版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡介
DepartmentofDefense(DoD)ZeroTrustReferenceArchitectureVersion2.0July2022PreparedbytheDefenseInformationSystemsAgency(DISA)andNationalSecurityAgency(NSA)ZeroTrustEngineeringTeamJuly2022DISTRIBUTIONSTATEMENTA.Approvedforpublicrelease.Distributionisunlimited.DocumentPreparedByDateName:RobertFreterJune2022DISAZeroTrustProgramLead(ID2)iiJuly2022TableofContents1PURPOSEANDSTRATEGICGOALS91.1Introduction91.2Purpose91.3Scope101.3.1Stakeholders101.3.2OrganizationoftheReferenceArchitecture101.3.3Timeframe121.4VisionandGoals(CV-1)131.4.1VisionandHigh-LevelGoals(CV-1)141.4.2ZeroTrustStrategy151.5Cybersecurity(Transition)ProblemStatement(OV-1)161.6OverallTargetEnvironment(OV-1)181.7Assumptions191.8Constraints202PILLARSANDPRINCIPLES202.1Overview202.2ConceptandTenetsofZeroTrust202.3Pillars212.4ReferenceArchitecturePrinciples(OV-6a)233CAPABILITIES253.1CapabilitiesTaxonomy(CV-2)253.2FFP:Pillars,Resources&CapabilityMapping314USECASES354.1DataCentricSecurityProtections(OV-1)354.2Data-CentricSecurityProtections(OV-2)374.3DataEncryptionProtections(OV-2)394.4CoordinatingPolicyforData-CentricSecurityProtections(OV-2)41iiiJuly20224.5DataAnalytics&AI(OV-1)424.6DataAnalytics&AI(SV-1)444.7CentralizedOrchestration&PolicyManagement(OV-1)454.8CentralizedOrchestration&PolicyManagement(OV-2)464.9Dynamic,AdaptivePolicyFeedbackLoop(OV-1)474.10VPN-LessImplementation(OV-1)484.11East-WestSegmentation(OV-1)494.12GlobalUniformDeviceHygiene(OV-1)504.13GlobalUniformDeviceHygiene(OV-2)524.14Dynamic,ContinuousAuthentication(OV-1)544.15Dynamic,ContinuousAuthentication(OV-2)564.16ConditionalAuthorization(OV-1)604.17ConditionalAuthorization(OV-2)625TECHNICALPOSITIONS635.1EmergingTechnologies635.2Standards,AssociatedArchitecturesandGuides645.3LinkagestoOtherArchitectures655.3.1DoDCybersecurityReferenceArchitecture(CSRA)Integration655.3.2DoDICAMReferenceDesign(RD)665.3.3NISTSpecialPublication800-207ZeroTrustArchitecture676SECURITYASSESSMENT686.1Governance686.2DataGovernance(OV-2)686.3SecuringSupplyChain(OV-2)707ARCHITECTUREPATTERNS717.1ArchitecturePatterns(CV-4)717.1.1DomainPolicyEnforcementforResourceAccess(SV-1)727.1.2SoftwareDefinedPerimeter(OV-2)73ivJuly20227.1.3ZTBrokerIntegration(SV-1)747.1.4MicroSegmentation(SV-1)747.1.5MacroSegmentation(SV-1)787.2ExternalServices787.2.1SvcV-1:ExternalServices(SvcV-1)797.2.2SvcV-2:EnterpriseFederatedIdentityService(SvcV-2)808TRANSITIONARCHITECTUREPLANNING(FFP)818.1MaturityModel(FFP)818.2Baseline(OV-1)828.3Transition(OV-1)839APPENDIX(AV-2)849.1Systems859.2Services909.3GeneralTerms929.4DIV-1939.5StdV-1-2References969.6CapabilityTable9710REFERENCES104vJuly2022LISTOFTABLESTable1ReferenceArchitecturePrinciples(OV-6A) 24Table2DesignPatternTable(CV-4) 71viJuly2022LISTOFFIGURESFigure1LegendforPerformers 12Figure2ZeroTrustVision(CV-1) 13Figure3CybersecurityProblemStatement(OV-1) 16Figure4TargetEnvironment(OV-1) 18Figure5ZeroTrustPillars 22Figure6CapabilitytoPillarsMapping(FFP) 26Figure7ZeroTrustAuthenticationandAuthorizationCapabilityTaxonomy(CV-2) 