This document specifies the cyber resilience evaluation criteria, and gives the evaluation indicator system and evaluation method of cyber resilience.
This document is applicable to the self-evaluation of cyber resilience of organizations, the third-party evaluation of cyber resilience of cybersecurity service organizations. It also applicable to the design, construction, and improvement of cyber resilience of organizations.
2 Normative references
The following documents contain requirements which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20988-2007 Information security technology - Disaster recovery specifications for information systems
GB/T 25069-2022 Information security techniques - Terminology
GB/T 30146-2023 Security and resilience - Business continuity management systems - Requirements
GB/T 43269-2023 Information security techniques - Assessment criteria for cybersecurity emergency capability
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2022 and the following apply.
3.1
cyber resilience
when the cyber has adverse conditions, pressure, attacks, or lost components, it shall have the ability to prevent, withstand, recover, and adapt to maintain the stability of system function and structure, achieve orderly and effective response to major cybersecurity events, and ensure the stable operation of critical business
Note: The term "network" in this document refers to such system consisting of computer or other information terminals and relevant equipment that are used for collection, storage, transmission, exchange and processing of information in accordance with certain rules and procedures.
3.2
critical business
business that may seriously affect the cybersecurity and stability of the organizations or customers and cause significant losses when suffered to a cybersecurity incident.
3.3
survivability
ability of the system to perform basic business functions and complete critical businesses in the event of attack, failure, fault, or interruption
Note: Failure refers to when a system or component loses its design purpose or function and, although operational, does not produce the correct result. Fault refers to a condition in which a system or device cannot perform a specified function. Basic business functions refer to the basic functional units that make up the business functions, such as processes, threads, or algorithm modules.
GB/T 44862-2024 Cybersecurity technology — Cyber-resilience evaluation criteria
1 Scope
This document specifies the cyber resilience evaluation criteria, and gives the evaluation indicator system and evaluation method of cyber resilience.
This document is applicable to the self-evaluation of cyber resilience of organizations, the third-party evaluation of cyber resilience of cybersecurity service organizations. It also applicable to the design, construction, and improvement of cyber resilience of organizations.
2 Normative references
The following documents contain requirements which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20988-2007 Information security technology - Disaster recovery specifications for information systems
GB/T 25069-2022 Information security techniques - Terminology
GB/T 30146-2023 Security and resilience - Business continuity management systems - Requirements
GB/T 43269-2023 Information security techniques - Assessment criteria for cybersecurity emergency capability
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2022 and the following apply.
3.1
cyber resilience
when the cyber has adverse conditions, pressure, attacks, or lost components, it shall have the ability to prevent, withstand, recover, and adapt to maintain the stability of system function and structure, achieve orderly and effective response to major cybersecurity events, and ensure the stable operation of critical business
Note: The term "network" in this document refers to such system consisting of computer or other information terminals and relevant equipment that are used for collection, storage, transmission, exchange and processing of information in accordance with certain rules and procedures.
3.2
critical business
business that may seriously affect the cybersecurity and stability of the organizations or customers and cause significant losses when suffered to a cybersecurity incident.
3.3
survivability
ability of the system to perform basic business functions and complete critical businesses in the event of attack, failure, fault, or interruption
Note: Failure refers to when a system or component loses its design purpose or function and, although operational, does not produce the correct result. Fault refers to a condition in which a system or device cannot perform a specified function. Basic business functions refer to the basic functional units that make up the business functions, such as processes, threads, or algorithm modules.
[Source: ISO/IEC/IEEE 24765:2017, 3.4060, modified]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
API: Application programming interface
APT: Advanced persistent threat
ARP: Address resclution protocol
BGP: Border gateway protocol
DDoS: Distributed denial of service
DHCP: Dynamic host configuration protocol
I/O: Input/output
IP: Internet protocol
ISIS: Intermediate system-to-intermediate system
MAC: Media access control
MBCO: Minimum business continuity objective
MTPD: Maximum tolerable period of disruption
OSPF: Open shortest path first
RIP: Routing information protocol
RPO: Recovery point objective
RTO: Recovery time objective
SLA: Service-level agreement
UPS: Uninterruptible power supply
VIP: Virtual internet protocol
Contents of GB/T 44862-2024
Contents
Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Overview
5.1 Cyber resilience
5.2 Evaluation index system
5.3 Standard structure
6 Indicators of cyber resilience
6.1 Prevention capacity
6.1.1 Situation awareness
6.1.2 Inspection and analysis
6.1.3 Coordinated defense
6.1.4 Supply chain management
6.2 Withstand capacity
6.2.1 Emergency response
6.2.2 Loss limitation
6.2.3 Containment
6.2.4 Survivability
6.3 Recovery capability
6.3.1 Disaster backup
6.3.2 Business continuity
6.3.3 Data and business recovery
6.4 Adaptability
6.4.1 Independent management
6.4.2 Reconfiguration
6.4.3 Node adaptability
6.4.4 Cyber adaptability
7 Evaluation method
Annex A (Normative) Cyber resilience evaluation table
Annex B (Informative) Examples of cyber resilience indicators in extreme scenarios and extreme cybersecurity events
Annex C (Informative) Analysis of cyber resilience requirements for complex information systems
Annex D (Informative) Design method of cyber resilience architecture
Bibliography
