Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard replaces GB/T 25070-2010 Information security technology - Technical requirements of security design for information system classified protection and has the following main changes with respect to GB/T 25070-2010:
——The standard name is changed to Information security technology - Technical requirements of security design for classified protection of cybersecurity;
——The technical requirements of design for security computing environments at all levels are adjusted to the technical requirements of design for general security computing environment, cloud security computing environment, mobile interconnection security computing environment, IoT system security computing environment, and ICS security computing environment;
——The technical requirements of design for security area boundaries at all levels are adjusted to the technical requirements of design for general security area boundary, cloud security area boundary, mobile interconnection security area boundary, IoT system security area boundary, and ICS security area boundary;
——The technical requirements of design for security communication networks at all levels are adjusted to the technical requirements of design for general security communication network, cloud security communication network, mobile interconnection security communication network, IoT system security communication network, and ICS security communication network;
——B.2 "Interface between subsystems" and B.3 "Important data structure" in Annex B are deleted, and B.4 "Trusted verification implementation mechanism for Level 3 system" is added.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this standard shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by and is under the jurisdiction of SAC/TC 260 National Technical Committee on Information Security of Standardization Administration of China.
The previous edition of this standard is as follows:
——GB/T 25070-2010.
Introduction
GB/T 25070-2010 Information security technology - Technical requirements of security design for information system classified protection has played a very important role in the process of classified protection of cybersecurity, and has been widely used to guide the construction and rectification of classified protection of cybersecurity in various industries and fields. However, with the development of information technology, GB/T 25070-2010 needs to be further improved in terms of applicability, timeliness, usability and operability.
With a view to cooperating with the implementation of the Cybersecurity Law of the People's Republic of China and adapting to the proceeding of classified protection of cybersecurity under such new technologies and applications as cloud computing, mobile interconnection, IoT, industrial control and big data, GB/T 25070-2010 shall be revised. The idea and method of revision are to adjust the content of the former national standard GB/T 25070-2010, put forward general security design technical requirements in allusion to common security protection objectives, and put forward special security design technical requirements in allusion to special security protection objectives of the new technologies and application areas such as cloud computing, mobile interconnection, IoT, industrial control and big data.
This standard is one of the series standards related to classified protection of cybersecurity.
Standards in relation to this one include:
——GB/T 25058 Information security technology - Implementation guide for classified protection of information system;
——GB/T 22240 Information security technology - Classification guide for classified protection of information systems security;
——GB/T 22239 Information security technology - Baseline for classified protection of cybersecurity;
——GB/T 28448 Information security technology - Evaluation requirement for classified protection of cybersecurity.
In the text of this standard, those in bold represent requirements that are not present or strengthened in lower level.
Information security technology -
Technical requirements of security design for classified protection of cybersecurity
1 Scope
This standard specifies the technical requirements of security design for targets of classified protection of Level 1 to Level 4 under the classified protection of cybersecurity.
This standard is applicable to guiding the design and implementation of security technical scheme for classified protection of cybersecurity by operating and using units, network security enterprises and network security service organizations, and may also be used as the basis for supervision, inspection and guidance by network security functional departments.
Note: The targets of classified protection of Level 5 are very important supervision and management objects and special management mode and security design technical requirements are proposed for them, which are not described herein.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB 17859-1999 Classified criteria for security protection of computer information system
GB/T 22240-2008 Information security technology - Classification guide for classified protection of information systems security
GB/T 25069-2010 Information security technology - Glossary
GB/T 31167-2014 Information security technology - Security guide of cloud computing services
GB/T 31168-2014 Information security technology - Security capability requirements of cloud computing services
GB/T 32919-2016 Information security technology - Application guide to industrial control system security control
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB 17859-1999, GB/T 22240-2008, GB/T 25069-2010, GB/T 31167-2014, GB/T 31168-2014 and GB/T 32919-2016 as well as the followings apply. For the convenience of application, some terms and definitions specified in GB/T 31167-2014 are listed below.
