GB/T 17143.7-1997 Information technology Open Systems Interconnection System management Part 7: Security alarm reporting function
Some standard content:
GB/T17143.7—1997
This standard is equivalent to ISO/IEC10164-7:1992 "Information Technology Open Systems Interconnection System Management: Security Alarm Reporting Function".
Open Systems Interconnection
System Management" under the general title, currently includes the following 8 parts: GB/T17143 in "Information Technology
Part 1 (ie GB/T17143.1):
Part 2 (ie GB/T17143.2):
Part 3 (ie GB/T17143.3):
Part 4 (ie GB/T17143.4):
Part 5 (ie GB/T17143.5)
Part 6 (ie GB/T17143.6):
Part 7 (GB/T17143.7)
Object management function
State management function
Attributes that represent relationships
Alarm reporting function
Event reporting management function
Log control function
Security alarm reporting function
Part 8 (GB/T17143.8):
Security audit tracking function
This standard is proposed by the Ministry of Electronics Industry of the People's Republic of China. This standard is under the jurisdiction of the Standardization Research Institute of the Ministry of Electronics Industry. The drafting unit of this standard: the Standardization Research Institute of the Ministry of Electronics Industry. The main drafters of this standard: Zheng Hongren, Zhou Xiaohua, Zhang Xiaotao, Huang Jiaying. 279
GB/T 17143. 7—1997
ISO/IEC Foreword
ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) are specialized organizations for standardization worldwide. National bodies (which are members of ISO or IEC) participate in the development of international standards for specific technical areas through technical committees established by the international organizations. ISO and IEC technical committees cooperate in areas of common interest. Other official and non-official international organizations in contact with ISO and IEC may also participate in the development of international standards. For information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft international standards proposed by the joint technical committee are circulated to national member bodies for voting. At least 75% of the votes of the national member bodies participating in the voting are required for the publication of an international standard.
ISO/IEC10164-7 was developed by ISO/IECJTC1\Information Technology\Joint Technical Committee in cooperation with CCITT. The equivalent text is CCITT X.736.
ISO/IEC10164, under the general title of "Information Technology Open Systems Interconnection System Management", currently includes the following 14 parts: Part 1: Object management function
Part 2: State management function
-Part 3: Attributes of representation relationships
Part 4: Alarm reporting function
-Part 5: Incident report management function
Part 6: Log control function
Part 7: Security alarm reporting function
Part 8 Security audit Tracking function
Part 9: Objects and attributes of access control Part 10: Accounting and metering function
Part 11: Workload monitoring function
Part 12: Test management function
Part 13: Summarization function
- Part 14: Reliability and diagnostic test classification 280
GB/T17143.71997
GB/T17143 is a standard consisting of multiple parts formulated in accordance with GB9387 and GB/T9387.4. GB/T17143 is related to the following standards:
GB/T 16644
GB/T 17142
GB/T 17175
GB/T 16645
Information technology
Open systems interconnection
Open systems interconnection
Information technology
Information technology
Open systems interconnection
Information technology
Open systems interconnection
Information technology
Open systems interconnection
Public management information service definition
System management overview
Management information structure
Public management information protocol
National standard of the People's Republic of China
Information technology-Open Systems Interconnection--Systemns Management-Part 7 : Security alarm reporting function1 Scope
GB/T 17143.7—1997
idt IS0/IEC 10164-7:1992
This standard defines the security alarm reporting function. The security alarm reporting function is a system management function that allows application processes to exchange information in a centralized or decentralized management environment for use in system management as defined in GB/T9387.4. This standard is located in the application layer of GB9387 and is defined according to the model provided by GB/T17176. The role of the system management function is described by GB/T17142. The security alarm notifications defined by this system management function provide information about operating conditions and service quality, which are attached to security. Security-related events are related to security clauses. Whenever a security-related event occurs, the security policy determines the action to be taken. For example, the security policy may specify the generation of a security alarm report, or the establishment of an event record in the security audit trail, or the incrementing of a threshold counter, or the ignoring of the event, or a combination of these actions. This standard deals only with security alarm reporting. This standard
--Establishes user requirements for the service definition needed to support the security alarm reporting function; ---Defines the services provided by the security alarm reporting function; --Specifies the protocols necessary to provide the services; --Defines the relationship between the services and management notifications; --Defines the relationship with other system management functions; --Specifies conformance requirements.
