Standard No.:	GB/T 20279-2015
English Name:	Information security technology—Security technical requirements of network and terminal separation products
Chinese Name:	信息安全技术 网络和终端隔离产品安全技术要求
Chinese Classification:	L80    Data encryption
Professional Classification:	GB    National Standard
Source Content Issued by:	AQSIQ; SAC
Issued on:	2015-05-15
Implemented on:	2016-1-1
Status:	superseded
Superseded by:	GB/T 20279-2024
Superseded on:	2025-4-1
Superseding:	GB/T 20279-2006 Information security technology Security techniques requirements of separation components of network and terminal equipment
Target Language:	English
File Format:	PDF
Word Count:	2000 words
Translation Price(USD):	130.0
Delivery:	via email in 1 business day

1 Scope This standard specifies the security function requirements, security assurance requirements, environmental adaptation requirements and performance requirements of network and terminal separation products. This standard is applicable to the design, development and test of network and terminal separation products. 2 Normative References The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition (including any amendments) applies to this document. GB 17859-1999 Classified Criteria for Security Protection of Computer Information System GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria For IT Security - Part 3: Security Assurance Requirements GB/T 25069-2010 Information Security Technology - Glossary 3 Terminologies and Definitions For the purpose of this standard, the following terms and definitions as well as those defined in GB 17859-1999 and GB/T 25069-2010 apply. 3.1 Security domain The computer or network area with the same security protection demand and security policy. 3.2 Physical disconnection The case that the networks in different security domains cannot be directly or indirectly connected. Note: in one physical network environment, the physical disconnection of networks in different security domains shall technically ensure disconnection of information in physical transmission and physical storage. 3.3 Protocol conversion The separation and reestablishment of protocol. Separate the application data in the network-based common protocol from one end of separation product in a certain security domain, package to transmit special system protocol to the other end of separation product in other security domain, then separate the special protocol and package it into the required format. 3.4 Protocol separation The networks in different security domains are physically connected, it is ensured that the protected information is logically separated through protocol conversion, and only the information with limited content required by the system for transmission may pass through. 3.5 Information ferry It is a mode of information exchange, physical transmission channel only exists during transmission.

Foreword i 1 Scope 2 Normative References 3 Terminologies and Definitions 4 Description of Network and Terminal Separation Products 5 Security Technical Requirements 5.1 Overall Description 5.1.1 Classification of Security Technical Requirements 5.1.2 Security Level 5.2 Security Function Requirements 5.2.1 Terminal Separation Products 5.2.2 Network Separation Product 5.2.3 Network Unilateral Transmission Product 5.3 Security Assurance Requirements 5.3.1 Requirements for Basic Level 5.3.2 Requirements for Enhanced Level 5.4 Environmental Adaptation Requirements 5.4.1 Next Generation of Internet Support (if any) 5.4.2 Support IPv6 Transition Network Environment (optional) 5.5 Property Requirements 5.5.1 Exchange Rate 5.5.2 Hardware Switching Time Bibliography