Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by and is under the jurisdiction of SAC/TC 268 National Technical Committee 268 on Intelligent Transport Systems of Standardization Administration of China.
Transportation - Information security specification
1 Scope
The Standard specifies the system architecture and general technical requirements of information security technology for transportation, including the general and special technical requirements for information security of user terminals, vehicle side units, infrastructure side units, computing centers, and network and communication basic components that constitute the transport information system.
The Standard is applicable to guiding the operators of transport information system to put forward specific information security standards, specifications, implementation guidelines, etc. according to the specific information security requirements of non-confidential systems, and can also be used to guide the planning, design, construction, operation and maintenance, evaluation, etc. of information security technology systems.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20839-2007 Intelligent transport systems - General terminology
GB/T 25069-2010 Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 20839-2007 and GB/T 25069-2010 as well as the following apply. For the convenience of application, some terms and definitions in GB/T 20839-2007 and GB/T 25069-2010 are listed again.
3.1
transport information system
system composed of computers or other information terminals and relevant equipment and networks for collecting, storing, transmitting, exchanging and processing information according to certain rules and procedures in the field of transportation, which usually consists of terminals, vehicle side units, infrastructure side units, computing centers, networks and communications in whole or in part
?
3.2
information security
protecting and maintaining the confidentiality, integrity and availability of information, with authenticity, verifiability, non-repudiation and reliability includible
[GB/T 25069-2010, Definition 2.1.52]
3.3
operators of transport information system
owners, administrators and service providers of non-confidential information systems for transport
3.4
general user terminal for transport
general desktop terminal equipment and mobile intelligent terminal equipment used in transport business, including desktop computers, laptop computers, smart phones, tablet computers, etc.
3.5
special user terminal for transport
equipment used in transport business, which has specific functions and can realize man-machine interaction
3.6
infrastructure side unit
equipment or modules deployed on roadside and/or shore side in order to realize the function of transport information system, including communication equipment, information release equipment, condition monitoring equipment, environment monitoring equipment, etc.
3.7
vehicle side unit
device or communication module in transport equipment such as vehicles, ships and containers that communicates with infrastructure side units, terminals or computing centers
?
3.8
security element; SE
integrated circuit module with central processing unit, which is responsible for access permission, information authentication and encryption protection of general and special user terminals, vehicle side units and infrastructure side units
3.9
safety related application
applications for emergency collision and injury reduction, potential collision and injury reduction and prevention, emergency incident notification (such as emergency brake of front vehicle), etc. as well as those for emergency condition notification (such as accident, emergency vehicle, sudden environmental degradation notification)
3.10
driving aid application
applications for notification related to high-priority public security information from the infrastructure side unit to vehicle, emergency notification of safety-related road conditions such as traffic light cycle and sharp turn, and driving assistance messages such as automatic driving, roadside periodic broadcasting, positioning differential signals, traffic information broadcasting, etc.
3.11
value-added service application
applications for non-priority services such as online payment and recharge, personalized navigation services, driving route suggestions, and e-commerce
3.12
confidentiality
feature that prevents data from being leaked to or exploited by unauthorized individuals, entities or processes
[GB/T 25069-2010, Definition 2.1.1]
3.13
integrity
feature that data has not been altered or destroyed in an unauthorized manner
[GB/T 25069-2010, Definition 2.1.42]
3.14
availability
feature of data and resources that can be accessed and used by authorized entities upon request
[GB/T 25069-2010, Definition 2.1.20]
3.15
data freshness
feature of preventing the history data that has been successfully received from being received again, or the data that has exceeded the data reception time from being received, or the data that has exceeded the data validity range from being received
3.16
driving assistance
providing drivers with functions such as information service and support, and early warning and control intervention support in emergency using sensing detection, automatic control, communication and other technologies by virtue of intelligent detection of vehicle side unit and infrastructure side unit, vehicle-vehicle and vehicle-infrastructure side unit communication and other methods so as to improve drivers' travel safety and efficiency
[GB/T 20839-2007, Definition 7.2]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
RFID: Radio Frequency Identification
T-BOX: Telematics BOX
TPMS: Tire Pressure Monitoring System
USB: Universal Serial Bus
VIN: Vehicle Identification Number
?
