GM/T 0039-2024 English PDFGM/T 0039: Historical versions
Basic dataStandard ID: GM/T 0039-2024 (GM/T0039-2024)Description (Translated English): (Requirements for security testing of cryptographic modules) Sector / Industry: Chinese Industry Standard (Recommended) Date of Issue: 2024-12-27 Date of Implementation: 2025-07-01 Issuing agency(ies): State Administration of Cryptography GM/T 0039-2015: Security test requirements for cryptographic modules---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Security test requirements for cryptographic modules ICS 35.040 L80 Record number. 49738-2015 People's Republic of China Password Industry Standard Password module security testing requirements Released on.2015-04-01 2015-04-01 implementation Issued by the National Cryptography Administration Table of contentsPreface Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Abbreviations 1 5 Document structure 2 5.1 Overview 2 5.2 Terms and safety requirements 2 5.3 Explanation of cited terms 2 6 Safety testing requirements 2 6.1 General requirements 2 6.2 Cryptographic module specifications 3 6.3 Password module interface 10 6.4 Roles, services and identification 19 6.5 Software/firmware security 30 6.6 Operating environment 34 6.7 Physical Security 41 6.8 Non-intrusive security 56 6.9 Management of sensitive security parameters 58 6.10 Self-test 65 6.11 Life Cycle Guarantee 78 6.12 Mitigation of other attacks 87 6.13 A-document requirements 88 6.14 B-Password Module Security Policy 88 6.15 C-approved safety functions 89 6.16 D-approved sensitive security parameter generation and establishment method 89 6.17 E-approved authentication mechanism 89 6.18 F-non-invasive attacks and commonly used mitigation methods 89 Appendix A (Informative Appendix) Security Level Correspondence Table 90ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard uses the redrafting method with reference to ISO /IEC 24759.2014 "Information Technology Security Technology Cryptographic Module Testing Requirements" The degree of consistency with ISO /IEC 24759.2014 is not equivalent. Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This standard was proposed and managed by the Cryptographic Industry Standardization Technical Committee. The main drafters of this standard. Beijing Watch Smart Technology Co., Ltd., Feitian Chengxin Technology Co., Ltd., Beijing Huada Zhibao Electronic System Co., Ltd., Beijing Haitai Fangyuan Technology Co., Ltd., Commercial Password Testing Center of the State Cryptography Administration, Chinese Academy of Sciences And Communication Protection Research and Education Center, Beijing Chuangyuan Tiandi Technology Co., Ltd., Shanghai Geer Software Co., Ltd. The main drafters of this standard. Wang Xuelin, Li Dawei, Deng Kaiyong, Chen Guo, Chen Baoru, Zhang Yifei, Hu Boliang, Zhu Pengfei, Luo Peng, Zhang Zhong, Lei Yinhua, Mo Fan, Lin Chun, Jiang Hongyu, Tan Wuzheng, Zhang Wantao, Gao Neng. Password module security testing requirements1 ScopeIn accordance with the requirements of GM/T 0028-2014, this standard specifies a series of testing procedures, testing methods and corresponding delivery of cryptographic modules. Check the documentation requirements. This standard applies to the detection of cryptographic modules.2 Normative referencesThe following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GM/T 0028-2014 Security technical requirements for cryptographic modules GM /Z4001 Cryptographic terms3 Terms and definitionsThe terms and definitions defined in GM/T 0028-2014 and GM /Z4001 apply to this document.4 AbbreviationsThe following abbreviations apply to this document. API application program interface (ApplicationProgramInterface) CBC cipher block chaining (CipherBlockChaining) CSP critical security parameter (CriticalSecurityParameter) EDC Error Detection Code (ErrorDetectionCode) EFP Environmental Failure Protection (EnvironmentalFailureProtection) EFT environmental failure test (EnvironmentalFailureTesting) FSM Finite State Model (FiniteStateModel) HDL hardware description language (HardwareDescriptionLanguage) IC Integrated Circuit (IntegratedCircuit) PIN Personal Identification Number (PersonalIdentificationNumber) PROM Programmable Read-Only Memory (ProgrammableRead-OnlyMemory) PSP public security parameters (PublicSecurityParameter) RAM Random Access Memory (RandomAccessMemory) RBG Random Bit Generator (RandomBitGenerator) ROM Read-Only Memory (Read-OnlyMemory) SSP Sensitive Security Parameter (SensitiveSecurityParameter) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GM/T 0039-2024_English be delivered?Answer: Upon your order, we will start to translate GM/T 0039-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GM/T 0039-2024_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0039-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GM/T 0039-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GM/T 0039-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
