1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0054-2018 English PDF (GMT0054-2018)
GM/T 0054-2018 English PDF (GMT0054-2018)
Regular price
$265.00 USD
Regular price
Sale price
$265.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0054-2018
Historical versions: GM/T 0054-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0054-2018: General requirements for information system cryptography application
GM/T 0054-2018
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record No.: 61709-2018
General Requirements for
Information System Cryptography Application
ISSUED ON: FEBRUARY 08, 2018
IMPLEMENTED ON: FEBRUARY 08, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 5
Introduction ... 6
1 Scope ... 7
2 Normative References ... 7
3 Terms and Definitions ... 7
4 Abbreviation ... 9
5 General Requirements ... 9
5.1 Cryptographic algorithm ... 9
5.2 Cryptographic technology ... 9
5.3 Cryptographic products... 9
5.4 Cryptographic service ... 9
6 Requirements of Cryptographic Function ... 10
6.1 Confidentiality ... 10
6.2 Data integrity ... 10
6.3 Authenticity ... 10
6.4 Non-repudiation ... 11
7 Cryptographic Technology Application Requirements ... 11
7.1 Physical and environmental security ... 11
7.1.1 General ... 11
7.1.2 Class-I information system with classified protection ... 11
7.1.3 Class-II information system with classified protection ... 12
7.1.4 Class-III information system with classified protection ... 12
7.1.5 Class-IV information system with classified protection ... 12
7.2 Network and communication security ... 13
7.2.1 General ... 13
7.2.2 Class-I information system with classified protection ... 13
7.2.3 Class-II information system with classified protection ... 14
7.2.4 Class-III information system with classified protection ... 14
7.2.5 Class-IV information system with classified protection ... 15
7.3 Equipment and computing security ... 16
7.3.1 General ... 16
7.3.2 Class-I information system with classified protection ... 16
7.3.3 Class-II information system with classified protection ... 16
7.3.4 Class-III information system with classified protection ... 17
7.3.5 Class-IV information system with classified protection ... 18
7.4 Application and data security ... 18
7.4.1 General ... 18
7.4.2 Class-I information system with classified protection ... 19
7.4.3 Class-II information system with classified protection ... 20
7.4.4 Class-III information system with classified protection ... 21
7.4.5 Class-IV information system with classified protection ... 22
8 Key Management ... 23
8.1 General ... 23
8.2 Class-I information system with classified protection ... 23
8.3 Class-II information system with classified protection ... 23
8.4 Class-III information system with classified protection ... 24
8.5 Class-IV information system with classified protection ... 25
9 Security Management ... 27
9.1 System ... 27
9.1.1 Class-I information system with classified protection ... 27
9.1.2 Class-II information system with classified protection ... 27
9.1.3 Class-III information system with classified protection ... 28
9.1.4 Class-IV information system with classified protection ... 28
9.2 Personnel ... 28
9.2.1 Class-I information system with classified protection ... 28
9.2.2 Class-II information system with classified protection ... 29
9.2.3 Class-III information system with classified protection ... 29
9.2.4 Class-IV information system with classified protection ... 30
9.3 Implementation ... 30
9.3.1 Planning ... 30
9.3.2 Construction ... 31
9.3.3 Operation ... 32
9.4 Emergency ... 33
9.4.1 Class-I information system with classified protection ... 33
9.4.2 Class-II information system with classified protection ... 33
9.4.3 Class-III information system with classified protection ... 33
9.4.4 Class-IV information system with classified protection ... 33
Appendix A (Informative) Security Requirements Comparison List ... 35
Appendix B (Informative) List of Cryptography Industry Standards ... 38
Bibliography ... 40
General Requirements for
Information System Cryptography Application
1 Scope
This Standard specifies the general requirements for information system commercial
cryptography application.
This Standard is applicable to guide, regulate and assess the information system
commercial cryptography application.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0028 Security Requirements for Cryptographic Modules
GM/T 0036 Technical Guidance of Cryptographic Application for Access Control
Systems Based on Contactless Smart Card
GM/Z 4001-2013 Cryptography Terminology
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001-2013
and the following apply. For the benefit of use, some terms and definitions given in
GM/Z 4001-2013 are listed repeatedly as follows.
