|
US$429.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 32922-2023: Information security technology - Baseline and implementation guide of IPSec VPN securing access
Status: Valid GB/T 32922: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 32922-2023 | English | 429 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology - Baseline and implementation guide of IPSec VPN securing access
| Valid |
GB/T 32922-2023
|
| GB/T 32922-2016 | English | 719 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology -- Baseline and implementation guide of IPSec VPN securing access
| Obsolete |
GB/T 32922-2016
|
PDF similar to GB/T 32922-2023
Basic data | Standard ID | GB/T 32922-2023 (GB/T32922-2023) | | Description (Translated English) | Information security technology - Baseline and implementation guide of IPSec VPN securing access | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 22,234 | | Date of Issue | 2023-03-17 | | Date of Implementation | 2023-10-01 | | Older Standard (superseded by this standard) | GB/T 32922-2016 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 32922-2023: Information security technology - Baseline and implementation guide of IPSec VPN securing access
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS35:030
CCSL80
National Standards of People's Republic of China
Replacing GB/T 32922-2016
Information Security Technology IPSecVPN Secure Access
Basic Requirements and Implementation Guidelines
Released on 2023-03-17
2023-10-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface I
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 IPSecVPN Secure Access Scenario 3
5:1 Gateway-to-Gateway Secure Access Scenario 3
5:2 Secure Access Scenario 4 from Terminal to Gateway
6 Basic Requirements for IPSec VPN Secure Access 4
6:1 IPSecVPN Gateway Technical Requirements 4
6:2 IPSecVPN Client Technical Requirements 5
6:3 Safety management requirements 6
6:4 Password Application Requirements 7
7 Implementation Guidelines 7
7:1 Overview 7
7:2 Requirements Analysis 8
7:3 Scheme design 8
7:4 Scheme verification 9
7:5 Configuration Implementation 9
7:6 Operation Management 10
Appendix A (Informative) Typical Application Cases 13
Appendix B (Informative) Common IPSecVPN Functions 16
Appendix C (informative) IPv6 transition technology 17
Reference 18
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
This document replaces GB/T 32922-2016 "Information Security Technology IPSec VPN Secure Access Basic Requirements and Implementation Guidelines", and
Compared with GB/T 32922-2016, except for structural adjustment and editorial changes, the main technical changes are as follows:
--- Added IPSecVPN security access point to multipoint scenario (see 5:1:2);
---Changed the schematic diagram of IPSecVPN secure access scenario (see Chapter 5, Chapter 5 of the:2016 edition);
---Changed the requirements for using the IPSecVPN gateway password algorithm (see 6:1:1, 6:1:1 of the:2016 edition);
---Changed the description of IPSecVPN gateway VPN functional requirements (see 6:1:2, 6:1:2 of the:2016 edition);
---Changed the description of IPSecVPN gateway reliability function requirements (see 6:1:2, 6:1:2 of the:2016 edition);
--- Added the description of IPSecVPN gateway supporting dynamic route selection in branch multi-exit scenarios (see 6:1:2);
---Changed the description of IPSecVPN gateway interworking compatibility function requirements (see 6:1:2, 6:1:2 of the:2016 edition);
---Changed the description of the IPSecVPN gateway IPv6 compatibility function requirements (see 6:1:2, 6:1:2 of the:2016 edition);
--- Added description of IPSecVPN gateway usability function requirements (see 6:1:2);
---Changed the description of the functional requirements for IPSecVPN gateway certificate authentication (see 6:1:2, 6:1:2 of the:2016 edition);
---Changed the performance requirements of IPSecVPN gateway products (see 6:1:3, 6:1:3 of the:2016 edition);
---Changed the technical requirements of IPSecVPN client, merging subchapters of software and hardware requirements (see 6:2, 6:2 of the:2016 edition);
--- Changed the requirements of IPSec security protocol type in IPSecVPN gateway and client functional requirements (see 6:1:2 and 6:2,
6:1:2 and 6:2 of the:2016 edition);
---Changed the IPSecVPN gateway and client device management requirements (see 6:3:1, 6:3:1 of the:2016 edition);
--- Changed the description of IPSecVPN gateway and client certificate management requirements (see 6:3:2, 6:3:2 of the:2016 edition);
--- Added "password requirements" (see 6:4);
