GM/T 0054-2018 PDF English
US$265.00 · In stock · Download in 9 secondsGM/T 0054-2018: General Requirements for Information System Cryptography Application Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GM/T 0054-2018 | English | 265 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
General Requirements for Information System Cryptography Application
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GM/T 0054-2018
GM/T 0054-2018: General Requirements for Information System Cryptography Application---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0054-2018
CRYPTOGRAPHY INDUSTRY STANDARD
ICS 35.040
L 80
Record No.. 61709-2018
General Requirements for
Information System Cryptography Application
Issued on. FEBRUARY 08, 2018
Implemented on. FEBRUARY 08, 2018
Issued by. State Cryptography Administration
Table of Contents
Foreword... 5
Introduction... 6
1 Scope... 7
2 Normative References... 7
3 Terms and Definitions... 7
4 Abbreviation... 9
5 General Requirements... 9
6 Requirements of Cryptographic Function... 10
7 Cryptographic Technology Application Requirements... 11
8 Key Management... 23
9 Security Management... 27
Appendix A (Informative) Security Requirements Comparison List... 35
Appendix B (Informative) List of Cryptography Industry Standards... 38
Bibliography... 40
1 Scope
This Standard specifies the general requirements for information system commercial
cryptography application.
This Standard is applicable to guide, regulate and assess the information system
commercial cryptography application.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0028 Security Requirements for Cryptographic Modules
GM/T 0036 Technical Guidance of Cryptographic Application for Access Control
Systems Based on Contactless Smart Card
GM/Z 4001-2013 Cryptography Terminology
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001-2013
and the following apply. For the benefit of use, some terms and definitions given in
GM/Z 4001-2013 are listed repeatedly as follows.
3.1 One-time-password; OTP; dynamic password
The one-time password dynamically generated based on time, event, etc.
3.2 Access control
A mechanism that allows or denies user access to resources according to a specific
policy.
3.3 Confidentiality
The nature ensuring that the information is not disclosed to the unauthorized
individuals, process, and the like entities.
3.4 Encipherment; encryption
The process that cryptographically transforms the data to produce ciphertext.
3.5 Decipherment; decryption
The inverse process corresponding to the encryption process.
3.6 Cryptographic algorithm
The arithmetic rules for describing the cryptographic processing.
3.7 Key
The crucial information or parameters for controlling the operation of cryptographic
algorithm.
4 Abbreviation
The following abbreviation is applicable to this document.
MAC (Message Authentication Code)
5 General Requirements
5.1 Cryptographic algorithm
The cryptographic algorithm used in the information system shall conform to the
provisions of laws and regulations, as well as the relevant requirements of national and
industry standards related to cryptography.
5.3 Cryptographic products
The cryptographic products and cryptographic modules used in the information system
shall be approved by the state cryptography administration department.
6 Requirements of Cryptographic Function
6.1 Confidentiality
Confidentiality is achieved by using cryptography encryption; the objects that are
protected in the information system are as follows.
6.2 Data integrity
The data integrity is achieved by using the message authentication code (MAC) or
digital signature; the objects that are protected in the information system are as follows.
6.3 Authenticity
The authenticity is achieved by using symmetric encryption, dynamic password, digital
signature, etc.; the application scenarios in the information system include.
6.4 Non-repudiation
The non-repudiation of entity behavior that is achieved by using the digital signature,
and the like cryptographic technology; it is against all behaviors that can’t be denied in
the information system, such as sending, receiving, approving, creating, modifying,
deleting, adding, configuring, etc.
7 Cryptographic Technology Application Requirements
7.1 Physical and environmental security
7.1.1 General
The general rules for cryptography application of the physical and environmental
security are as follows.
7.1.2 Class-I information system with classified protection
The requirements for the Class-I information system are as follows.
7.1.3 Class-II information system with classified protection
The requirements for Class-II information system are as follows.