This standard
--Does not define the characteristics of any implementation intended to provide the security alarm reporting function; --Does not specify the manner in which management is accomplished by users of the security alarm reporting function; --Does not define the characteristics of any interaction that results in the use of the security alarm reporting function; --Does not specify the services necessary to establish, normally release, and abnormally release management contacts; --Does not define any other notifications defined by other standards that may be of interest to security managers. 2 Referenced standards
The following standards contain provisions that, through reference in this standard, constitute provisions of this standard. At the time of publication of this standard, the versions indicated were valid. All standards are subject to revision, and parties using this standard should investigate the possibility of using the latest versions of the following standards. GB9387-88 Basic reference model for open systems interconnection of information processing systems (idtISO7498:1984,eqvCCITTX.200:1988)
GB/T9387.2-1995 Basic reference model for open systems interconnection of information processing systems Part 2: Security architecture (idt ISO/IEC 7498-2:1988,eqvCCITT X.800:1991) Basic reference model for open systems interconnection of information processing systems Part 4: Management framework (idtGB/T 9387.4-1996
Approved by the State Administration of Technical Supervision on December 15, 1997 282
Implemented on August 1, 1998
GB/T 17143. 7-1997
ISO/IEC 7498-4:1989,egvCCITT X.700:1992)GB/T15129-94 Information Processing Systems Open Systems Interconnection Service Agreement (idtISO/TR8509:1987,eqvCCITTT X. 210:1988)
GB/T 16262-19961
Information Technology Open Systems Interconnection Abstract Syntax Notation - (ASN.1) Specification (idtISO/IEC8824:1990,eqvCCITTT X.208:1988)Information Technology Open Systems Interconnection Abstract Syntax Notation One (ASN.1) Basic Encoding Rules Specification GB/T 16263-1996
(idt ISO/IEC 8825:1990,eqvCCITTT X.209:1988) Information technology Open Systems Interconnection Common Management Information Service Definition (idtISO/IEC9595: GB/T 16644--1996
1991,eqv CCITT X.710:1991)
GB/T 17142—1997
Information technology Open Systems Interconnection System Management Overview (idtISO/IEC10040:1992)GB/T 17143.4—1997
Information technology Open Systems Interconnection System Management Part 4: Alarm reporting function (idtISO/IEC10164-4:1992)
GB/T 17143.5—1997
Information technology Open Systems Interconnection
ISO/IEC 10164-5:1993)
System management Part 5: Event reporting management function (idt Information technology Open Systems Interconnection
GB/T 17143.61997
Part 6: Log control function (idtISO/System management
IEC 10164-6:1993)
GB/T17175.2--1997 Information technology Open Systems Interconnection ISO/IEC 10165-2:1992)
Management information structure Part 2: Management information definition idt Information technology Open Systems Interconnection Management information structure Part 4: Definition of managed objects refers to GB/T 17175. 4—19971
South (idtISO/IEC10165-4:1992)
Information technology Open systems interconnection application layer architecture (idtISO/IEC9545:1994) GB/T 17176-—1997
GB/T 17178. 1—1997
Information technology Open systems interconnection conformance test method and framework Part 1: Basic concepts (idt ISO/IEC 9646-1:1994)
3 Definitions
This standard adopts the following definitions.
3.1 Basic reference model definitions
This standard adopts the following terms defined in GB9387: open system.
3.2 Definition of security architecture
This standard adopts the following terms defined in GB/T 9387.2: a) authentication,
b) confidentiality;
c) integrity;
d) non-repudiation,
e) security policy;
f) security service.
3.3 Definition of management framework
This standard adopts the following terms defined in GB/T9387.4: managed object.
