您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 质量控制/管理 > 中国移动安全防护基准构件模板库
中国移动安全防护基准构件模板库Title{英文黑体四号}版本号:1.0.0{黑体小四}╳╳╳╳-╳╳-╳╳发布╳╳╳╳-╳╳-╳╳实施中国移动安全防护基准构建模板目录1概述........................................................................................................................................................................11.1适用范围........................................................................................................................................................11.2内部适用性说明............................................................................................................................................11.3外部引用说明................................................................................................................................................41.4术语和定义....................................................................................................................................................41.5符号和缩略语................................................................................................................................................42安全防护基准构件模板........................................................................................................................................52.1背景...............................................................................................................................................................52.2安全防护基准构件模板说明........................................................................................................................52.3模板使用原则................................................................................................................................................62.4安全防护基准构件模板要求编号原则........................................................................................................63安全防护基准构件模板库....................................................................................................................................73.1网络安全构件................................................................................................................................................73.2系统安全构件..............................................................................................................................................133.3应用安全构件..............................................................................................................................................163.4数据安全构件.................................................................................................................错误!未定义书签。4编制历史..................................................................................................................................................................22中国移动安全防护基准构建模板前言本标准由中国移动通信有限公司网络部提出并归口。本标准由标准提出并归口部门负责解释。本标准起草单位:中国移动通信有限公司网络部本标准解释单位:同提出单位中国移动安全防护基准构建模板11概述1.1适用范围本规范适用于中国移动非专业人员制定通信网、业务系统和支撑系统的安全防护方案。规范从网络安全、系统安全、应用安全、数据安全的角度,分强度明确定义了实现安全防护使用的防护构件,供在“安全防护方案制定指导原则”的要求下,根据“安全需求分析标准模板”和“安全威胁分析标准模板库”所导出的具体业务系统的安全需求和所面对的威胁,来提供针对业务系统的安全防护方案。同时,本规范也可作为系统维护人员和安全人员构成特定系统防护方案的参考指南。1.2内部适用性说明本规范是其他制定系统防护方案规范的基础。原则上,在同一方面,其他制定系统防护方案规范的要求应不低于本规范。如特殊原因,需要降低要求,应在相应规范的此部分予以解释说明。安全威胁与防护构件对应表:威胁类型子类网络安全系统安全应用安全恶意代码病毒FHGJ-NET-09-(1/2/3)FHGJ-NET-10FHGJ-NET-15-(1/2)FHGJ-NET-17FHGJ-NET-18FHGJ-NET-19FHGJ-SYS-04FHGJ-SYS-08-(1/2/3)FHGJ-APP-19(1)木马FHGJ-NET-09-(1/2/3)FHGJ-NET-10FHGJ-NET-15-(1/2)FHGJ-NET-17FHGJ-NET-18FHGJ-NET-19FHGJ-SYS-04FHGJ-SYS-07FHGJ-SYS-08-(1/2/3)FHGJ-APP-19(1)蠕虫FHGJ-NET-07FHGJ-NET-09-(1/2/3)FHGJ-NET-10FHGJ-NET-13FHGJ-SYS-04FHGJ-SYS-07FHGJ-SYS-08-(1/2/3)FHGJ-APP-19(1)中国移动安全防护基准构建模板2FHGJ-NET-15-(1/2)FHGJ-NET-17FHGJ-NET-18FHGJ-NET-19授权威胁滥用权限过度使用资源FHGJ-NET-10FHGJ-NET-09-(1/2/3)FHGJ-NET-20-(1/2)FHGJ-SYS-01-(1/2)FHGJ-SYS-02-(1/3)FHGJ-SYS-03FHGJ-APP-01-(1/2)FHGJ-APP-02-(2/3)FHGJ-APP-12FHGJ-APP-19(2/4)未授权访问资源FHGJ-NET-04FHGJ-NET-05-(1/3/4)FHGJ-NET-06FHGJ-NET-09-(1/2/3)FHGJ-NET-11-(1/2)FHGJ-NET-12FHGJ-NET-15-(1/2)FHGJ-NET-18FHGJ-NET-20-(1/2)FHGJ-SYS-01-(1/2)FHGJ-SYS-02-(1/3)FHGJ-SYS-03FHGJ-APP-01-(1/2)FHGJ-APP-02-(2/3)FHGJ-APP-12FHGJ-APP-20-4网络攻击网络基础信息探测和信息采集FHGJ-NET-04FHGJ-NET-05-(1/3/4)FHGJ-NET-09-(1/2/3)FHGJ-NET-11-(1/2)FHGJ-NET-15-(1/2)FHGJ-NET-16-(2/3/4)FHGJ-NET-17FHGJ-NET-18FHGJ-NET-20-(1/2)FHGJ-SYS-02-(1/3)FHGJ-SYS-04FHGJ-SYS-07FHGJ-APP-02-(2/3)漏洞利用FHGJ-NET-09-(1/2/3)FHGJ-NET-11-(1/2)FHGJ-NET-13FHGJ-NET-15-(1/2)FHGJ-SYS-02-(1/3)FHGJ-SYS-04FHGJ-SYS-07FHGJ-APP-02-(2/3)FHGJ-APP-11(1/2/3/4)用户身份冒认和欺骗FHGJ-NET-06FHGJ-NET-09-(1/2/3)FHGJ-NET-11-(1/2)FHGJ-NET-12FHGJ-NET-20-(1/2)FHGJ-SYS-01-(1/2)FHGJ-SYS-03FHGJ-APP-01-(1/2)FHGJ-APP-02-(2/3)FHGJ-APP-05FHGJ-APP-12数据的窃取和破坏FHGJ-NET-09-(1/2/3)FHGJ-NET-10FHGJ-NET-11-(1/2)FHGJ-NET-16-(2/3/4)FHGJ-NET-18FHGJ-SYS-02-(1/3)FHGJ-APP-02-(2/3)FHGJ-APP-13FHGJ-APP-17FHGJ-APP-18(1/2/3/4)FHGJ-APP-19(2/4)FHGJ-APP-20-4拒绝服务攻击(抗DDOS)FHGJ-NET-07FHGJ-NET-08FHGJ-SYS-02-(1/3)FHGJ-SYS-04FHGJ-APP-02-(2/3)FHGJ-APP-09中国移动安全防护基准构建模板3FHGJ-NET-09-(1/2/3)FHGJ-NET-13FHGJ-NET-15-(1/2)泄密内部信息泄露FHGJ-NET-04FHGJ-NET-05-(1/3/4)FHGJ-NET-09-(1/2/3)FHGJ-NET-10FHGJ-NET-11-(1/2)FHGJ-NET-16-(2/3/4)FHGJ-NET-17FHGJ-NET-20-(1/2)FHGJ-SYS-01-(1/2)FHGJ-SYS-02-(1/3
本文标题:中国移动安全防护基准构件模板库
链接地址:https://www.777doc.com/doc-3361796 .html