27Figure8ZeroTrustInfrastructure,WorkloadandDataCapabilityTaxonomy(CV-2) 28Figure9ZeroTrustAnalyticsandOrchestrationCapabilitiesTaxonomy(CV-2) 29Figure10ZeroTrustEnablingCapabilitiesTaxonomy(CV-2) 30Figure11FFP:Pillars,Resources&CapabilityMapping(CV-7) 31Figure12DataCentricSecurityProtections(OV-1) 35Figure13Data-CentricSecurityProtections(OV-2) 37Figure14DataEncryptionProtections(OV-2) 39Figure15CoordinatingPolicyforData-CentricSecurityProtections(OV-2) 41Figure16BigDataAnalytics&AI(OV-1) 42Figure17DataAnalytics&AI(SV-1) 44Figure18CentralizedOrchestration&PolicyManagement(OV-1) 45Figure19CentralizedOrchestration&PolicyManagement(OV-2) 46Figure20Dynamic,AdaptivePolicyFeedbackLoop(OV-1) 47Figure21VPN-LessImplementation(OV-1) 48Figure22East-WestSegmentation(OV-1) 49Figure23GlobalUniformDeviceHygiene(OV-1) 50Figure24GlobalUniformDeviceHygiene(OV-2) 52Figure25Dynamic,ContinuousAuthentication(OV-1) 54Figure26Dynamic,ContinuousAuthentication(OV-2) 56Figure27PerformersRequiringAuthentication 58Figure28ConditionalAuthorization(OV-1) 60Figure29ConditionalAuthorization(OV-2) 62Figure31StandardsProfileforDoDZeroTrustArchitectures 64Figure32SecuringtheSupplyChain(OV-2) 70viiJuly2022Figure33DomainPolicyEnforcementforResourceAccess(SV-1) 72Figure34DesignPattern:SoftwareDefinedPerimeter(OV-2) 73Figure35SoSDesignPattern:ZeroTrustBrokerIntegration(SV-1) 74Figure36SoSMicroSegmentation(SV-1) 75Figure37SoSMicroSegmentation(SV-1) 76Figure38SoSMicroSegmentation(SV-1) 77Figure39DesignPatterns:SoSMacroSegmentation(SV-1) 78Figure40ExternalServices(SvcV-1) 79Figure41EnterpriseFederatedIdentityService(SvcV-2) 80Figure42ICAMService(SvcV-2) 80Figure43MaturityModel(FFP) 81Figure44TransitionArchitectureBaseline(OV-1) 82Figure45TransitionArchitectureTransition(OV-1) 83viiiJuly2022PURPOSEANDSTRATEGICGOALS1.1Introduction“ZeroTrustisthetermforanevolvingsetofcybersecurityparadigmsthatmovedefensesfromstatic,network-basedperimeterstofocusonusers,assets,andresources.ZeroTrustassumesthereisnoimplicittrustgrantedtoassetsoruseraccountsbasedsolelyontheirphysicalornetworklocation(i.e.,localareanetworksversustheInternet)orbasedonassetownership(enterpriseorpersonallyowned).”1ZeroTrust(ZT)requiresdesigningaconsolidatedandmoresecurearchitecturewithoutimpedingoperationsorcompromisingsecurity.Theclassicperimeter/defense-in-depthcybersecuritystrategyrepeatedlyshowstohavelimitedvalueagainstwell-resourcedadversariesandisanineffectiveapproachtoaddressinsiderthreats.TheDoDCybersecurityReferenceArchitecture(CSRA)documentstheDepartment’sapproachtocybersecurityandisbeingupdatedtobecomedatacentricandinfuseZTprinciples.ZTsupportsthe2018DoDCyberStrategy,the2019DoDDigitalModernizationStrategy,the2021ExecutiveOrderonImprovingtheNation’sCybersecurity,andtheDoDChiefInformationOfficer’s(CIO)visionforcreating“amoresecure,coordinated,seamless,transparent,andcost-effectivearchitecturethattransformsdataintoactionableinformationandensuresdependablemissionexecutioninthefaceofapersistentcyberthreat.”2ZTshouldbeusedtore-prioritizeandintegrateexistingDoDcapabilitiesandresources,whilemaintainingavailabilityandminimizingtemporaldelaysinauthenticationmechanisms,toaddresstheDoDCIO’svision.1.2PurposeAnarchitectureisbuiltforadefinedpurposeandshouldansweraspecificsetofquestionstoenablingdata-driven,informeddecisions.TheReferenceArchitecture(RA)establishesaframeworkthatprovidesguidanceviaarchitecturalPillarsandPrinciples.Itidentifieswhichoftheoverallstrategicneeds(goalsandobjectives)arethefocusoftheRA.TheRAisaconceptual,capability-centricdescriptionofthearchitectureandprimarilysupportscapabilityplanning,portfoliomanagement,andInformationTechnology(IT)investmentdecisions.Itestablisheshigh-levelserviceandoperationconcepts,architecturalquestionsofimportance,andtechnologyopportunitiesandconstraintsthatshapethedomainofanapproach.TheRAalsoincludesasynopsisofcurrentindustryandDoDapproachesandidentifieskeydeterminingstandardsthattogetherdescribeconstraintsandopportunities.1NISTSP800-207ZeroTrustArchitecture,August20202DoDDigitalModernizationStrategy,June2019.9July20221.3ScopeTheDoDZeroTrustEngineeringTeamdevelopedthisZeroTrustReferenceArchitecture(ZTRA)toalignwiththeDoDdefinition:“ReferenceArchitectureisanauthoritativesourceofinformationaboutaspecificsubjectareathatguidesandconstrainstheinstantiationsofmultiplearchitecturesandsolutions.”3ThisReferenceArchitecturedescribesEnterprisestandardsandcapabilities.Singleproducts/suitescanbeadoptedtoaddressmultiplecapabilities.Integratedvendorsuitesofproductsratherthanindividualcomponentswillassistinreducingcostandrisktothegovernment.Thisdocumentwillevolveasrequirements,technology,andbestpracticeschangeandmature.ZTpromotesanindividualjourneytoacollaborativegoalofcontinuousenhancements,whilealsoincorporatingbestpractices,tools,andmethodologiesofindustry.1.3.1StakeholdersTheDoDZTRAwillbeusedbyDoDMissionOwners(MOs)toguideandconstraintheevolutionofexistingDoDITandEnterpriseEnvironments.MOsareindividuals/organizationsresponsiblefortheoverallmissionenvironment,ensuringthatthefunctionalandcybersecurityrequirementsofthesystemarebeingmet.TheZTRAprovidesanend-statevision,strategy,andframeworkforMOsacrosstheDoDtoutilizeinordertostrengthencybersecurityandguidetheevolutionofexistingcapabilitiestofocusonadatacentricstrategy.ZTembedssecurityprinciplesthroughoutthearchitectureforthepurposeofprotectingdataandserviceoperations,preventing,detecting,responding,andrecoveringfrommaliciouscyberactivities.TheperspectiveoftheZTRAistoguidethedeveloper,operator,manager,anduserofZTinthedevelopmentofsolutionstoimplementaZTframeworkwithinanexistingenvironment.ThisZTRA’sintentisto:ProvidestakeholderswithoperationalcontextneededtobetterunderstandprinciplesandruleswhenapplyingaZTA.DefinecapabilitiesrequiredtoenableaZTA.ProvidebaselinedescriptionofZTforuseinmanagingchangeandriskassociatedwithevolvingoperationalneeds.DefinetheimportanceofZTbyshowcasinghowthemodelconstantlylimitsaccesswhenrequired,continuouslymonitors,andidentifiesanomaliesormaliciousacts.1.3.2OrganizationoftheReferenceArchitecture3DoDReferenceArchitectureDescription–June201010July2022ThisRAcontainsthefollowingsections:StrategyandVision(withbroadOperationalViews)PillarsandPrinciplesConceptualCapabilityArchitecture(capabilitiesorganizedintoafunctionaltaxonomy,hereassociatedwiththePillars)UseCasesandassociatedrequirementsTechnicalenvironmentdescribingemergingtechnology,commonindustryapproachesandkeystandardsSecurityAssessmentArchitecturepatterns(ThescopeofalternatewaystorealizeaconformantdesignandtherefiningofPerformersintoSystemsandServices)Example,TransitionArchitecturedirectionmeetingtheaboveconstraintsandbeingpursuedatthetimeoftheRA(MaturityModel,baseline,transition,target,phases)FollowingDoDstandards,theartifactsinthisRAarefromtheDepartmentofDefenseArchitecturalFramework(DoDAF).BecauseofthebroadaudiencethatneedstounderstandandadaptZT,aninformalstyleisusedfortheartifacts.Informaldrawingsareeasiertounderstandbyawideaudience,notallofwhomarefamiliarwithUnifiedProfileforDoDAF/MODAF(UPDM)modelrepresentations.Thesedrawingsshouldallowacommonrepresentativeofthetargetstakeholdertograspthemeaningoftheartifact.WiththeRA,itisthecontentthatisimportant.However,thisisstilladigitalarchitecturalmodelandincludesartifactswithdescriptions,listsofdefinitions,andtablesofinteraction.Entities(thenounsofDoDAF)aredefinedandusedintheartifactdrawingswhichtellastoryoffunctionandentityrelationships.TheAllViewIntegratedDictionary(AV-2)isorganizedbytypeofentityandmostofthesetablesareintheappendix.FromthisRA,ReferenceDesigns(RD)canbecreatedthatcaptureaZTlogicalarchitectureforspecificenvironmentsandfunctionalneeds.TheconceptualcapabilityarchitecturepredominatelyiscapturedinseveralOperationalViews[OV-1:High-LevelOperationalConceptGraphic,OV-2:OperationalResourceFlowDescription]andCapabilityViews[CV-1:Vision,CV-2:CapabilityTaxonomy].StrategiesarecapturedinaCV-1.Here,OV-1sdescribetheproblemandtheopportunitiesforaspecificfunctionalenvironment.ThencapabilitiesareexplainedinrelationtotheOV-1opportunities.The(entitytype)capabilitiesappearinthedrawingswithathinline.Thesearecapturedinacapabilitytaxonomy(CV-2)organizedbytheirassociationswithPillarsandresources.TheothermainviewtypeistheOV-2:OperationalResourceFlowDescription.Thiscapturesspecificresourcesandhowtheyinteractinaspecificusecaseorarchitecturalpattern(withsomeconceptualSV-1:SystemsInterfaceDescription&SvcV-1:ServicesContextDescription).11July2022Figure1LegendforPerformers1.3.3TimeframeThesearethegeneraltimelinesassociatedwiththedevelopmentoftheZTRA.30September2020:InitialZTRAv0.9submittedforreviewbyDISA,NSA,DoDCIO,andUnitedStatesCyberCommand04November2020:ZTRAv0.9submittedtoEnterpriseArchitectureEngineeringPanel(EAEP)forfeedback04December2020:ZeroTrustJointEngineeringTeamreceivedfeedbackandbeganadjudication24December2020:SubmissionofZTRAv0.95submittedtoEAEP04January2021:EAEPmembersvotedonZTRArelease11Febuary2021:DigitalModernizationInfrastructureInfrastructureExecutiveCommiteeapprovalofZTRAv1.013May2021:ZTRAv1.0publishedonDoDCIOLibrary30September2021:ZTRAv2.0draftdevelopmentcomplete21November2021:DCIOCSChiefArchitectdirectedZTRA2.0tobestaffedthroughCSRASteeringGrouponitswaytoEAEPand/orDMIEXCOM7February2022:CSRASteeringGroup-JointO-6/GS-15CATMSreviewofdraftZTRAv2.0completed24May2022:EAEPcompletedassessment1June2022:BriefedtheEAEPresultsofassessmentwithcompleteconcurrenceofthepanelmembers12July20221.4VisionandGoals(CV-1)Figure2ZeroTrustVision(CV-1)4Byreconfiguring,reprioritizing,andaugmentingexistingDoDcapabilities,theDoDwillbeabletoevolvetowardsanext-generationsecurityarchitecture,ZT.Withtheseaugmentedcapabilities,theagencywillbeabletosecureanddefendDoDinformation,systems,andcriticalinfrastructureagainstmaliciouscyberactivity,includingDoDinformationonthenon-DoD-ownedenvironments.Theabilitytodetect,deter,deny,defend,andrecoverfrommaliciouscyberactivitiesanddevelopascalable,resilient,auditable,anddefendableframeworkwillrequireseveraldifferentwaystostrategicallyprotectDoDenvironments.Theconceptoftrustednetworks,devicesandendpointsgearedtowardsperimeterbaseddefenseswillshifttowardanevertrust,alwaysverifyapproach.Movingsecurityawayfromtheperimeterandtowardsanintegratedsecurityarchitecturefocusingonprotectingdata,applications,andserverswillbecriticaltoachievingtheZTvision.Ascyberthreatsevolveandbecomemoreandmoresophisticated,ZTimplementorswillneedtostaycurrentonexistingandemergingcybertechnologiestosystematicallyimproveenterpriseenvironmentdefensesthatareinlinewithZTconcepts.Thesenewstrategicgoalsenabletheimplementationofsecurityinamoreconsistentandefficientmanner.42018DoDCyberStrategy13July20221.4.1VisionandHigh-LevelGoals(CV-1)VulnerabilitiesexposedbydatabreachesinsideandoutsideDoDdemonstratetheneedforanewandmorerobustcybersecuritymodelthatfacilitatesmissionenablingdecisionsthatareriskaware.ZTisacybersecuritystrategyandframeworkthatembedssecurityprinciplesthroughouttheInformationEnterprise(IE)toprevent,detect,respond,andrecoverfrommaliciouscyberactivities.Thissecuritymodeleliminatestheideaoftrustedoruntrustednetworks,devices,personas,orprocesses,andshiftstomulti-attribute-basedconfidencelevelsthatenableauthenticationandauthorizationpoliciesbasedontheconceptofleastprivilegedaccess.ImplementingZTrequiresdesigningaconsolidatedandmoreefficientarchitecturewithoutimpedingoperationstominimizeuncertaintyinenforcingaccurate,leastprivilegeper-requestaccessdecisionsininformationsystemsandservicesviewedascompromised.ZTfocusesonprotectingcriticaldataandresources,notjustthetraditionalnetworkorperimetersecurity.ZTimplementscontinuousmulti-factorauthentication,micro-segmentation,encryption,endpointsecurity,automation,analytics,androbustauditingtoData,Applications,Assets,Services(DAAS).AstheDepartmentevolvestobecomeamoreagile,moremobile,cloud-instantiatedworkforce,collaboratingwithmultiplefederalandnon-governmentalorganizations(NGO)entitiesforavarietyofmissions,ahardenedperimeterdefensecannolongersufficeasaneffectivemeansofenterprisesecurity.Inaworldofincreasinglysophisticatedthreats,aZTframeworkreducestheattacksurface,reducesrisk,andensuresthatifadevice,network,oruser/credentialiscompromised,thedamageisquicklycontainedandremediated.State-fundedhackersarewelltrained,well-resourced,andpersistent.Theuseofnewtactics,techniques,andprocedurescombinedwithmoreinvasivemalwarecanenablemotivatedmaliciouspersonastomovewithpreviouslyunseenspeedandaccuracy.Anynewsecuritycapabilitymustberesilienttoevolvingthreatsandeffectivelyreducethreatvectors,internalandexternal.ZTend-usercapabilitiesimprovevisibility,control,andriskanalysisofinfrastructure,applicationanddatausage.Thisprovidesasecureenvironmentformissionexecution.EnablingZTcapabilitiesaddressthefollowingissuesandhigh-levelgoals:ModernizeInformationEnterprisetoAddressGapsandSeams.Overtime,DoDenvironmentshavebeendecentralized.Usabilityandsecuritychallengesstemfromyearsofbuildinginfrastructurealongorganizational,operationalanddoctrinalboundaries,withmultiplesecurityandsupporttiers,enclavesandnetworks.Capabilitiesdevelopedinsiloshaveinevitablyresultedindisconnectsandgapsinthecommandstructureandprocessesthatprecludeestablishingacomprehensive,dynamic,andnear-realtimecommonoperatingpicture.Adversarieshaveexploitedtheselogical,technological,andorganizationalgapsandseams.SimplifySecurityArchitecture.Afragmentedapproachtoinformationtechnologyandcybersecurityhasledtoexcessivetechnicalcomplexity,creatingvulnerabilitiesinenterprisehygiene,inadequatelyaddressingthreatsandresultsinhighlevelsoflatency.Complexsecuritytechniquesrendertheuserexperienceunresponsiveandineffective.14July2022Thisisafactorthatdrivestheuseofunapprovedorunsecuretechnologiesasuserslooktocompletetheirmission.ProduceConsistentPolicy.Thisisacriticallesson-learnedfromindustrythatautomatedcybersecuritypoliciesmustbeconsistentlyappliedacrossenvironmentsformaximumeffectiveness.Systemownershavearesponsibilitytodefinegovernancepractices.Thisenforcesreliabilityandconsistencyaligningwithpolicyandrequirements.OptimizeDataManagementOperations.ThesuccessofDoDmissions,rangingfrompayrolltomissiledefense,areincreasinglydependentonstructuredtaggeddatawithinandexternaltooriginatingsystems.Advancedanalyticsalsodependonthesedependencies.Whiledatastandardsandpolicyexist,theyaredisparateandinconsistentlyimplemented.Thisresultsin:oInteroperabilitychallengesbetweenapplications,organization
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 小學(xué)易讀錯(cuò)的漢字
- 滬科版八年級數(shù)學(xué)上冊第14章全等三角形14-2三角形全等的判定第4課時(shí)三角形全等的判定“角角邊”課件
- 人教版七年級下期語法聚焦句型復(fù)習(xí)提綱
- 蘇教版八年級生物上冊第7單元第二十章生物圈是最大的生態(tài)系統(tǒng)素養(yǎng)綜合檢測課件
- 企業(yè)倫理學(xué)(原書第5版) 課件 第5、6章 企業(yè)社會責(zé)任;倫理決策:雇主的義務(wù)和雇員的權(quán)利
- 2024-2025學(xué)年版塊8 運(yùn)動和力 專題8-4 力的合成 (含答案) 初中物理尖子生自主招生培優(yōu)講義83講
- 大學(xué)生創(chuàng)新創(chuàng)業(yè)項(xiàng)目之DIY陶瓷作坊
- 重慶市九龍坡區(qū)2024年中考語文適應(yīng)性考試試卷(含答案)
- 內(nèi)蒙古呼倫貝爾市2024年中考數(shù)學(xué)全真模擬試卷含解析
- 江蘇省常州市正衡中學(xué)2024-2025學(xué)年八年級上學(xué)期期中模擬英語試卷
- 2023年高考山東等級考試化學(xué)選擇題分析課件
- 經(jīng)濟(jì)法智慧樹知到課后章節(jié)答案2023年下溫州理工學(xué)院
- 《健康生活快樂成長》主題班會課件
- 小米公司的企業(yè)文化
- 匆匆朗讀背景
- 房產(chǎn)過戶模板5篇
- 上海市閔行區(qū)2023年七年級上學(xué)期語文期中考試試卷(附答案)
- Unit3Myweekendplan(課件)人教PEP版英語六年級上冊
- 西蒙管理行為讀書筆記
- 半掛車說明書
- 中國油庫分布概況
評論
0/150
提交評論