3.1
cybersecurity
capabilities to prevent the network from attack, intrusion, interference, damage, illegal use and unexpected accident, enable the network to operate stably and reliably and ensure the integrity, confidentiality and availability of network data by taking necessary measures
[GB/T 22239-2019, Definition 3.1]
3.2
classified system
system with a classified protection of security. The classified systems are divided into Levels 1, 2, 3, 4 and 5 systems
3.3
security environment of classified system
an environment consisting of security computing environment, security area boundary, security communication network, and/or security management center for the security protection of the classified system
3.4
security computing environment
relevant components that store and process the information of the classified system and implement security policies
3.5
security area boundary
security computing environment boundary of the classified system, as well as relevant components that realize connections and implement security policies between the security computing environment and the security communication network
3.6
security communication network
relevant components that perform information transmission and implement security policies between the security computing environments of the classified system
3.7
security management center
a platform or area that implements unified management of the security policies as well as the security mechanisms on the security computing environment, security area boundary and security communication network of the classified system
3.8
security management center for cross classified system
a platform or area that implements unified management of the security policies and the security mechanisms on security interconnection components for interconnection between classified systems of the same or different levels
3.9
classified system interconnection
secure connections realized between the security environments of classified systems of the same or different levels by the security interconnection components and the security management center for cross classified system
3.10
cloud computing
a kind of mode in which extensible and elastic sharable physical and virtual resource pools are supplied and managed in the mode of on-demand self-service via network
Note: Resources include the server, operating system, network, software, application and storage equipment.
[GB/T 32400-2015, Definition 3.2.5]
3.11
cloud computing platform
a collection of cloud computing infrastructure and its service layer software provided by the cloud service provider
[GB/T 31167-2014, Definition 3.7]
3.12
cloud computing environment
a collection of cloud computing platform provided by the cloud service provider and software and related components deployed by customers on the cloud computing platform
[GB/T 31167-2014, Definition 3.8]
3.13
mobile interconnection system
information system adopting mobile interconnection technology and with the mobile applications as the main form of distribution, which enables users to get business and service through the mobile terminals of mobile internet system
3.14
internet of things
system consisting of sensor nodes connected via internet or other networks
[GB/T 22239-2019, Definition 3.15]
3.15
sensor layer gateway
device for summarizing, properly processing or integrating and forwarding the data collected at sensor nodes
3.16
sensor node
device capable of conducting network communication and used for acquiring information and/or executing operation for things or environment
3.17
data freshness
characteristic of identifying received historical data or data beyond the time limit
3.18
field device
device connected to the ICS field, including RTUs, PLCs, sensors, actuators, human-machine interfaces and related communication devices, etc.
3.19
fieldbus
a kind of digital serial multi-point bi-directional data bus or communication link between underlying industrial field devices (such as sensors, actuators, controllers and control room devices). Using fieldbus technology does not require point-to-point wiring between the controller and each field device. The bus protocol is used to define messages on the fieldbus network, each message identifies a specific sensor on the network
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
3G: 3rd Generation Mobile Communication Technology
4G: 4th Generation Mobile Communication Technology
API: Application Programming Interface
BIOS: Basic Input Output System
CPU: Central Processing Unit
DMZ: Demilitarized Zone
GPS: Global Positioning System
ICS: Industrial Control System
IoT: Internet of Things
NFC: Near Field Communication
OLE: Object Linking and Embedding
OPC: OLE for Process Control
PLC: Programmable Logic Controller
RTU: Remote Terminal Units
VPDN: Virtual Private Dial-up Networks
SIM: Subscriber Identification Module
WiFi: Wireless Fidelity
5 Overview on security technology design for classified protection of cybersecurity
5.1 Framework of security technology design for general classified protection
The security technology design for classified protection of cybersecurity includes the design of security environment of systems at all levels and the design of their security interconnection, as shown in Figure 1. The security environment of system at each level consists of security computing environment, security area boundary, security communication network and/or security management center of the corresponding level. The classified system interconnection consists of security interconnection components and security management center for cross classified system.
Figure 1 Framework of security technology design for classified protection of cybersecurity
Clauses 6 to 11 of this standard put forward corresponding technical requirements of design for each part of Figure 1 (except for the requirements of design for security environment of Level 5 network). Annex A gives the design of access control mechanism, and Annex B gives an example of the design for security environment of Level 3 system. In addition, Annex C gives the technical requirements of big data design.
When designing the security environment of classified system, the classified system may be further divided into different subsystems in combination with the system's own business requirements, and then the security environment of each subsystem can be designed after determining the level of each subsystem.
5.2 Framework of security technology design for classified protection of cloud computing
Combining the hierarchical framework of cloud computing functions and the security characteristics of cloud computing, the protection technology framework of security design for cloud computing is constructed, which consists of cloud user layer, access layer, service layer, resource layer, hardware facility layer and management layer (cross-layer function). In this framework, the center refers to the security management center, and the triple protection includes security computing environment, security area boundary and security communication network, as shown in Figure 2.
