1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0066-2019 English PDF (GMT0066-2019)
GM/T 0066-2019 English PDF (GMT0066-2019)
Regular price
$305.00 USD
Regular price
Sale price
$305.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get Quotation: Click GM/T 0066-2019 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0066-2019
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0066-2019: Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
GM/T 0066-2019
Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
ICS 35.040
L80
People's Republic of China Password Industry Standard
Commercial encryption product production and guarantee capacity building
Implementation guide
2019-07-12 released
2019-07-12 Implementation
Issued by the National Cryptography Administration
Table of contents
Preface Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Implementation overview 1
4.1 Evaluation content 1
4.2 Evaluation Method 1
4.3 Evaluation Principle 2
5 Implementation Guide 2
5.1 Basic Item 2
5.1.1 Legal personality 2
5.1.2 Main technical personnel 2
5.1.3 Product development 2
5.1.4 Industry management compliance 2
5.2 Declaration Item 2
5.2.1 Key personnel information 2
5.2.2 Nature of Unit 2
5.2.3 Data Management 2
5.3 Assessment Item 3
5.3.1 Production capacity 3
5.3.2 Quality assurance capability 5
5.3.3 Security assurance capability 6
5.3.4 Service guarantee capability 7
6 Evaluation procedure 7
6.1 Evaluation requirements 7
6.2 Evaluation process 8
6.3 Implementation evaluation 9
6.3.1 Material review 9
6.3.2 Pre-assessment 9
6.3.3 On-site audit 9
6.3.4 Expert evaluation 10
6.3.5 Evaluation results 10
7 Evaluation report 10
7.1 Report content 10
7.2 Report format 10
7.3 Reporting requirements 10
7.3.1 Evaluation time 10
7.3.2 Assessment location 10
7.3.3 Evaluation team and evaluation supervisor 10
7.3.4 Basic information of production units 10
7.3.5 Applying for basic product information 10
7.3.6 Assess whether the materials are complete 10
7.3.7 Whether the basic items meet the requirements 10
7.3.8 On-site inspection 11
7.3.9 Statement item description 11
7.3.10 Description of evaluation items 11
7.3.11 Evaluation conclusion 11
7.4 Report filing 11
8 Explanation of key points of implementation 11
8.1 Evaluation unit 11
8.1.1 Evaluation process 11
8.1.2 Expert rating 11
8.1.3 License requirements for different levels of commercial cryptographic products 11
8.1.4 Description of special application requirements 12
8.2 Production unit 13
8.2.1 Capacity building 13
8.2.2 Self-assessment 13
Appendix A (Normative Appendix) Supporting Form 14 for Evaluation of Commercial Encryption Product Production and Guarantee Capability
Appendix B (Normative Appendix) Evaluation Report on Commercial Encryption Product Production and Guarantee Capability 26
Appendix C (Informative Appendix) Audit Method 27
Appendix D (informative appendix) List of archived materials 28
Appendix E (informative appendix) Requirements for the use of products in important areas 29
Reference 30
Preface
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed and managed by the Cryptographic Industry Standardization Technical Committee.
Drafting organizations of this standard. Xingtang Communication Technology Co., Ltd., Beijing Zhongdian Huada Electronic Design Co., Ltd., Geer Software Co., Ltd.
Co., Ltd., Commercial Encryption Testing Center of National Cryptography Administration, Beijing Sanwei Xinan Technology Development Co., Ltd., Tiandirong Technology Co., Ltd.
Division, Chengdu Weishitong Information Industry Co., Ltd., Beijing Encryption Administration, Shanghai Encryption Administration, Guangdong Province Encryption Administration.
The main drafters of this standard. Zhao Shan, Ye Feng, Zhou Jiansuo, Luo Peng, Feng Yuhui, Han Xiaoping, Yang Yaohua, Gao Zhiquan, Xiong Yun, Li Lixun, Ma Fei,
Zheng Qiang, Li Ming, Qu Zhihua, Yang Yang.
introduction
Passwords are the core technology and basic support for network and information security, and are used to ensure national security, promote economic development and safeguard public interests
Strategic resources. Commercial cryptographic products are the implementation carrier of cryptographic technology, providing security guarantees such as confidentiality, integrity, and non-repudiation for applications.
barrier. The state implements licenses for commercial cryptographic products that are sold or used in business activities.
