1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0066-2019 English PDF (GM/T0066-2019)
GM/T 0066-2019 English PDF (GM/T0066-2019)
Regular price
$305.00 USD
Regular price
Sale price
$305.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0066-2019
Historical versions: GM/T 0066-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0066-2019: Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
GM/T 0066-2019
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Implementation guide to capability construction
criteria of production and guarantee for commercial
cryptographic products
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Overview of implementation ... 7
4.1 Evaluation content ... 7
4.2 Evaluation method... 7
4.3 Evaluation principles ... 8
5 Implementation guide ... 8
5.1 Basic items ... 8
5.2 Declaration item ... 9
5.3 Evaluation items ... 9
6 Evaluation procedure ... 19
6.1 Evaluation requirements... 19
6.2 Evaluation process ... 19
6.3 Implementation evaluation ... 20
7 Evaluation report ... 23
7.1 Report content ... 23
7.2 Report form ... 23
7.3 Reporting requirements ... 23
7.4 Report archiving ... 25
8 Descriptions of implementation points ... 25
8.1 Evaluation organization ... 25
8.2 Production organization... 27
Appendix A (Normative) Supporting forms for evaluation of production and
guarantee capability for commercial cryptographic product ... 28
Appendix B (Normative) Evaluation report on production and guarantee
capability of commercial cryptographic products... 43
Appendix C (Informative) Audit method ... 44
Appendix D (Informative) List of archived files ... 45
Appendix E (Informative) Product use requirements in important areas ... 46
References ... 48
Implementation guide to capability construction
criteria of production and guarantee for commercial
cryptographic products
1 Scope
This standard specifies the methods, procedures, reports and key points for the
implementation of the evaluation of capability criteria of production and
guarantee for commercial cryptographic products.
This standard is applicable to the guide for construction of production capacity,
quality assurance capability, security assurance capability, service assurance
capability of production organizations.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0008-2012 Cryptography test criteria for security IC
GM/T 0028-2014 Security requirements for cryptographic modules
GM/T 0065-2019 Specification for capability construction of production and
guarantee for commercial-cryptographic products
GM/Z 4001 Cryptographic terms
3 Terms and definitions
The terms and definitions as defined in GM/Z 4001 and GM/T 0065-2019 as
well as the following terms and definitions are applicable to this document.
3.1
Formal examination
Review the formal compliance, completeness and validity of the application
materials as submitted by the production organization.
3.2
Substantive examination
On the basis of formal review, review whether the production organization
has the qualifications for the main body, whether the application is true,
whether the submitted documents and certificates are true, valid, complete,
compliant; whether they meet the requirements of national laws and
regulations. It includes written reviews and on-site audits, etc.
4 Overview of implementation
4.1 Evaluation content
The evaluation content includes evaluation elements such as basic items,
declaration items, evaluation items, etc.
The basic items include the legal person qualification items of the production
organization, the main technical personnel items, the product research and
development items, the industry management compliance items, etc.
The declaration items include the key personnel information of the production
organization, the nature of the organization, data management, etc.
The evaluation items include the production capacity, quality assurance
capability, security assurance capability, service assurance capability of the
production organization.
4.2 Evaluation method
The production and guarantee capabilities of commercial cryptographic
products are evaluated by a combination of the organization’s self-evaluation
and expert scoring. Quality assurance, security assurance, service guarantee
capabilities shall be the organization's self-verification items, for which the
production organization provides proofs of the production and guarantee
capability of the commercial cryptographic product. Combined with the basic
items and declaration items of the production organization, the expert group will
score and judge according to the evaluation elements of the evaluation items.
b) Key positions should be held by senior personnel with rich experience and
profound professional skills;
c) The job setting and personnel qualifications of the production organization
shall meet the human resources setting; the judging criteria include
whether the job setting is complete and reasonable, whether the job
qualifications are clear.
5.3.1.1.2 Main technical team
a) It shall verify the number of personnel engaged in cryptographic
technology design, implementation, detection or testing and technical
support in the production organization; as well as the proportion of
personnel with a bachelor degree or above in the technical team, etc.;
b) It shall assess the cryptographic professional technical ability of the
person in charge of the core technology; the evaluation criteria shall
include at least professional experience, academic qualifications,
research results and awards, etc.
5.3.1.1.3 Technology accumulation and advantages
a) The products applied by the production organization shall conform to the
main business direction of the production organization;
b) The production organization shall effectively use its own scientific
research resources in the product production process, to ensure that the
product has a high technical level;
c) The production organization shall have relevant scientific research results
and technical reserves. The production organization shall have
professional technical research results in the field related to the applied
product and the results have been practically applied; the production
organization shall have carried out scientific research on similar projects
to the applied product and have technical reserves in the past 5 years;
d) The professional technical level of the production organization shall meet
the needs of the applied product; it should reach the domestic advanced
level.
5.3.1.1.4 Technological innovation
a) The production organization shall have authorized patents, software
copyrights, integrated circuit layout registration, etc.;
b) The production organization shall clarify whether the applied product has
been identified by experts to fill the gap in domestic or international
industry applications;
b) The production organization shall establish product quantity management
requirements and ensure the accuracy of quantity management.
5.3.1.2.4 Supply Management
a) The production organization shall assess whether the supplier or the
outsourcing organization has the corresponding qualifications and
technical capabilities; provide the qualification and ability certi...
