Information security technology—Technical requirements of industrial control system dedicated firewall English
1 Scope
This standard specifies the security function requirements, self security requirements, performance requirements and security assurance requirements of industrial control system dedicated firewalls (hereinafter referred to as "industrial control firewalls").
This standard is applicable to the design, development and testing of industrial control firewalls.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies
GB/T 2423.5-1995 Environmental testing for electric and electronic products - Part 2: Test methods - Test Ea and guidance: Shock
GB/T 2423.8-1995 Environmental testing for electric and electronic products - Part 2: Test methods - Test Ed: Free fall
GB/T 2423.10-2008 Environmental testing for electric and electronic products - Part 2: Tests methods - Test Fc: Vibration (sinusoidal)
GB/T 4208-2017 Degrees of protection provided by enclosure (IP code)
GB 4824-2013 Industrial, scientific and medical (ISM) radio-frequency equipment - Disturbance characteristics - Limits and methods of measurement
GB/T 9254-2008 Information technology equipment - Radio disturbance characteristics - Limits and methods of measurement
GB/T 13729-2002 Remote terminal unit equipment
GB/T 15153.1-1998 Telecontrol equipment and systems - Part 2: Operating conditions - Section 1: Power supply and electromagnetic compatibility
GB/T 17214.4-2005 Operating conditions for industrial-process measurement and control equipment - Part 4: Corrosive and erosive influence
GB/T 17626.2-2018 Electromagnetic compatibility - Testing and measurement techniques - Electrostatic discharge immunity test
GB/T 17626.3-2016 Electromagnetic compatibility - Testing and measurement techniques - Radiated, radio-frequency, electromagnetic field immunity test
GB/T 17626.4-2018 Electromagnetic compatibility - Testing and measurement techniques - Electrical fast transient/burst immunity test
GB/T 17626.5-2008 Electromagnetic compatibility - Testing and measurement techniques - Surge immunity test
GB/T 17626.6-2017 Electromagnetic compatibility - Testing and measurement techniques - Immunity to conducted disturbances, induced by radio-frequency fields
GB/T 17626.8-2006 Electromagnetic compatibility - Testing and measurement techniques - Power frequency magnetic field immunity test
GB/T 17626.10-2017 Electromagnetic compatibility - Testing and measurement techniques - Damped oscillatory magnetic field immunity test
GB/T 17626.11-2008 Electromagnetic compatibility - Testing and measurement techniques - Voltage dips, short interruptions and voltage variations immunity tests
GB/T 17626.12-2013 Electromagnetic compatibility - Testing and measurement techniques - Ring wave immunity test
GB/T 17626.16-2007 Electromagnetic compatibility - Testing and measurement techniques - Test for immunity to conducted, common mode disturbances in the frequency range 0 Hz to 150 kHz
GB/T 17626.17-2005 Electromagnetic compatibility - Testing and measurement techniques - Ripple on d.c.input power port immunity test
GB/T 17626.18-2016 Electromagnetic compatibility - Testing and measurement techniques - Damped oscillatory wave immunity test
GB/T 17626.29-2006 Electromagnetic compatibility - Testing and measurement techniques - Voltage dips, short interruptions and voltage variations on d.c. input power port immunity tests
GB/T 20281-2015 Information security technology - Security technical requirements and testing and evaluation approaches for firewall
GB/T 20438.3-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements
GB/T 20438.4-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations
GB/T 25069-2010 Information security technology - Glossary
GB/T 32919-2016 Information security technology - Application guide to industrial control system security control
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 20281-2015, GB/T 20438.4-2017, GB/T 25069-2010 and GB/T 32919-2016 as well as the following apply.
3.1
industrial control protocol
protocol of communication message between the host computer and the control equipment and between the control equipment and control equipment in an industrial control system, usually including read-write control of analog and digital quantities
3.2
industrial control system dedicated firewall
security gateway products deployed between different security domains in the industrial control system or in front of the controller, with network layer access control and filtering functions, industrial control protocol inspection and filtering functions, and high availability, which can be applied in industrial control environments
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
DMZ: Demilitarized Zone
DNAT: Destination Network Address Translation
ICMP: Internet Control Message Protocol
MAC: Media Access Control
NAT: Network Address Translation
OPC: Object Linking and Embedding for Process Control
Foreword I
Introduction II
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Product description
6 Security technical requirements
6.1 Security technical requirements of basic level
6.1.1 Security function requirements
6.1.2 Self security requirements
6.1.3 Performance requirements
6.1.4 Security assurance requirements
6.2 Security technical requirements of enhanced level
6.2.1 Security function requirements
6.2.2 Self security requirements
6.2.3 Performance requirements
6.2.4 Security assurance requirements
Annex A (Informative) Application of industrial control firewall
Annex B (Normative) Environmental adaptability requirements
Annex C (Informative) Control requirements for application layer of typical industrial control protocol
Bibliography
Information security technology—Technical requirements of industrial control system dedicated firewall English
1 Scope
This standard specifies the security function requirements, self security requirements, performance requirements and security assurance requirements of industrial control system dedicated firewalls (hereinafter referred to as "industrial control firewalls").
