Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GM/T 0054-2018 PDF English

US$265.00 · In stock · Download in 9 seconds
GM/T 0054-2018: General Requirements for Information System Cryptography Application
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GM/T 0054-2018265 Add to Cart Auto, 9 seconds. General Requirements for Information System Cryptography Application Valid

Similar standards

GB/T 15843.1   GA/T 1389   GM/T 0056   

GM/T 0054-2018: General Requirements for Information System Cryptography Application

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0054-2018
CRYPTOGRAPHY INDUSTRY STANDARD ICS 35.040 L 80 Record No.. 61709-2018 General Requirements for Information System Cryptography Application Issued on. FEBRUARY 08, 2018 Implemented on. FEBRUARY 08, 2018 Issued by. State Cryptography Administration

Table of Contents

Foreword... 5 Introduction... 6 1 Scope... 7 2 Normative References... 7 3 Terms and Definitions... 7 4 Abbreviation... 9 5 General Requirements... 9 6 Requirements of Cryptographic Function... 10 7 Cryptographic Technology Application Requirements... 11 8 Key Management... 23 9 Security Management... 27 Appendix A (Informative) Security Requirements Comparison List... 35 Appendix B (Informative) List of Cryptography Industry Standards... 38 Bibliography... 40

1 Scope

This Standard specifies the general requirements for information system commercial cryptography application. This Standard is applicable to guide, regulate and assess the information system commercial cryptography application.

2 Normative References

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document. GM/T 0005 Randomness Test Specification GM/T 0028 Security Requirements for Cryptographic Modules GM/T 0036 Technical Guidance of Cryptographic Application for Access Control Systems Based on Contactless Smart Card GM/Z 4001-2013 Cryptography Terminology

3 Terms and Definitions

For the purposes of this document, the terms and definitions given in GM/Z 4001-2013 and the following apply. For the benefit of use, some terms and definitions given in GM/Z 4001-2013 are listed repeatedly as follows. 3.1 One-time-password; OTP; dynamic password The one-time password dynamically generated based on time, event, etc. 3.2 Access control A mechanism that allows or denies user access to resources according to a specific policy. 3.3 Confidentiality The nature ensuring that the information is not disclosed to the unauthorized individuals, process, and the like entities. 3.4 Encipherment; encryption The process that cryptographically transforms the data to produce ciphertext. 3.5 Decipherment; decryption The inverse process corresponding to the encryption process. 3.6 Cryptographic algorithm The arithmetic rules for describing the cryptographic processing. 3.7 Key The crucial information or parameters for controlling the operation of cryptographic algorithm.

4 Abbreviation

The following abbreviation is applicable to this document. MAC (Message Authentication Code)

5 General Requirements

5.1 Cryptographic algorithm The cryptographic algorithm used in the information system shall conform to the provisions of laws and regulations, as well as the relevant requirements of national and industry standards related to cryptography. 5.3 Cryptographic products The cryptographic products and cryptographic modules used in the information system shall be approved by the state cryptography administration department.

6 Requirements of Cryptographic Function

6.1 Confidentiality Confidentiality is achieved by using cryptography encryption; the objects that are protected in the information system are as follows. 6.2 Data integrity The data integrity is achieved by using the message authentication code (MAC) or digital signature; the objects that are protected in the information system are as follows. 6.3 Authenticity The authenticity is achieved by using symmetric encryption, dynamic password, digital signature, etc.; the application scenarios in the information system include. 6.4 Non-repudiation The non-repudiation of entity behavior that is achieved by using the digital signature, and the like cryptographic technology; it is against all behaviors that can’t be denied in the information system, such as sending, receiving, approving, creating, modifying, deleting, adding, configuring, etc.

