GA/T 387-2002 Technical requirements for computer information system security level protection network
Some standard content:
1CN.35.020
People's Republic of China Public Security Industry Standard CA/T 387---2002
Computer Information System Classified Security Protection
Network Technology Requirements
Network Technology Requirementsin Computer Information System Classified Security Protection20020715Published
Published by the Ministry of Public Security of the People's Republic of China
2002-07- 15 Implementation
standard introduction film documents
terminology and completion
network security requirements and interrelationships
the same end these security technologies
identity will be
|user name
HH baby
month user binding
loss of collection and disposal
self-access back to the plan
cyberspace policy road
section control kinetic energy
main reach mark
object mark!
Circulation
Marked signal points
Upper body photography mark displayWww.bzxZ.net
Equipment standard reached
4 Drive control plan control when
Visit the policy path
2.1.2 The pressure brake performance
5.6 Hand over the full audit
Safety audit response
5. 5. 3 Safety audit data generation
5. 5. 3 Safety audit new
5. 4 Safety semi-special reading
25 Safety review material selection
6 Safety planning and compensation in energy
5.7 Completeness of the selected data
5.7.1 Integrity of stored data
Integrity of data batches
5.8 Monitoring channel analysis
·General energy communication equipment
CA/T 387—202
GA/T 387—2002
5.8.2 Integrated acquisition channel analysis
5. ? Can be used as a path
Provincial list customer
Anti-repudiation·
Anti-repudiation·
5.11.3 or receive report replacement*
Password female holder
6 Network security enterprise letter security requirements
Personal technical requirements
Autonomous room control technology requirements
Marking technology requirements
Forced access to the whole technical table
Customer only use public requirements··
City planning academic security requirements
Digital integrity software technical requirements
Service channel branch technical requirements.
Trustworthy
Sichuan self-complex technical requirements
Anti-resistance technical requirements
Network security level protection technology is not bound,||tt| |First level: autonomous protection level
Safety requirements for enterprises
Multiple guarantee requirements
Level 1: System planning and protection level
Safety guarantee requirements
Level 2: Full certification level
Company guarantee requirements
"Individual guarantee requirements
Employment guarantee requirements
" ... And TSP
developed the surface effect
American security design
tested version
CA/T3872002
R175!1The international standard for computer information system security level management has been issued on March 13, 2019: In order to carry out the security level management work in an orderly manner, a series of relevant standards are to be formulated, including
·Technical requirements for computer information system security level protection planning standards;·Technical requirements for computer information system security level protection project implementation:...Computer information system security level protection evaluation series of standards. Among them, the following standards are required: A/32)2 Computer Information System Security Level Protection Technical Requirements; GA/T38T2012 Computer Information System Security Level Protection Technical Requirements; CA/T383-2002 Computer Information System Security Level Protection Technical Requirements; GA/T33-2009 Computer Information System Security Level Protection Technical Requirements. The following are the technical requirements for the computer information system security level protection series. The appendix of this standard is the official appendix. The Ministry of Public Security of the People's Republic of China has selected the standard, and the Ministry of Public Security has selected the system security standardization technical committee. The standard drafting unit: Jiangdu Computer Technology Research Institute. Main drafters of this standard: Yi Guangming, Shan Zengrui, Lei Chenyuan, Zhang Zhiyuan, Ling Lianghua: GA/T 387-2002
This standard is an important part of the series of standards on technical requirements for security protection of computer information systems. It aims to guide the design industry on how to design and implement networks with the required security level, and mainly explains how to achieve the technical requirements by dividing the network into two types of security protection levels. That is, it mainly explains the security technical measures that should be taken for the network system to achieve the security requirements of each security protection level in GR17359-1, as well as the differences between various security technical measures in the security protection level. This standard divides the five security protection levels into GR17359-1, and gives a detailed description of the security technical requirements and certification technical requirements for each security protection level. The explanation of the concepts in this standard can be found in the reference document A. The reference documents of this standard are listed in the document.
