This standard specifies the testing and evaluation methods for network vulnerability scanning products using Transmission Control Protocol and Internet Protocol (TCP/IP). This standard applies to the evaluation, development and application of security products that perform manual or automatic network vulnerability scanning on computer information systems. This standard does not apply to products that specifically perform vulnerability scanning on database systems.
GB/T 20280-2006 Referenced Document
GB/T 20278-2006 Information security technology. Technique requirement for network vulnerability scanners
GB/T 5271.8-2001 Information technology-Vocabulary Part 8: Security
GB/T 20280-2006 history
2022GB/T 20278-2022 Information security technology—Security technical requirements and testing assessment approaches for network vulnerability scanners
2006GB/T 20280-2006 Information security technology.Testing and evaluation approaches for network vulnerability scanners
GB/T 20280-2006 Information security technology.Testing and evaluation approaches for network vulnerability scanners was changed to GB/T 20278-2022 Information security technology—Security technical requirements and testing assessment approaches for network vulnerability scanners.