1 Scope
This standard specifies the security function requirements, security assurance requirements, environmental adaptation requirements and performance requirements of network and terminal separation products.
This standard is applicable to the design, development and test of network and terminal separation products.
2 Normative References
The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition (including any amendments) applies to this document.
GB 17859-1999 Classified Criteria for Security Protection of Computer Information System
GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria For IT Security - Part 3: Security Assurance Requirements
GB/T 25069-2010 Information Security Technology - Glossary
3 Terminologies and Definitions
For the purpose of this standard, the following terms and definitions as well as those defined in GB 17859-1999 and GB/T 25069-2010 apply.
3.1
Security domain
The computer or network area with the same security protection demand and security policy.
3.2
Physical disconnection
The case that the networks in different security domains cannot be directly or indirectly connected.
Note: in one physical network environment, the physical disconnection of networks in different security domains shall technically ensure disconnection of information in physical transmission and physical storage.
3.3
Protocol conversion
The separation and reestablishment of protocol. Separate the application data in the network-based common protocol from one end of separation product in a certain security domain, package to transmit special system protocol to the other end of separation product in other security domain, then separate the special protocol and package it into the required format.
3.4
Protocol separation
The networks in different security domains are physically connected, it is ensured that the protected information is logically separated through protocol conversion, and only the information with limited content required by the system for transmission may pass through.
3.5
Information ferry
It is a mode of information exchange, physical transmission channel only exists during transmission.
Foreword i
1 Scope
2 Normative References
3 Terminologies and Definitions
4 Description of Network and Terminal Separation Products
5 Security Technical Requirements
5.1 Overall Description
5.1.1 Classification of Security Technical Requirements
5.1.2 Security Level
5.2 Security Function Requirements
5.2.1 Terminal Separation Products
5.2.2 Network Separation Product
5.2.3 Network Unilateral Transmission Product
5.3 Security Assurance Requirements
5.3.1 Requirements for Basic Level
5.3.2 Requirements for Enhanced Level
5.4 Environmental Adaptation Requirements
5.4.1 Next Generation of Internet Support (if any)
5.4.2 Support IPv6 Transition Network Environment (optional)
5.5 Property Requirements
5.5.1 Exchange Rate
5.5.2 Hardware Switching Time
Bibliography