Standard No.:	GB/T 20273-2006
Chinese Name:	信息安全技术 数据库管理系统安全技术要求
English Name:	Information security technology Security techniques requirement for database management system
Professional Classification:	L80 Data encryption
Professional Classification:	GB National Standard
ICS Classification:	35.040
Issued by:
Issued on:	2006-05-31
Implemented on:	2006-12-01
Status:	ABOLISHED
Replace By:	GB/T20273-2019 Information security technology—Security technical requirements for database management system
Replace By Date:	2020-03-01
Language:	English
File Format:	PDF
Word Count:
Price(USD):	please email coc@codeofchina.com for quotation
Delivery:	via email in

1 Scope

This standard specifies the security techniques requirement required for database management system of each security grade according to the classification of five security protection grades in GB 17859-1999 and the role of database management system in information system.
This standard is applicable to the design and realization of security database management system according to the requirements of hierarchization and the test and management of the security of database management system may refer to this standard.

2 Normative References

The following standards contain provisions which, through reference in this standard, constitute provisions of this standard. For dated reference, subsequent amendments to (excluding correction to), or revisions of, any of these publications do not apply. However, the parties to agreements based on this standard are encouraged to investigate the possibility of applying the most recent editions of the standards. For undated references, the latest edition of the normative document referred to applies.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System

3 Terms, Definitions and Abbreviations

3.1 Terms and Definitions
For the purposes of this standard, the terms and definitions defined in GB 17859-1999 and GB/T 20271-2006 and those listed below apply.
3.1.1
Security of database management system
Characterization of the confidentiality, integrity and availability of the stored, transported and processed information in database management system.
3.1.2
Security technology of database management system
All security technologies required for realizing the security of all kinds of database management systems.
3.1.3
Security subsystem of database management system
A generic term for security protection devices in database management, including hardware, firmware, software and combined entity responsible for executing security policy. It establishes a basic security protection environment of database management system and provides additional user service required by security database management system.
Note: SSODB (security subsystem of database management system) is TCB of database management system according to the definition of TCB (trusted computing base) in GB 17859-1999.
3.1.4
SSODB security policy
A group of rules to manage, protect and distribute SSODB resource. One SSODB may have one or more security policies.
3.1.5
Security function policy
Security policy adopted to realize the function required for SSODB security element.