1 Scope
Technical requirements for computer information system security level protection network GA/T 3872002
This standard stipulates that the detailed technical requirements for the safety protection level of the network system can be divided according to (B1659:13. This standard is suitable for the design and implementation of the network system that meets the requirements of G1719-19. The modification and management of the network system according to the requirements of GB1785-1 can be used as a reference. 2 Normative referenced documents
The following documents become clauses of this standard through reference in this standard. For all referenced documents with a date, all amendments (excluding internal consultation) or waiting versions are not applicable to this standard. However, the parties to the agreement on this standard are studying whether the latest versions of these documents can be used. For referenced documents without a date, the latest version shall apply to this standard G51759-199 Safety Protection Level Classification Standard for Integrated Information Systems. GA7380-2122 Technical Requirements for Computer Information System Security Level Protection 3 Terms and Definitions
The technical system established in B17859-1999 and GA3902C02 is applicable to this standard. 4 Network Security Composition and Interrelationship
The security level and security requirements specified in S07123-2:19 and 17859592 are as shown in the table below: For network system protocol layers such as physical, link, network, session, presentation, and application layers, the requirements of GB17859:1999 can be used for design. In each layer, the implementation method of security requirements should be different, from the physical layer, link layer, network layer, session layer, presentation layer and application layer to GB17859-1999!The various security requirements in the plan put forward requirements for the security technology and benefit mechanisms that should be adopted in each security protection level. For each security plan, the security functions and security guarantees provided are used to distinguish the differences in each security protection level. Table 1 Security level, network level and the mutual relationship between security elements Security factor
Security rate
A dye layer proofreading
Mathematical house
Natural road pressure
Sichuan independent
Transmission department order
I display layer
Anti-resistance technology
GA/T38/2002
Transmission level,
Network insect sub
Format binding
Collective audit
Rely on protection version
Emergency mark
Loss protection level
Compilation
Deep small level
Inter-litigation supervision
Protection level
Education certificate|| tt||Technical layer
Hengzhou Institute
Routine,
Network device law
Fa Haiyun
Concentrated indication
Same peak point
Transmission point
Conversational staff
Indication point
Response layer
Physical back
Transport layer
Public responsible staff
Security exemption security request
"You only need to forget the card,
Including a security level only physical requirement can be logged in, a single description is reached, 5
Basic network security data requirements
5.1 Identity authentication
5.1.1 User identification
GA/T 387—2002
a》VI. Identification: Before TSF implements the required actions, the user identification of the system should be monitored and audited to ensure that the identification is maintained throughout the life of the computer information system. 5.1.2 User Identification: Before TSF implements the required actions, the user identification should be managed and maintained to ensure that it is not collected, manipulated or used by unauthorized users. 6.1.2 User Identification: Before TSF implements the required actions, the user identification should be managed and maintained to ensure that it is not collected, manipulated or used by unauthorized users. 7.1.2 User Identification: Before TSF implements the required actions, the user identification should be managed and audited to ensure that the user identification is not collected, manipulated or used by unauthorized users. 8.1.2 User Identification: Before TSF implements the required actions, the user identification should be managed and audited to ensure that the user identification is not collected, manipulated or used by unauthorized users. 9.1.2 User Identification: Before TSF implements the required actions, the user identification should be managed and audited to ensure that the user identification is not collected, manipulated or used by unauthorized users. 10 ...