7 Cryptographic Technology Application Requirements

7.1 Physical and environmental security 7.1.1 General The general rules for cryptography application of the physical and environmental security are as follows. 7.1.2 Class-I information system with classified protection The requirements for the Class-I information system are as follows. 7.1.3 Class-II information system with classified protection The requirements for Class-II information system are as follows. 7.1.4 Class-III information system with classified protection The requirements for Class-III information system are as follows. 7.1.5 Class-IV information system with classified protection The requirements for Class-IV information system are as follows. 7.2 Network and communication security 7.2.1 General The general rules for network and communication security cryptography application are as follows. 7.2.2 Class-I information system with classified protection The requirements of Class-I information system are as follows. 7.2.3 Class-II information system with classified protection The requirements for Class-II information system are as follows. 7.2.4 Class-III information system with classified protection The requirements for Class-III information system are as follows. 7.2.5 Class-IV information system with classified protection The requirements for Class-IV information system are as follows. 7.3 Equipment and computing security 7.3.1 General The general rules for cryptography application of equipment and computing security are as follows. 7.4 Application and data security 7.4.1 General The general rules for cryptography application of application and data security are as follows. 7.4.4 Class-III information system with classified protection The requirements for Class-III information system are as follows.

8 Key Management

8.1 General Key management of information system shall include the whole process of management and strategy formulation for key generation, storage, distribution, input, output, use, backup, recovery, archiving and destruction, etc. 8.4 Class-III information system with classified protection Key management of Class-III information system shall include the whole process of management and strategy formulation such as key generation, storage, distribution, input, output, use, backup, recovery, archiving, destruction, etc.; and satisfy.

9 Security Management

9.1 System 9.1.1 Class-I information system with classified protection The requirements for Class-I information system are as follows. 9.1.3 Class-III information system with classified protection The requirements for Class-III information system are as follows. 9.2 Personnel 9.2.1 Class-I information system with classified protection The requirements for Class-I information system are as follows. 9.2.2 Class-II information system with classified protection The requirements for Class-II information system are as follows. 9.2.3 Class-III information system with classified protection The requirements for Class-III information system are as follows. 9.3 Implementation 9.3.1 Planning 9.3.1.1 Class-I information system with classified protection In the planning stage of the information system, the responsible organization may formulate the cryptography application plan according to the relevant cryptography standard. 9.3.2 Construction 9.3.2.1 Class-I information system with classified protection The cryptography implementation plan may be formulated according to the relevant national standard. GM/T 0054-2018 CRYPTOGRAPHY INDUSTRY STANDARD ICS 35.040 L 80 Record No.. 61709-2018 General Requirements for Information System Cryptography Application Issued on. FEBRUARY 08, 2018 Implemented on. FEBRUARY 08, 2018 Issued by. State Cryptography Administration

Table of Contents

Foreword... 5 Introduction... 6 1 Scope... 7 2 Normative References... 7 3 Terms and Definitions... 7 4 Abbreviation... 9 5 General Requirements... 9 6 Requirements of Cryptographic Function... 10 7 Cryptographic Technology Application Requirements... 11 8 Key Management... 23 9 Security Management... 27 Appendix A (Informative) Security Requirements Comparison List... 35 Appendix B (Informative) List of Cryptography Industry Standards... 38 Bibliography... 40

1 Scope

This Standard specifies the general requirements for information system commercial cryptography application. This Standard is applicable to guide, regulate and assess the information system commercial cryptography application.

2 Normative References

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document. GM/T 0005 Randomness Test Specification GM/T 0028 Security Requirements for Cryptographic Modules GM/T 0036 Technical Guidance of Cryptographic Application for Access Control Systems Based on Contactless Smart Card GM/Z 4001-2013 Cryptography Terminology

3 Terms and Definitions

For the purposes of this document, the terms and definitions given in GM/Z 4001-2013 and the following apply. For the benefit of use, some terms and definitions given in GM/Z 4001-2013 are listed repeatedly as follows. 3.1 One-time-password; OTP; dynamic password The one-time password dynamically generated based on time, event, etc. 3.2 Access control A mechanism that allows or denies user access to resources according to a specific policy. 3.3 Confidentiality The nature ensuring that the information is not disclosed to the unauthorized individuals, process, and the like entities. 3.4 Encipherment; encryption The process that cryptographically transforms the data to produce ciphertext. 3.5 Decipherment; decryption The inverse process corresponding to the encryption process. 3.6 Cryptographic algorithm The arithmetic rules for describing the cryptographic processing. 3.7 Key The crucial information or parameters for controlling the operation of cryptographic algorithm.