According to the relevant requirements of the Regulations on the Administration of Commercial Encryption, the production unit of commercial encryption products (hereinafter referred to as the production unit) must have an independent
The legal person status of the company has the technical strength and venues that are compatible with the development and production of commercial cryptographic products, and has the ability to ensure the quality of commercial cryptographic products
The equipment, production process and quality assurance system shall meet other conditions stipulated by laws and administrative regulations.
This standard is the specific implementation guide for GM/T 0065-2019 commercial encryption product production and guarantee capacity building specifications.
Commercial encryption product production and guarantee capacity building
Implementation guide
1 Scope
This standard specifies the methods, procedures, reports and key points for the implementation of the evaluation of commercial cryptographic product production and guarantee capabilities.
This standard is applicable to the construction of production capacity, quality assurance capability, safety assurance capability and service assurance capability of production units
guide.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GM/T 0008-2012 Security Chip Password Detection Guidelines
GM/T 0028-2014 Security technical requirements for cryptographic modules
GM/T 0065-2019 Specification for Capacity Building of Commercial Cryptographic Products Production and Guarantee
GM /Z4001 cryptographic terms
3 Terms and definitions
The following terms and definitions defined in GM /Z4001 and GM/T 0065-2019 apply to this document.
3.1
Formal review
Review the formal compliance, completeness and validity of the application materials submitted by the production unit.
3.2
Substantive examination
On the basis of the formal review, review whether the production unit has the qualifications for the main body, whether the applied matter is true, the submitted documents,
Whether the certificate is authentic, valid, complete, and compliant, and whether it complies with national laws and regulations. Including written reviews and on-site audits.
4 Implementation overview
4.1 Evaluation content
The evaluation content includes evaluation elements such as basic items, declaration items, and evaluation items.
The basic items include the legal person qualification items of the production unit, the main technical personnel items, the product research and development items, and the industry management compliance items.
The declaration items include the key personnel information of the production unit, the nature of the unit, data management, etc.
The evaluation items include the production capacity, quality assurance capability, safety assurance capability, and service assurance capability of the production unit.
4.2 Evaluation method
The evaluation of the production and guarantee capabilities of commercial cryptographic products adopts a combination of unit self-certification and expert scoring, quality assurance, security
The guarantee and service guarantee capabilities shall be the unit’s self-certification items, and the production unit shall provide proof of commercial cryptographic product production and guarantee capabilities; combined
The basic items and declaration items of the production unit are scored and judged by the expert group based on the evaluation elements of the evaluation items.
4.3 Evaluation principles
The evaluation of the production and security capabilities of commercial cryptographic products should be based on the application materials submitted by the production unit using "material review" and "current
The combination of “field review”, “pre-assessment” and “expert assessment”, etc., follow the assessment principles of “quantitative assessment” and “qualitative judgment”.
To ensure the authenticity, consistency and compliance of the application materials, in line with the basic principles of fairness, confidentiality, independence and evidence-based
The production unit’s production capacity, quality assurance capability, safety assurance capability and service assurance capability are evaluated.
5 Implementation Guide
5.1 Basic items
5.1.1 Legal personality
The production unit is an independent legal person registered in China, and the business license registration number of the production unit should be issued; the valid identity of the legal representative should be issued
The name and number of the document.
5.1.2 Main technical personnel
The production unit shall have no less than 15 main technical personnel engaged in the design, implementation, testing or testing, and technical support of cryptographic products.
And provide relevant information, otherwise the evaluation process will be terminated. Relevant information includes but is not limited to nationality, academic qualifications, job resume, professional expertise and current
Work etc.
5.1.3 Product development
The production unit shall promise that the products developed and the core cryptographic technologies involved in the products have independent intellectual property rights, and shall have patents and software works
Rights, integrated circuit layout registration, etc.; it should be promised that the product corresponding to the application evaluation material does not contain the intellectual property rights of any other organization or unit or
Obtained through legal means.
5.1.4 Industry management compliance
a) The production unit should sign the commitment document, make a record of product sales and truthfully declare the annual sales of the product, and promise to provide source code
Code, submit the source code to a testing organization approved by the password management department;
b) The production unit shall fulfill the above commitments, otherwise the evaluation process shall be terminated.
5.2 Declaration item
5.2.1 Key personnel information
The production unit shall provide a detailed introduction of the key personnel’s certificate name and number, nationality, educational background and working experience.
5.2.2 Nature of Unit
The production unit should provide a statement of the nature of the unit and provide truthfully in accordance with the content of the legal business license, including the registered capital structure and registered capital.
