GB/T 26855-2011 English PDFUS$839.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 26855-2011: Information security technology -- Public key infrastructure -- Certificate policy and certification practice statement framework Status: Valid
Basic dataStandard ID: GB/T 26855-2011 (GB/T26855-2011)Description (Translated English): Information security technology -- Public key infrastructure -- Certificate policy and certification practice statement framework Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.020 Word Count Estimation: 38,366 Date of Issue: 2011-07-29 Date of Implementation: 2011-11-01 Quoted Standard: GB 13000.1-1993; GB/T 16264.2-2008; GB/T 16264.8-2005; GB/T 16284.1-2008; GB/T 19713-2005; GB/T 20518-2006; RFC 822-1982; RFC 5280-2008 Regulation (derived from): Announcement of Newly Approved National Standards No. 12 of 2011 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the certificate policy (CP) and Certified Business Statement (CPS) concept to explain the difference between the two, and provides for CP and CPS should abide by document title framework, including in the title of the information that should be included type. The framework presented in this standard generally assumed GB/T 16264. 8-2005 certificate format, but it does not mean that this framework is limited to use this certificate format. This framework can also be used for other formats certificate. This standard applies to CP and CPS writing and compared. This standard should be used as the framework given a flexible tool used to indicate a particular CP or CPS topics which should be considered, rather than as a CP or CPS generates a fixed formula. This standard does not apply to the definition of a common security policy, such as the organization's security policy, system security policy or data marker strategy. GB/T 26855-2011: Information security technology -- Public key infrastructure -- Certificate policy and certification practice statement framework---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology. Public key infrastructure. Certificate policy and certification practice statement framework ICS 35.020 L80 National Standards of People's Republic of China Information security technology - Public key infrastructure Certificate Policy Statement and Assurance Framework Issued on. 2011-07-29 2011-11-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Abbreviations 3 5 Concepts 4 5.1 Certificate Policy 4 5.2 GB/T 16264.8 certificate domain 4 5.3 Certification Statement 6 Business Relationship 5.4 Certificate Policy and Assurance declarations 6 5.5 CP, CPS and the relationship between the protocol and other documents 7 5.6 Terms Set Description 7 Clause 6 Episodes 8 6.0 Description 8 6.1 Introduction 9 6.2 Publication and Repository liability 10 6.3 identification and authentication 10 6.4 Certificate Lifecycle Operational requirements 11 6.5 facilities, management and operational controls 14 16 6.6 Technical Security Controls 6.7 Certificates, CRL and OCSP 19 6.8 Consistency audit and other assessments 19 6.9 Business and Legal Affairs 20 Appendix A (normative) framework provisions set 24 Annex B (informative) Certificate Policy 31 References 32ForewordThis standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points. This standard was drafted. State Information Center, Chittagong Zhengyuan Information Technology Co., Ltd. The main drafters of this standard. Liu Hailong, Wei-Ping Li, He Changlong at Hyperion, Dan barbadensis Miller, Long Yihong, Jiang Yulin.IntroductionThis standard cryptographic algorithms involving relevant content, according to the national laws and regulations implemented. RSA and SHA-1 cryptographic algorithm standard referenced in this note as an example, the specific use shall be in the State Encryption Administration granted Associate appropriate algorithm. Certificate Policy (CP) and certification service statement (CPS) is a Public Key Infrastructure (PKI) in the construction of two important documents. CP is "a set of Specifies the set of rules to specify a certificate to a particular community with the same security requirements and (or) the type of application suitability. "Dependency CP may use to help them decide on a certificate (which is bound together) is trusted enough to apply to a particular application. CPS A declaration certificate authority in issuing the certificate follow business practices. Typically, CPS also describes the entire life cycle of Certificate Services Business practices (such as the issuance, management, revocation, renewal certificate or key), and CPS provide details other business, legal and technical aspects. RFC3647 by the Internet Engineering Task Force (IETF) developed on CP and CPS framework of standards in the international community has been widely Pan recognition. This standard is based on the RFC3647 developed, consistent with RFC3647 body frame, it made changes to two main aspects. First will Password policies are inconsistent with the domestic part of the modified or deleted; the other is to remove unnecessary explanatory text to make the standard more concise. In addition, before and after the original standard will be part of inconsistencies have been corrected. Information security technology - Public key infrastructure Certificate Policy Statement and Assurance Framework1 ScopeThis standard defines the concept of certificate policy (CP) and certification service statement (CPS), and explain the difference between the two, and the provisions of the CP and CPS should abide by the framework document title, including the type of information that should be included in the title. Framework of the proposed standard to make general assumptions With GB/T 16264.8-2005 certificate format, but it does not mean that this framework is limited to the use of this certificate format. This framework can also be used Certificates in other formats. This standard applies to CP and CPS writing and comparisons. Framework of this standard should be given as a flexible tool to use with To be specified in the specific topic of CP or CPS that should be considered, rather than as a CP or CPS generates a fixed formula. This standard does not apply to the definition of a common security policy, such as the organization's security policy, system security policy or data tagging strategies.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB 13000.1-1993 Information technology - Universal Multiple-Octet Coded Character Set (UCS) - Part 1. Architecture and Basic Multilingual Plane (idt ISO /IEC 10646-1.1993) GB/T 16264.2-2008 Information technology - OSI Directory - Part 2. Model (ISO /IEC 9594-2. 2005, IDT) GB/T 16264.8-2005 Information technology - OSI Directory - Part 8. a public key and attribute certificate frameworks (ISO / IEC 9594-8.2001, IDT) GB/T 16284.1-2008 Information technology - Message Handling Systems (MHS) - Part 1. System and service overview (ISO / IEC 10021-1.2003, IDT) GB/T 19713-2005 Information technology - Security techniques Public Key Infrastructure Online Certificate Status Protocol GB/T 20518-2006 Information security technology - Public key infrastructure - Digital certificate format RFC822. 1982 ARPA Internet text messages format standard (StandardForTheFormatofARPAInternet TextMessages) RFC5280.2008 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List contour (InternetX.509Public KeyInfrastructureCertificateandCertificateRevocationList (CRL) Profile)3 Terms and DefinitionsGB/T 16264.8-2005 and established the following terms and definitions apply to this document. 3.1 Activation data activationdata Operations necessary for a cryptographic module, and need to be protected by a non-key data value (for example, PIN, password or manual control key ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 26855-2011_English be delivered?Answer: Upon your order, we will start to translate GB/T 26855-2011_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 26855-2011_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 26855-2011_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
