Standard No.:	GB/T 46334-2025
English Name:	Security testing methods for critical network devices—Programmable logic controller(PLC)
Chinese Name:	网络关键设备安全检测方法 可编程逻辑控制器（PLC）
Professional Classification:	GB    National Standard
Source Content Issued by:	SAMR, SAC
Issued on:	2025-10-05
Implemented on:	2026-5-1
Status:	to be valid
Target Language:	English
File Format:	PDF
Word Count:	10500 words
Translation Price(USD):	315.0
Delivery:	via email in 1 business day

GB/T 46334-2025 Security testing methods for critical network devices - Programmable logic controller (PLC) 1 Scope This document describes the security functional testing methods and security assurance assessment methods for programmable logic controllers (PLCs). This document is applicable to the research and development, testing, and other work concerning PLCs that fall within the specified scope of critical network devices. Note: Falling within the specified scope of critical network devices means that the devices' performance indicators or specifications fall within the scope specified in the Catalogue of critical network devices and specialized cybersecurity products. 2 Normative references The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 25069 Information security techniques - Terminology GB/T 45406-2025 Security technical requirements for critical network devices - Programmable logic controller (PLC) 3 Terms and definitions For the purposes of this document, the terms and definitions given in GB/T 25069 and the following apply. 3.1 programmable logic controller; PLC digitally operating electronic system, designed for use in an industrial environment, which uses a programmable memory for the internal storage of user-oriented instructions for implementing specific functions such as logic, sequencing, timing, counting and arithmetic, to control, through digital or analogue inputs and outputs (I/O), various types of machines or processes [Source: GB/T 15969.1-2007, 3.5, modified]   3.2 pre-installed software software installed or provided before delivery of device and necessary to ensure the normal use of the device Note: The pre-installed software for PLCs is typically the device firmware. [Source: GB 40050-2021, 3.10, modified] 3.3 read uploading data such as pre-installed software, programs, and state parameters from a PLC 3.4 write downloading data such as pre-installed software, programs, and state parameters to a PLC 3.5 vulnerability weaknesses in assets or controls that may be exploited by a threat [Source: GB 40050-2021, 3.3] 3.6 robustness degree to which a critical network device or component is capable of maintaining correct operation of its functions under environments such as invalid data input or high-intensity input [Source: GB 40050-2021, 3.5] 4 Abbreviations For the purposes of this document, the following abbreviations apply. CPU: Central Processing Unit I/O: Input/Output IP: Internet Protocol NTP: Network Time Protocol UID: User Identification 

Contents Foreword II 1 Scope 2 Normative references 3 Terms and definitions 4 Abbreviations 5 Test environment 6 Security functional testing methods 6.1 Device identification security 6.2 Redundancy, backup recovery and anomaly testing 6.3 Vulnerability and malicious program prevention 6.4 Security of pre-installed software startup and update 6.5 User identification and authentication 6.6 Access control security 6.7 Log audit security 6.8 Communication security 6.9 Data security 7 Security assurance assessment methods 7.1 Supply chain security 7.2 Design and development 7.3 Production and delivery 7.4 User data protection Bibliography