CFAS 北京长风信息技术产业联盟标准 CFAS0001-2019 信息安全技术 开源软件安全使用规范 2019-12-17发布 2020-01-01实施 全国团体标准信息平台 I目次 前言...........................................................................................................................................IV 引言............................................................................................................................................V 0.1概述......................................................................................................................................V 0.2本文的作用..........................................................................................................................V 0.3本文内容..............................................................................................................................V 1范围.........................................................................................................................................1 2规范性引用文件.....................................................................................................................1 3术语和定义.............................................................................................................................1 3.1访问控制ACCESSCONTROL.................................................................................................1 3.2攻击ATTACK.........................................................................................................................1 3.3审核AUDIT...........................................................................................................................1 3.4审核范围AUDITSCOPE.........................................................................................................1 3.5鉴别AUTHENTICATION..........................................................................................................2 3.6真实性AUTHENTICITY..........................................................................................................2 3.7可用性AVAILABILITY...........................................................................................................2 3.8基本测度BASEMEASURE.....................................................................................................2 3.9能力COMPETENCE................................................................................................................2 3.10保密性CONFIDENTIALITY....................................................................................................2 3.11符合性CONFORMITY...........................................................................................................2 3.12后果CONSEQUENCE.............................................................................................................2 3.13持续改进CONTINUALIMPROVEMENT..................................................................................2 3.14控制CONTROL....................................................................................................................2 3.15控制目标CONTROLOBJECTIVE...........................................................................................2 3.16纠正CORRECTION...............................................................................................................2 3.17整改措施CORRECTIVEACTION...........................................................................................2 3.18导出测度DERIVEDMEASURE...............................................................................................2 3.19成文信息DOCUMENTEDINFORMATION................................................................................2 3.20有效性EFFECTIVENESS.......................................................................................................3 3.21事态EVENT.........................................................................................................................3 3.22外部语境EXTERNALCONTEXT............................................................................................3 3.23信息安全治理GOVERNANCEOFINFORMATIONSECURITY....................................