national standard
1.On March 9, 2022, GB/T 25069-2022 Technical Terminology of Information Security was released.
This standard defines the terms and definitions of basic or general concepts in the technical field of information security, and classifies projects. It is an important basic standard in the field of information security, and it is also a basic tool for all information security personnel to communicate, carry out research and implement projects in the field of information security.
2. On March 9, 2022, GB/T 20278-2022 "Information Security Technology Network Vulnerability Scanning Product Security Technical Requirements and Test and Evaluation Methods" was released.
This standard specifies the safety technical requirements and test evaluation methods of network vulnerability scanning products. Safety technical requirements are divided into basic level and enhanced level, including safety function requirements, self-safety protection requirements, environmental adaptability requirements and safety guarantee requirements.
3. On March 9, 2022, GB/Z 4 1290-2022 "Information Security Technology Mobile Internet Security Audit Guide" was released.
This standard defines the concept of mobile Internet security audit activities, describes the roles, responsibilities, audit scope and audit contents of mobile Internet security audit activities, and gives the framework, functional tasks and specific guidance of each functional task of security audit activities.
4. On March 9, 2022, GB/Z 4 1288-2022 "Information Security Technology Important Industrial Control System Network Security Protection Guide" was released.
This standard specifies the basic principles, safety protection technology, emergency backup measures and safety management requirements of network security protection for important industrial control systems, so as to establish a network security protection system for important industrial control systems.
5. On March 9, 2022, GB/T 4 124 1-2022 "Network Security Management Requirements for Industrial Control System of Nuclear Power Plant" was issued.
This standard specifies the requirements of network security management, technical protection and emergency management of industrial control system in nuclear power plant, and gives a description of network security classification of industrial control system in nuclear power plant.
6. On March 9, 2022, GB/T 4 1260-2022 "Information Security Requirements for Digital Workshops" was released.
This standard specifies the general rules, management requirements and technical requirements of digital workshop information security, gives the common threats of digital workshop information security, gives an example of digital workshop information security in typical machinery manufacturing industry, and puts forward the requirements for strengthening digital workshop information security.
7. On March 9, 2022, GB/T 4 1267-2022 Safety Technical Requirements for Network Key Equipment Switch Equipment and GB/T 4 1266-2022 Safety Detection Methods for Network Key Equipment Switch Equipment were released.
These two standards complement each other. First, the security function requirements and security guarantee requirements of switch equipment listed in the network key equipment directory are stipulated. The other gives the safety detection and evaluation methods corresponding to the safety function requirements and safety guarantee requirements. Among them, the security function requirements include equipment identification security, redundancy, backup recovery and anomaly detection, vulnerability and defect management, pre-installed software startup and update security, default state security, ability to resist common attacks, user identification and authentication security, access control security, log audit security, communication security, data security and password requirements.
8. On March 9, 2022, GB/T 4 1269-2022 Technical Requirements for Network Key Equipment Security Router Equipment and GB/T 4 1268-2022 Router Equipment Security Detection Method were released.
The two standards are complementary to each other, and one of them stipulates the security function requirements and security guarantee requirements of router equipment listed in the network key equipment directory. The other gives the safety detection and evaluation methods corresponding to the safety function requirements and safety guarantee requirements. Among them, the security function requirements include equipment identification security, redundancy, backup recovery and anomaly detection, vulnerability and defect management, pre-installed software startup and update security, default state security, ability to resist common attacks, user identification and authentication security, access control security, log audit security, communication security, data security and password requirements.
9. On March 9, 2022, GB/T 4 1274-2022 "Intrinsic Safety Architecture of Programmable Control System" was released.
This standard specifies the architecture of endogenous safety of programmable control system, describes the objectives of endogenous safety of programmable control system and the related safety requirements of each unit module, and specifies the endogenous safety requirements of programmable control system. Among them, the goal of endogenous safety of programmable control system is to ensure the integrity of programmable control system, and the related safety requirements of each unit module include full life cycle safety protection, comprehensive diagnosis and high availability realization.
10.0 April 5, 2022 15, GB/T 4 1387-2022 "General Safety Specification for Smart Home with Information Security Technology" was released.
This standard specifies the general technical requirements for smart home security, including the security requirements for smart home terminals, smart home gateways, smart home control terminals and smart home application service platforms, and the corresponding security testing and evaluation methods.
11.On April 5, 2022, GB/T 4 1388-2022, Basic Security Specification for Trusted Execution Environment of Information Security Technology was issued.
The standard establishes the overall technical framework of the trusted execution environment system, and describes the basic requirements of trusted execution environment, trusted virtualization system, trusted operating system, trusted application and service management, cross-platform application middleware and other main contents, as well as their testing and evaluation methods.
12.April 5, 2022 15, GB/T 4 1389-2022 "Information Security Technology SM9 Cryptographic Algorithm Usage Specification" was issued.
This standard specifies the use requirements of SM9 cryptographic algorithm, describes the data formats of keys, encryption and signature, mainly including the key pair, technical requirements and verification methods of SM9, and provides a data format coding test case in the appendix.
13.on April 5, 2022, 139 1-2022 "Basic Requirements for Information Security Technology Mobile Internet Application (App) to Collect Personal Information" was released.
This standard stipulates the basic requirements for the collection of personal information by App, including the minimum necessary collection, necessary personal information, specific types of personal information, informed consent, system authority, third-party collection management and other requirements, and gives the necessary personal information scope and use requirements of commonly used service types App.
14.April 5, 2022 15, GB/T 4 1400-2022 "Information Security Protection Capability Maturity Model of Information Security Technology Industrial Control System" was released.
The standard gives the maturity model of information security protection capability of industrial control system, specifies the requirements of maturity level of core protection object security and general security, and puts forward the verification method of capability maturity level.
15.2022 April 15, GB/T 4 1479-2022 "Information Security Technology Network Data Processing Security Requirements" was released.
This standard specifies the security technology and management requirements of network operators for data processing such as network data collection, storage, use, processing, transmission, provision and disclosure. At the same time, the standard serves as the basis for data security management certification.
16.April 5, 2022 15, GB/T 20984-2022 Information Security Technology Information Security Risk Assessment Method Released.
This standard describes the basic concept of information security risk assessment, the relationship between risk elements, the principle of risk analysis, the implementation process and evaluation method of risk assessment, and the implementation points and work forms of risk assessment at different stages of information system life cycle.
17.April 5, 2022 15, GB/T 29829-2022 "Information Security Technology Trusted Computing Password Support Platform Function and Interface Specification" was released.
The standard gives the system framework and functional principle of the trusted computing password support platform, specifies the interface specification of the trusted password module, and describes the corresponding verification method.
18.April 5, 2022 15, GB/T 30283-2022 information security service Classification and Code of Information Security Technology was released.
This standard describes the classification and codes of information security service, including information security consultation, information security design and development, information security integration, information security operation, information security processing and storage, information security evaluation and certification and other seven aspects.
legal ground
people's republic of china network security law
Article 15 The State shall establish and improve the network security standard system. The State Council standardization administrative department and other relevant departments in the State Council shall, according to their respective functions and duties, organize the formulation and timely revision of national standards and industry standards related to network security management and network products, services and operation safety.
The state supports enterprises, scientific research institutions, universities and network-related industry organizations to participate in the formulation of national and industry standards for network security.