5 Architecture of information security technology for transportation
The architecture of information security technology for transportation consists of six parts, namely user terminal security, vehicle side unit security, infrastructure side unit security, computing center security, network and communication security, and security general technology, with security general technology being the common requirement for the other five parts.
The operators of transport information system shall ensure that their information systems meet the special security technical requirements of the five system components, namely the user terminal security, vehicle side unit security, infrastructure side unit security, computing center security, and network and communication security and the security general technical requirements.
When the technical requirements of network and communication security is adopted, reference shall be made to the security technical requirements of user terminal, vehicle side unit, infrastructure side unit, and computing center according to the characteristics of different transport information systems, and reasonable technical measures shall be taken to ensure the coordination and complementarity among the security protection mechanisms of various components of the transport information system and form longitudinal-depth protection capabilities. See Figure 1 for the transport information security system architecture.
Figure 1 Transport information security system architecture
6 General technical requirements for transport information system security
6.1 Identity authentication
The technical requirements for identity authentication include the following:
a) The logged-in user shall be subjected to identity identification and authentication; the identity identification of the user shall be unique and the identity authentication information shall be required to have certain complexity;
b) The user shall modify the initial password set by the system when logging in for the first time and change it regularly;
c) The combination of two or more authentication technologies should be adopted to carry out identity authentication for user, with one of the authentication technologies realized by using cryptographic technique;
d) Necessary measures shall be taken to avoid the transmission of authentication information in plaintext when remote management is carried out;
e) The function of login failure handling shall be provided, and necessary protection measures, such as session shutdown, limiting illegal login times and automatic exit in case of login connection timeout, shall be configured and enabled;
f) Authentication information reset or other technical measures shall be taken to ensure system security when the user identity authentication information is lost or invalid;
g) The users shall be required to register with their real names (based on name, ID number, VIN number, mobile phone number, etc.) in various transportation applications according to the principle of "using real-name at background and voluntary at the foreground", and the system shall verify the real names.
6.2 Access control
The technical requirements for access control include the following:
a) The function of access control shall be provided, with accounts and authorities assigned to logged-in users;
b) Default account shall be renamed or deleted and the default password of the default account shall be changed;
c) The redundant and expired account shall be deleted;
d) The minimum authority shall be granted to different accounts to complete their respective tasks, with a mutually restrictive relationship formed between them;
e) The access control policy shall be configured by authorized subject and the subject-to-object access rules shall be specified in the access control policy;
f) The granularity of access control shall be at the user level for the subject and at least at the file level for the object;
g) Security markings shall be set for sensitive information resources, and subjects' access to information resources with security markings shall be controlled.