4 Abbreviation

The following abbreviation is applicable to this document. MAC (Message Authentication Code)

5 General Requirements

5.1 Cryptographic algorithm The cryptographic algorithm used in the information system shall conform to the provisions of laws and regulations, as well as the relevant requirements of national and industry standards related to cryptography. 5.3 Cryptographic products The cryptographic products and cryptographic modules used in the information system shall be approved by the state cryptography administration department.

6 Requirements of Cryptographic Function

6.1 Confidentiality Confidentiality is achieved by using cryptography encryption; the objects that are protected in the information system are as follows. 6.2 Data integrity The data integrity is achieved by using the message authentication code (MAC) or digital signature; the objects that are protected in the information system are as follows. 6.3 Authenticity The authenticity is achieved by using symmetric encryption, dynamic password, digital signature, etc.; the application scenarios in the information system include. 6.4 Non-repudiation The non-repudiation of entity behavior that is achieved by using the digital signature, and the like cryptographic technology; it is against all behaviors that can’t be denied in the information system, such as sending, receiving, approving, creating, modifying, deleting, adding, configuring, etc.

7 Cryptographic Technology Application Requirements

7.1 Physical and environmental security 7.1.1 General The general rules for cryptography application of the physical and environmental security are as follows. 7.1.2 Class-I information system with classified protection The requirements for the Class-I information system are as follows. 7.1.3 Class-II information system with classified protection The requirements for Class-II information system are as follows. 7.1.4 Class-III information system with classified protection The requirements for Class-III information system are as follows. 7.1.5 Class-IV information system with classified protection The requirements for Class-IV information system are as follows. 7.2 Network and communication security 7.2.1 General The general rules for network and communication security cryptography application are as follows. 7.2.2 Class-I information system with classified protection The requirements of Class-I information system are as follows. 7.2.3 Class-II information system with classified protection The requirements for Class-II information system are as follows. 7.2.4 Class-III information system with classified protection The requirements for Class-III information system are as follows. 7.2.5 Class-IV information system with classified protection The requirements for Class-IV information system are as follows. 7.3 Equipment and computing security 7.3.1 General The general rules for cryptography application of equipment and computing security are as follows. 7.4 Application and data security 7.4.1 General The general rules for cryptography application of application and data security are as follows. 7.4.4 Class-III information system with classified protection The requirements for Class-III information system are as follows.

8 Key Management

8.1 General Key management of information system shall include the whole process of management and strategy formulation for key generation, storage, distribution, input, output, use, backup, recovery, archiving and destruction, etc. 8.4 Class-III information system with classified protection Key management of Class-III information system shall include the whole process of management and strategy formulation such as key generation, storage, distribution, input, output, use, backup, recovery, archiving, destruction, etc.; and satisfy.

9 Security Management

9.1 System 9.1.1 Class-I information system with classified protection The requirements for Class-I information system are as follows. 9.1.3 Class-III information system with classified protection The requirements for Class-III information system are as follows. 9.2 Personnel 9.2.1 Class-I information system with classified protection The requirements for Class-I information system are as follows. 9.2.2 Class-II information system with classified protection The requirements for Class-II information system are as follows. 9.2.3 Class-III information system with classified protection The requirements for Class-III information system are as follows. 9.3 Implementation 9.3.1 Planning 9.3.1.1 Class-I information system with classified protection In the planning stage of the information system, the responsible organization may formulate the cryptography application plan according to the relevant cryptography standard. 9.3.2 Construction 9.3.2.1 Class-I information system with classified protection The cryptography implementation plan may be formulated according to the relevant national standard. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GM/T 0054-2018 be delivered?Answer: The full copy PDF of English version of GM/T 0054-2018 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GM/T 0054-2018_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0054-2018_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0054-2018 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GM/T 0054-2018?

A step-by-step guide to download PDF of GM/T 0054-2018_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GM/T 0054-2018".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9