Standard No.:	GB/T 20278-2013
English Name:	Information Security Technology - Security Technical Requirements for Network Vulnerability Scanners
Chinese Name:	信息安全技术 网络脆弱性扫描产品安全技术要求
Chinese Classification:	L80    Data encryption
Professional Classification:	GB    National Standard
Source Content Issued by:	AQSIQ;SAC
Issued on:	1900-1-0
Implemented on:	2014-7-15
Status:	superseded
Superseded by:	GB/T 20278-2022 Information security technology—Security technical requirements and testing assessment approaches for network vulnerability scanners
Superseded on:	2022-10-1
Abolished on:	2022-10-01
Superseding:	GB/T 20278-2006 Information security technology - Technique requirement for network vulnerability scanners
Target Language:	English
File Format:	PDF
Word Count:	10000 words
Translation Price(USD):	120.0
Delivery:	via email in 1 business day

1 Scope This standard specifies the security function requirements, self-security requirements and security assurance requirements of network vulnerability scanners and classifies their levels according to different security technical requirements for network vulnerability scanners. This standard is applicable to the development, production and detection of network vulnerability scanners. 2 Normative References The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition (including any amendments) applies to this document. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 3: Security Assurance Requirements GB/T 25069-2010 Information Security Technology - Glossary 3 Terminologies and Definitions For the purpose of this standard, the terminologies and definitions specified in GB/T 17859-1999 and GB/T 25069-2010 as well as the following ones apply. 3.1 Scan The process of detecting the target system with technological tools for security risks existing in target system. 3.2 Vulnerability The weakness in network system that may be made use of and cause hazard. 3.3 Network vulnerability scan Remotely detect target system for security risk through network, inspect and analyze its security vulnerability thereby find out the security hole that may be utilized by intruder, and recommend some preventative and remedial measures. 3.4 Banner A piece of information sent by application program, generally including words of welcome, application name and version, etc. 4 Abbreviations

Foreword i 1 Scope 2 Normative References 3 Terminologies and Definitions 4 Abbreviations 5 Level Classification of Network Vulnerability Scanners 5.1 Description of Level Classification 5.2 Level Classification 6 Service Environment 7 Security Technical Requirements for Basic Level 7.1 Security Function Requirements 7.2 Self-security Requirements 7.3 Security Assurance Requirements 8 Security Technical Requirements for Enhanced Level 8.1 Security Function Requirements 8.2 Self-security Requirements 8.3 Security Assurance Requirements