标准编号:	GA/T 686-2007
中文名称:	信息安全技术 虚拟专用网安全技术要求
英文名称:	Information security technology - Technical requirements of virtual private network security
中标分类:	A90    社会公共安全综合
行业分类:	GA    公共安全行业标准
ICS分类:	35.040 35.040    字符集和信息编码 35.040
发布机构:	中华人民共和国公安部
发布日期:	2007-3-20
实施日期:	2007-5-1
标准状态:	superseded
被新标准替代:	GA/T 686-2018 信息安全技术 虚拟专用网产品安全技术要求
被替代日期:	2018-1-26
翻译语言:	英文
文件格式:	PDF
中文字符数:	42000 字
翻译价格(元):	2940.0
交付时间:	付款后 1 个工作日

1 Scope This standard specifies the detailed technical requirements for the security level protection devision of Virtual Private Network (VPN) in GB 17859-1999. This standard is applicable to the design and implementation of VPN according to the requirements of security level protection in GB 17859-1999. The requirements for the security level protection may also be referred to and applied for the test and management of VPN. 2 Normative References The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, subsequent amendments (excluding amending errors in the text) to, or revisions of, any of these publications do not apply. However, all parties coming to an agreement according to this standard are encouraged to study whether the latest editions of these documents are applicable. For undated references, the latest edition of the normative documents referred to applies.

Contents Foreword I Introduction II 1 Scope 2 Normative References 3 Terms, Definitions and Abbreviations 3.1 Terms and Definitions 3.2 Aacronyms 4 General Description of VPN 4.1 Overview 4.2 Secure Environment 4.2.1 Security Threat 4.2.2 Security Application Assumption 5 Technical Requirements of Security Function 5.1 Identification and Authentication 5.1.1 User Identification 5.1.2 User Authentication 5.1.3 Authentication Failure Handling 5.1.4 User Subject Binding 5.2 Security Audit 5.2.1 Response of Security Audit 5.2.2 Generation of Security Audit Data 5.2.3 Security Audit Analysis 5.2.4 Security Audit Consult 5.2.5 Storage of Security Audit Event 5.2.6 Security Audit and Evaluation of Network Environment 5.3 Non-repudiation of Communication 5.3.1 Non-repudiation of Origin 5.3.2 Non-repudiation of Receipt 5.4 Label 5.5 Discretionary Access Control 5.6 Mandatory Access Control 5.7 Storage pPotection of User Data 5.8 Protection of User Data Transmission 5.8.1 Protection of User Data Transmission in VPN 5.8.2 Protection of Data Output from VPN to Public Network 5.8.3 Protection of Data Input from Public Network to VPN 5.9 Protection of User Data Integrity 5.9.1 Integrity of Stored Data 5.9.2 Integrity of Transmit Data 5.9.3 Integrity of Processing Data 5.10 Residual Information Protection 5.11 Convert Channel Analysis 5.11.1 Normal Covert Channel Analysis 5.11.2 Systematized Covert Channel Analysis 5.11.3 Complete Covert Channel Analysis 5.12 Trusted Path 5.13 Password Support 6 Technical Requirements on Security Assurance 6.1 Self Security Protection of VPN Security Function 6.1.1 Security Run Test 6.1.2 Failure Protection 6.1.3 Availability of VPN Security Function Data Output 6.1.4 Confidentiality of VPN Security Function Data Output 6.1.5 Integrity of VPN Security Function Data Output 6.1.6 Transmission of VPN Security Function Data in VPN 6.1.7 Physical Security Protection 6.1.8 Trusted Recovery 6.1.9 Replay Detection 6.1.10 Reference Arbitration 6.1.11 Domain Splitting 6.1.12 Status Synchronization Protocol 6.1.13 Time Stamp 6.1.15 Security Function Detection 6.1.16 Employment of Resource 6.1.17 Access Control of TCB of VPN 6.1.18 Trusted Path / (Signal) Channel 6.2 Design And Realization of VPN 6.2.1 Configuration Management 6.2.2 Distribution and Operation 6.2.3 Development 6.2.4 Instructive Document 6.2.5 Life Cycle Support 6.2.6 Test 6.2.7 Vulnerability Evaluation 6.3 Security Management of Trusted Computing Base (TCB) of VPN 6.3.1 Function Management 6.3.2 Management of Security Attribute 6.3.3 Management of TCB Security Function Data of VPN 6.3.4 Security Role Management 6.3.5 Time Limit Authorization 6.3.6 Revocation 7 Classification Requirements of VPN Security Protection 7.1 Level 1: User Discretionary Protection Level 7.1.1 Technical requirements of security function 7.1.2 Technical Requirements of Security Assurance 7.2 Level 2: System Audit Protection Level 7.2.1 Technical Requirements of Security Function 7.2.2 Technical Requirements of Security Assurance 7.3 Level 3: Security Label Protection Level 7.3.1 Technical Requirements of Security Function 7.3.2 Technical Requirements of Security Assurance 7.4 Level 4: Structurization Protection Level 7.4.1 Technical Requirements of Security Function 7.4.2 Technical Requirements of Security Assurance 7.5 Level 5: Access Verification Protection Level 7.5.1 Technical Requirements of Security Function 7.5.2 Technical Requirements of Security Assurance Appendix A (Informative) Explanation of Standard Concept A.1 Composition and Interrelationship A.2 Classification of VPN Security Level A.3 Subject and Object in VPN A.4 TCB, Security Function and Security Function Policy in VPN A.5 Cryptographic Technique References