Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GM/T 0066-2019 PDF English

US$305.00 · In stock · Download in 9 seconds
GM/T 0066-2019: Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GM/T 0066-2019305 Add to Cart Auto, 9 seconds. Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products Valid

Similar standards

GB/T 15843.1   GA/T 1389   GM/T 0067   

GM/T 0066-2019: Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0066-2019
GM CRYPTOGRAPHIC INDUSTRY STANDARD ICS 35.040 L 80 Implementation guide to capability construction criteria of production and guarantee for commercial cryptographic products Issued on. JULY 12, 2019 Implemented on. JULY 12, 2019 Issued by. State Cryptography Administration

Table of Contents

Foreword... 4 Introduction... 5 1 Scope... 6 2 Normative references... 6 3 Terms and definitions... 6 4 Overview of implementation... 7 4.1 Evaluation content... 7 4.2 Evaluation method... 7 4.3 Evaluation principles... 8 5 Implementation guide... 8 5.1 Basic items... 8 5.2 Declaration item... 9 5.3 Evaluation items... 9 6 Evaluation procedure... 19 6.1 Evaluation requirements... 19 6.2 Evaluation process... 19 6.3 Implementation evaluation... 20 7 Evaluation report... 23 7.1 Report content... 23 7.2 Report form... 23 7.3 Reporting requirements... 23 7.4 Report archiving... 25 8 Descriptions of implementation points... 25 8.1 Evaluation organization... 25 8.2 Production organization... 27 Appendix A (Normative) Supporting forms for evaluation of production and guarantee capability for commercial cryptographic product... 28 Appendix B (Normative) Evaluation report on production and guarantee capability of commercial cryptographic products... 43 Appendix C (Informative) Audit method... 44 Appendix D (Informative) List of archived files... 45 Appendix E (Informative) Product use requirements in important areas... 46 References... 48

1 Scope

This standard specifies the methods, procedures, reports and key points for the implementation of the evaluation of capability criteria of production and guarantee for commercial cryptographic products. This standard is applicable to the guide for construction of production capacity, quality assurance capability, security assurance capability, service assurance capability of production organizations.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GM/T 0008-2012 Cryptography test criteria for security IC GM/T 0028-2014 Security requirements for cryptographic modules GM/T 0065-2019 Specification for capability construction of production and guarantee for commercial-cryptographic products GM/Z 4001 Cryptographic terms

3 Terms and definitions

The terms and definitions as defined in GM/Z 4001 and GM/T 0065-2019 as well as the following terms and definitions are applicable to this document. 3.1 Formal examination Review the formal compliance, completeness and validity of the application materials as submitted by the production organization. 3.2 Substantive examination On the basis of formal review, review whether the production organization has the qualifications for the main body, whether the application is true, whether the submitted documents and certificates are true, valid, complete, compliant; whether they meet the requirements of national laws and regulations.

4 Overview of implementation

4.1 Evaluation content The evaluation content includes evaluation elements such as basic items, declaration items, evaluation items, etc. 4.2 Evaluation method The production and guarantee capabilities of commercial cryptographic products are evaluated by a combination of the organization��s self-evaluation and expert scoring. Quality assurance, security assurance, service guarantee capabilities shall be the organization's self-verification items, for which the production organization provides proofs of the production and guarantee capability of the commercial cryptographic product. Combined with the basic items and declaration items of the production organization, the expert group will score and judge according to the evaluation elements of the evaluation items. 4.3 Evaluation principles The evaluation of the production and guarantee capabilities of commercial cryptographic products shall be based on the application materials submitted by the production organization, using a combination of "material review" and "on-site review", a combination of "pre-evaluation" and "expert evaluation"; follow the evaluation principles of "quantitative evaluation" and "qualitative judgment", to ensure the authenticity, consistency and compliance of the application materials.

5 Implementation guide

5.1 Basic items 5.1.1 Legal personality The production organization is an independent legal person registered in China. It shall issue the registration number of the business license of the production organization. It shall issue the name and number of the valid ID of the legal representative. 5.1.3 Product research & development The production organization shall promise that the products researched & developed and the core cryptographic technology involved in the product have independent intellectual property rights; it shall have patents, software copyrights, integrated circuit layout registration, etc. It shall promise that the product corresponding to the application evaluation material does not contain the intellectual property of any other organization or unit; or otherwise it may have been obtained through legal means. 5.1.4 Industry management compliance 5.2 Declaration item 5.2.1 Key personnel information The production organization shall provide a detailed introduction of the key personnel��s certificate name and number, nationality, educational background and working experience. 5.2.3 Data management The production organization shall provide a statement on the location of the data center for the research & development, production and guarantee of commercial cryptographic products, stating the location of the data center and whether the data flow will involve outbound. 5.3 Evaluation items 5.3.1 Production capability 5.3.1.1 Technical strength 5.3.1.2 Production management 5.3.1.2.1 Position setting The production organization shall set up production supervisors, warehouse management and other related positions; ensure that senior professionals with rich experience and serious responsibility hold relevant positions. 5.3.1.4 Production process and flow 5.3.1.4.1 Production technology management The production organization shall have management specifications and complete production technical documents, including at least production lists, material lists, inspection procedures and report documents. 5.3.1.4.2 Mass production and testing capabilities The production organization shall have mass production and testing capabilities; it should have an automated production line and corresponding product testing mechanisms, to ensure sufficient production capacity and stable product quality. It shall have the required inspection, testing and measurement equipment, to meet the needs of the production scale. 5.3.2 Quality guarantee capability 5.3.2.4 Quality system certification The third-party quality system certification of the production organization shall be verified. For the production organization that has obtained the corresponding certification and is within the validity period, it may score the quality assurance capability evaluation, for example, the production organization has ISO 9001 quality system certification or CMMI level 3 and above maturity certification. 5.3.3 Security guarantee capability 5.3.3.1 Organizational guarantee 5.3.3.2 Security management

