DB43/T 1843-2020 区块链数据安全技术测评标准
DB43/T 1843-2020 Blockchain data security technology evaluation standards
基本信息
发布历史
-
2020年09月
研制信息
- 起草单位:
- 起草人:
- 出版信息:
- 页数:31页 | 字数:- | 开本: -
内容描述
ICS35.240
L70
DB43
湖南省地方标准
DB43/T1843—2020
信息安全技术
区块链数据安全技术测评要求
Informationsecuritytechnology-Evaluationrequirements
forblockchaindatasecuritytechnology
2020-09-30发布2020-12-30实施
湖南省市场监督管理局发布
DB43/T1843—2020
目次
前言························································································································································Ⅲ
1范围····················································································································································1
2规范性引用文件·································································································································1
3术语和定义········································································································································1
4等级测评概述·····································································································································1
4.1等级测评方法·····························································································································1
4.2单项测评·····································································································································2
5第一级测评要求·································································································································2
5.1数据存储测评要求·····················································································································2
5.2数据传输测评要求·····················································································································3
5.3数据访问测评要求·····················································································································4
5.4区块数据测评要求·····················································································································5
5.5数据管理测评要求·····················································································································5
6第二级测评要求·································································································································6
6.1数据存储测评要求·····················································································································6
6.2数据传输测评要求·····················································································································8
6.3数据访问测评要求·····················································································································9
6.4区块数据测评要求···················································································································10
6.5数据管理测评要求···················································································································10
7第三级测评要求·······························································································································11
7.1数据存储测评要求···················································································································11
7.2数据传输测评要求···················································································································13
7.3数据访问测评要求···················································································································14
7.4区块数据测评要求···················································································································15
7.5数据管理测评要求···················································································································16
8第四级测评要求·······························································································································17
8.1数据存储测评要求···················································································································17
8.2数据传输测评要求···················································································································19
8.3数据访问测评要求···················································································································20
8.4区块数据测评要求···················································································································21
8.5数据管理测评要求···················································································································22