Figure 2 Framework of security technology design for classified protection of cloud computing
Users can securely access the security computing environment provided by cloud service providers through the security communication network by means of direct network access, API interface access and WEB service access, among which the security of the user terminal itself is beyond the scope of this part. Security computing environment includes resource layer security and service layer security. The resource layer is divided into physical resources and virtual resources. It is necessary to clarify the technical requirements of security design for physical resources and the requirements for security design for virtual resources, among which the physical and environmental security are beyond the scope of this part. The service layer is the realization of the services provided by cloud service providers, including the software components needed to realize the services. According to different service modes, cloud service providers and cloud tenants have different security responsibilities. The security design for service layer needs to specify the technical requirements of security design within the resources controlled by cloud service providers, and the cloud service providers may provide security technology and security protection capabilities for cloud tenants by providing security interfaces and security services. The system management, security management and security audit of cloud computing environment are under the unified control of the security management center. Combined with this framework, the security technology design for different levels of cloud computing environments can be performed, and the security design for different levels of cloud tenants (business systems) is supported by the service layer security.
5.3 Framework of security technology design for classified protection of mobile interconnection
The reference architecture of mobile interconnection system security protection is shown in Figure 3, in which the security computing environment consists of three security domains: core business domain, DMZ domain and remote access domain; the security area boundary consists of mobile interconnection system area boundary, mobile terminal area boundary, traditional computing terminal area boundary, core server area boundary and DMZ area boundary; and the security communication network consists of wireless networks built by mobile operators or users themselves.
a) Core business domain
The core business domain is the core area of the mobile interconnection system, which is composed of mobile terminals, traditional computing terminals and servers to complete the processing, maintenance, etc. of mobile interconnection services. The core business domain shall focus on ensuring the operating system security, application security, network communication security and device access security of servers, computing terminals and mobile terminals in the domain.
b) DMZ domain
The DMZ domain is the external service area of the mobile interconnection system, where servers and applications for external services, such as Web servers and database servers, are deployed. This area is connected with the Internet, and access requests from the Internet shall be routed through this area to access the core business domain. The DMZ domain shall focus on ensuring the security of server operating systems and applications.
Figure 3 Framework of security technology design for classified protection of mobile interconnection
c) Remote access domain
The remote access domain consists of mobile terminals that can be controlled by the mobile interconnection system operators and users and remotely access the network of the mobile interconnection system operators and users through VPN and other technical means, so as to complete telecommuting, application system management and control and other services. The remote access domain shall focus on ensuring the security of remote mobile terminal operation, access to mobile interconnection application system and communication network.
This standard classifies computing nodes in mobile interconnection system into two categories: mobile computing nodes and traditional computing nodes. The mobile computing nodes mainly include the mobile terminals in remote access domain and core business domain, while the traditional computing nodes mainly include the traditional computing terminals and servers in core business domain. The security design for traditional computing nodes and their boundaries may refer to the general security design requirements, and the security design for computing environment, area boundary and communication network of mobile interconnection mentioned below are specific to the mobile computing nodes.
5.4 Framework of security technology design for classified protection of internet of things
Combined with the characteristics of the internet of things (IoT) system, the triple protection system of security computing environment, security area boundary and security communication network is constructed with support of the security management center. The framework of security protection design for IoT system supported by the security management center is shown in Figure 4. Both the sensor layer and application layer of the IoT are composed of the computing environment for completing the computing tasks and the area boundaries connecting the network communication domains.
Figure 4 Framework of security technology design for classified protection of IoT system
a) Security computing environment
It includes relevant components in the sensor layer and application layer of the IoT system that store and process the information of the grading system and implement security policies, such as objects, computing nodes and sensing control devices in the sensor layer, and computing resources and application services in the application layer.
b) Security area boundary
It includes the security computing environment boundary of the IoT system and the relevant components that realize connections and implement security policies between the security computing environment and the security communication network, such as the boundary between the sensor layer and the network layer, and the boundary between the network layer and the application layer.
c) Security communication network
It includes the relevant components that perform information transmission and implement security policies between the security computing environments and security areas of the IoT system, such as the communication network of the network layer and the communication network between the security computing environments in the sensor layer and the application layer.
d) Security management center
It includes a platform that implements unified management of the security policies as well as the security mechanisms on the security computing environment, security area boundary and security communication network of the IoT system, including three parts: system management, security management and audit management. Only the security environments of the Level 2 and above are designed with security management centers.
5.5 Framework of security technology design for classified protection of industrial control
For the industrial control system, it is partitioned according to the business nature of the protected object, and the classified protection of cybersecurity is designed according to the technical characteristics of the functional layers. The framework of security technology design for classified protection of industrial control system is shown in Figure 5. The security technology design for classified protection of industrial control system is based on the triple protection system of computing environment, area boundary and communication network with support of the security management center. It is a layered and partitioned architecture, and is designed in combination with the characteristics of complex and diverse bus protocols, high real-time requirements, limited node computing resources, high device reliability requirements, short failure recovery time, and no influence of security mechanism on real-time of the industrial control system, so as to realize reliable, controllable and manageable system security interconnection, area boundary security protection and computing environment security.
