This part of GB/T 20274 establishes the framework for information system security engineering assurance and the guide & general principle for the organization starting, implementing, maintaining, evaluating and improving information security engineering. This part defines and explains the security engineering capability level that reflects the information security engineering assurance capability of the organization in the information system security engineering assurance work and provides the security engineering assurance control class requirements of the organization's information security engineering assurance contents.
This part of GB/T 20274 is applicable to the organization for starting, implementing, maintaining, evaluating and improving the information security engineering and all the users, developers and evaluation personnel involved in the information system security engineering.
2 Normative References
The following documents contain provisions which, through reference in this text, constitute provisions of this part. For dated reference, subsequent amendments to (excluding any corrigendum), or revisions of, any of these publications do not apply. However, parties to agreements based on this standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. For any undated references, the latest edition of the document referred to applies.
GB/T 20274.1 Information Security Technology - Evaluation Framework for Information Systems Security Assurance - Part 1: Introduction and General Model
3 Terms and Definitions
For the purposes of this part of GB/T 20274, the terms and definitions specified in GB/T 20274.1 and the following ones apply.
3.1.1
Validation
The solution meets the user's operation security requirements.
3.1.2
Verification
The solution meets the security requirements.
4 Structure of This Part
GB/T 20274.4-2008 The following standards are cited:
GB/T 20274.4-2008 Cited by the following standards:
