GB/T 21028-2007 Translated English of Chinese Standard. (GBT 21028-2007, GB/T21028-2007, GBT21028-2007): Information Security Technology - Security Techniques Requirements for Server
https://www.chinesestandard.net, 2020. 1. 4. - 56페이지
This Standard specifies, based on the five security protection levels specified in GB 17859-1999, the security technical requirements required by the server and the different security technical requirements for each security protection level.
Requirements of Server Security Classification
Appendix A Informative Relevant Concept Explanation
access control list access verification protection achieve the data achieve the security achieve the server achieve the SSF allow the legitimate application system audit data audit protection level backup and recovery control the access coupled cluster Data integrity database management system deny the illegal description in 4.3.5 design and achieve different requirements different security levels discretionary access control discretionary protection level electromagnetic interference electromagnetic protection following aspects function of server GB/T ID authentication illegal operation label protection level legitimate operation malicious code protection mandatory access control operating system operation and deny protection of server requirements of different security audit function security label protection security policies security protection level self-information server access verification server security label server structured protection server system audit server user discretionary structured protection level subject and object system audit protection user data confidentiality user data stored user discretionary protection user identification user logged user’s verification protection level