Gold size, investor name, investment ratio, etc. If there are natural persons, the number, name, and nationality of the natural persons should be stated;
The proportion of capital and foreign participation in the company’s management.
5.2.3 Data Management
The production unit shall provide a statement on the location of the data center for the development, production and guarantee of commercial cryptographic products, stating the location and number of the data center.
According to whether the transfer will involve exit and other circumstances.
5.3 Evaluation items
5.3.1 Production capacity
5.3.1.1 Technical strength
5.3.1.1.1 Human Resources
a) The production unit should set up key positions in R and D, production and management;
b) Key positions should be held by senior personnel with rich experience and profound professional skills;
c) The job setting and personnel qualifications of the production unit should meet the human resources setting, and the judging criteria include whether the job setting is complete and reasonable,
Whether the qualifications are clear, etc.
5.3.1.1.2 Main technical team
a) The number of personnel engaged in the design, implementation, testing or testing of cryptographic technology and technical support in the production unit should be verified, and the number of personnel with a bachelor degree or above
The proportion of personnel in the technical team, etc.;
b) The cryptographic professional technical ability of the person in charge of the core technology shall be assessed, and the evaluation criteria shall include at least professional experience, academic qualifications, and research achievements.
Results and awards, etc.
5.3.1.1.3 Technology accumulation and advantages
a) The products applied by the production unit should conform to the main business direction of the production unit;
b) The production unit should effectively use its own scientific research resources in the product production process to ensure that the product has a high technical level;
c) The production unit should have relevant scientific research results and technical reserves. The production unit should have expertise in fields related to the product being applied for
Research results and the results have been practically applied, and the production unit should have carried out projects similar to the applied products in the past 5 years
Scientific research and technical reserves;
d) The professional technical level of the production unit should meet the needs of the applied product, and should reach the domestic advanced level.
5.3.1.1.4 Technological innovation
a) The production unit should have authorized patents, software copyrights, integrated circuit layout registration, etc.;
b) The production unit should clarify whether the applied product has been identified by experts to fill the gap in domestic or international industry applications;
c) The production unit should clarify whether the applied product is cost-effective, whether it is in terms of cost, function, performance, reliability, market application, etc.
It has a good market development space.
5.3.1.1.5 R and D tools and equipment
a) The production unit should have the tools and equipment to meet R and D needs;
b) The production unit should have the main research and development tools related to the ...
Get Quotation: Click GM/T 0066-2019 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0066-2019
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0066-2019: Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
GM/T 0066-2019
Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
ICS 35.040
L80
People's Republic of China Password Industry Standard
Commercial encryption product production and guarantee capacity building
Implementation guide
2019-07-12 released
2019-07-12 Implementation
Issued by the National Cryptography Administration
Table of contents
Preface Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Implementation overview 1
4.1 Evaluation content 1
4.2 Evaluation Method 1
4.3 Evaluation Principle 2
5 Implementation Guide 2
5.1 Basic Item 2
5.1.1 Legal personality 2
5.1.2 Main technical personnel 2
5.1.3 Product development 2
5.1.4 Industry management compliance 2
5.2 Declaration Item 2
5.2.1 Key personnel information 2
5.2.2 Nature of Unit 2
5.2.3 Data Management 2
5.3 Assessment Item 3
5.3.1 Production capacity 3
5.3.2 Quality assurance capability 5
5.3.3 Security assurance capability 6
5.3.4 Service guarantee capability 7
6 Evaluation procedure 7
6.1 Evaluation requirements 7
6.2 Evaluation process 8
6.3 Implementation evaluation 9
6.3.1 Material review 9
6.3.2 Pre-assessment 9
6.3.3 On-site audit 9
6.3.4 Expert evaluation 10
6.3.5 Evaluation results 10
7 Evaluation report 10
7.1 Report content 10
7.2 Report format 10
7.3 Reporting requirements 10
7.3.1 Evaluation time 10
7.3.2 Assessment location 10
7.3.3 Evaluation team and evaluation supervisor 10
7.3.4 Basic information of production units 10
7.3.5 Applying for basic product information 10
7.3.6 Assess whether the materials are complete 10
7.3.7 Whether the basic items meet the requirements 10
7.3.8 On-site inspection 11
7.3.9 Statement item description 11
7.3.10 Description of evaluation items 11
7.3.11 Evaluation conclusion 11
7.4 Report filing 11
8 Explanation of key points of implementation 11
8.1 Evaluation unit 11
8.1.1 Evaluation process 11
8.1.2 Expert rating 11
8.1.3 License requirements for different levels of commercial cryptographic products 11
8.1.4 Description of special application requirements 12
8.2 Production unit 13
8.2.1 Capacity building 13
8.2.2 Self-assessment 13
Appendix A (Normative Appendix) Supporting Form 14 for Evaluation of Commercial Encryption Product Production and Guarantee Capability
Appendix B (Normative Appendix) Evaluation Report on Commercial Encryption Product Production and Guarantee Capability 26
Appendix C (Informative Appendix) Audit Method 27
Appendix D (informative appendix) List of archived materials 28
Appendix E (informative appendix) Requirements for the use of products in important areas 29
Reference 30
Preface
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed and managed by the Cryptographic Industry Standardization Technical Committee.