The industrial control system is divided into four layers, that is, Layers 0~3 are within the scope of classified protection of industrial control system and are the areas covered by the design framework. The industrial control system is horizontally divided into security areas to form different security protection areas according to the importance, real-time, relevance, degree of influence on field controlled device, function range and asset attributes of the business in the industrial control system. The system shall all be placed in the corresponding security area, and the specific partition shall be subject to the actual situation of the industrial field (the partitioning methods include but are not limited to: Layers 0~2 form a security area, Layers 0~1 form a security area, there are different security areas in the same layer, etc.)
The partitioning principle is based on the real-time nature of business systems or their functional modules, the users, main functions, device usage places, the relationship between business systems, WAN communication modes and the degree of influence on the industrial control system. For additional security and reliability requirements, the main security areas may be further divided into sub-areas according to the operating functions. Dividing the device into different areas can effectively establish the "in-depth protection" strategy. The control functions of each system with the same functions and security requirements are divided into different security areas, and the network segment address is assigned to each security function area in accordance with the principle of convenient management and control.
The design framework is enhanced level by level, but the protection categories are the same, only with different strength of security protection design. The protection categories are: security computing environment, including the relevant components for storing and processing information and implementing security policies in Layers 0~3 of industrial control system; security area boundary, including the security computing environment boundary, as well as the relevant components that realize connections and implement security policies between security computing environment and security communication network; security communication network, including the relevant components that perform information transmission and implement security policies between security computing environment and network security area; security management center, including the platform that implements unified management of the security policies as well as the security mechanisms on the security computing environment, security area boundary and security communication network of the classified system, which consists of three parts: system management, security management and audit management.
Note 1: According to IEC/TS 62443-1-1, the industrial control system is divided into the following functional layers: Layer 0 (field device layer), Layer 1 (field control layer), Layer 2 (process monitoring layer), Layer 3 (production management layer), and Layer 4 (enterprise resource layer).
Note 2: An information security area may include several sub-areas of different levels.
Note 3: The vertical partitioning is subject to the actual situation of the industrial field (the partitioning in the figure is exemplary), and the partitioning methods include but are not limited to: Layers 0~2 form a security area, Layers 0~1 form a security area, etc.
Figure 5 Framework of security technology design for classified protection of industrial control system
6 Design for security environment of Level 1 system
6.1 Design objective
The design objective of the security environment of Level 1 system is to realize discretionary access control of the classified system according to the security protection requirements for Level 1 system in GB 17859-1999, so that the system users have the ability of self-protection for their objects.
6.2 Design strategy
The design strategy of the security environment of Level 1 system is to provide users and/or user groups with discretionary access control to files and database tables based on identity authentication by following the relevant requirements of GB 17859-1999, 4.1, so as to achieve user-data isolation and enable users to have independent security protection capability; to provide area boundary protection by means of packet filtering; to provide data and system integrity protection by means of data validation and unwanted code prevention.
The design of the security environment of Level 1 system is realized through the design of security computing environment, security area boundary and security communication network of Level 1 system. All computing nodes shall be based on the trusted root to realize the trusted verification from booting to operating system startup.
6.3 Technical requirements of design
6.3.1 Technical requirements of design for security computing environment
6.3.1.1 Technical requirements of design for general security computing environment
The requirements include:
a) User identity authentication
User identification and user authentication shall be supported. When each user is registered in the system, the user name and user identifier are used to identify the user identity; every time a user logs in to the system, the password authentication mechanism is used to authenticate the user identity, and the password data is protected.
Foreword II
Introduction IV
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Overview on security technology design for classified protection of cybersecurity
5.1 Framework of security technology design for general classified protection
5.2 Framework of security technology design for classified protection of cloud computing
5.3 Framework of security technology design for classified protection of mobile interconnection
5.4 Framework of security technology design for classified protection of internet of things
5.5 Framework of security technology design for classified protection of industrial control
6 Design for security environment of Level 1 system
6.1 Design objective
6.2 Design strategy
6.3 Technical requirements of design
7 Design for security environment of Level 2 system
7.1 Design objective
7.2 Design strategy
7.3 Technical requirements of design
8 Design for security environment of Level 3 system
8.1 Design objective
8.2 Design strategy
8.3 Technical requirements of design
9 Design for security environment of Level 4 system
9.1 Design objective
9.2 Design strategy
9.3 Technical requirements of design
10 Design for security environment of Level 5 system
11 Design for classified system interconnection
11.1 Design objective
11.2 Design strategy
11.3 Technical requirements of design
Annex A (Informative) Design of access control mechanism
Annex B (Informative) Design examples for security environment of Level 3 system
Annex C (Informative) Technical requirements of design for big data
Bibliography