7.1.4 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
7.1.5 Class-IV information system with classified protection
The requirements for Class-IV information system are as follows.
7.2 Network and communication security
7.2.1 General
The general rules for network and communication security cryptography application
are as follows.
7.2.2 Class-I information system with classified protection
The requirements of Class-I information system are as follows.
7.2.3 Class-II information system with classified protection
The requirements for Class-II information system are as follows.
7.2.4 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
7.2.5 Class-IV information system with classified protection
The requirements for Class-IV information system are as follows.
7.3 Equipment and computing security
7.3.1 General
The general rules for cryptography application of equipment and computing security
are as follows.
7.4 Application and data security
7.4.1 General
The general rules for cryptography application of application and data security are as
follows.
7.4.4 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
8 Key Management
8.1 General
Key management of information system shall include the whole process of
management and strategy formulation for key generation, storage, distribution, input,
output, use, backup, recovery, archiving and destruction, etc.
8.4 Class-III information system with classified protection
Key management of Class-III information system shall include the whole process of
management and strategy formulation such as key generation, storage, distribution,
input, output, use, backup, recovery, archiving, destruction, etc.; and satisfy.
9 Security Management
9.1 System
9.1.1 Class-I information system with classified protection
The requirements for Class-I information system are as follows.
9.1.3 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
9.2 Personnel
9.2.1 Class-I information system with classified protection
The requirements for Class-I information system are as follows.
9.2.2 Class-II information system with classified protection
The requirements for Class-II information system are as follows.
9.2.3 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
9.3 Implementation
9.3.1 Planning
9.3.1.1 Class-I information system with classified protection
In the planning stage of the information system, the responsible organization may
formulate the cryptography application plan according to the relevant cryptography
standard.
9.3.2 Construction
9.3.2.1 Class-I information system with classified protection
The cryptography implementation plan may be formulated according to the relevant
national standard.
GM/T 0054-2018
CRYPTOGRAPHY INDUSTRY STANDARD
ICS 35.040
L 80
Record No.. 61709-2018
General Requirements for
Information System Cryptography Application
Issued on. FEBRUARY 08, 2018
Implemented on. FEBRUARY 08, 2018
Issued by. State Cryptography Administration
Table of Contents
Foreword... 5
Introduction... 6
1 Scope... 7
2 Normative References... 7
3 Terms and Definitions... 7
4 Abbreviation... 9
5 General Requirements... 9
6 Requirements of Cryptographic Function... 10
7 Cryptographic Technology Application Requirements... 11
8 Key Management... 23
9 Security Management... 27
Appendix A (Informative) Security Requirements Comparison List... 35
Appendix B (Informative) List of Cryptography Industry Standards... 38
Bibliography... 40
1 Scope
This Standard specifies the general requirements for information system commercial
cryptography application.
This Standard is applicable to guide, regulate and assess the information system
commercial cryptography application.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0028 Security Requirements for Cryptographic Modules
GM/T 0036 Technical Guidance of Cryptographic Application for Access Control
Systems Based on Contactless Smart Card
GM/Z 4001-2013 Cryptography Terminology
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001-2013
and the following apply. For the benefit of use, some terms and definitions given in
GM/Z 4001-2013 are listed repeatedly as follows.
3.1 One-time-password; OTP; dynamic password
The one-time password dynamically generated based on time, event, etc.
3.2 Access control
A mechanism that allows or denies user access to resources according to a specific
policy.
3.3 Confidentiality
The nature ensuring that the information is not disclosed to the unauthorized
individuals, process, and the like entities.
3.4 Encipherment; encryption
The process that cryptographically transforms the data to produce ciphertext.
3.5 Decipherment; decryption
The inverse process corresponding to the encryption process.
3.6 Cryptographic algorithm
The arithmetic rules for describing the cryptographic processing.
3.7 Key
The crucial information or parameters for controlling the operation of cryptographic
algorithm.
