GB/T 20272-2026 Cybersecurity technology—Technical specification for security of operating systems English, Anglais, Englisch, Inglés, えいご
This is a draft translation for reference among interesting stakeholders. The finalized translation (passing through draft translation, self-check, revision and verification) will be delivered upon being ordered.
ICS
CCS
National Standard of the People's Republic of China
GB/T 20272-2026
Cybersecurity technology - Technical specification for security of operating systems
网络安全技术 操作系统安全技术规范
Issue date: 2026-04-30 Implementation date: 2026-10-01
Issued by the General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
the Standardization Administration of the People's Republic of China
Contents
Foreword
1 Scope
2 Normative References
3 Terms and Definitions
4 Abbreviations
5 General
6 Security Technical Requirements
6.1 Level 1: User Discretionary Protection Level
6.2 Level 2: System Audit Protection Level
6.3 Level 3: Security Labelling Protection Level
6.4 Level 4: Structured Protection Level
6.5 Level 5: Access Verification Protection Level
7 Test and Evaluation Methods
7.1 Test Environment
7.2 Level 1: User Discretionary Protection Level Test and Evaluation Methods
7.3 Level 2: System Audit Protection Level Test and Evaluation Methods
7.4 Level 3: Security Labelling Protection Level Test and Evaluation Methods
7.5 Level 4: Structured Protection Level Test and Evaluation Methods
7.6 Level 5: Access Verification Protection Level Test and Evaluation Methods
Annex A (Normative) Classification of Operating System Security Technical Requirements and Corresponding Test and Evaluation Methods
Bibliography
Cybersecurity technology — Operating system security technical specification
1 Scope
This document specifies the security technical requirements for operating systems and describes the corresponding test and evaluation methods.
This document applies to the design, development, testing and evaluation of operating systems deployed on desktop computers, laptops, all in one computers, workstations, servers, virtual machines, etc.
This document does not apply to embedded operating systems.
2 Normative References
The following documents are essential for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB 17859-1999 Classification criteria for security protection levels of computer information systems
GB/T 20271-2006 Information security technology — Common security technical requirements for information systems
GB/T 25069-2022 Information security technology — Terminology
GB 42250-2022 Information security technology — Security technical requirements for dedicated cybersecurity products
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GB 17859-1999, GB/T 20271-2006, GB/T 25069-2022, GB 42250-2022 and the following apply.
3.1 abnormal
A deviation from previously verified conditions, states or behaviours observed from documents, operations or monitoring.
NOTE: An anomaly typically involves a subject which may be a person, device, application, service/process, data, etc. Depending on the subject pointed to by the identified anomaly, it can be further classified into user behaviour anomaly, device operation anomaly, program execution anomaly, service operation anomaly, data anomaly, etc.
[Source: GB/T 32422-2015, 3.1, modified]
3.2 incident
A situation where an attempt is made to change the state of a target, causing or potentially causing an abnormality or harmful behaviour.
[Source: GB/T 25069-2022, 3.552, modified]
3.3 audit record
Information generated by an audit product from collecting records and activity data of the audit target.
3.4 security of operating system
The confidentiality, integrity and availability of the operating system itself and the information it stores, transmits and processes.
3.5 security subsystem of operating system
A general term for the security protection devices within an operating system.
NOTE: Includes hardware, firmware, software and the combination responsible for enforcing security policies.
3.6 security function of security subsystem of operating system
Security functions provided by the security subsystem of the operating system.
3.7 label of subject and object
Sensitivity labels assigned to subjects and objects.
NOTE: A sensitivity label is a combination of hierarchical classification and non hierarchical categories, serving as the basis for implementing mandatory access control.
3.8 discretionary access control
A method by which the owner of an object voluntarily determines the access rights to that object.
NOTE: A subject with access rights can access a specified object in an authorised manner and can transfer access rights according to authorisation.
3.9 mandatory access control
A method by which the system determines a subject‘s access rights to an object based on the sensitivity labels contained in the subject and the object, according to defined rules.
NOTE: A subject with access rights can access a specified object in an authorised manner. The sensitivity labels are set and maintained by the system security officer or by the system automatically according to defined rules.
3.10 trusted channel
A communication path established and maintained between the SSF and other trusted IT products to protect communication data from modification and disclosure, in order to perform critical security operations.
3.11 trusted path
A communication path established and maintained between the SSF and a user to protect communication data from modification and disclosure, in order to achieve trusted communication between the user and the SSF.
