GB/T 21028-2007 Translated English of Chinese Standard. (GBT 21028-2007, GB/T21028-2007, GBT21028-2007): Information Security Technology - Security Techniques Requirements for Server
https://www.chinesestandard.net, 2020 M01 4 - 56 pages
This Standard specifies, based on the five security protection levels specified in GB 17859-1999, the security technical requirements required by the server and the different security technical requirements for each security protection level.
Requirements of Server Security Classification
Appendix A Informative Relevant Concept Explanation
access verification protection according achieve the security achieve the SSF allow the legitimate and/or application system audit data audit review backup and recovery basic configuration control the access Data integrity database management system Dataflow control deny the illegal description in 4.3.1 description in 4.3.5 design and achieve detection device label different requirements different security levels discretionary access control divided electromagnetic protection ensure established following aspects GB/T granularity ID authentication illegal operation implementing label protection level legitimate operation mandatory access control measures mechanism operating system perform permissions prevent protection functions protection of server requirements of different security audit function security function security label protection security monitoring security policies security protection sensitive label server device specific SSOS security Standard status structured protection level subject and object system audit protection transmitted uniqueness user data user identification user logged verification protection level