3.4 Definition of system management overview
This standard adopts the following terms defined in GB/T17142: a) agent role,
b) dependency consistency
|) general consistency:
d) manager role:
e) notification;
1) system management functional unit.
3.5 Definition of incident report management function
GB/T 17143. 7 --1997
This standard adopts the following terms defined in GB/T17143.1: Identifier.
3.6 Definition of service agreement
This standard adopts the following terms defined in GB/T15129: a) Service user
b) Service provider,
3.? Definition of conformance test
This standard adopts the following terms defined in GB/T17178.1: System conformance statement.
3.8 Supplementary definitions
3.8.1 Security alarm
Security-relared event identified by security policy as a potential security violation. 3.82 Security-relared event Security-relared event Event considered to be security-related.
4 Abbreviations
5 Conventions
Abstract Syntax Notation I
Common Management Information Service
Management Application Protocol Data Unit
Open Systems Interconnection
System Management Application Protocol Unit
This standard defines services for the security alarm reporting function following the descriptive conventions defined in GB/T15129. In Chapter 9, the definition of each service includes a table listing the service primitive parameters. For a given service primitive, the presence of each parameter is described by one of the following values:
The M parameter is mandatory;
(=) The parameter value is equal to the value of the left column parameter: U The use of this parameter is an option for the service user
The parameter is not present in the interaction described by the primitive C parameter is conditional, the condition describes the text definition of the parameter, and P parameter is subject to the mandatory constraints of GB/T16644?
Note: The parameters marked with \P\ in the service table of this standard are directly mapped to the corresponding parameters of CMIS service primitives without changing the semantics or syntax of the parameters. The remaining parameters are used to construct MAPDUs. 6 Requirements
The security management user needs to be alerted whenever an event indicating an attack or potential attack on the security of the system is detected. A security attack may be detected by a security service, a security mechanism, or another process. A security alert notification may be generated by any communicating end user or by any intermediate system or process between end users. Security alert reporting shall identify the origin of the security alert, the source of the detected security-related event, the appropriate end user, the perceived severity of any misoperation, attack or security violation, etc., as specified by the security policy. This standard describes the use of these services and technologies to meet these requirements. 7 Model
The model for security alert reporting is defined in GB/T 17143.5. Information may be logged in accordance with GB/T 17143.6. 8 Generic Definitions
8.1 Generic Notifications
This standard defines a set of generic security audit trail notifications and their available parameters and semantics. The set of generic notifications, parameters and semantics defined by this standard provides in detail the following parameters of the M-EVENTREPORT service defined by GB/T 16644:
——Event Type,
Event Information,
~——Event Response.
All notifications are potential items for the system management log. This standard defines the managed object class for this purpose. GB/T 17175.2 defines the generic event log record object class from which all items are derived, the additional information specified by the event information, and the event response parameters. 8.1.1 Event Type
This parameter defines the type of security alarm report. This standard defines the following event types: - Integrity Violation: indicates that information may have been illegally modified, inserted or deleted; Operational Violation: indicates that the requested service is not possible due to unavailability, failure or erroneous service invocation; - Physical Violation: indicates that the physical resource is subject to a security attack; - Security Service or Mechanism Violation: indicates that a security attack has been detected by a security service or mechanism; - Time Domain Violation: indicates that an event occurred at an unexpected or prohibited time. 8.1.2 Event Information
The following parameters constitute the notification specific event information. 8.1.2.1 Security Alarm Cause
This parameter defines further qualifications for the possible causes of the security alarm. The value of this parameter, together with the Event Type value, determines which parameters constitute a security alert event report and what possible values those parameters can have. The security alert cause values used for notifications shall be indicated in the behavior clause of the object class definition. For use in the context of system management applications defined in ISO 17142, this standard defines security alert causes that have broad applicability to the managed object classes. These values are registered in accordance with ISO 17175.2. The syntax of the security alert cause shall be that of an ASN.1 type object identifier. For use in the context of system management applications defined in ISO 17142, additional security alert causes may be added to this standard and registered using the registration procedures defined in ISO 16262 for ASN.1 object identifier values. For use in the context of system management applications defined in ISO 17142, other security alert causes may be defined outside the scope of this standard and registered using the registration procedures defined in ISO 16262 for ASN.1 object identifier values.1 Registration procedure for object identifier value definitions. Table 1 identifies the security alert causes for the event types specified in this standard. 285