3.12 tolerance
The ability to eliminate errors occurring in software and hardware through a series of internal processing measures, ensuring the effectiveness and availability of the security functions provided by the SSOOS in the event of an error.
3.13 priority of service
The ability to ensure that the completion of high priority tasks in the SSOOS is not interfered with or delayed by low priority tasks through the use of control strategies for resource usage, thereby ensuring the security of the SSOOS security functions.
3.14 resource allocation
The ability to reasonably manage and schedule resources within the control scope of the SSOOS security functions through the use of control strategies for resource usage, ensuring that the security functions of the SSOOS are not affected due to resource usage issues.
4 Abbreviations
The following abbreviations apply to this document.
SSF: SSOOS Security Function
SSOOS: Security Subsystem of Operating System
UID: User Identifier
5 General
Resource management (including both device hardware resources and data resources) is a fundamental security function of an operating system. The security protection of resources within the operating system is implemented by the SSOOS. The SSOOS generally contains multiple SSFs, where each security function module is a specific implementation of one or more security function policies. All security function policies within the SSOOS constitute a security domain to protect the security of the entire operating system. The operating system security technical requirements specified in this document are the security technical requirements for the SSOOS.
This document divides operating system security technical requirements into three categories: security function requirements, self security protection requirements and security assurance requirements. The items of each part of the security technical requirements are shown in Table 1. In addition, this document proposes corresponding test and evaluation methods for the security technical requirements of operating systems, providing a technical guideline for those using this document to test and evaluate operating systems.
This document classifies operating systems into five levels. The strength of security functions and self security, as well as the level of security assurance requirements, are the specific bases for level classification, with the levels highlighting security characteristics. To clearly indicate the additions and enhancements of the security technical requirements of each higher level compared to the lower level, new content for each level is indicated in bold. The classification of security technical requirements and the corresponding test and evaluation methods shall comply with the requirements of Annex A.
6 Security Technical Requirements
6.1 Level 1: User Discretionary Protection Level
6.1.1 Security function requirements
Standard
GB/T 20272-2026 Cybersecurity technology—Technical specification for security of operating systems (English Version)
Standard No.
GB/T 20272-2026
Status
to be valid
Language
English
File Format
PDF
Word Count
70500 words
Price(USD)
2115.0
Implemented on
2026-11-1
Delivery
via email in 1~10 business day
Detail of GB/T 20272-2026
Standard No.
GB/T 20272-2026
English Name
Cybersecurity technology—Technical specification for security of operating systems
GB/T 20272-2026 Cybersecurity technology—Technical specification for security of operating systems English, Anglais, Englisch, Inglés, えいご
This is a draft translation for reference among interesting stakeholders. The finalized translation (passing through draft translation, self-check, revision and verification) will be delivered upon being ordered.
ICS
CCS
National Standard of the People's Republic of China
GB/T 20272-2026
Cybersecurity technology - Technical specification for security of operating systems
网络安全技术 操作系统安全技术规范
Issue date: 2026-04-30 Implementation date: 2026-10-01
Issued by the General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
the Standardization Administration of the People's Republic of China
Contents
Foreword
1 Scope
2 Normative References
3 Terms and Definitions
4 Abbreviations
5 General
6 Security Technical Requirements
6.1 Level 1: User Discretionary Protection Level
6.2 Level 2: System Audit Protection Level
6.3 Level 3: Security Labelling Protection Level
6.4 Level 4: Structured Protection Level
6.5 Level 5: Access Verification Protection Level
7 Test and Evaluation Methods
7.1 Test Environment
7.2 Level 1: User Discretionary Protection Level Test and Evaluation Methods
7.3 Level 2: System Audit Protection Level Test and Evaluation Methods
7.4 Level 3: Security Labelling Protection Level Test and Evaluation Methods
7.5 Level 4: Structured Protection Level Test and Evaluation Methods
7.6 Level 5: Access Verification Protection Level Test and Evaluation Methods
Annex A (Normative) Classification of Operating System Security Technical Requirements and Corresponding Test and Evaluation Methods
Bibliography
Cybersecurity technology — Operating system security technical specification
1 Scope
This document specifies the security technical requirements for operating systems and describes the corresponding test and evaluation methods.
This document applies to the design, development, testing and evaluation of operating systems deployed on desktop computers, laptops, all in one computers, workstations, servers, virtual machines, etc.
This document does not apply to embedded operating systems.
