Standard No.:	GB/T 20271-2006
Chinese Name:	信息安全技术 信息系统通用安全技术要求
English Name:	Information security technology Common security techniques requirement for information system
Professional Classification:	L80 Data encryption
Professional Classification:	GB National Standard
ICS Classification:	35.060
Issued by:
Issued on:	2006-05-31
Implemented on:	2006-12-01
Status:	VALID
Language:	English
File Format:	PDF
Word Count:	42000 words
Price(USD):	1260 (USD)
Delivery:	via email in 1-10 business day

1 Scope

This standard specifies the requirements of every security grade for the security technology required for information system security according to the classification of five security protection grades in GB 17859-1999.
This standard is applicable to the design and realization of security information system according to the graded requirements and serves for reference for the test and management of the information system security implemented according to graded requirements.

2 Normative References

The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, subsequent amendments to (excluding amending errors in the text), or revisions of, any of these publications do not apply. However, all parties coming to an agreement according to this standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GBJ 45-1982 Specifications for the Design of Highrise Civil Buildings (Trial) - Fire Prevention
TJ 16-1974 Code for Design of Building Fire Protection

3 Terms, Definitions and Abbreviations

3.1 Terms and Definitions
For the purposes of this standard, the terms and definitions specified in GB 17859-1999 and those listed below apply.
3.1.1
Security of information system
The representation of confidentiality, integrity and availability of information system and the information stored, transported and processed by it.
3.1.2
Common security technology of information system
The security technology generally applicable for realizing various types of security of information system.
3.1.3
Security subsystem of information system
A generic term for security protection devices in information system, including hardware, firmware, software and combined entity responsible for implementing security policy. It establishes a basic security protection environment for information system, and provides additional user service required for security information system.
Note: according to the definition of TCB (trusted computing base) in GB 17859-1999, SSOIS (security subsystem of information system) is TCB of information system.
3.1.4
Security element
The composition of security contents contained in technical requirements of security function and security assurance in this standard.
3.1.5
Security function policy
The security policy adopted to realize the function required for SSOIS security element.
3.1.6
Security function