Drafting organizations of this standard. Xingtang Communication Technology Co., Ltd., Beijing Zhongdian Huada Electronic Design Co., Ltd., Geer Software Co., Ltd.
Co., Ltd., Commercial Encryption Testing Center of National Cryptography Administration, Beijing Sanwei Xinan Technology Development Co., Ltd., Tiandirong Technology Co., Ltd.
Division, Chengdu Weishitong Information Industry Co., Ltd., Beijing Encryption Administration, Shanghai Encryption Administration, Guangdong Province Encryption Administration.
The main drafters of this standard. Zhao Shan, Ye Feng, Zhou Jiansuo, Luo Peng, Feng Yuhui, Han Xiaoping, Yang Yaohua, Gao Zhiquan, Xiong Yun, Li Lixun, Ma Fei,
Zheng Qiang, Li Ming, Qu Zhihua, Yang Yang.
introduction
Passwords are the core technology and basic support for network and information security, and are used to ensure national security, promote economic development and safeguard public interests
Strategic resources. Commercial cryptographic products are the implementation carrier of cryptographic technology, providing security guarantees such as confidentiality, integrity, and non-repudiation for applications.
barrier. The state implements licenses for commercial cryptographic products that are sold or used in business activities.
According to the relevant requirements of the Regulations on the Administration of Commercial Encryption, the production unit of commercial encryption products (hereinafter referred to as the production unit) must have an independent
The legal person status of the company has the technical strength and venues that are compatible with the development and production of commercial cryptographic products, and has the ability to ensure the quality of commercial cryptographic products
The equipment, production process and quality assurance system shall meet other conditions stipulated by laws and administrative regulations.
This standard is the specific implementation guide for GM/T 0065-2019 commercial encryption product production and guarantee capacity building specifications.
Commercial encryption product production and guarantee capacity building
Implementation guide
1 Scope
This standard specifies the methods, procedures, reports and key points for the implementation of the evaluation of commercial cryptographic product production and guarantee capabilities.
This standard is applicable to the construction of production capacity, quality assurance capability, safety assurance capability and service assurance capability of production units
guide.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GM/T 0008-2012 Security Chip Password Detection Guidelines
GM/T 0028-2014 Security technical requirements for cryptographic modules
GM/T 0065-2019 Specification for Capacity Building of Commercial Cryptographic Products Production and Guarantee
GM /Z4001 cryptographic terms
3 Terms and definitions
The following terms and definitions defined in GM /Z4001 and GM/T 0065-2019 apply to this document.
3.1
Formal review
Review the formal compliance, completeness and validity of the application materials submitted by the production unit.
3.2
Substantive examination
On the basis of the formal review, review whether the production unit has the qualifications for the main body, whether the applied matter is true, the submitted documents,
Whether the certificate is authentic, valid, complete, and compliant, and whether it complies with national laws and regulations. Including written reviews and on-site audits.
4 Implementation overview
4.1 Evaluation content
The evaluation content includes evaluation elements such as basic items, declaration items, and evaluation items.
The basic items include the legal person qualification items of the production unit, the main technical personnel items, the product research and development items, and the industry management compliance items.
The declaration items include the key personnel information of the production unit, the nature of the unit, data management, etc.
The evaluation items include the production capacity, quality assurance capability, safety assurance capability, and service assurance capability of the production unit.
4.2 Evaluation method
The evaluation of the production and guarantee capabilities of commercial cryptographic products adopts a combination of unit self-certification and expert scoring, quality assurance, security
The guarantee and service guarantee capabilities shall be the unit’s self-certification items, and the production unit shall provide proof of commercial cryptographic product production and guarantee capabilities; combined
The basic items and declaration items of the production unit are scored and judged by the expert group based on the evaluation elements of the evaluation items.