4 Abbreviation
The following abbreviation is applicable to this document.
MAC (Message Authentication Code)
5 General Requirements
5.1 Cryptographic algorithm
The cryptographic algorithm used in the information system shall conform to the
provisions of laws and regulations, as well as the relevant requirements of national and
industry standards related to cryptography.
5.3 Cryptographic products
The cryptographic products and cryptographic modules used in the information system
shall be approved by the state cryptography administration department.
6 Requirements of Cryptographic Function
6.1 Confidentiality
Confidentiality is achieved by using cryptography encryption; the objects that are
protected in the information system are as follows.
6.2 Data integrity
The data integrity is achieved by using the message authentication code (MAC) or
digital signature; the objects that are protected in the information system are as follows.
6.3 Authenticity
The authenticity is achieved by using symmetric encryption, dynamic password, digital
signature, etc.; the application scenarios in the information system include.
6.4 Non-repudiation
The non-repudiation of entity behavior that is achieved by using the digital signature,
and the like cryptographic technology; it is against all behaviors that can’t be denied in
the information system, such as sending, receiving, approving, creating, modifying,
deleting, adding, configuring, etc.
7 Cryptographic Technology Application Requirements
7.1 Physical and environmental security
7.1.1 General
The general rules for cryptography application of the physical and environmental
security are as follows.
7.1.2 Class-I information system with classified protection
The requirements for the Class-I information system are as follows.
7.1.3 Class-II information system with classified protection
The requirements for Class-II information system are as follows.
7.1.4 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
7.1.5 Class-IV information system with classified protection
The requirements for Class-IV information system are as follows.
7.2 Network and communication security
7.2.1 General
The general rules for network and communication security cryptography application
are as follows.
7.2.2 Class-I information system with classified protection
The requirements of Class-I information system are as follows.
7.2.3 Class-II information system with classified protection
The requirements for Class-II information system are as follows.
7.2.4 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
7.2.5 Class-IV information system with classified protection
The requirements for Class-IV information system are as follows.
7.3 Equipment and computing security
7.3.1 General
The general rules for cryptography application of equipment and computing security
are as follows.
7.4 Application and data security
7.4.1 General
The general rules for cryptography application of application and data security are as
follows.
7.4.4 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
8 Key Management
8.1 General
Key management of information system shall include the whole process of
management and strategy formulation for key generation, storage, distribution, input,
output, use, backup, recovery, archiving and destruction, etc.
8.4 Class-III information system with classified protection
Key management of Class-III information system shall include the whole process of
management and strategy formulation such as key generation, storage, distribution,
input, output, use, backup, recovery, archiving, destruction, etc.; and satisfy.
9 Security Management
9.1 System
9.1.1 Class-I information system with classified protection
The requirements for Class-I information system are as follows.
9.1.3 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
9.2 Personnel
9.2.1 Class-I information system with classified protection
The requirements for Class-I information system are as follows.
9.2.2 Class-II information system with classified protection
The requirements for Class-II information system are as follows.
9.2.3 Class-III information system with classified protection
The requirements for Class-III information system are as follows.
9.3 Implementation
9.3.1 Planning
9.3.1.1 Class-I information system with classified protection
In the planning stage of the information system, the responsible organization may
formulate the cryptography application plan according to the relevant cryptography
standard.
9.3.2 Construction
9.3.2.1 Class-I information system with classified protection
The cryptography implementation plan may be formulated according to the relevant
national standard.
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked QuestionsQuestion 1: How long will the true-PDF of English version of GM/T 0054-2018 be delivered?Answer: The full copy PDF of English version of GM/T 0054-2018 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice. Question 2: Can I share the purchased PDF of GM/T 0054-2018_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0054-2018_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0054-2018 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds. How to buy and download a true PDF of English version of GM/T 0054-2018?A step-by-step guide to download PDF of GM/T 0054-2018_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GM/T 0054-2018".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9
|