附件8 ICS35.240.40 CCSA11 JR 中华人民共和国金融行业标准 JR/T0231—2021 银行第三方软件开发工具包（SDK）安全 接入指南 Guidelinesforsecurityaccessofimportingthirdpartysoftware developmentkitinbank 2021-07-22发布 2021-07-22实施 中国人民银行发布JR/T0231—2021 I目  次 前言.....................................................................................................................................................................II 引言...................................................................................................................................................................III 1范围.................................................................................................................................................................1 2规范性引用文件.............................................................................................................................................1 3术语和定义.....................................................................................................................................................1 4缩略语.............................................................................................................................................................2 5工具包分类.....................................................................................................................................................2 6总体原则.........................................................................................................................................................3 6.1信息保护.................................................................................................................................................3 6.2信息透明.................................................................................................................................................3 6.3无主观恶意.............................................................................................................................................4 6.4全周期管理.............................................................................................................................................4 7第三方工具包设计安全.................................................................................................................................4 7.1资源控制.................................................................................................................................................4 7.2身份认证.................................................................................................................................................4 7.3访问控制.................................................................................................................................................5 7.4数据安全.................................................................................................................................................5 7.5软件容错.................................................................................................................................................5 7.6攻击防护.................................................................................................................................................6 7.7安全审计.................................................................................................................................................6 7.8个人信息收集.........................................................................................................................................6 7.9第三方工具包交付.................................................................................................................................7 附录A（资料性）第三方工具包恶意行为.................................................................................................8 附录B（资料性）银行集成第三方软件开发工具包的安全指南...........................................................10 参考文献.............................................................................................................................................................12JR/T02