Integrity violation
Operational violation
Physical violation
Security service or mechanism violation
Time domain violation
Event type
This standard defines the following security alert causes: GB/T 17143. 7—1997
Table 1 Security Alarm Reasons
Information Duplication
Information Missing
Information Modification Detected
Information Out of Order
Unexpected Information
Denial of Service
Service Stopped
Procedure Error
Unspecified Reason
Cable Tampering
Intrusion Detected
Unspecified Reason
Authentication Failed
Confidentiality Violation
Anti- Repudiation failure
Unauthorized access attempt
Unspecified reason
Delayed information
Key expiration
Time violation
Authentication failure: indicates that the attempt to authenticate the user was unsuccessful; Confidentiality violation: indicates that the information may have been read by an unauthorized user; Cable tampering: indicates that physical damage to the communications media has occurred; Delayed information: indicates that the information was received later than expected; - Denial of service: indicates that a valid request for a service has been blocked or disallowed; Security alert reason||tt ||Message Duplicate: indicates that a message has been received more than once, and therefore may be a repeat attack; Message Missing: indicates that the expected message was not received; Message Modification Detected: indicates that the message has been modified (e.g., by a data integrity mechanism); Message Out of Order: indicates that the received message is not in the correct order; Intrusion Detected: indicates that the location where the identified device is located has been illegally entered, or that the device itself has been damaged; Key Expiration: indicates that an outdated encryption key has been present or used; Non-Repudiation Failure: indicates that communication is blocked or stopped due to the failure or unavailability of non-repudiation services; Time Violation: indicates that resource utilization occurs at an unexpected time; Service Outage: indicates that a valid request for a service cannot be satisfied due to the unavailability of the service provider; Procedure Error: indicates that an incorrect procedure was used when invoking the service; Unauthorized Access Attempt: indicates that the access control mechanism has detected an illegal attempt to access a resource; Unexpected Message: indicates that an unexpected message was received; Unspecified Cause: indicates that an unspecified, security-related event has occurred. The managed object class definer should select the most specific available cause for the security alert. 8.1.2.2 Security Alarm Severity
This parameter defines the importance of the security alarm detected by the managed object. The following severity levels are defined:286
GB/T 17143. 7 --- 1997
…Uncertain: A security attack has been detected. The integrity of the system is not yet known; Critical: A security breach has occurred and has compromised the system. In support of the security policy, the system is no longer considered to be able to operate correctly. Critical severity may involve the modification of security information without proper authorization, the disclosure of information critical to system security (such as passwords, private encryption keys, etc.), or the violation of physical security,
Important: A security breach has been detected and has compromised important information or mechanisms, Minor: A security breach has been detected and has compromised minor information or mechanisms: Warning: A security attack has been detected. It is believed that the security of the system has not yet been compromised. 8.1.2.3 Security Alarm Detector
This parameter identifies the detector of the security alarm. 8.1.2.4 Service User
This parameter identifies the service user whose service request caused the security alert to be generated. 8.1.2.5 Service Provider
This parameter identifies the intended service provider of the service that caused the security alert to be generated. 8.1.3 Event Response
This standard does not specify the management information used in the Event Response parameter. 8.2 Managed Objects
The Security Alert Record is a managed object class that is derived from the Event Log Record object class defined in ISO/IEC 17175.2. The Security Alert Record object class represents the information stored in the log resulting from a security alert notification. 8.3 The generic definition introduced
The following parameters are also used. These parameters are defined by ISO/IEC 17143.4: Additional Information,
Additional Text,
Related Notification;
Notification Identifier.
