GB/T 18336.1-2008
Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model (English Version)

Standard No.
GB/T 18336.1-2008
Language
Chinese, Available in English version
Release Date
2008
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Status
 2016-01
Replace By
GB/T 18336.1-2015
Latest
GB/T 18336.1-2015
Replace
GB/T 18336.1-2001
Scope
GB/T 18336 is intended as a basic criterion for evaluating the security features of information technology products and systems. By establishing such a common criterion base, the results of information technology security assessment can be understood by more people. Some content is not within the scope of GB/T 18336 because it involves professional technology or just peripheral technology of IT security. For example: a) GB/T 18336 does not include those security assessment criteria that are administrative security measures that are not directly related to IT security measures. However, it should be recognized that some important components of TOE security can usually be achieved through administrative management measures such as organizational, personnel, physical, and procedural controls. In the operating environment of TOE, when administrative security measures affect the ability of IT security measures to counteract identified threats, it is assumed to be safe to use; b) GB/T 18336 does not explicitly cover technical aspects of IT security such as electromagnetic radiation control Physical aspects of the assessment, although many of the concepts in the standard apply to this area. In other words, GB/T 18336 only deals with certain aspects of TOE physical protection; c) GB/T 18336 does not focus on the evaluation methodology, nor on the management and legal framework for the use of this standard by the governing body, but It is hoped that GB/T 18336 can be used for evaluation in an environment with such a framework and methodology; d) The procedures for the evaluation results to be used for product or system approval do not belong to the scope of GB/T 18336. Certification of a product or system is the administrative process whereby an IT product or system is permitted to be used in its entire operating environment. The assessment focuses on the IT security portion of the product or system, and those operating environments that directly affect the secure use of the IT unit. Therefore, the evaluation results are an important input to the accreditation process. However, since other technologies are more suitable for evaluating the security features of non-IT-related systems or products and their relationship with IT security, the accreditor should formulate different clauses for these situations; e) GB/T 18336 does not include the evaluation of cryptographic algorithms Standard clauses related to inherent quality. If independent evaluation of the mathematical characteristics of the cryptographic algorithm embedded in TOE is required, special provisions must be made for the relevant evaluation in the evaluation system using GB/T 18336. This standard defines two structures to express IT security functions and assurance requirements. Among them, Protection Profiles (PP) allow the creation of some common reusable sets of security requirements. PP can be used by target customers to specify and identify products and their IT security features that meet their needs. Security Objectives (ST) are used to describe the security requirements and specify the security functions of the product or system being evaluated. These products are usually called Object of Evaluation (TOE). ST is used by assessors as a technique for conducting assessment activities under the guidance of GB/T 18336.

GB/T 18336.1-2008 history

  • 2015 GB/T 18336.1-2015 Information technology.Security techniques.Evaluation criteria for IT security.Part 1:Introduction and general model
  • 2008 GB/T 18336.1-2008 Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model
  • 2001 GB/T 18336.1-2001 Information technology--Security techniques--Evaluation criteria for IT security Part 1: Introduction and general model
Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model

GB/T 18336.1-2008 -All Parts

GB/T 18336.1-2015 Information technology.Security techniques.Evaluation criteria for IT security.Part 1:Introduction and general model GB/T 18336.2-2015 Information technology.Security techniques.Evaluation criteria for IT security.Part 2: Security functional components GB/T 18336.3-2015 Information technology.Security techniques.Evaluation criteria for IT security.Part 3:Security assurance components


Copyright ©2024 All Rights Reserved