3.1 One-time-password; OTP; dynamic password
The one-time password dynamically generated based on time, event, etc.
3.2 Access control
3.12 Message authentication code; MAC
The output of the message authentication algorithm; also known as the message
authentication code.
3.13 Authenticity
The property ensuring that the identity of the subject or resource is the claimed one.
The authenticity is applicable to the entities such as users, processes, systems, and
information.
3.14 Non-repudiation
The nature that proves an action that has occurred can’t be denied.
4 Abbreviation
The following abbreviation is applicable to this document.
MAC (Message Authentication Code)
5 General Requirements
5.1 Cryptographic algorithm
The cryptographic algorithm used in the information system shall conform to the
provisions of laws and regulations, as well as the relevant requirements of national and
industry standards related to cryptography.
5.2 Cryptographic technology
The cryptographic technology used in the information system shall follow the national
and industry standards related to cryptography.
5.3 Cryptographic products
The cryptographic products and cryptographic modules used in the information system
shall be approved by the state cryptography administration department.
5.4 Cryptographic service
The cryptographic service used in the information system shall be licensed by the state
cryptography administration department.
a) Authentication of personnel entering the important physical areas;
b) Authentication of the two parties of communication;
c) Authentication when network device is accessed;
d) Authentication for platform using the trusted computing technology;
e) Authentication of user who login the operating system and database system;
f) Authentication of user who applies the system.
6.4 Non-repudiation
The non-repudiation of entity behavior that is achieved by using the digital signature,
and the like cryptographic technology; it is against all behaviors that can’t be denied in
the information system, such as sending, receiving, approving, creating, modifying,
deleting, adding, configuring, etc.
7 Cryptographic Technology Application Requirements
7.1 Physical and environmental security
7.1.1 General
The general rules for cryptography application of the physical and environmental
security are as follows:
a) Use the cryptographic technology to implement the physical access control
against the important sites, monitoring equipment, etc.;
b) Use the cryptograph...
Get QUOTATION in 1-minute: Click GM/T 0054-2018
Historical versions: GM/T 0054-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0054-2018: General requirements for information system cryptography application
GM/T 0054-2018
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record No.: 61709-2018
General Requirements for
Information System Cryptography Application
ISSUED ON: FEBRUARY 08, 2018
IMPLEMENTED ON: FEBRUARY 08, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 5
Introduction ... 6
1 Scope ... 7
2 Normative References ... 7
3 Terms and Definitions ... 7
4 Abbreviation ... 9
5 General Requirements ... 9
5.1 Cryptographic algorithm ... 9
5.2 Cryptographic technology ... 9
5.3 Cryptographic products... 9
5.4 Cryptographic service ... 9
6 Requirements of Cryptographic Function ... 10
6.1 Confidentiality ... 10
6.2 Data integrity ... 10
6.3 Authenticity ... 10
6.4 Non-repudiation ... 11
7 Cryptographic Technology Application Requirements ... 11
7.1 Physical and environmental security ... 11
7.1.1 General ... 11
7.1.2 Class-I information system with classified protection ... 11
7.1.3 Class-II information system with classified protection ... 12
7.1.4 Class-III information system with classified protection ... 12
7.1.5 Class-IV information system with classified protection ... 12
7.2 Network and communication security ... 13
7.2.1 General ... 13
7.2.2 Class-I information system with classified protection ... 13
7.2.3 Class-II information system with classified protection ... 14
7.2.4 Class-III information system with classified protection ... 14
7.2.5 Class-IV information system with classified protection ... 15
7.3 Equipment and computing security ... 16
7.3.1 General ... 16
7.3.2 Class-I information system with classified protection ... 16
7.3.3 Class-II information system with classified protection ... 16
7.3.4 Class-III information system with classified protection ... 17
7.3.5 Class-IV information system with classified protection ... 18
7.4 Application and data security ... 18
7.4.1 General ... 18
7.4.2 Class-I information system with classified protection ... 19
7.4.3 Class-II information system with classified protection ... 20
7.4.4 Class-III information system with classified protection ... 21