This standard is applicable to the design, development and testing of industrial control firewalls.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies
GB/T 2423.5-1995 Environmental testing for electric and electronic products - Part 2: Test methods - Test Ea and guidance: Shock
GB/T 2423.8-1995 Environmental testing for electric and electronic products - Part 2: Test methods - Test Ed: Free fall
GB/T 2423.10-2008 Environmental testing for electric and electronic products - Part 2: Tests methods - Test Fc: Vibration (sinusoidal)
GB/T 4208-2017 Degrees of protection provided by enclosure (IP code)
GB 4824-2013 Industrial, scientific and medical (ISM) radio-frequency equipment - Disturbance characteristics - Limits and methods of measurement
GB/T 9254-2008 Information technology equipment - Radio disturbance characteristics - Limits and methods of measurement
GB/T 13729-2002 Remote terminal unit equipment
GB/T 15153.1-1998 Telecontrol equipment and systems - Part 2: Operating conditions - Section 1: Power supply and electromagnetic compatibility
GB/T 17214.4-2005 Operating conditions for industrial-process measurement and control equipment - Part 4: Corrosive and erosive influence
GB/T 17626.2-2018 Electromagnetic compatibility - Testing and measurement techniques - Electrostatic discharge immunity test
GB/T 17626.3-2016 Electromagnetic compatibility - Testing and measurement techniques - Radiated, radio-frequency, electromagnetic field immunity test
GB/T 17626.4-2018 Electromagnetic compatibility - Testing and measurement techniques - Electrical fast transient/burst immunity test
GB/T 17626.5-2008 Electromagnetic compatibility - Testing and measurement techniques - Surge immunity test
GB/T 17626.6-2017 Electromagnetic compatibility - Testing and measurement techniques - Immunity to conducted disturbances, induced by radio-frequency fields
GB/T 17626.8-2006 Electromagnetic compatibility - Testing and measurement techniques - Power frequency magnetic field immunity test
GB/T 17626.10-2017 Electromagnetic compatibility - Testing and measurement techniques - Damped oscillatory magnetic field immunity test
GB/T 17626.11-2008 Electromagnetic compatibility - Testing and measurement techniques - Voltage dips, short interruptions and voltage variations immunity tests
GB/T 17626.12-2013 Electromagnetic compatibility - Testing and measurement techniques - Ring wave immunity test
GB/T 17626.16-2007 Electromagnetic compatibility - Testing and measurement techniques - Test for immunity to conducted, common mode disturbances in the frequency range 0 Hz to 150 kHz
GB/T 17626.17-2005 Electromagnetic compatibility - Testing and measurement techniques - Ripple on d.c.input power port immunity test
GB/T 17626.18-2016 Electromagnetic compatibility - Testing and measurement techniques - Damped oscillatory wave immunity test
GB/T 17626.29-2006 Electromagnetic compatibility - Testing and measurement techniques - Voltage dips, short interruptions and voltage variations on d.c. input power port immunity tests
GB/T 20281-2015 Information security technology - Security technical requirements and testing and evaluation approaches for firewall
GB/T 20438.3-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements
GB/T 20438.4-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations
GB/T 25069-2010 Information security technology - Glossary
GB/T 32919-2016 Information security technology - Application guide to industrial control system security control
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 20281-2015, GB/T 20438.4-2017, GB/T 25069-2010 and GB/T 32919-2016 as well as the following apply.
3.1
industrial control protocol
protocol of communication message between the host computer and the control equipment and between the control equipment and control equipment in an industrial control system, usually including read-write control of analog and digital quantities
3.2
industrial control system dedicated firewall
security gateway products deployed between different security domains in the industrial control system or in front of the controller, with network layer access control and filtering functions, industrial control protocol inspection and filtering functions, and high availability, which can be applied in industrial control environments
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
DMZ: Demilitarized Zone
DNAT: Destination Network Address Translation
ICMP: Internet Control Message Protocol
MAC: Media Access Control
NAT: Network Address Translation
OPC: Object Linking and Embedding for Process Control
Contents of GB/T 37933-2019
Foreword I
Introduction II
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Product description
6 Security technical requirements
6.1 Security technical requirements of basic level
6.1.1 Security function requirements
6.1.2 Self security requirements
6.1.3 Performance requirements
6.1.4 Security assurance requirements
6.2 Security technical requirements of enhanced level
6.2.1 Security function requirements
6.2.2 Self security requirements
6.2.3 Performance requirements
6.2.4 Security assurance requirements
Annex A (Informative) Application of industrial control firewall
Annex B (Normative) Environmental adaptability requirements
Annex C (Informative) Control requirements for application layer of typical industrial control protocol
Bibliography