GA/T 685-2007 信息安全技术 交换机安全评估准则
GA/T 685-2007 Information security technology—Evaluation criteria for switch security
基本信息
发布历史
-
2007年03月
研制信息
- 起草单位:
- 中国科学院研究生院信息安全国家重点实验室
- 起草人:
- 戴英侠、左晓栋、何申
- 出版信息:
- 页数:22页 | 字数:37 千字 | 开本: 大16开
内容描述
ICS35040
A90
中华人民共和国公共安全行业标准
GA/T685一2007
信息安全技术交换机安全评估准则
Inofrmationsecuritytechnology一
Evaluationcriteriaofrswitchsecurity
2007一03一20发布2007一05一01实施
中华人民共和国公安部发布
GA/T685一2007
目次
前言·············································································································,····……皿
引言··················································································································……W
1范围···············································································································……1
2规范性引用文件································································································……1
3术语、定义和缩略语··························································。···,······························……1
4第一级安全评估准则··························································································……1
4.1安全功能评估···································································.·……1
4.1.1自主访问控制··················································································.·.……1
4.12身份鉴别·······························································································.·..……2
4.1.3安全管理···································································································……2
4.1.4划分虚拟局域网·····················································································……2
4.2安全保证评估···················································································……,..…,…3
4.2.1配置管理·····················································································……,……3
4.2.2交付和运行·······················································································.·……3
4.2.3开发·········································································································……3
4.2.4指导性文档·······················································································...··4··……3
4.2.5生命周期支持··································································.·..·······.·……,…3
4.2.6测试································································································4444·····……4
5第二级安全评估准则··························································································……4
51安全功能评估····························································································……4
5.1.1自主访问控制································································.··……4
5.飞.2身份鉴别··················································································.·...……4
5.1.3安全管理···························4···················································4···················……5
5.1.4审计·········································································································……6
5.1.5划分虚拟局域网···········································································.·.……,.……6
5.2安全保证评估············································································.····4·······.·...……7
5.2.1配置管理···································································································……7
5.2.2交付和运行··································································,·····,.·.···········……7
5.2.3开发·········································································································……7
5.2.4指导性文档··········································································.·····.·……7
5.2.5生命周期支持·····················································4································.··...……8
5.2.6汉叮试·········································································································……8
5.2.7脆弱性评定·········································································。····················.·……8
6第三级安全评估准则··························································································……8
61安全功能评估·················································································.·...·...···……8
6.11自主访问控制·····························································································……8
61.2身份鉴别········································,························································.·……9
6.1.3安全管理···································································································……01
1
GA/T685一2007
6.1.4审计·········································,·······························································……01
6.1.5划分虚拟局域网·······························································.·……,,……11
6.2安全保证评估······················,·,·,·,························,·········,································……11
6.2.1配置管理·····················,,·····,·····································,······.·················.·……11
6.2.2交付和运行·················,·,······················4······4·,,,··········································……21
6.2.3开发··················,·,···································································,,·········444···……21
6.2.4指导性文档······························································,············4·,·······4·4········……31
6.2.5生命周期支持······,··,·····,···············4····················································……41
6,2.6测试·········································································································……41
62.7脆弱性评定·················································································4··············……15
7附加安全功能···································································································……15
7.1网络访问控制功能············································································.··……,51
72虚拟专网功能·······························································,··········,·.···················……61
7.3防火墙防护功能···········································································……,……61
7.4人侵检测功能···········································································,,·.·4.···..··……,,61
参考文献··········································,,,·······················································,·······……71
GA/T685一2007
前言
本标准由公安部公共信息网络安全监察局提出。
本标准由公安部信息系统安全标准化技术委员会归口。
本标准起草单位:中国科学院研究生院信息安全国家重点实验室。
本标准主要起草人:戴英侠、左晓栋、何申。
GA/T685一2007
引言
交换机是重要的网络互连设备,制定交换机安全评估准则对于评估交换机产品安全等级,保障网络
安全具有重要的意义。
本标准分三个等级规定了交换机的安全评估准则。安全等级由低到高,安全要求逐级增强。
本标准与GB17859一1999的对应关系是,第一级对应用户自主保护级,第二级对应系统审计保护
级,第三级对应安全标记保护级。
GA/T685一2007
信息安全技术交换机安全评估准则
范围
本标准仅分三个等级规定了交换机的安全评估准则。
本标准适用于按照GB17859一1999的安全等级所进行的交换机产品的安全评估,对交换机产品
安全性的设计和实现也可参照使用。
规范性引用文件
下列文件中的条款通过本标准的引用而成为本标准的条款。凡是注日期的引用文件,其随后所有
的修改单(不包括勘误的内容)或修订版均不适用于本标准,然而,鼓励根据本标准达成协议的各方研究
是否可使用这些文件的最新版本。凡是不注日期的引用文件,其最新版本适用于本标准。
GB17859一1999计算机信息系统安全保护等级划分准则
GB/T18336.1一2001信息技术安全技术信息技术安全性评估准则第1部分:简介和一般
模型
术语、定义和缩略语
3.1术语和定义
GB17859一1999和GB/T81336.1一2o01中确立的以及下列术语和定义适用于本标准。
3.1.1
交换机swltcb
一种基于硬件网卡地址
定制服务
推荐标准
- GB/T 17808-1999 沥青混凝土搅拌设备 1999-08-10
- GB/T 17818-1999 饲料中维生素D3的测定 高效液相色谱法 1999-08-10
- GB/T 17819-1999 维生素预混料中维生素B12的测定 高效液相色谱法 1999-08-10
- GB/T 17811-1999 动物蛋白质饲料消化率的测定 胃蛋白酶法 1999-08-10
- GB/T 17814-1999 饲料中丁基羟基茴香醚、二丁基羟基甲苯和乙氧喹的测定 1999-08-10
- GB/T 17813-1999 复合预混料中烟酸、叶酸的测定 高效液相色谱法 1999-08-10
- GB/T 17816-1999 饲料中总抗坏血酸的测定 邻苯二胺荧光法 1999-08-10
- GB/T 17812-1999 饲料中维生素E的测定 高效液相色谱法 1999-08-10
- GB/T 17817-1999 饲料中维生素A的测定 高效液相色谱法 1999-08-10
- GB/T 17815-1999 饲料中丙酸、丙酸盐的测定 1999-08-10