GB/Z 29830.2-2013
Information technology.Security technology.A framework for IT security assurance.Part 2:Assurance methods (English Version)

Standard No.
GB/Z 29830.2-2013
Language
Chinese, Available in English version
Release Date
2013
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Status
Latest
GB/Z 29830.2-2013
Replace By
KS C IEC 60335-2-11-2014
Scope
1.1 Intent This part of GB/Z 29830 collects some safeguard methods, which also includes some safeguard methods that have an effect on overall ICT security but are not specific to ICT security. This section summarizes the goals of these methods, describes their characteristics and reference documents and standards. In principle, the final result of ICT security assurance is the assurance of products, systems or services in operation. Therefore, the final assurance is the sum of the assurance increments obtained by each assurance method applied in the life stage of the product, system or service. The large number of assurance methods available provide the necessary guidance for application to a given domain in order to obtain accepted assurance. This section uses the basic safeguard concepts and terms in GB/Z 29830.1-2013 to classify each safeguard method collected in this section in an overview. By using this classification, this section guides ICT professionals in the selection of assurance methods and possible combinations of assurance methods to be suitable for a given ICT security product, system or service and its specific environment. 1.2 Fields of application This part gives guidance on safeguard methods in a general and overview manner. In order to obtain a small set of available methods from the methods collected in this section, it should be selected by excluding inappropriate methods. This summary is descriptive and provides a basis for supporting analytical understanding of the original standard. The intended readers of this guidance technical document include: a) acquirers (individuals or organizations that acquire or acquire systems, software products or services from suppliers); b) evaluators (individuals or organizations that perform evaluations; for example, evaluators can be test laboratory, a quality department of a software development organization, a government organization, or a user); c) the developer (an organization or individual who performs development activities, including requirements analysis, design, and acceptance testing during the software life cycle process); d) maintainer (organization or individual who performs maintenance activities); e) supplier when confirming software quality (authorized testing) (provides the system specified in the contract clause in the acquirer's contract,

GB/Z 29830.2-2013 Referenced Document

  • ISO 9000 Quality management systems - Fundamentals and vocabulary [French version]*2015-09-15 Update
  • ISO 9001 Quality management systems - Requirements [Spanish version]
  • ISO/IEC 12207 Systems and software engineering - Software life cycle processes*2017-11-01 Update
  • ISO/IEC 13335-1 Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management
  • ISO/IEC 14598-1 Information technology - Software product evaluation - Part 1: General overview
  • ISO/IEC 15288 ISO/IEC/IEEE International Standard - Systems and software engineering System life cycle processes - Redline
  • ISO/IEC 15408-1 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 1: Introduction and general model*2022-08-09 Update
  • ISO/IEC 15408-2 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components*2022-08-09 Update
  • ISO/IEC 15408-3 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components*2022-08-09 Update
  • ISO/IEC 15504-1 Information technology - Process assessment - Part 1: Concepts and vocabulary
  • ISO/IEC 15504-2 Corrigendum 1 - Information technology - Process assessment - Part 2: Performing an assessment
  • ISO/IEC 15939 Systems and software engineering - Measurement process
  • ISO/IEC 9126-1 Softwar engineering - Product quality - Part 1: Quality model

GB/Z 29830.2-2013 history

  • 2013 GB/Z 29830.2-2013 Information technology.Security technology.A framework for IT security assurance.Part 2:Assurance methods
Information technology.Security technology.A framework for IT security assurance.Part 2:Assurance methods


Copyright ©2024 All Rights Reserved