6.3 Malicious code prevention
The technical requirements for malicious code prevention include the following:
a) It shall be able to detect and remove malicious codes such as viruses, worms and Trojans;
b) It shall be able to upgrade and update the malicious code prevention mechanism, and technical means shall be adopted for dedicated network and local area network of transport to upgrade the malicious code prevention mechanism timely.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Architecture of information security technology for transportation
6 General technical requirements for transport information system security
7 Technical requirements for user terminal security
8 Technical requirements for vehicle side unit security
9 Technical requirements for infrastructure side unit security
10 Technical requirements for computing center security
11 Technical requirements for network and communication security
Bibliography
交通運(yùn)輸 信息安全規(guī)范
1 范圍
本標(biāo)準(zhǔn)規(guī)定了交通運(yùn)輸信息安全技術(shù)體系架構(gòu)和通用技術(shù)要求,包括構(gòu)成交通運(yùn)輸信息系統(tǒng)的用戶終端、載運(yùn)裝備單元、基礎(chǔ)設(shè)施單元、計(jì)算中心、網(wǎng)絡(luò)與通信各基本組成部分的信息安全通用和專項(xiàng)技術(shù)要求。
本標(biāo)準(zhǔn)適用于指導(dǎo)交通運(yùn)輸信息系統(tǒng)運(yùn)營(yíng)者針對(duì)非涉密系統(tǒng)的特定信息安全需求提出具體的信息安全標(biāo)準(zhǔn)、規(guī)范、實(shí)施指南等,也可用于指導(dǎo)開(kāi)展信息安全技術(shù)體系規(guī)劃、設(shè)計(jì)、建設(shè)、運(yùn)維、評(píng)估等工作。
2 規(guī)范性引用文件
下列文件對(duì)于本文件的應(yīng)用是必不可少的。凡是注日期的引用文件,僅注日期的版本適用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改單)適用于本文件。
GB/T 20839—2007 智能運(yùn)輸系統(tǒng) 通用術(shù)語(yǔ)
GB/T 25069—2010 信息安全技術(shù) 術(shù)語(yǔ)
3 術(shù)語(yǔ)和定義
GB/T 20839—2007和GB/T 25069—2010界定的以及下列術(shù)語(yǔ)和定義適用于本文件。為了便于使用,以下重復(fù)列出了GB/T 20839—2007和GB/T 25069—2010中的某些術(shù)語(yǔ)和定義。
3.1
交通運(yùn)輸信息系統(tǒng) transport information system
交通運(yùn)輸領(lǐng)域由計(jì)算機(jī)或者其他信息終端及相關(guān)設(shè)備和網(wǎng)絡(luò)組成的按照一定的規(guī)則和程序?qū)π畔⑦M(jìn)行收集、存儲(chǔ)、傳輸、交換、處理的系統(tǒng)。通常由終端、載運(yùn)裝備單元、基礎(chǔ)設(shè)施單元、計(jì)算中心、網(wǎng)絡(luò)和通信等全部或部分組成。
