GA/T 687-2007 English PDF
Basic dataStandard ID: GA/T 687-2007 (GA/T687-2007)Description (Translated English): Information security technology--Technology requirements of public key infrastructure security Sector / Industry: Public Security (Police) Industry Standard (Recommended) Classification of Chinese Standard: A90 Classification of International Standard: 35.040 Word Count Estimation: 71,737 Date of Issue: 2007-03-20 Date of Implementation: 2007-05-01 Quoted Standard: GB 17859-1999; GB/T 19713-2005; GB/T 20271-2006; GB/T 20518-2006 Issuing agency(ies): Ministry of Public Security Summary: This standard specifies the security requirements for different classes of PKI systems. This standard is applicable to the design and implementation of PKI system, and can be used for the research, development, testing and product purchasing of PKI system security function. GA/T 687-2007: Information security technology--Technology requirements of public key infrastructure security---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology - Technology requirements of public key infrastructure security ICS 35.040 A90 People's Republic of China Public Security Industry Standards Information Security Technology Public Key Infrastructure Security Technical Requirements Posted 2007-03-20 2007-05-01 implementation People's Republic of China Ministry of Public Security Table of ContentsIntroduction Ⅴ Introduction Ⅵ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Abbreviations 2 5 Security Level 2 technical requirements for protection 5.1 The first Level 2 5.1.1 Overview 2 5.1.2 Physical Security 2 5.1.3 Roles and Responsibilities 2 5.1.4 Access Control 3 5.1.5 identification and authentication 4 5.1.6 Data input and output 4 5.1.7 Key Management 4 5.1.8 contour Management 5 5.1.9 Certificate Management 6 5.1.10 Configuration Management 7 5.1.11 distribution and operation 7 5.1.12 Development 7 5.1.13 Guidance Document 8 5.1.14 Lifecycle Support 8 5.1.15 Test 8 5.2 The second stage 8 5.2.1 Overview 8 5.2.2 Physical Security 8 5.2.3 Roles and Responsibilities 8 5.2.4 Access Control 9 5.2.5 identification and authentication 10 5.2.6 Audit 11 5.2.7 Data input and output 12 5.2.8 Backup and Recovery 12 5.2.9 Key Management 13 5.2.10 Contour managed 14 5.2.11 Certificate Management 15 5.2.12 Configuration Management 16 5.2.13 distribution and operation 16 5.2.14 Development 16 5.2.15 guidance document 17 5.2.16 Lifecycle Support 17 5.2.17 Test 17 5.2.18 Vulnerability Assessment 17 5.3 The third stage 17 5.3.1 Overview 17 5.3.2 Physical Security 18 5.3.3 Roles and Responsibilities 18 5.3.4 Access Control 19 5.3.5 identification and authentication 20 5.3.6 Audit 21 5.3.7 Data input and output 23 5.3.8 Backup and Recovery 23 5.3.9 Key Management 24 5.3.10 Contour Management 27 5.3.11 Certificate Management 28 5.3.12 Configuration Management 29 5.3.13 distribution and operation 30 5.3.14 Development 31 5.3.15 guidance document 31 5.3.16 Lifecycle Support 32 5.3.17 Test 32 5.3.18 Vulnerability Assessment 32 5.4 The fourth stage 32 5.4.1 Overview 32 5.4.2 Physical Security 32 5.4.3 Roles and Responsibilities 33 5.4.4 Access Control 33 5.4.5 identification and authentication 35 5.4.6 Audit 36 5.4.7 Data input and output 38 5.4.8 Backup and Recovery 38 5.4.9 Key Management 39 5.4.10 Contour Management 43 5.4.11 Certificate Management 44 5.4.12 Configuration Management 45 5.4.13 distribution and operation 45 5.4.14 Development 46 5.4.15 guidance document 46 5.4.16 Lifecycle Support 47 5.4.17 Test 47 5.4.18 Vulnerability Assessment 47 5.5 Fifth level 48 5.5.1 Overview 48 5.5.2 Physical Security 48 5.5.3 Roles and Responsibilities 48 5.5.4 Access Control 49 5.5.5 identification and authentication 51 5.5.6 Audit 52 5.5.7 Data input and output 53 5.5.8 Backup and Recovery 54 5.5.9 Key Management 54 5.5.10 Contour Management 58 5.5.11 Certificate Management 59 5.5.12 Configuration Management 60 5.5.13 distribution and operation 61 5.5.14 Development 62 5.5.15 guidance document 62 5.5.16 Lifecycle Support 63 5.5.17 Test 63 5.5.18 Vulnerability Assessment 63 Appendix A (normative) Security Elements Required Level 64 division References 65ForewordAppendix A of this standard is a normative appendix. This standard was proposed by the Ministry of Public Security Public Information Network Security Supervision Bureau. This standard is under the jurisdiction of the Ministry of Public Security Information System Standardization