9测评结论··········································································································································23
9.1风险分析和评价·······················································································································23
I
DB43/T1843—2020
9.2等级测评结论···························································································································23
参考文献················································································································································25
II
DB43/T1843—2020
前言
本文件按照GB/T1.1—2020给出的规则起草。
本文件由中共湖南省委网络安全和信息化委员会办公室提出。
本文件由湖南省区块链和分布式记账技术标准化技术委员会(筹)归口。
本文件起草单位:湖南链信安科技有限公司、湖南天河国云科技有限公司、湖南省东方区块链安全
技术检测中心、湖南省人民政府发展研究中心、湖南天河云链科技有限公司。
本文件主要起草人:梁琪、杨征、李财、陈昕、谭林、聂璐璐、梁亮、聂朗、尹海波、黄帅、汪武、
柳兴、郭慧、殷新文、丁雅琪、沈浪、张祥、宋姝、姜载乐、刘齐平、郑婷婷、胡钦、邹曼瑜等。
III
DB43/T1843—2020
IV
DB43/T1843—2020
信息安全技术区块链数据安全技术测评要求
1范围
本文件规定了区块链数据安全技术测评指标要求。包括第一级、第二级、第三级和第四级区块链数
据安全技术测评要求。
本文件适用于测评机构对区块链数据安全进行的测评工作,也适用于区块链技术开发者参考使用。
2规范性引用文件
下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文件,仅
该日期对应的版本适用于本文件;不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。
GB/T25069—2010信息安全技术术语
GB/T29765—2013信息安全技术数据备份与恢复产品技术要求与测试评价方法
3术语和定义
GB/T25069—2010、GB/T29765—2013界定的下列术语和定义适用于本文件。
3.1
区块block
区块链中存放电子记录的块式数据结构。
3.2
区块激励blockreward
区块链体系给予区块生产者创建区块的奖励。
3.3
口令password
用于身份鉴别的秘密的字、短语、数字或字符序列,通常是被默记的弱秘密。
[GB/T25069—2010]
3.4
数据恢复datarecovery
利用备份数据将目标数据还原为某一备份时间点的内容或状态的过程。
[GB/T29765—2013]
4等级测评概述
4.1等级测评方法
等级测评实施的基本方法是针对待定的测评对象,采用相关的测评手段,遵从一定的测评规程,获
取需要的证据数据,给出是否达到特定级别安全保护能力的评判。
1
DB43/T1843—2020
本标准中针对每一个要求项的测评就构成一个单项测评,针对某个要求项的所有具体测评内容构成
测评实施。根据调研结果,分析等级保护对象的业务流程和数据流,确定测评工作范围。结合等级保护
对象的安全级别进行综合分析,测评对象可以根据类别加以描述,包括数据存储、数据传输、数据访问、
区块数据、数据管理。
本标准账中每个级别测评要求都包括数据存储测评要求、数据传输测评要求、数据访问测评要求、
区块数据测评要求、数据管理测评要求五部分内容。
4.2单项测评
单项测评是针对各安全要求项的测评,支持测评结果的可重复性和可再现性。本标准中单项测评包
括测评指标、测评对象、测评实施和测评判定结果构成。
5第一级测评要求
5.1数据存储测评要求
5.1.1数据存储机密性
该测评单元包括以下要求:
a)测评指标:应保证数据存储机密性。
b)测评对象:数据存储形式。
c)测评实施包括以下内容:
1)在数据存储过程中是否采用密文的形式进行存储。
d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单
元指标要求。
5.1.2数据存储完整性
该测评单元包括以下要求:
a)测评指标:应保证数据存储完整性。
b)测评对象:数据存储策略。
c)测评实施包括以下内容:
1)数据存储是否建立数据存储冗余策略和管理制度,及数据备份与恢复操作过程规范。
d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单
元指标要求。
5.1.3数据存储可靠性
该测评单元包括以下要求:
a)测评指标:应保证数据存储可靠性。
b)测评对象:数据存储策略类。
c)测评实施包括以下内容:
1)数据存储时是否具有存储策略类文档,文档内容包括但不限于存储管理制度和数据备
份操作;
2)数据存储内容是否包含完整的用户访问记录、数据处理记录等内容。
d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分
2
DB43/T1843—2020
符合本测评单元指标要求。
5.1.4数据备份可用性
该测评单元包括以下要求:
a)测评指标:保证数据备份可用性。
b)测评对象:数据备份与恢复能力。
c)测评实施包括以下内容:
1)重要数据是否具有备份机制;
2)重要数据是否设置数据定期备份的策略。
d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分
符合本测评单元指标要求。
5.1.5数据恢复可用性
该测评单元包括以下要求:
a)测评指标:应保证数据恢复功能可用性。
b)测评对象:遇到故障时数据恢复能力。
c)测评实施包括以下内容:
1)是否具有数据故障处置预案。
d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单
元指标要求。
5.2数据传输测评要求
5.2.1数据传输机密性
该测评单元包括以下要求:
a)测评指标:应保证数据传输过程中区块链数据的机密性。
b)测评对象:数据传输策略。
c)测评实施包括以下内容:
1)数据传输过程是否采用加密技术;
2)数据传输是否在已授权节点之间进行。
d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分
符合本测评单元指标要求。
5.2.2数据传输完整性
该测评单元包括以下要求:
a)测评指标:应保证数据传输过程中区块链数据的完整性。
b)测评对象:数据传输策略。
c)测评实施包括以下内容:
1)在数据传输过程中是否提供数据完整性验证协议。
d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单
元指标要求。
5.2.3数据传输可靠性
3
DB43/T1843—2020
该测评单元包括以下要求:
a)测评指标:应保证数据传输过程中区块链数据的可靠性。
b)测评对象:数据传输策略。
c)测评实施包括以下内容:
1)传输连接建立之前,是否对发送方和接收方进行身份鉴别操作,例如利用密码技术进行初
始化会话验证;
2)数据传输过程中是否采用加解密技术。
d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分
符合本测评单元指标要求。
5.2.4数据传输可用性
该测评单元包括以下要求:
a)测评指标:应保证数据传输过程中区块链数据的可用性。
b)测评对象:数据传输策略。
c)测评实施包括以下内容:
1)通过传输接收到的数据是否与系统采用统一时间标准。
d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单
元指标要求。
5.3数据访问测评要求
5.3.1访问权限控制
该测评单元包括以下要求:
a)测评指标:应保证设置数据访问控制权限、访问控制策略。
b)测评对象:数据访问权限控制功能。
c)测评实施包括以下内容:
1)是否具有数据访问权限控制策略。
d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单
元指标要求。
5.3.2数据访问处理
该测评单元包括以下要求:
a)测评指标:应保证数据处理时明确处理的目的和范围、遵守数据使用规范。
b)测评对象:数据访问流程。
c)测评实施包括以下内容:
1)是否根据法律法规要求,明确数据处理的目的和范围;
2)是否设置数据访问处理规范类文档及相关违规处理的惩戒措施。
d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分
符合本测评单元指标要求。
5.3.3加密访问控制
该测评单元包括以下要求:
a)测评指标:应保证对数据进行加密访问控制、数据访问权限设置采
定制服务
推荐标准
- DB23/T 1627-2015 大豆远缘嫁接诱变技术规程 2015-01-23
- DB23/T 1605-2015 奶牛围产期保健技术规范 2015-01-23
- DB23/T 1636-2015 无公害食品向日葵生产技术规程 2015-01-23
- DB23/T 1568-2014 中俄边境森林防火阻隔带建设规范 2014-05-03
- DB23/T 1607-2015 规模化奶牛养殖粪污处理技术规程 2015-01-23
- DB23/T 1623-2015 A级绿色食品马铃薯粉条加工技术规程 2015-01-23
- DB23/T 1599-2015 蛋鸡规模养殖生产技术规范 2015-01-23
- DB23/T 1635-2015 水稻种子储藏技术规范 2015-01-23
- DB23/T 1582-2015 黑穗醋栗栽培技术规程 2015-01-23
- DB23/T 1591-2015 马铃薯晚疫病防治技术规范 2015-01-23