信息安全研究 ›› 2016, Vol. 2 ›› Issue (5): 429-434.

• 网络安全标准化专题 • 上一篇    下一篇

移动互联网信息安全标准综述

宁华   

  1. 中国信息通信研究院泰尔终端实验室
  • 收稿日期:2016-05-17 出版日期:2016-05-15 发布日期:2016-05-17
  • 通讯作者: 宁华
  • 作者简介:博士,高级工程师,主要研究方向为移动互联网安全、个人信息保护. ninghua@caict.ac.cn

Overview of Mobile Internet Security Standard

  • Received:2016-05-17 Online:2016-05-15 Published:2016-05-17

摘要: 移动互联网的安全和隐私已成为国际社会面临的重大挑战,为支撑网络安全保障需求,美国国家信息安全保障合作组织(NIAP)发布了移动设备、移动设备管理、移动应用等保护轮廓,国家标准与技术研究院(NIST)发布了企业移动设备安全管理、移动应用安全审查等若干特别出版物,全面提升移动互联网的安全能力.我国也通过制定《移动智能终端安全架构》和《移动终端安全保护技术要求》等国家标准,加快构建移动互联网信息安全标准体系,不断地促进移动终端、接入网络、移动应用的安全标准化,积极应对移动互联网发展中遇到的诸多困难.

Abstract: Mobile Internet security has become the major challenge faced by the international community. To support the security assurance requirements, the National Information Assurance Partnership (NIAP) is currently working with industry, customers, and the Common Criteria community to create Protection Profiles (PP) for Mobile Security, MDF PP, MDM PP, and MP PP have been approved for use by vendors for evaluation of products under the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) and the Common Criteria Recognition Arrangement (CCRA). National Institute of Standards and Technology (NIST) uses Special Publication subseries to publish mobile security and guidelines, recommendations and reference materials including SP 800124r1, SP 800163, SP 18004, SP 80046r2, etc. To speed up the construction of mobile security standard system, 《Security architecture of mobile smart terminal》and 《Technical requirements for mobile device security》 are in the standardsetting process.