According to the National Standards Announcement of the People's Republic of China (No. 1, 2023) issued by the State Administration for Market Regulation and the National Standardization Administration on March 17, 2023, 12 national cybersecurity standards under the jurisdiction of the National Information Security Standardization Technical Committee were officially released. Recently, the full text of the standard was officially released. Lianshi collected and compiled the full text of these 12 new national standards for readers to learn and refer to. The standard covers the evaluation of the effect of de-identification of personal information, data security in the telecommunications field, network security service cost measurement, and network security situation awareness. , Network security practitioners' capabilities, public domain name service system, entity authentication, digital signature, information system security assurance assessment framework, public key infrastructure PKI system, IPSec VPN secure access and other fields of technical requirements. The release of 12 new national standards plays an important role in regulating the development and utilization of enterprise data, enhancing network and data security capabilities, and implementing national requirements .
Follow this account, private message the editor, and you can package and download the PDF HD version of the 12 national standards for network and data security.
Note: The original text of the standard comes from the website of the Central People's Government of the People's Republic of China and the Internet ( http://www.gov.cn/fuwu/bzxxcx/bzh.htm ). If there is any infringement, please contact to modify or delete.
List of 12 National Standards for Network and Data Security
| serial number | standard encdoing | standard name |
| 1 | GB/T 42460-2023 | "Information Security Technology Personal Information De-identification Effect Evaluation Guide" |
| 2 | GB/T 42447-2023 | "Guidelines for Data Security in the Field of Information Security Technology and Telecommunications" |
| 3 | GB/T 42461-2023 | "Information Security Technology Network Security Service Cost Measurement Guide" |
| 4 | GB/T 42453-2023 | "General Technical Requirements for Information Security Technology Network Security Situational Awareness" |
| 5 | GB/T 42446-2023 | "Basic Requirements for the Competence of Information Security Technology Network Security Practitioners" |
| 6 | GB/T 33134-2023 | "Information Security Technology Public Domain Name Service System Security Requirements" |
| 7 | GB/T 15843.3-2023 | "Information Technology Security Technology Entity Authentication Part 3: Mechanisms Using Digital Signature Technology" |
| 8 | GB/T 17902.1-2023 | "Information Technology Security Techniques Digital Signatures with Appendix Part 1: Overview" |
| 9 | GB/T 20274.1-2023 | "Information Security Technology Information System Security Assurance Assessment Framework Part 1: Introduction and General Model" |
| 10 | GB/T 21053-2023 | "Information Security Technology Public Key Infrastructure PKI System Security Technical Requirements" |
| 11 | GB/T 21054-2023 | "Information Security Technology Public Key Infrastructure PKI System Security Evaluation Method" |
| 12 | GB/T 32922-2023 | "Information Security Technology IPSec VPN Secure Access Basic Requirements and Implementation Guide" |
"Information Security Technology Personal Information De-identification Effect Evaluation Guide"
- Implementation date: 2023-10-01
- Standard number: GB/T 42460-2023
- Overview/Requirements: This document provides guidance on grading and evaluating the effects of de-identification of personal information. It is applicable to personal information de-identification activities, as well as personal information security management, supervision and evaluation.
"Guidelines for Data Security in the Field of Information Security Technology and Telecommunications"
- Implementation date: 2023-10-01
- Standard number: GB/T 42447-2023
- Overview/requirements: This document provides the security principles and general security measures for carrying out data processing activities in the telecommunications field, and the corresponding security measures that should be taken in the process of data collection, storage, use, processing, transmission, provision, disclosure, and destruction . It is applicable to guide telecom data processors to carry out data security protection work, and also to guide third-party organizations to carry out telecom data security assessment work.
"Information Security Technology Network Security Service Cost Measurement Guide"
- Implementation date: 2023-10-01
- Standard number: GB/T 42461-2023
- Overview/Requirements: This document establishes the cost components of cybersecurity services and provides guidance on cost measurement for cybersecurity services. The cost of cyber security services in this document does not include profit. It is applicable to network security service supply and demand parties to carry out activities such as network security service cost budget, project bidding, project final accounts, and related contract preparation, and other related parties can refer to it.
