1 Scope
This standard specifies the security function requirements, self-security requirements and security assurance requirements of network vulnerability scanners and classifies their levels according to different security technical requirements for network vulnerability scanners.
This standard is applicable to the development, production and detection of network vulnerability scanners.
2 Normative References
The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition (including any amendments) applies to this document.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 3: Security Assurance Requirements
GB/T 25069-2010 Information Security Technology - Glossary
3 Terminologies and Definitions
For the purpose of this standard, the terminologies and definitions specified in GB/T 17859-1999 and GB/T 25069-2010 as well as the following ones apply.
3.1
Scan
The process of detecting the target system with technological tools for security risks existing in target system.
3.2
Vulnerability
The weakness in network system that may be made use of and cause hazard.
3.3
Network vulnerability scan
Remotely detect target system for security risk through network, inspect and analyze its security vulnerability thereby find out the security hole that may be utilized by intruder, and recommend some preventative and remedial measures.
3.4
Banner
A piece of information sent by application program, generally including words of welcome, application name and version, etc.
4 Abbreviations
Foreword i
1 Scope
2 Normative References
3 Terminologies and Definitions
4 Abbreviations
5 Level Classification of Network Vulnerability Scanners
5.1 Description of Level Classification
5.2 Level Classification
6 Service Environment
7 Security Technical Requirements for Basic Level
7.1 Security Function Requirements
7.2 Self-security Requirements
7.3 Security Assurance Requirements
8 Security Technical Requirements for Enhanced Level
8.1 Security Function Requirements
8.2 Self-security Requirements
8.3 Security Assurance Requirements