4.3 Evaluation principles
The evaluation of the production and security capabilities of commercial cryptographic products should be based on the application materials submitted by the production unit using "material review" and "current
The combination of “field review”, “pre-assessment” and “expert assessment”, etc., follow the assessment principles of “quantitative assessment” and “qualitative judgment”.
To ensure the authenticity, consistency and compliance of the application materials, in line with the basic principles of fairness, confidentiality, independence and evidence-based
The production unit’s production capacity, quality assurance capability, safety assurance capability and service assurance capability are evaluated.
5 Implementation Guide
5.1 Basic items
5.1.1 Legal personality
The production unit is an independent legal person registered in China, and the business license registration number of the production unit should be issued; the valid identity of the legal representative should be issued
The name and number of the document.
5.1.2 Main technical personnel
The production unit shall have no less than 15 main technical personnel engaged in the design, implementation, testing or testing, and technical support of cryptographic products.
And provide relevant information, otherwise the evaluation process will be terminated. Relevant information includes but is not limited to nationality, academic qualifications, job resume, professional expertise and current
Work etc.
5.1.3 Product development
The production unit shall promise that the products developed and the core cryptographic technologies involved in the products have independent intellectual property rights, and shall have patents and software works
Rights, integrated circuit layout registration, etc.; it should be promised that the product corresponding to the application evaluation material does not contain the intellectual property rights of any other organization or unit or
Obtained through legal means.
5.1.4 Industry management compliance
a) The production unit should sign the commitment document, make a record of product sales and truthfully declare the annual sales of the product, and promise to provide source code
Code, submit the source code to a testing organization approved by the password management department;
b) The production unit shall fulfill the above commitments, otherwise the evaluation process shall be terminated.
5.2 Declaration item
5.2.1 Key personnel information
The production unit shall provide a detailed introduction of the key personnel’s certificate name and number, nationality, educational background and working experience.
5.2.2 Nature of Unit
The production unit should provide a statement of the nature of the unit and provide truthfully in accordance with the content of the legal business license, including the registered capital structure and registered capital.
Gold size, investor name, investment ratio, etc. If there are natural persons, the number, name, and nationality of the natural persons should be stated;
The proportion of capital and foreign participation in the company’s management.
5.2.3 Data Management
The production unit shall provide a statement on the location of the data center for the development, production and guarantee of commercial cryptographic products, stating the location and number of the data center.
According to whether the transfer will involve exit and other circumstances.
5.3 Evaluation items
5.3.1 Production capacity
5.3.1.1 Technical strength
5.3.1.1.1 Human Resources
a) The production unit should set up key positions in R and D, production and management;
b) Key positions should be held by senior personnel with rich experience and profound professional skills;
c) The job setting and personnel qualifications of the production unit should meet the human resources setting, and the judging criteria include whether the job setting is complete and reasonable,
Whether the qualifications are clear, etc.
5.3.1.1.2 Main technical team
a) The number of personnel engaged in the design, implementation, testing or testing of cryptographic technology and technical support in the production unit should be verified, and the number of personnel with a bachelor degree or above
The proportion of personnel in the technical team, etc.;
b) The cryptographic professional technical ability of the person in charge of the core technology shall be assessed, and the evaluation criteria shall include at least professional experience, academic qualifications, and research achievements.
Results and awards, etc.
5.3.1.1.3 Technology accumulation and advantages
a) The products applied by the production unit should conform to the main business direction of the production unit;
b) The production unit should effectively use its own scientific research resources in the product production process to ensure that the product has a high technical level;
c) The production unit should have relevant scientific research results and technical reserves. The production unit should have expertise in fields related to the product being applied for
Research results and the results have been practically applied, and the production unit should have carried out projects similar to the applied products in the past 5 years
Scientific research and technical reserves;
d) The professional technical level of the production unit should meet the needs of the applied product, and should reach the domestic advanced level.
5.3.1.1.4 Technological innovation
a) The production unit should have authorized patents, software copyrights, integrated circuit layout registration, etc.;
b) The production unit should clarify whether the applied product has been identified by experts to fill the gap in domestic or international industry applications;
c) The production unit should clarify whether the applied product is cost-effective, whether it is in terms of cost, function, performance, reliability, market application, etc.
It has a good market development space.
5.3.1.1.5 R and D tools and equipment
a) The production unit should have the tools and equipment to meet R and D needs;
b) The production unit should have the main research and development tools related to the ...
Share