) One-time use of monthly devices, should be able to provide - secondary identification of ticket types, that is, TF to prevent the identification of the number of cases with complete identification records. d! Multi-machine identification: should be able to provide a mechanism for theft, use the user identity of the specific file to identify the accurate and accurate SF according to the description of the reverse shooting of the multiple monitoring period system similar to the current situation: the document identification of the appointment of the product to make up for the acceptance, +) Main new identification: some provisions need to be made for the identification of the user's account limit "TSF should be in the need to identify the conditions indicated in the account generation plan, vertical identification, for example, the user rate beam overtime, the annual load violation connection needs to pass the driving identification period. 5..3 User-Entity Binding
In the TCB security function control deployment, for a user with a standard to identify the user, the factory needs a director (enter the old) to complete the case. At this time, the user subject is required to be identified, and the relevant collection is collected. From the identity of the book, the identity of the same book is associated with the manageable behavior of the same book. 5.1.4 Failure handling during the authentication period
SF is required to define the number of authentication attempts (the number of months and the time between attempts) without any action, and clearly define the measures that should be taken to achieve the goal. The following are the steps to deal with the failure of the attack: The number of times the attack fails should be detected and the effectiveness of the attack should be determined. 5.7 Autonomous access control
5.2-1 Access control strategy
Ding S should be designed according to the autonomous access control strategy, so as to control the host and guest intervals under the strategy control. Multiple strategies can be used to control the host, but they must not be too many and cannot be too dense. Commonly used host access control measures can be used. The same access control system can be used. H records can be used for the same control. 5-2.2 Access control function
TS The following refers to the use of a named access control policy to achieve the special function, the deactivation and special certification of the policy, and the policy planning specifications.
No diagnosis and adoption of the same kind of autonomous access control policy S has the ability to raise a card: an enterprise security attribute or a named security letter, the implementation of the access control system S1; enterprise-based security: the main guest access rules are filled in the design of the visitor's access and based on the security attributes of the enterprise to deny the case evidence To the basic function of the management rules. The three-dimensional object of the visit. 53 marks
5.3.1 main annual mark
flow for dust body measure real rate evil mark center, these sensitive mark transport light level classification and level classification for group, only the implementation of the star system visit abandonment system basis:
5.3.2 customer you mark
should be the customer's designated sensitive mark, this is more than the total single-level classification rate of the case group will be implemented on the basis of the control of the control.
5.3.3 mark integrity
GA/I 387—2002
Secret virtual service accurate in the unspecified body or content of the enterprise, the main body and content of the bed type so that the relevant information: when the data from the TB is confirmed, according to the need, the sensor bottom can be difficult to clearly indicate the internal pool output data, and associated with the output data.
5.3.4 There is a signal to indicate the output of the signal
TCB virtual communication signal is not a single level or multi-level. This sign means that the direction of the change is very strong, for The program flow continues and can be used to perform any changes in the security level, or to perform changes in the security level associated with the communication or equipment.
) Output of multi-level security equipment: When C outputs the customer's total answer to a multi-level security device, the payment record related to the customer is also output in a format that can be output! The machine can be connected in a form that is compatible with the media. When 1 temperature is input on the multi-level communication channel, the protocol of the channel should be sent in a sensitive manner! The information received is accurately matched with the information received. The single-level output of the whole device: single-level T/) and single-level channel signal does not need to maintain the total number of computer tags C. A machine should be able to reliably communicate with an authorized user at a specified bandwidth. This means that the single-level channel signal or device input/output (human-readable) should be marked with human-readable endpoints, and the human-readable hard copy output (such as line printing) should appropriately indicate the start and end of the input. To indicate the sensitivity of the page, the TCB should use a suitable method to mark the page with sensitive information (graphics) to indicate the sensitivity of the page. Any use of this tag will be considered as a TCB audit: 5.3.5 Subject sensitive tag display
on the terminal During the production handover dialogue, the release of sensor tags related to multiple households can be notified of changes and display the complete master bedroom sensor tags when necessary.