Technical Committee. This standard was drafted. State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences. The main drafters of this standard. FENG Deng, Zhang Fan, Zhang Liwu, road Xiaoming, Zhuang Yong.IntroductionPublic Key Infrastructure is a set of institutions, systems (hardware and software), staff, programs, policies and agreements as a whole, using the public key concepts and Technology to implement and provide security services, with a universal security infrastructure. PKI is a system through the issuance and management of public key certificates End-user mode for the system to provide services, including CA, RA, database and other basic logic components and key escrow, OCSP and other optional services Parts and rely on operating environment. "PKI security level protection system technical requirements" divided by five principles developed PKI system security level protection technology requirements, details Elaborate five clear PKI system security level should take safety technical requirements, and to ensure the safety of these technologies to achieve security Function to achieve its security should have taken measures to ensure that, the detailed description of the technical requirements, that is the main explanation for the realization Safety measures for the protection level of each element of assessment to be taken, as well as the technical safety requirements on different security implementation stage Differences. The first level is the lowest level, the fifth level is the highest level, with the level of increase, PKI system security level protection requirements with The increment. Content-based text font bold new level requirements section. Information Security Technology Public Key Infrastructure Security Technical Requirements1 ScopeThe five standard reference GB 17859-1999 security level of the division of the PKI system security protection of classification, Regulation Given the different levels of PKI systems require security technical requirements. This standard applies to the design and implementation of PKI systems PKI system for security features research, development, testing and product procurement can Referring use.2 Normative referencesThe following documents contain provisions which, through reference in this standard and become the standard terms. For dated references, subsequent Amendments (not including errata content) or revisions do not apply to this standard, however, encourage the parties to the agreement are based on research Whether the latest versions of these documents. For undated reference documents, the latest versions apply to this standard. GB 17859-1999 computer information system security protection classification criterion GB/T 19713-2005 Information technology - Security techniques Public Key Infrastructure Online Certificate Status Protocol GB/T 20271-2006 Information security technology - Common security techniques requirement information system GB/T 20518-2006 Information security technology - Public key infrastructure - Digital certificate format3 Terms and DefinitionsThe following terms and definitions apply to this standard. 3.1 Public Key Infrastructure Public Key Infrastructure is to support the system, provide identification, encryption, integrity and non-repudiation services. 3.2 PKI system is a system by way of issuing and managing public key certificates provide services to end-users, including CA, RA, databases, etc. The basic logic components and key escrow, OCSP and other optional services and components depend on operating environment. 3.3 Accurately specify a range of safety rules, including derived from this document Rules Rules and suppliers add. 3.4 Two or more entities are saved as part of the key, each part of the key is not valid plaintext key information should be leaked, and When these parts fit together in the encryption module can get all the information key, this method is called segmentation knowledge. 3.5 Used to implement split knowledge procedures. 3.6 Series to meet specific user requirements for a class of objects implemented independently assess security requirements. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 687-2007_English be delivered?Answer: Upon your order, we will start to translate GA/T 687-2007_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GA/T 687-2007_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 687-2007_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