8.4 Conformance
The managed object class definition supports the functions defined in this standard by using the notification samples defined in GB/T17175.2 in conjunction with the notification specifications. The reference mechanism is defined in GB/T17175.4. For each instance of a security alarm report, it is required to introduce one or more managed object class definitions of security alarm notifications defined in this standard so that the security alarm type and security alarm cause can be selected to most closely reflect the actual event that caused the managed object to issue the notification. The managed object class definition is also required to specify the security alarm generator, service user, and service provider, and should also specify in the characteristics clause: how the security alarm severity parameter is specified.
For each introduced notification, the managed object class definition should specify in the behavior clause which optional parameters and conditional parameters to use, the conditions for using them, and their values. It is allowed to declare the use of parameters as optional. 9 Service Definition
This standard defines services. Security alarm notification provides the ability to report security attacks, security services, mechanism malfunctions, or other security-related events. This parameter carries information related to security alarms. 9.2 Security alarm reporting service
The security alarm reporting service uses the parameters defined in Chapter 8 of this standard, as well as the general MEVENT-REPORT service parameters defined in GB/T16644.
Table 2 lists the parameters of the security alarm reporting service. The event time, related notification, and notification identifier parameters can be assigned by the managed object or management system that issues the notification. 287
Call identifier
Managed object class
Managed object instance
Event type
Event time
Event information
Parameter name
Security alarm cause
Security alarm severity
Security alarm detector
Service user
Service provider
Notification identifier
Related notifications
Additional text
Additional information
Current timewww.bzxz.net
Event response
10 Functional unit
GB/T 17143. 7—1997
Table 2 Security alarm report parameters
Reg/Ind
The security alarm reporting function constitutes a single system management functional unit. 11 Protocol
11.1 Procedure elements
11.1.1 Proxy role
11.1.1 Invocation
Rsp/Conf
The security alarm report procedure is initiated by the security alarm report request primitive. Upon receiving the security alarm report request primitive, the SMAPM shall construct a MAPDU and issue a CMIS M-EVENT-REPORT request service primitive with parameters from the security alarm report request primitive. In non-confirmed mode, the procedure in 11.1.1.2 is not used. 11.1.7.2 Receiving response
Upon receiving a CMIS M-EVENT-REPORTconfirm service primitive containing a MAPDU in response to the security alarm report notification, the SMAPM shall issue a security alarm report confirm primitive with parameters from the CMIS M-EVENT-REPORTconfirm service primitive to the security alarm report service user, thereby completing the security alarm report procedure. NOTE: The SMAPM ignores all errors in the received MAPDU. The user of the security alarm report service may ignore these errors or contact the administrator accordingly.
11.1.2 Manager Role
11.1.2.1 Receiving Request
Upon receipt of a CMISM-EVENT-REPORT indication service primitive containing a MAPDU requesting the security alarm report service, if the MAPDU is intact, the SMAPM shall issue a security alarm report indication primitive with parameters to the security alarm report service user.7-1997
Alarm Reporting Service User, with parameters from the CMISM-EVENT-REPORTindication service primitive. Otherwise, in confirmed mode, the SMAPM shall construct an appropriate MAPDU containing the error notification and issue a CMISM- EVENT-REPORTrespOns service primitive with the error parameters present. In unconfirmed mode, the procedure in 11.1.2.2 is not used. 11.1.2.2 Response
In confirmed mode, the SMAPM shall receive the Security Alarm Reporting Response primitive and construct a MAPDU to confirm the notification and issue a CMISM-EVENT-REPORTresPOnSe service primitive with parameters from the Security Alarm Reporting Response primitive. 11.2 Abstract syntax
11.2.1 Managed objects
This standard references the following supporting objects, whose abstract syntax is specified in GB/T17175.2: securityAlarmReportRecord
11.2.2 Attributes
Table 3 shows the relationship between the parameters defined in 8.1.2 of this standard and the attribute type specifications of GB/T17175.2A. Table 3 Attributes
Security alarm cause
Security alarm severity
Security alarm detector
Service user
Service provider
11.2.3 Attribute groups
This system management function does not define attribute groups. 11.2.4 Actions
This system management function does not define specific actions. 11.2.5 Notification
securityAlarmCause
secturityAlarmSeverity
securityAlarmDetector
serviceUser
serviceProvider
Attribute Name
Table 4 shows the relationship between the notification defined in 8.1.1 of this standard and the notification type specification of GB/T 17175.2. Table 4 Notification
Security Alarm Type
Integrity Violation
Operational Violation
Physical Violation
Security Service Violation Mechanism Violation
Time Domain Violation
integrity Violation
operationalViolation
physicalViolation
Notification Type
securityServiceOrMechanismViolationtimeDomain Violation
The abstract syntax referenced by the notification type specification is carried in the MAPDU. 11.2.6 Security Alarm Cause
Table 5 shows the relationship between the security alarm causes defined in 8.1.2.1 of this standard and the ASN.1 reference values defined in GB/T 17175.2.
