ICS 35.240 L 70 湖 DB43 南 省 地 方 标 准 DB43/T 1842—2020 信息安全技术 区块链应用安全技术测评要求 Information security technology - Evaluation requirements for blockchain application security technology 2020-09-30发布 湖南省市场监督管理局 2020-12-30实施 发 布 DB43/T 1842—2020 目 次 前言························································································································································ Ⅲ 1 范围 ···················································································································································· 1 2 规范性引用文件 ································································································································· 1 3 术语和定义 ········································································································································ 1 4 等级测评概述 ····································································································································· 2 4.1 等级测评方法 ····························································································································· 2 4.2 单项测评····································································································································· 2 5 第一级测评要求 ································································································································· 2 5.1 应用系统测评要求 ····················································································································· 2 5.2 漏洞防护测评要求 ····················································································································· 3 5.3 安全审计测评要求 ····················································································································· 3 6 第二级测评要求 ································································································································· 5 6.1 应用系统测评要求 ····················································································································· 5 6.2 漏洞防护测评要求 ····················································································································· 6 6.3 安全审计测评要求 ····················································································································· 7 7 第三级测评要求 ································································································································· 9 7.1 应用系统测评要求 ····················································································································· 9 7.2 漏洞防护测评要求 ··················································································································· 10 7.3 安全审计测评要求 ··················································································································· 12 8 第四级测评要求 ······························································································································· 13 8.1 应用系统测评要求 ··················································································································· 13 8.2 漏洞防护测评要求 ··················································································································· 15 8.3 安全审计测评要求 ··················································································································· 16 9 测评结论 ·········································································································································· 18 9.1 风险分析和评价 ······················································································································· 18 9.2 等级测评结论 ··························································································································· 18 参考文献 ················································································································································ 19 I DB43/T 1842—2020 II DB43/T 1842—2020 前 言 本文件按照 GB/T 1.1—2020 给出的规则起草。 本文件由中共湖南省委网络安全和信息化委员会办公室提出。 本文件由湖南省区块链和分布式记账技术标准化技术委员会（筹）归口。 本文件起草单位：湖南链信安科技有限公司、湖南天河国云科技有限公司、湖南省东方区块链安全 技术检测中心、湖南省人民政府发展研究中心、湖南天河云链科技有限公司。 本文件主要起草人：谭林、聂朗、梁琪、杨征、陈昕、李财、聂璐璐、梁亮、尹海波、黄帅、汪武、 柳兴、郭慧、殷新文、丁雅琪、沈浪、张祥、宋姝、姜载乐、刘齐平、郑婷婷、胡钦、邹曼瑜等。 III DB43/T 1842—2020 IV DB43/T 1842—2020 信息安全技术 1 区块链应用安全技术测评要求 范围 本文件规定了区块链应用安全技术测评指标要求。包括第一级、第二级、第三级和第四级区块链应 用安全技术测评要求。 本文件适用于测评机构对区块链应用安