3.2
信息安全 information security
保護(hù)、維持信息的保密性、完整性和可用性,也可包括真實(shí)性、可核查性、抗抵賴性、可靠性等性質(zhì)。
[GB/T 25069—2010,定義2.1.52]
3.3
交通運(yùn)輸信息系統(tǒng)運(yùn)營(yíng)者 operators of transport information system
交通運(yùn)輸非涉密信息系統(tǒng)的所有者、管理者和服務(wù)提供者。
3.4
交通運(yùn)輸通用用戶終端 general user terminal for transport
在交通運(yùn)輸業(yè)務(wù)中使用的通用桌面終端設(shè)備和移動(dòng)智能終端設(shè)備,包括臺(tái)式機(jī)、筆記本電腦、智能手機(jī)、平板電腦等。
3.5
交通運(yùn)輸專用用戶終端 special user terminal for transport
在交通運(yùn)輸業(yè)務(wù)中使用的具備特定功能可實(shí)現(xiàn)人機(jī)交互操作的設(shè)備。
3.6
基礎(chǔ)設(shè)施單元 infrastructure side unit
為實(shí)現(xiàn)交通運(yùn)輸信息系統(tǒng)功能,部署在路側(cè)、岸側(cè)的設(shè)備或模塊等,包括通信設(shè)備、信息發(fā)布設(shè)備、狀態(tài)監(jiān)測(cè)設(shè)備、環(huán)境監(jiān)測(cè)設(shè)備等。
3.7
載運(yùn)裝備單元 vehicle side unit
車輛、船舶、集裝箱等交通運(yùn)輸裝備中與基礎(chǔ)設(shè)施單元、終端或計(jì)算中心實(shí)現(xiàn)通信的裝置或通信模塊等。
3.8
安全單元 security element;SE
含有中央處理單元的集成電路模塊,負(fù)責(zé)通用和專用用戶終端、載運(yùn)裝備單元和基礎(chǔ)設(shè)施單元的訪問(wèn)許可、信息鑒別和加密保護(hù)等。
3.9
生命安全級(jí)應(yīng)用 safety related application
緊急碰撞與傷害減弱,潛在碰撞與傷害減弱和防止,緊急事件通知(如前車急剎)等;緊急情況通知(如事故,急救車輛,突發(fā)性環(huán)境惡化通知)等應(yīng)用。
3.10
行駛輔助級(jí)應(yīng)用 driving aid application
基礎(chǔ)設(shè)施側(cè)單元向載運(yùn)裝備通知的高優(yōu)先級(jí)的公共安全信息相關(guān)通知;安全相關(guān)道路狀況緊急通知如紅綠燈周期、急轉(zhuǎn)彎等;行車輔助消息如自動(dòng)駕駛、路側(cè)周期廣播、定位差分信號(hào)、交通信息播報(bào)等應(yīng)用。
3.11
增值服務(wù)級(jí)應(yīng)用 value-added service application
非優(yōu)先類業(yè)務(wù)如在線支付充值、個(gè)性化導(dǎo)航服務(wù)、行車路線建議、電子商務(wù)等應(yīng)用。
3.12
保密性 confidentiality
使數(shù)據(jù)不泄露給未授權(quán)的個(gè)人、實(shí)體、進(jìn)程,或不被其利用的特性。
[GB/T 25069—2010,定義2.1.1]
3.13
完整性 integrity
數(shù)據(jù)沒(méi)有遭受以未授權(quán)方式所做的更改或破壞的特性。
[GB/T 25069—2010,定義2.1.42]
3.14
可用性 availability
已授權(quán)實(shí)體一旦需要就可訪問(wèn)和使用的數(shù)據(jù)和資源的特性。
[GB/T 25069—2010,定義2.1.20]
3.15
數(shù)據(jù)新鮮性 data freshness
防止已成功接收的歷史數(shù)據(jù)再次被接收處理,或超出數(shù)據(jù)接收時(shí)間的數(shù)據(jù)被接收,或超出數(shù)據(jù)合法性范圍的數(shù)據(jù)被接收的特性。