Authentication failed
Confidentiality violation
Cable tampering
Message delay
Denial of service
Message duplication
Message loss
Message modification detected
Message disorder
Intrusion discovered
Key expiration
Non-repudiation failure
Time violation
Service suspension
Procedure error
Unauthorized access attempt
Unexpected message
Unspecified reason
Security alarm reason
11.2.7 Security alarm severity value
GB/T 17143. 7 - 1997
Table 5 Security alarm reason
authenticationFailure
ASN.1 reference value
breachOfConfidentiality
cableTamper
delayedInformation
denialOfService
duplicateInformation
informationMissing
informationModificationDetectedinformationOutOfSequence
intrusionDetection
keyExpired
nonRepudiationFailure
outOfHoursActivity
outOfService
proceduralError
unauthorizedAccessAttempt
unexpectedInformation
unspecifiedReason
Table 6 shows the relationship between the values defined for the security alert severity parameter in 8.1.2.2 of this standard and the ASN.1 reference values defined in GB/T 17175.2:
Table 6 Security alert severity values
Security alert severity
Uncertain
Critical
Important
Minor
11.3 Negotiation of security alert reporting functional unit This standard assigns the following object identifier:
indeterminate
critical
warning
ASN.1 value reference
( joint-iso-ccitt ms(9)function(2)part7(7)functionalUnitPackage(1)) as the value of the ASN.1 type FunctionalUnitPackageId defined in ISO/IEC 17142 to negotiate the following functional units: 0 security alarm reporting functional unit The numbers here indicate the bit positions assigned to the functional unit. The name refers to the functional unit defined in clause 10. Within the context of a system management application, the mechanism for negotiating the security alarm reporting functional unit is described in ISO/IEC 17142. NOTE The need for negotiating a functional unit is dictated by the application context. 2902. Table 4 Notification
Security Alert Type
Integrity Violation
Operational Violation
Physical Violation
Security Service Violation Mechanism Violation
Time Domain Violation
integrity Violation
operationalViolation
physicalViolation
Awareness Type
securityServiceOrMechanismViolationtimeDomain Violation
The abstract syntax referenced by the notification type specification is carried in the MAPDU. 11.2.6 Security Alert Cause
Table 5 shows the relationship between the security alert causes defined in 8.1.2.1 of this standard and the ASN.1 reference values defined in GB/T 17175.2.
