This standard gives guidance to help organizations prepare to deploy IDS. In particular, the selection, deployment, and operation of IDSs are detailed. Background information on the sources of these guidelines is also given. The purpose of this standard is to help organizations: a) Meet the following requirements of GB/T 22080-2008: Organizations should implement procedures and other control measures that can improve the ability to detect and respond to security incidents; Organizations should implement monitoring and review procedures and other control measures , to identify potential or existing security vulnerabilities and incidents. b) In terms of implementing control measures, meet the following security objectives of GB/T 22081-2008: Detect unauthorized information processing activities; should monitor the system and record information security events; operation logs and fault logs should be used to ensure the identification of information system problems ; The organization should comply with all relevant legal requirements for monitoring and logging activities; The monitoring system should be used to check the effectiveness of the controls adopted and to verify compliance with the access control policy model. Organizations should recognize that IDS deployments are not the only or perfect solution to meeting the above requirements. Furthermore, this International Standard is intended to serve as a criterion for conformity assessment, such as information security management system (ISMS) certification, IDS service or product certification.
GB/T 28454-2012 Referenced Document
GB/T 18336.1-2008 Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model
GB/T 18336.2-2008 Information technology. Security techniques. Evaluation criteria for IT security. Part 2: Security functional requirements
GB/T 18336.3-2008 Information technology. Security techniques. Evaluation criteria for IT security. Part 3: Security assurance requirements
GB/T 20275 Information security technology—Technical requirements and testing and evaluation approaches for network-based intrusion detection system*, 2021-10-11 Update
GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements
GB/T 22081-2008 Information technology.Security techniques.Code of practice for information security management
GB/T 25068.1-2012 Information technology.Security techniques.IT network security.Part 1:Network security management
GB/T 25068.2-2012 Information technology.Security techniques.IT network security.Part 2:Network security architecture
GB/Z 20985-2007 Information technology.Security techniques.Information security incident management guide
GB/T 28454-2012 history
2020GB/T 28454-2020 Information technology-Security techniques-Selection, deployment and operation of intrusion detection and prevention systems(IDPS)
2012GB/T 28454-2012 Information technology.Security techniques.Selection,deployment and operations of intrusion detection systems