3.16
輔助駕駛 driving assistance
利用傳感探測(cè)、自動(dòng)控制、通信等技術(shù),通過(guò)載運(yùn)裝備單元和基礎(chǔ)設(shè)施單元的智能探測(cè)、載運(yùn)裝備-載運(yùn)裝備和載運(yùn)裝備-基礎(chǔ)設(shè)施通信等方法,為駕駛員提供信息服務(wù)與支持、緊急情況下的預(yù)警和控制干預(yù)支持等功能,提高駕駛員出行安全和效率。
[GB/T 20839—2007,定義7.2]
4 縮略語(yǔ)
下列縮略語(yǔ)適用于本文件。
RFID:射頻識(shí)別(Radio Frequency Identification)
T-BOX:遠(yuǎn)程信息處理器(Telematics BOX)
TPMS:輪胎壓力監(jiān)測(cè)系統(tǒng)(Tire Pressure Monitoring System)
USB:通用串行總線(Universal Serial Bus)
VIN:車輛識(shí)別碼(Vehicle Identification Number)
5 交通運(yùn)輸信息系統(tǒng)安全技術(shù)體系架構(gòu)
交通運(yùn)輸信息安全技術(shù)體系架構(gòu)由用戶終端安全、載運(yùn)裝備單元安全、基礎(chǔ)設(shè)施單元安全、計(jì)算中心安全、網(wǎng)絡(luò)和通信安全、安全通用技術(shù)六部分構(gòu)成,安全通用技術(shù)是對(duì)其余五部分的共性要求。
交通運(yùn)輸信息系統(tǒng)運(yùn)營(yíng)者應(yīng)確保所運(yùn)營(yíng)的信息系統(tǒng)滿足用戶終端安全、載運(yùn)裝備單元安全、基礎(chǔ)設(shè)施單元安全、計(jì)算中心安全、網(wǎng)絡(luò)和通信安全五個(gè)體系組成部分的專項(xiàng)安全技術(shù)要求,同時(shí)還要滿足安全通用技術(shù)要求。
采用網(wǎng)絡(luò)和通信安全技術(shù)要求時(shí),應(yīng)根據(jù)不同交通運(yùn)輸信息系統(tǒng)的特征,參考用戶終端、載運(yùn)裝備單元、基礎(chǔ)設(shè)施單元、計(jì)算中心的安全技術(shù)要求,采用合理的技術(shù)措施,確保交通運(yùn)輸信息系統(tǒng)各組成部分安全防護(hù)機(jī)制之間的協(xié)調(diào)性和互補(bǔ)性,形成縱深防護(hù)能力。交通運(yùn)輸信息安全體系架構(gòu)見(jiàn)圖1。
交通運(yùn)輸信息安全技術(shù)
安全通用技術(shù)
身份鑒別
安全審計(jì)
訪問(wèn)控制
密碼應(yīng)用
惡意代碼防范
用戶終端安全技術(shù)
設(shè)備和主機(jī)安全
應(yīng)用軟件安全
數(shù)據(jù)安全
入侵防范
載運(yùn)裝備單元安全技術(shù)
物理和環(huán)境安全
設(shè)備標(biāo)識(shí)
基礎(chǔ)設(shè)施單元安全技術(shù)
屋里和環(huán)境安全
計(jì)算中心安全技術(shù)
云計(jì)算平臺(tái)安全
網(wǎng)絡(luò)和通信安全技術(shù)
物理與環(huán)境安全
集中管控
網(wǎng)絡(luò)架構(gòu)安全
訪問(wèn)控制
通信傳輸安全
入侵防范
邊界防護(hù)
圖1 交通運(yùn)輸信息安全體系架構(gòu)圖
6 交通運(yùn)輸信息系統(tǒng)安全通用技術(shù)要求
6.1 身份鑒別
身份鑒別技術(shù)要求包括:
a) 應(yīng)對(duì)登錄的用戶進(jìn)行身份標(biāo)識(shí)和鑒別,用戶的身份標(biāo)識(shí)應(yīng)具有唯一性,身份鑒別信息具有復(fù)雜度要求;
b) 用戶首次登錄時(shí)應(yīng)修改系統(tǒng)設(shè)置的初始口令,并定期更換;
c) 宜采用兩種或兩種以上組合的鑒別技術(shù)對(duì)用戶進(jìn)行身份鑒別,且其中一種鑒別技術(shù)應(yīng)使用密碼技術(shù)來(lái)實(shí)現(xiàn);
d) 當(dāng)進(jìn)行遠(yuǎn)程管理時(shí),應(yīng)采取必要措施,避免鑒別信息明文傳輸;