Authentication failed
Confidentiality violation
Cable tampering
Message delay
Denial of service
Message duplication
Message loss
Message modification detected
Message disorder
Intrusion discovered
Key expiration
Non-repudiation failure
Time violation
Service suspension
Procedure error
Unauthorized access attempt
Unexpected message
Unspecified reason
Security alarm reason
11.2.7 Security alarm severity value
GB/T 17143. 7 - 1997
Table 5 Security alarm reason
authenticationFailure
ASN.1 reference value
breachOfConfidentiality
cableTamper
delayedInformation
denialOfService
duplicateInformation
informationMissing
informationModificationDetectedinformationOutOfSequence
intrusionDetection
keyExpired
nonRepudiationFailure
outOfHoursActivity
outOfService
proceduralError
unauthorizedAccessAttempt
unexpectedInformation
unspecifiedReason
Table 6 shows the relationship between the values defined for the security alert severity parameter in 8.1.2.2 of this standard and the ASN.1 reference values defined in GB/T 17175.2:
Table 6 Security alert severity values
Security alert severity
Uncertain
Critical
Important
Minor
11.3 Negotiation of security alert reporting functional unit This standard assigns the following object identifier:
indeterminate
critical
warning
ASN.1 value reference
( joint-iso-ccitt ms(9)function(2)part7(7)functionalUnitPackage(1)) as the value of the ASN.1 type FunctionalUnitPackageId defined in ISO/IEC 17142 to negotiate the following functional units: 0 security alarm reporting functional unit The numbers here indicate the bit positions assigned to the functional unit. The name refers to the functional unit defined in clause 10. Within the context of a system management application, the mechanism for negotiating the security alarm reporting functional unit is described in ISO/IEC 17142. NOTE The need for negotiating a functional unit is dictated by the application context. 2902. Table 4 Notification
Security Alert Type
Integrity Violation
Operational Violation
Physical Violation
Security Service Violation Mechanism Violation
Time Domain Violation
integrity Violation
operationalViolation
physicalViolation
Awareness Type
securityServiceOrMechanismViolationtimeDomain Violation
The abstract syntax referenced by the notification type specification is carried in the MAPDU. 11.2.6 Security Alert Cause
Table 5 shows the relationship between the security alert causes defined in 8.1.2.1 of this standard and the ASN.1 reference values defined in GB/T 17175.2.
Authentication failed
Confidentiality violation
Cable tampering
Message delay
Denial of service
Message duplication
Message loss
Message modification detected
Message disorder
Intrusion discovered
Key expiration
Non-repudiation failure
Time violation
Service suspension
Procedure error
Unauthorized access attempt
Unexpected message
Unspecified reason
Security alarm reason
11.2.7 Security alarm severity value
GB/T 17143. 7 - 1997
Table 5 Security alarm reason
authenticationFailure
ASN.1 reference value
breachOfConfidentiality
cableTamper
delayedInformation
denialOfService
duplicateInformation
informationMissing
informationModificationDetectedinformationOutOfSequence
intrusionDetection
keyExpired
nonRepudiationFailure
outOfHoursActivity
outOfService
proceduralError
unauthorizedAccessAttempt
unexpectedInformation
unspecifiedReason
Table 6 shows the relationship between the values defined for the security alert severity parameter in 8.1.2.2 of this standard and the ASN.1 reference values defined in GB/T 17175.2:
Table 6 Security alert severity values
Security alert severity
Uncertain
Critical
Important
Minor
11.3 Negotiation of security alert reporting functional unit This standard assigns the following object identifier:
indeterminate
critical
warning
ASN.1 value reference
( joint-iso-ccitt ms(9)function(2)part7(7)functionalUnitPackage(1)) as the value of the ASN.1 type FunctionalUnitPackageId defined in ISO/IEC 17142 to negotiate the following functional units: 0 security alarm reporting functional unit The numbers here indicate the bit positions assigned to the functional unit. The name refers to the functional unit defined in clause 10. Within the context of a system management application, the mechanism for negotiating the security alarm reporting functional unit is described in ISO/IEC 17142. NOTE The need for negotiating a functional unit is dictated by the application context. 2901 The following functional units are negotiated using values of type FunctionalUnitPackageId: 0 security alarm reporting functional unit The numbers here indicate the bit positions assigned to the functional unit. The names refer to the functional units defined in clause 10. Within the context of system management applications, the mechanism for negotiating the security alarm reporting functional unit is described in ISO 17142. NOTE The need for negotiating the functional unit is dictated by the application context. 2901 The following functional units are negotiated using values of type FunctionalUnitPackageId: 0 security alarm reporting functional unit The numbers here indicate the bit positions assigned to the functional unit. The names refer to the functional units defined in clause 10. Within the context of system management applications, the mechanism for negotiating the security alarm reporting functional unit is described in ISO 17142. NOTE The need for negotiating the functional unit is dictated by the application context. 290
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.