2 Normative References
The following documents are essential for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB 17859-1999 Classification criteria for security protection levels of computer information systems
GB/T 20271-2006 Information security technology — Common security technical requirements for information systems
GB/T 25069-2022 Information security technology — Terminology
GB 42250-2022 Information security technology — Security technical requirements for dedicated cybersecurity products
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GB 17859-1999, GB/T 20271-2006, GB/T 25069-2022, GB 42250-2022 and the following apply.
3.1 abnormal
A deviation from previously verified conditions, states or behaviours observed from documents, operations or monitoring.
NOTE: An anomaly typically involves a subject which may be a person, device, application, service/process, data, etc. Depending on the subject pointed to by the identified anomaly, it can be further classified into user behaviour anomaly, device operation anomaly, program execution anomaly, service operation anomaly, data anomaly, etc.
[Source: GB/T 32422-2015, 3.1, modified]
3.2 incident
A situation where an attempt is made to change the state of a target, causing or potentially causing an abnormality or harmful behaviour.
[Source: GB/T 25069-2022, 3.552, modified]
3.3 audit record
Information generated by an audit product from collecting records and activity data of the audit target.
3.4 security of operating system
The confidentiality, integrity and availability of the operating system itself and the information it stores, transmits and processes.
3.5 security subsystem of operating system
A general term for the security protection devices within an operating system.
NOTE: Includes hardware, firmware, software and the combination responsible for enforcing security policies.
3.6 security function of security subsystem of operating system
Security functions provided by the security subsystem of the operating system.
3.7 label of subject and object
Sensitivity labels assigned to subjects and objects.
NOTE: A sensitivity label is a combination of hierarchical classification and non hierarchical categories, serving as the basis for implementing mandatory access control.
3.8 discretionary access control
A method by which the owner of an object voluntarily determines the access rights to that object.
NOTE: A subject with access rights can access a specified object in an authorised manner and can transfer access rights according to authorisation.
3.9 mandatory access control
A method by which the system determines a subject‘s access rights to an object based on the sensitivity labels contained in the subject and the object, according to defined rules.
NOTE: A subject with access rights can access a specified object in an authorised manner. The sensitivity labels are set and maintained by the system security officer or by the system automatically according to defined rules.
3.10 trusted channel
A communication path established and maintained between the SSF and other trusted IT products to protect communication data from modification and disclosure, in order to perform critical security operations.
3.11 trusted path
A communication path established and maintained between the SSF and a user to protect communication data from modification and disclosure, in order to achieve trusted communication between the user and the SSF.
3.12 tolerance
The ability to eliminate errors occurring in software and hardware through a series of internal processing measures, ensuring the effectiveness and availability of the security functions provided by the SSOOS in the event of an error.
3.13 priority of service
The ability to ensure that the completion of high priority tasks in the SSOOS is not interfered with or delayed by low priority tasks through the use of control strategies for resource usage, thereby ensuring the security of the SSOOS security functions.
3.14 resource allocation
The ability to reasonably manage and schedule resources within the control scope of the SSOOS security functions through the use of control strategies for resource usage, ensuring that the security functions of the SSOOS are not affected due to resource usage issues.
4 Abbreviations
The following abbreviations apply to this document.
SSF: SSOOS Security Function
SSOOS: Security Subsystem of Operating System
UID: User Identifier
5 General
Resource management (including both device hardware resources and data resources) is a fundamental security function of an operating system. The security protection of resources within the operating system is implemented by the SSOOS. The SSOOS generally contains multiple SSFs, where each security function module is a specific implementation of one or more security function policies. All security function policies within the SSOOS constitute a security domain to protect the security of the entire operating system. The operating system security technical requirements specified in this document are the security technical requirements for the SSOOS.
This document divides operating system security technical requirements into three categories: security function requirements, self security protection requirements and security assurance requirements. The items of each part of the security technical requirements are shown in Table 1. In addition, this document proposes corresponding test and evaluation methods for the security technical requirements of operating systems, providing a technical guideline for those using this document to test and evaluate operating systems.
This document classifies operating systems into five levels. The strength of security functions and self security, as well as the level of security assurance requirements, are the specific bases for level classification, with the levels highlighting security characteristics. To clearly indicate the additions and enhancements of the security technical requirements of each higher level compared to the lower level, new content for each level is indicated in bold. The classification of security technical requirements and the corresponding test and evaluation methods shall comply with the requirements of Annex A.
6 Security Technical Requirements
6.1 Level 1: User Discretionary Protection Level
6.1.1 Security function requirements