e) 應(yīng)具有登錄失敗處理功能,應(yīng)配置并啟用結(jié)束會(huì)話、限制非法登錄次數(shù)和當(dāng)?shù)卿涍B接超時(shí)自動(dòng)退出等相關(guān)必要的保護(hù)措施;
f) 用戶身份鑒別信息丟失或失效時(shí),應(yīng)采用鑒別信息重置或其他技術(shù)措施保證系統(tǒng)安全;
g) 按照“后臺(tái)實(shí)名、前臺(tái)自愿”的原則,要求用戶在各類交通運(yùn)輸應(yīng)用中進(jìn)行實(shí)名身份(基于姓名、身份證號(hào)、VIN號(hào)、移動(dòng)電話號(hào)碼等)注冊(cè),系統(tǒng)應(yīng)對(duì)實(shí)名情況進(jìn)行校驗(yàn)。
6.2 訪問(wèn)控制
訪問(wèn)控制技術(shù)要求包括:
a) 應(yīng)提供訪問(wèn)控制功能,對(duì)登錄的用戶分配賬號(hào)和權(quán)限;
b) 應(yīng)重命名或刪除默認(rèn)賬號(hào),修改默認(rèn)賬號(hào)的默認(rèn)口令;
c) 應(yīng)及時(shí)刪除多余的、過(guò)期的賬號(hào);
d) 應(yīng)授予不同賬號(hào)為完成各自承擔(dān)任務(wù)所需的最小權(quán)限,并在它們之間形成相互制約的關(guān)系;
e) 應(yīng)由授權(quán)主體配置訪問(wèn)控制策略,訪問(wèn)控制策略規(guī)定主體對(duì)客體的訪問(wèn)規(guī)則;
f) 訪問(wèn)控制的粒度應(yīng)達(dá)到主體為用戶級(jí),客體至少為文件級(jí);
g) 應(yīng)對(duì)敏感信息資源設(shè)置安全標(biāo)記,并控制主體對(duì)有安全標(biāo)記信息資源的訪問(wèn)。
6.3 惡意代碼防范
惡意代碼防范技術(shù)要求包括:
a) 應(yīng)具備對(duì)病毒、蠕蟲(chóng)、木馬等惡意代碼進(jìn)行檢測(cè)和清除的能力;
b) 應(yīng)具備維護(hù)惡意代碼防護(hù)機(jī)制的升級(jí)和更新的能力,交通運(yùn)輸專網(wǎng)、局域網(wǎng)等應(yīng)采取技術(shù)手段及時(shí)升級(jí)惡意代碼防護(hù)機(jī)制。
6.4 安全審計(jì)
安全審計(jì)技術(shù)要求包括:
a) 應(yīng)對(duì)交通運(yùn)輸信息系統(tǒng)中的關(guān)鍵節(jié)點(diǎn)進(jìn)行安全審計(jì),審計(jì)覆蓋到每個(gè)用戶,對(duì)重要的用戶行為和重要安全事件進(jìn)行審計(jì);
b) 審計(jì)記錄應(yīng)包括事件的日期、時(shí)間、用戶、事件類型、事件是否成功及其他與審計(jì)相關(guān)的信息;
c) 應(yīng)對(duì)審計(jì)記錄進(jìn)行保護(hù),定期備份,避免受到未預(yù)期的刪除、修改或覆蓋等;
d) 應(yīng)確保審計(jì)記錄的留存時(shí)間符合法律法規(guī)要求,存儲(chǔ)時(shí)間不少于6個(gè)月;
e) 審計(jì)記錄產(chǎn)生時(shí)的時(shí)間應(yīng)由系統(tǒng)范圍內(nèi)唯一確定的時(shí)鐘產(chǎn)生,以確保審計(jì)分析的正確性;
f) 應(yīng)對(duì)審計(jì)進(jìn)程進(jìn)行保護(hù),防止未經(jīng)授權(quán)的中斷。
6.5 密碼應(yīng)用
密碼應(yīng)用技術(shù)要求包括:
a) 交通運(yùn)輸重要信息系統(tǒng)應(yīng)采用交通運(yùn)輸行業(yè)規(guī)劃的密鑰和數(shù)字證書;
b) 交通運(yùn)輸重要信息系統(tǒng)采用密碼技術(shù)保證應(yīng)用系統(tǒng)實(shí)現(xiàn)身份鑒別、訪問(wèn)控制等安全功能,確保審計(jì)記錄、數(shù)據(jù)存儲(chǔ)和通信安全;
c) 應(yīng)優(yōu)先采用SM系列密碼算法;
d) 應(yīng)采用經(jīng)國(guó)家密碼主管部門認(rèn)可的密碼產(chǎn)品;