Get QUOTATION in 1-minute: Click GM/T 0066-2019
Historical versions: GM/T 0066-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0066-2019: Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
GM/T 0066-2019
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Implementation guide to capability construction
criteria of production and guarantee for commercial
cryptographic products
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Overview of implementation ... 7
4.1 Evaluation content ... 7
4.2 Evaluation method... 7
4.3 Evaluation principles ... 8
5 Implementation guide ... 8
5.1 Basic items ... 8
5.2 Declaration item ... 9
5.3 Evaluation items ... 9
6 Evaluation procedure ... 19
6.1 Evaluation requirements... 19
6.2 Evaluation process ... 19
6.3 Implementation evaluation ... 20
7 Evaluation report ... 23
7.1 Report content ... 23
7.2 Report form ... 23
7.3 Reporting requirements ... 23
7.4 Report archiving ... 25
8 Descriptions of implementation points ... 25
8.1 Evaluation organization ... 25
8.2 Production organization... 27
Appendix A (Normative) Supporting forms for evaluation of production and
guarantee capability for commercial cryptographic product ... 28
Appendix B (Normative) Evaluation report on production and guarantee
capability of commercial cryptographic products... 43
Appendix C (Informative) Audit method ... 44
Appendix D (Informative) List of archived files ... 45
Appendix E (Informative) Product use requirements in important areas ... 46
References ... 48
Implementation guide to capability construction
criteria of production and guarantee for commercial
cryptographic products
1 Scope
This standard specifies the methods, procedures, reports and key points for the
implementation of the evaluation of capability criteria of production and
guarantee for commercial cryptographic products.
This standard is applicable to the guide for construction of production capacity,
quality assurance capability, security assurance capability, service assurance
capability of production organizations.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0008-2012 Cryptography test criteria for security IC
GM/T 0028-2014 Security requirements for cryptographic modules
GM/T 0065-2019 Specification for capability construction of production and
guarantee for commercial-cryptographic products
GM/Z 4001 Cryptographic terms
3 Terms and definitions
The terms and definitions as defined in GM/Z 4001 and GM/T 0065-2019 as
well as the following terms and definitions are applicable to this document.
3.1
Formal examination
Review the formal compliance, completeness and validity of the application
materials as submitted by the production organization.
3.2
Substantive examination
On the basis of formal review, review whether the production organization
has the qualifications for the main body, whether the application is true,
whether the submitted documents and certificates are true, valid, complete,
compliant; whether they meet the requirements of national laws and
regulations. It includes written reviews and on-site audits, etc.
4 Overview of implementation
4.1 Evaluation content
The evaluation content includes evaluation elements such as basic items,
declaration items, evaluation items, etc.
The basic items include the legal person qualification items of the production
organization, the main technical personnel items, the product research and
development items, the industry management compliance items, etc.
The declaration items include the key personnel information of the production
organization, the nature of the organization, data management, etc.
The evaluation items include the production capacity, quality assurance
capability, security assurance capability, service assurance capability of the
production organization.
4.2 Evaluation method
The production and guarantee capabilities of commercial cryptographic
products are evaluated by a combination of the organization’s self-evaluation
and expert scoring. Quality assurance, security assurance, service guarantee
capabilities shall be the organization's self-verification items, for which the
production organization provides proofs of the production and guarantee
capability of the commercial cryptographic product. Combined with the basic
items and declaration items of the production organization, the expert group will
score and judge according to the evaluation elements of the evaluation items.
b) Key positions should be held by senior personnel with rich experience and
profound professional skills;
c) The job setting and personnel qualifications of the production organization
shall meet the human resources setting; the judging criteria include
whether the job setting is complete and reasonable, whether the job
qualifications are clear.
5.3.1.1.2 Main technical team
a) It shall verify the number of personnel engaged in cryptographic
technology design, implementation, detection or testing and technical
support in the production organization; as well as the proportion of
personnel with a bachelor degree or above in the technical team, etc.;
b) It shall assess the cryptographic professional technical ability of the
person in charge of the core technology; the evaluation criteria shall
include at least professional experience, academic qualifications,
research results and awards, etc.
5.3.1.1.3 Technology accumulation and advantages
a) The products applied by the production organization shall conform to the
main business direction of the production organization;
b) The production organization shall effectively use its own scientific
research resources in the product production process, to ensure that the
product has a high technical level;
c) The production organization shall have relevant scientific research results
and technical reserves. The production organization shall have
professional technical research results in the field related to the applied
product and the results have been practically applied; the production
organization shall have carried out scientific research on similar projects
to the applied product and have technical reserves in the past 5 years;
d) The professional technical level of the production organization shall meet
the needs of the applied product; it should reach the domestic advanced
level.
5.3.1.1.4 Technological innovation
a) The production organization shall have authorized patents, software
copyrights, integrated circuit layout registration, etc.;
b) The production organization shall clarify whether the applied product has
been identified by experts to fill the gap in domestic or international
industry applications;
b) The production organization shall establish product quantity management
requirements and ensure the accuracy of quantity management.
5.3.1.2.4 Supply Management
a) The production organization shall assess whether the supplier or the
outsourcing organization has the corresponding qualifications and
technical capabilities; provide the qualification and ability certi...
Share