7.4.5 Class-IV information system with classified protection ... 22
8 Key Management ... 23
8.1 General ... 23
8.2 Class-I information system with classified protection ... 23
8.3 Class-II information system with classified protection ... 23
8.4 Class-III information system with classified protection ... 24
8.5 Class-IV information system with classified protection ... 25
9 Security Management ... 27
9.1 System ... 27
9.1.1 Class-I information system with classified protection ... 27
9.1.2 Class-II information system with classified protection ... 27
9.1.3 Class-III information system with classified protection ... 28
9.1.4 Class-IV information system with classified protection ... 28
9.2 Personnel ... 28
9.2.1 Class-I information system with classified protection ... 28
9.2.2 Class-II information system with classified protection ... 29
9.2.3 Class-III information system with classified protection ... 29
9.2.4 Class-IV information system with classified protection ... 30
9.3 Implementation ... 30
9.3.1 Planning ... 30
9.3.2 Construction ... 31
9.3.3 Operation ... 32
9.4 Emergency ... 33
9.4.1 Class-I information system with classified protection ... 33
9.4.2 Class-II information system with classified protection ... 33
9.4.3 Class-III information system with classified protection ... 33
9.4.4 Class-IV information system with classified protection ... 33
Appendix A (Informative) Security Requirements Comparison List ... 35
Appendix B (Informative) List of Cryptography Industry Standards ... 38
Bibliography ... 40
General Requirements for
Information System Cryptography Application
1 Scope
This Standard specifies the general requirements for information system commercial
cryptography application.
This Standard is applicable to guide, regulate and assess the information system
commercial cryptography application.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0028 Security Requirements for Cryptographic Modules
GM/T 0036 Technical Guidance of Cryptographic Application for Access Control
Systems Based on Contactless Smart Card
GM/Z 4001-2013 Cryptography Terminology
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001-2013
and the following apply. For the benefit of use, some terms and definitions given in
GM/Z 4001-2013 are listed repeatedly as follows.
3.1 One-time-password; OTP; dynamic password
The one-time password dynamically generated based on time, event, etc.
3.2 Access control
3.12 Message authentication code; MAC
The output of the message authentication algorithm; also known as the message
authentication code.
3.13 Authenticity
The property ensuring that the identity of the subject or resource is the claimed one.
The authenticity is applicable to the entities such as users, processes, systems, and
information.
3.14 Non-repudiation
The nature that proves an action that has occurred can’t be denied.
4 Abbreviation
The following abbreviation is applicable to this document.
MAC (Message Authentication Code)
5 General Requirements
5.1 Cryptographic algorithm
The cryptographic algorithm used in the information system shall conform to the
provisions of laws and regulations, as well as the relevant requirements of national and
industry standards related to cryptography.
5.2 Cryptographic technology
The cryptographic technology used in the information system shall follow the national
and industry standards related to cryptography.
5.3 Cryptographic products
The cryptographic products and cryptographic modules used in the information system
shall be approved by the state cryptography administration department.
5.4 Cryptographic service
The cryptographic service used in the information system shall be licensed by the state
cryptography administration department.
a) Authentication of personnel entering the important physical areas;
b) Authentication of the two parties of communication;
c) Authentication when network device is accessed;
d) Authentication for platform using the trusted computing technology;
e) Authentication of user who login the operating system and database system;
f) Authentication of user who applies the system.
6.4 Non-repudiation
The non-repudiation of entity behavior that is achieved by using the digital signature,
and the like cryptographic technology; it is against all behaviors that can’t be denied in
the information system, such as sending, receiving, approving, creating, modifying,
deleting, adding, configuring, etc.
7 Cryptographic Technology Application Requirements
7.1 Physical and environmental security
7.1.1 General
The general rules for cryptography application of the physical and environmental
security are as follows:
a) Use the cryptographic technology to implement the physical access control
against the important sites, monitoring equipment, etc.;
b) Use the cryptograph...
Share
