IIIT/CSACICS35.240.01 CCSL60 T/CSAC001—2023 网络靶场基于技战术模型的安全测评方法 Cyberrange—Securitytestandevaluationmethodbasedontechnologyandtactic model 2023-6-16发布 2023-6-16实施 中国网络空间安全协会 发布团 体 标 准 全国团体标准信息平台 全国团体标准信息平台 T/CSAC001—2023 I目  次 前  言............................................................................III 1范围................................................................................1 2规范性引用文件......................................................................1 3术语和定义..........................................................................1 4符号和缩略语........................................................................2 5概述................................................................................2 5.1攻击技战术模型概述..............................................................2 5.2基于攻击技战术模型的安全测评流程................................................3 6确定测评实施方案....................................................................4 6.1制定计划........................................................................4 6.2组建团队........................................................................5 6.3搭建测评环境....................................................................5 6.4构建攻击技战术..................................................................7 6.5体系化模拟......................................................................8 6.6制定应急处置方案................................................................8 7测评执行...........................................................................10 7.1实施攻击测试...................................................................10 7.2测评处置.......................................................................10 8风险量化计算.......................................................................11 8.1资产赋值.......................................................................11 8.2威胁识别.......................................................................11 8.3弱点识别.......................................................................11 8.4风险值计算原理.................................................................13 8.5风险结果判定...................................................................13 9防护能力量化计算...................................................................14 9.1攻击检测能力识别...............................................................14 9.2攻击阻断能力识别...............................................................14 10结果判定..........................................................................15 10.1确定技术指标..................................................................15 10.2信息系统类判定准则............................................................15 10.3安全产品类判定准则............................................................15 11测评总结..........................................................................17 11.1测试反馈......................................................................17 11.2测评后处置....................................................................17 11.3差距报告......................................................................17 附录A（资料性）ATT&CK框架的战术阶段............................................18 附录B（资料性）安全测评人员知识和技能要求......................................19 全国团体标准信息平台 T/CSAC001—2023 II附录C（资料性）目标场景搭建步骤示例............................................22 C.1目标网络拓扑准备.................................................................22 C.2路由脚本配置及下发...............................................................22 附录D（资料性）攻击场景特殊性要求..............................................23 D.1概述.............................................................................23 D.2企业场景.........................................................................23 D.3工业控制系统场景.................................................................23 D.4移动终端场景.....................................................................23 D.5金融行业场景.....................................................................23 附录E（资料性）安全产品检测评估统计表..........................................25 参考文献..........................................................