6 Evaluation procedure

6.1 Evaluation requirements According to the requirements of GM/T 0065-2019 and 4.3, the evaluation is based on the application materials submitted by the production organization. Conduct formal review and substantive review of application materials; initiate on-site review when necessary. 6.2 Evaluation process The evaluation process is as shown in Figure 1. 6.3 Implementation evaluation 6.3.1 Material review After receiving the evaluation application materials submitted by the production organization, it shall carry out formal examination of the application materials Evaluation 6.3.2 Pre-evaluation 6.3.2.1 Evaluation start The evaluation team leader shall be determined, as well as two or more experts shall form the evaluation team. The number of the evaluation team members shall be no less than 3.The members of the evaluation team shall undertake the confidentiality of the evaluation object and evaluation content. Independent evaluation supervisors shall be set up, to supervise the standardization and fairness of the evaluation work. 6.3.2.2 Pre-evaluation The evaluation team conducts pre-evaluation of the application materials, mainly to review the basic items, declaration items and other content and supporting documents. 6.3.3 On-site audit 6.3.3.1 Audit judgment The evaluation team shall judge whether on-site audits are required according to the specific conditions of the production organization. If the authenticity of the application materials is lack of supporting evidence, the application conditions are poor, the production organization has been subjected to relevant administrative penalties, it shall carry out an on-site audit. 6.3.3.2 Audit notice If an on-site audit of the production organization is required, preliminary contact shall be made with the production organization on the implementation of the on-site audit. The initial contact includes at least the following tasks. 6.3.3.3 Audit method The on-site audit shall check the authenticity and validity of the application materials. During the audit process, appropriate sampling shall be used to collect and verify information related to the audit objectives, scope and GM/T 0065-2019, including relevant information on organizational functions, production and R&D activities and processes. 6.3.4 Expert evaluation The evaluation team shall establish a score sheet based on the evaluation items, to verify and score the production organization's product production and guarantee capabilities. The evaluation team experts shall complete the scoring independently. 6.3.5 Evaluation results The evaluation results are presented in the form of evaluation reports. The evaluation team shall provide a unified evaluation conclusion.

7 Evaluation report

7.1 Report content The content of the report shall be complete, truthful, objective; clarify the basic information of the production organization, the basic information of the applied product, the evaluation team members, the evaluation supervisor, the evaluation time, whether the evaluation materials are complete, whether the basic items meet the requirements, whether there will be on-site audit, the descriptions on declaration items and evaluation items, the evaluation conclusions. 7.2 Report form The evaluation report is in the form of a table, as shown in Appendix B. 7.3 Reporting requirements 7.3.1 Evaluation time The evaluation report shall specify the time when the evaluation work is started, in the format of "��������year����month����day". 7.3.2 Evaluation location The evaluation report specifies the location of the evaluation. 7.3.3 Evaluation team and evaluation supervisor The evaluation report clearly specifies the name of the evaluation team and the evaluation supervisor. 7.3.4 Basic information of production organization The evaluation report shall specify the name of the production organization, its type, the province (district, city) to which it belongs, wherein the name and type of the production organization shall be filled out in accordance with its business license. 7.3.8 On-site audit It shall clarify whether on-site audit is to be made; the clarification method is to choose "Yes" or "No". 7.3.9 Description of declaration item It shall refer to the description in 5.2, to clarify the key personnel of the production organization, the nature of the enterprise, the data management information. 7.3.10 Description of evaluation items It shall refer to the descriptions in 5.3 and 8.1.2, to clarify the scores of the production organization's production capability, quality assurance capability, security guarantee capability, service assurance capability. 7.4 Report archiving The evaluation materials shall be archived. The archived materials include product varieties and model application materials, evaluation reports, evaluation records. See Appendix D. Evaluation records include independent score sheets of evaluation members and records of supervisors, etc.

8 Descriptions of implementation points

8.1 Evaluation organization 8.1.1 Evaluation process The evaluation work shall be carried out in accordance with the evaluation procedures as specified in Chapter 6, including material review, pre-evaluation, on-site audit, expert evaluation. 8.1.2 Expert scoring Expert evaluation is carried out by means of scoring. The scoring results include individual score and comprehensive score. 8.1.3 License requirements for different levels of commercial cryptographic products The production and guarantee capabilities of commercial cryptographic products shall be compatible with the security level of commercial cryptographic products. 8.1.4 Description of special application requirements Table 3 shows the situations where the production organization, research organization, processing organization are not the same organization (enterprise, institution). 8.2 Production organization 8.2.1 Capacity building The production organization shall refer to the requirements of this standard when implementing production and guarantee capability building. 8.2.2 Self-evaluation The production organization shall conduct self-evaluation according to GM/T 0065-2019; make continuous improvement based on the self-evaluation results. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GM/T 0066-2019 be delivered?Answer: The full copy PDF of English version of GM/T 0066-2019 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GM/T 0066-2019_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0066-2019_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0066-2019 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GM/T 0066-2019?

A step-by-step guide to download PDF of GM/T 0066-2019_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GM/T 0066-2019".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9