This standard specifies the technical requirements for network vulnerability scanning products using Transmission Control Protocol and Internet Protocol (TCP/IP), proposes the security goals and environment realized by network vulnerability scanning products, and provides basic functions, enhanced functions and security guarantees of products Require. This standard applies to the development, production and certification of security products that scan systems and equipment for vulnerabilities through the network. This standard does not apply to products that specifically perform vulnerability scanning on database systems.
GB/T 20278-2006 history
2022GB/T 20278-2022 Information security technology—Security technical requirements and testing assessment approaches for network vulnerability scanners
2013GB/T 20278-2013 Information security technology.Security technical requirements for network vulnerability scanners
2006GB/T 20278-2006 Information security technology. Technique requirement for network vulnerability scanners