e) 同時(shí)運(yùn)行在互聯(lián)網(wǎng)和專網(wǎng)的信息系統(tǒng),須使用密碼技術(shù)保證網(wǎng)絡(luò)系統(tǒng)實(shí)現(xiàn)安全訪問(wèn)路徑、訪問(wèn)控制、身份鑒別功能;
f) 應(yīng)采用密碼技術(shù)保證主機(jī)設(shè)備、網(wǎng)絡(luò)設(shè)備實(shí)現(xiàn)身份鑒別、訪問(wèn)控制、審計(jì)記錄、數(shù)據(jù)傳輸安全、數(shù)據(jù)存儲(chǔ)安全和程序安全;
g) 應(yīng)采用密碼技術(shù)實(shí)現(xiàn)專用終端、載運(yùn)裝備單元和基礎(chǔ)設(shè)施單元的接入認(rèn)證。
7 用戶終端安全技術(shù)要求
7.1 設(shè)備和主機(jī)安全
設(shè)備和主機(jī)安全技術(shù)要求包括:
a) 專用用戶終端應(yīng)具備與T作環(huán)境相適應(yīng)的物理防護(hù)措施,具備必要的防擠壓、防水等能力;
b) 專用用戶終端的身份標(biāo)識(shí)裝置應(yīng)具備防物理拆卸、邏輯破壞和偽造等功能,發(fā)現(xiàn)標(biāo)識(shí)異常時(shí),應(yīng)停止服務(wù)并發(fā)出和上傳警示信息;
c) 專用移動(dòng)終端、卡證讀寫設(shè)備等應(yīng)具有可尋址的唯一性標(biāo)識(shí),發(fā)起信息傳輸時(shí)應(yīng)進(jìn)行自身身份標(biāo)識(shí);
d) 應(yīng)對(duì)專用用戶終端的啟用、維護(hù)、棄置等進(jìn)行全生命周期管理;
e) 專用用戶終端在啟動(dòng)前應(yīng)進(jìn)行安全檢測(cè);
f) 專用用戶終端應(yīng)拆除或封閉不必要的數(shù)據(jù)傳輸物理接口;
g) 對(duì)于能夠接入外部設(shè)備的專用用戶終端,應(yīng)具有防惡意軟件和入侵防護(hù)能力,對(duì)臨時(shí)接入設(shè)備采取病毒查殺等安全預(yù)防措施。
7.2 應(yīng)用軟件安全
應(yīng)用軟件安全技術(shù)要求包括:
a) 應(yīng)用軟件應(yīng)經(jīng)過(guò)信息系統(tǒng)運(yùn)營(yíng)者自身授權(quán)和安全評(píng)估,能夠支持實(shí)現(xiàn)載運(yùn)裝備側(cè)設(shè)備和移動(dòng)應(yīng)用軟件安全防護(hù)需求(如密鑰管理、身份認(rèn)證管理、遠(yuǎn)程升級(jí)管理、安全監(jiān)控、數(shù)據(jù)安全、惡意代碼防護(hù)等),形成載運(yùn)裝備側(cè)、移動(dòng)應(yīng)用軟件和服務(wù)平臺(tái)的一體化防御體系;
b) 移動(dòng)應(yīng)用軟件在上線前,應(yīng)經(jīng)過(guò)安全檢測(cè);
c) 移動(dòng)應(yīng)用軟件在啟動(dòng)前,應(yīng)具有安全檢測(cè)機(jī)制并提供版本更新功能;
d) 移動(dòng)應(yīng)用軟件在運(yùn)行中,宜具有通信數(shù)字證書安全性校驗(yàn)功能;
e) 移動(dòng)專用用戶終端上的應(yīng)用軟件應(yīng)經(jīng)過(guò)單位自身授權(quán)和專業(yè)評(píng)估單位的安全評(píng)估。
7.3 數(shù)據(jù)安全
數(shù)據(jù)安全技術(shù)要求包括:
a) 專用移動(dòng)終端、卡證讀寫設(shè)備等應(yīng)采用安全單元或者達(dá)到同樣安全等級(jí)的方式存儲(chǔ)密鑰和敏感信息;
b) 應(yīng)具備定期備份關(guān)鍵業(yè)務(wù)數(shù)據(jù)的能力;
c) 經(jīng)用戶同意或接納服務(wù)條款的,服務(wù)提供者可以采集、存儲(chǔ)、傳輸和使用用戶信息(包括載運(yùn)裝備所有者與使用者,載運(yùn)裝備基礎(chǔ)信息等)。
7.4 入侵防范
入侵防范技術(shù)要求包括:
a) 用戶終端應(yīng)關(guān)閉不需要的系統(tǒng)服務(wù)、默認(rèn)共享和高危端口;
b) 專用用戶終端操作系統(tǒng)應(yīng)遵循最小安裝的原則,僅安裝需要的組件和應(yīng)用程序。