--- Changed the relevant description of the implementation guide (see Chapter 7, Chapter 7 of the:2016 edition);
--- Changed the description of typical application scenarios (see Appendix A, Appendix A of the:2016 edition);
--- Added the appendix "Common IPSec VPN functions" (see Appendix B), and adjusted the original Appendix B to Appendix C;
--- Deleted the transport mode IPSec6over4 tunnel scenario (see Appendix C:2 of the:2016 edition):
Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents:
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260):
This document is drafted by: State Information Center, Huawei Technologies Co:, Ltd:, Qi Anxin Wangshen Information Technology (Beijing) Co:, Ltd:, Beijing
Jingtian Rongxin Network Security Technology Co:, Ltd:, Sangfor Technology Co:, Ltd:, Chengdu Weishitong Information Industry Co:, Ltd:, Shenzhen
Aolian Information Security Technology Co:, Ltd:, Shenzhen Shuyuan Xin'an Technology Co:, Ltd:, Institute of Information Engineering, Chinese Academy of Sciences, No: 1 Ministry of Public Security
Institute, Xinhua Three Technology Co:, Ltd:, Xi'an Jiaotong University Jabil Network Technology Co:, Ltd:, Dingxuan Commercial Cryptography Evaluation Technology (Shenzhen) Co:, Ltd:
Division, China Electric Power Research Institute Co:, Ltd:
The main drafters of this document: Xu Chunxue, Jiao Di, Luo Haining, Pan Wei, Wang Wei, Cao Jin, Li Jinguo, Wan Zhiyu, Cheng Zidong, Wang Pengbiao,
Zhao Guoquan, Luo Jun, Dan Bo, Zhai Peng, Ren Fei, Tian Zhipan, He Jianfeng, Wan Xiaolan, Jiang Min, Zou Chao, Liu Song, Li Haitao:
The release status of previous versions of this document and the documents it replaces are as follows:
---First published as GB/T 32922-2016 in:2016;
--- This is the first revision:
Information Security Technology IPSecVPN Secure Access
Basic Requirements and Implementation Guidelines
1 Scope
This document specifies the basic aspects of gateway, client, security management and password application in the process of IPSecVPN secure access application:
This requirement provides typical scenarios and implementation process guidelines for implementing secure access using IPSec VPN technology:
This document is applicable to institutions that use IPSecVPN technology to carry out secure access applications, and guides their development based on IPSecVPN technology:
Requirement analysis, scheme design, scheme verification, configuration implementation, and operation management of secure access platforms or systems:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
GB/T 15843 (all parts) Information technology security technology entity authentication
GB/T 19713 Information Technology Security Technology Public Key Infrastructure Online Certificate Status Protocol
GB/T 20518 Information Security Technology Public Key Infrastructure Digital Certificate Format
GB/T 25069 Information Security Technical Terms
GB/T 32915 Information Security Technology Binary Sequence Randomness Detection Method
GB/T 36968 Information Security Technology IPSecVPN Technical Specification
GB/T 37092 Information Security Technology Cryptographic Module Security Requirements
GB/T 38636 Information Security Technology Transport Layer Cryptography Protocol (TLCP)
GM/T 0023 IPSecVPN Gateway Product Specification
GM/T 0050 Cryptography Device Management Device Management Technical Specifications
GM/T 0062 Random Number Testing Requirements for Cryptographic Products
GM/T 0089 Simple Certificate Enrollment Protocol Specification
3 Terms and Definitions
GB/T 25069, GB/T 36968 and the following terms and definitions apply to this document:
3:1
An open standard framework that uses encrypted security services to ensure confidential and secure communications over open networks
It can provide security services such as data integrity protection, data source authentication, payload confidentiality and anti-replay attack at the end-to-end level:
[Source: GB/T 36968-2018, 3:4, modified]
3:2
A technique that uses cryptography to build a secure channel in a communication network:
[Source: GB/T 36968-2018, 3:7]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 32922-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 32922-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 32922-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 32922-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 32922-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 32922-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|