Standard No.:	GB/T 36627-2018
Chinese Name:	信息安全技术 网络安全等级保护测试评估技术指南
English Name:	Information security technology—Testing and evaluation technical guide for classified cybersecurity protection
Professional Classification:	L80 Data encryption
ICS Classification:	35.040
Issued by:
Issued on:	2018-09-17
Implemented on:	2019-04-01
Status:	VALID
Language:	English
File Format:	PDF
Word Count:	10000 words
Price(USD):	300 (USD)
Delivery:	via email in 1-3 business day

1 Scope

This standard gives the classification and definition of relevant testing and evaluation technologies in the testing and evaluation of classified cybersecurity protection (hereinafter referred to as "classified testing and evaluation"), puts forward the elements and principles of technical testing and evaluation, and puts forward suggestions on the analysis and application of testing and evaluation results.

This standard is applicable to the classified testing and evaluation for target of classified cybersecurity protection (hereinafter referred to as "target of classified protection") carried out by testing and evaluation institutions, and the security evaluation on the status of target of classified protection carried out by the competent departments and operating units of target of classified protection.

2 Normative references

The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

GB 17859-1999 Classified criteria for security protection of computer information system

GB/T 25069-2010 Information security technology - Glossary

3 Terms, definitions and abbreviations

3.1 Terms and definitions

For the purposes of this document, the terms and definitions given in GB 17859-1999 and GB/T 25069-2010 and the following apply.

3.1.1
dictionary attack
a type of attack that trying words or phrases in user-defined dictionaries one by one while cracking passwords

3.1.2
file integrity checking
by establishing a file verification database, calculate and store the verification of each reserved file, and recalculate the stored verification to compare the current value with the stored value, thereby identifying whether the file has been modified

3.1.3
network sniffer
a passive technology that monitors network communication and decoding protocols and checks information headers and payloads concerned, which is also a target recognition and analysis technology

3.1.4
rule set
a set of rules used to compare network traffic or system activity to determine response measures, e.g. sending or denying a packet, creating an alert, or allowing a system event

3.1.5
target of testing and evaluation
the target of different testing and evaluation methods in classified testing and evaluation, mainly involving related information systems, supporting system files, devices, facilities and personnel, etc.

3.2 Abbreviations

For the purposes of this document, the following abbreviations apply.

CNVD: China National Vulnerability Database

DNS: Domain Name System

DDoS: Distributed Denial of Service

ICMP: Internet Control Message Protocol

IDS: Intrusion Detection Systems

IPS: Intrusion Prevention System

MAC: Media Access Control

SSH: Secure Shell

SSID: Service Set Identifier