5.3.6 Equipment Tags
For various physical devices, support the small amount of distraction of the security level of the development of the K quality of the visit to implement the physical environment of the equipment. 5.2 Mandatory Access Control
5.4.1 Access Control Policy
S should be designed according to the extended control policy and the overall strategy should be implemented according to the benefits of the dynamic control policy. Industry: It includes the entities, users, and the operations between the subjects and objects under the control of the policy. There can be multiple access control elements in the full policy, and they must be implemented in a certain way, and they cannot conflict with each other. According to the requirements of the whole system, the whole system is divided into:! Sub-access control: requires each certain access control based on micro-sensing tags of TS, and T performs query control on the set main account, space and its operations)
Full access control: requires each certain access control based on sensitive tags of TSF.TSF should be responsible for the main year of the benefit of the main year of the path and the flash between the components, the exchange of side control security function installation strategy, requiring TS to ensure that the TSC within the main year of the benefit of the business will be all reduced with a certain access control strategy to allow the above problems, etc., the loss should be minimized. The system should use all three bodies within the customer's self-access to the customer's idle access to the business:
Read down, when the main year you show The focus of the classification of high or low levels of sensitive labels is also on the classification of sensitive labels, and all non-equal categories in the policy are also measured. The upper body can only be written upward. It is only when the class of sensitive labels is reached or the class of sensitive labels in the class of sensitive labels is included in the non-equal categories in the object's memory. The main purpose is to write the object, 5.4.2 Access control function
G47T 3872002
TSF should clearly define the use and characteristics of the sensitive labels in the policy, as well as the control scope of the policy. According to the scope of access control, the access control function is divided into sub-case access control, and the access control function implemented by the sub-framework access control policy can control the objects, entities and operations between them covered by the sensitive identification of TSF. The above is the requirement that 1SF should ensure that any subject and intentional individual in TSF can perform at least one determined access control function. In particular, the access control is also the most complete access control. TS should be able to provide: - Execute access control SFP on the object with the tagged or named digital tagged object; make the operation on the controlled object managed as the access control between the controlled subject and the receiving object to determine whether the operation between the subject and the controlled object is allowed; based on the rules of the subject's access to the object, realize the access of the object to the object. 5.5 Objects are also used in the system for active management of resources, and the object can control the leakage of information in the storage device, memory, micro disk and other storage media. The protection of additional information is divided into: 1. Additional information protection: It is required that for the object resources of a sub-project within the scope of TC security control, when it is assigned to a user or a process run by another user, the original information in the object should not be completely disclosed; it is required that for all object resources within the scope of long-term security control, when it is assigned to a user or a process run on behalf of the user, the original information in the project should not be disclosed. 2. Special information protection: For some information that needs to be specially protected, special methods should be used to thoroughly clean up the remaining information in the object resources, such as clearing magnetic disks, etc.
5.5 Security Audit
5.6.1 Response to Security Audit
Security Audit The following are the steps to be taken in order to conduct an audit event: 1) Record the event in the audit log. When a possible security event is detected, a real-time report is generated. When a possible security event is detected, a real-time report is generated. 2) When a possible security event is detected, the process is terminated. 3) When a possible security event is detected, the current service is terminated. 4) When a possible security event is detected, the current service is terminated. 5.6.2 Generation of Security Audit Data
ISF shall generate audit data according to the following requirements: 6) Generate audit records for the following events. Auditing process starts and closes:
Use identity authentication mechanism:
Enter the object ID into the authentication space (e.g., open the document, initialize the data sequence):
A system administrator, system security personnel, auditors and operators perform operations!
Other system security related documents or specially defined audit tools, b: For each event, the audit record should include the date and time of the event, the user, the main type, whether the event was successful, and other related consequences.
For identity authentication, the source of each request should be recorded (e.g., the whole ID). For object access and object creation, the record should include the object name and the security level of the object.
GA/T3872302
e) Associate the auditable products with the users who caused the addition. 6.6.3 Security Audit Analysis
Security Audit City Score Analysis Station
! In the analysis, the system should be monitored by the Shenzhen Audit Sharing System. This Dani pointed out that the TSP fell into the infringement. These regulations are as follows:
The definition of the long auditable half of the product is the accumulation or combination of the reputation indicated by the security improvement! What is the medicine rule?
) Based on the description of the abnormal rules, the user behavior should be based on the safety level of the industry, in order to show the consistency of the user's observation and the established usage pattern. When the user passes the threshold condition, TSI should be able to: there will be a reduction in security,
simple modification detection, should be able to detect the daily occurrence of the TS1 security device that has a great impact on the TS1 security device. For this reason, TS maintenance has an internal representation of the TSF path, and the like. The weak system behavior of the inspection is compared with the name of the disputed file. When the two match, it is reported that an attack on TSF is coming. Complex detection is: Under the above simple performance requirements, TS should be able to detect multiple step-in paths and be able to sort out known rate files. It also needs to start the TSF to transfer the signature file or the real file sequence at the moment of the village:
5.6.4 Security Audit Review
Security audit registration test 1 should have:
! It requires the ability to obtain information from the city's accounting records, and requires the TSF to communicate with authorized users to provide explanations for the loss of information. When the user is a person, the information must be expressed in a way that can be satisfied by humans; when the product is used and discussed, it must be expressed in an electronic or non-electronic way. The audit information must be displayed without any meaning:) On the basis of the above-mentioned limited audit communication, the audit review process should have the function of sending the audit data of the company to the relevant department for review. It can provide the standard for processing and distributing the current accounting data, and the process can be small. 5.5.5 Security audit event selection
should be selected based on the following attributes: object identity, user identity, worker identity, host identity, and document type. b) As the basis for the selection of accounting statements, the attached high-level audit should be used.
5.6.6 Security Audit Incidents
High-level ability to create and protect complete audit records; a) To protect the audit records: Require that the audit records must be properly protected, and that changes in the audit records must be checked before creation or modification;
Ensure that the audit records are not damaged during the audit: Require that when an unexpected situation occurs, the audit records must be modified before the situation occurs. Ensure that the audit records are not damaged during the audit. 1) Audit data can be published under the circumstances: require the market to take corresponding measures within the predetermined time limit, select the time limit for possible processing, 2) Stop the market from losing audit data: when the audit data storage is full, the system can take the following measures: "General accounting can be applied for", "Stop using other positions except for special permissions for single accounting events", "Cover the old accounting records of the market", "One-stop accounting for the most important results of other actions", "The rate of other actions can be blocked", to prevent the audit data from being lost: 5. 7 5.1 ... Are there new customers? For the number of deposits and withdrawals within a period of time, the complete device is tested, and when an integrity error is detected, only necessary measures are taken. 5.7.2 The integrity of the transmitted data is tested. When the user data is transmitted between the space 1 and other Sichuan information products, the complete protection is provided. The position control integrity test requires the use of the wide data system to test the transmission and the use of the wide data system to test the transmission or connection. The method of modifying, deleting, inserting, etc. is less.b
Data exchange recovery registration, the recipient can borrow from the source to fill in the content of the product: or the recipient 3 must be self-sourced trustworthy product, can restore the damaged data to the original user data 5.7.3 Processing data integrity
? Fallback: For the data in the system, the "national limit" should be used to ensure the integrity of the data, that is, to perform access control 3FP, and to perform the defined exchange sequence fallback: 5.8 Brief analysis of hidden channels
5.B.1 A super-hidden access to the board
through the request for the hidden channel of the non-reporting reduction plan, propose to identify the hidden operation of the data reverse: the production in the form of documentation to describe the work situation:
mark the age of the storage promise and calculate their belt, b
note the use of interference to determine the existence of hidden storage channels 1) Describe all the assumptions made during the analysis to improve the hidden channel analysis. 2) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the possible uses of the hidden channel to make a systematic analysis of the hidden channel. 2) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the possible uses of the hidden channel to make a systematic analysis of the hidden channel. 2) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 2) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: 1) Describe the method for estimating the bandwidth of the hidden channel under the following conditions: The following describes the maximum possible scenarios for each identifiable hidden communication. 5.9 Trusted Path
The trusted path between the TSF and the TS,
1) Improve the authenticity of the endpoint and protect the communication data from modification and leakage: L) The trusted path can be used by the TSF itself, and the user can initiate or manage the trusted path. 5.10 Recoverable
) After the security service is interrupted, the ISF provides a maintenance mode that provides the ability to manually return the TCT to a protected state.
6) Automatic recovery: For the collection or stock service, the old automatic process and return to a protection state are required. When the account cannot be closed or the limit is broken, the worker F sound enters the production side, and the method will be provided according to the above method to return the worker to a protection state.
) Automatic quick friend: In the automatic recovery, the worker S is required to be transferred to the head collection or feather service user analysis request to restore the love to be able to ensure that the meaning of 1 belt or customer description exceeds the limit of the disk without loss
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.