
etc.
[source: GB/T 36643-2018, 3.3, modified]
3.3 network security situation awareness
Network security situation awareness means analyzing and processing network behavior and
user behavior and other factors, grasping network security status and predicting network
security trends by collecting data, such as: network traffic, asset information, logs, vulnerability
information, warning information and threat information, etc., and carrying out activities of
displaying and monitoring warnings.
3.4 front-end data source
Front-end data source refers to software and hardware providing data to the core components
of network security situation awareness.
3.5 profiling
Profiling refers to a process of constructing descriptive labeling attributes of a certain type of
object in multiple dimensions, utilizing these labeling attributes to analyze the multi-faceted
characteristics of the object, and abstracting and generalizing its full picture.
3.6 warning
Warning refers to alarms issued in advance or in a timely manner for upcoming or ongoing
network security incidents or threats.
[source: GB/T 25069-2022, 3.739]
4 Abbreviations
The following abbreviations are applicable to this document.
CPU: Central Processing Unit
FTP: File Transfer Protocol
FTPS: File Transfer Protocol Secure
HTTP: Hyper Text Transfer Protocol
HTTPS: Hypertext Transfer Protocol Secure
IP: Internet Protocol
SFTP: SSH File Transfer Protocol
SNMP: Simple Network Management Protocol
SSH: Secure Shell
Syslog: System Log
Web: World Wide Web
5 Technical Framework for Network Security Situation
Awareness
The technical framework for network security situation awareness mainly includes three parts:
front-end data sources, core components and other elements. Among them, the core components
of network security situation awareness are an important technical means to achieve the
capability of network security situation awareness, which can be expressed in the form of
products, systems or platforms, or different functional components; achieving network security
situation awareness also relies on other elements, such as: emergency response, security
decision-making and data sharing, etc. In order to better carry out network security situation
awareness, the front-end data sources need to cover the communication network, regional
boundaries and computing environment within the scope of network security situation
awareness. This document stipulates the general technical requirements for the core
components in the technical framework for network security situation awareness, excluding
requirements for the relatively independent front-end data sources and other elements in the
technical framework.
Based on the principle of universality and ensuring the functional completeness of network
security situation awareness, the core components of network security situation awareness
referred to in this document are composed of data aggregation, data analysis, situation display,
monitoring and warning, data service interfaces and system management, etc., as shown in
Figure 1, in which, the dashed box is not included in the technical requirements specified in
this document. The data aggregation component collects data from corresponding front-end
data sources in accordance with business demands, and stores it after pre-processing, such as:
screening, conversion, completion and marking, etc., for subsequent data analysis. The data
analysis component calls relevant data through the data service interfaces based on different
data analysis models to conduct network attack analysis, asset risk analysis, abnormal behavior
For different front-end data sources, the data aggregation component shall support the following
collection modes:
a) Passively receive data sent by the front-end data sources;
b) Actively initiate the acquisition of data from the front-end data sources, and support
the setting of the data collection frequency;
c) Manually import data from the front-end data sources.
6.1.1.2 Collection protocols
The data aggregation component shall support two or more collection protocols for data
collection in accordance with the application scenario. The collection protocols include, but are
not limited to: Syslog, FTP/FTPS, SFTP, HTTP/HTTPS, SSH and SNMP, etc.
6.1.1.3 Collection content
The data aggregation component:
a) Shall support the collection of different types of data based on collection policies. The
data types include...
View full details