"General Technical Requirements for Information Security Technology Network Security Situational Awareness"
- Implementation date: 2023-10-01
- Standard number: GB/T 42453-2023
- Overview/requirements: This document gives the technical framework of network security situational awareness, and specifies the general technical requirements of the core components in the framework. This document is applicable to the planning, design, development, construction and Evaluation.
"Basic Requirements for the Competence of Information Security Technology Network Security Practitioners"
- Implementation date: 2023-10-01
- Standard number: GB/T 42446-2023
- Overview/Requirements: This document establishes the classification of cybersecurity practitioners and specifies the knowledge and skill requirements for each type of practitioner. It is applicable to the use, training, evaluation, and management of network security practitioners by various organizations.
"Information Security Technology Public Domain Name Service System Security Requirements"
- Implementation date: 2023-10-01
- Standard number: GB/T 33134-2023
- Overview/Requirements: This document specifies the security technical requirements and security management requirements for the public domain name service system. It is applicable to the operation and management of public domain name service systems at all levels.
"Information Technology Security Technology Entity Authentication Part 3: Mechanisms Using Digital Signature Technology"
- Implementation date: 2023-10-01
- Standard number: GB/T 15843.3-2023
- Overview/Requirements: This document specifies two types of entity authentication mechanisms using digital signature technology. The first category does not introduce an online trusted third party, including two one-way authentication mechanisms and three two-way authentication mechanisms; the second category introduces an online trusted third party, and also includes two one-way authentication mechanisms and three two-way authentication mechanisms. It is suitable for guiding the research of entity authentication mechanism using digital signature technology, as well as the development and application of related products and systems.
"Information Technology Security Techniques Digital Signatures with Appendix Part 1: Overview"
- Implementation date: 2023-10-01
- Standard number: GB/T 17902.1-2023
- Overview/Requirements: GB/T 17902 specifies several digital signature mechanisms with appendices for signing messages of arbitrary length. This document includes the general principles and requirements of digital signatures with appendices, as well as the definitions and symbols used in various parts of GB/T 17902.
"Information Security Technology Information System Security Assurance Assessment Framework Part 1: Introduction and General Model"
- Implementation date: 2023-10-01
- Standard number: GB/T 20274.1-2023
- Overview/Requirements: This document presents the basic concepts and models of information system security assurance, and proposes an assessment framework for information system security assurance. It is suitable for guiding system builders, operators, service providers and evaluators to carry out information system security assurance work.
"Information Security Technology Public Key Infrastructure PKI System Security Technical Requirements"
- Implementation date: 2023-10-01
- Standard number: GB/T 21053-2023
- Overview/requirements: This document divides the security level of PKI system into basic level and enhanced level, and specifies the security function requirements and security guarantee requirements of the corresponding security level. It is suitable for the research and development of PKI system, and the evaluation and procurement of PKI system products can be used as a reference.
"Information Security Technology Public Key Infrastructure PKI System Security Evaluation Method"
- Implementation date: 2023-10-01
- Standard number: GB/T 21054-2023
- Overview/requirements: This document specifies the security evaluation methods for PKI systems in accordance with GB/T 21053-2023, including the evaluation methods for security functions and security requirements. Applicable to the security evaluation of PKI system.
"Information Security Technology IPSec VPN Secure Access Basic Requirements and Implementation Guide"
- Implementation date: 2023-10-01
- Standard number: GB/T 32922-2023
- Overview/requirements: This document specifies the basic requirements for gateways, clients, security management, and password applications in the application process of IPSec VPN security access, and provides typical scenarios and implementation process guidelines for implementing security access using IPSec VPN technology. It is suitable for institutions that use IPSec VPN technology to carry out secure access applications, and guides them to carry out demand analysis, scheme design, scheme verification, configuration implementation, and operation management for secure access platforms or systems based on IPSec VPN technology.
Follow this account, private message the editor, and you can package and download the PDF HD version of the 12 national standards for network and data security.