Search result: GB/T 37092-2018
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 37092-2018 | English | 999 |
Add to Cart
|
7 days [Need to translate]
|
Information security technology -- Security requirements for cryptographic modules
| Valid |
GB/T 37092-2018
|
| Standard ID | GB/T 37092-2018 (GB/T37092-2018) | | Description (Translated English) | Information security technology -- Security requirements for cryptographic modules | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 50,512 | | Date of Issue | 2018-12-28 | | Date of Implementation | 2019-07-01 |
GB/T 37092-2018
Information security technology--Security requirements for cryptographic modules
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology Password Module Security Requirements
Published on.2018-12-28
2019-07-01 implementation
State market supervision and administration
China National Standardization Administration issued
Content
Foreword I
Introduction II
1 range 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 3
5 password module security level 3
5.1 Overview 3
5.2 Security Level 4
5.3 Security Level 4
5.4 Safety Level 3 4
5.5 Security Level 4 5
6 Functional Safety Objective 5
7 Safety requirements 6
7.1 General requirements 6
7.2 Password Module Specification 8
7.3 cryptographic module interface 10
7.4 Roles, Services and Authentication 11
7.5 Software/Firmware Security 14
7.6 Operating Environment 15
7.7 Physical Security 18
7.8 Non-invasive security 24
7.9 Sensitive Security Parameter Management 24
7.10 Self Test 27
7.11 Lifecycle Protection 30
7.12 Mitigation of other attacks 33
Appendix A (Normative) Document Requirements 34
Appendix B (Normative) Password Module Security Policy 39
Appendix C (Normative) Approved Security Features 43
Appendix D (Normative) Approved Sensitive Safety Parameter Generation and Establishment Method 44
Appendix E (Normative Appendix) Approved Identification Mechanism 45
Appendix F (Normative) Non-invasive attacks and mitigation methods detection indicators 46
Reference 47
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted. Data and Communication Protection Research and Education Center of the Chinese Academy of Sciences, Commercial Password Testing Center of the National Cryptography Administration,
Beijing Jianqi Intelligent Technology Co., Ltd., Beijing Digital Certification Co., Ltd., Feitian Integrity Technology Co., Ltd., Beijing Haitai Fangyuan
Technology Co., Ltd., Beijing Huada Zhibao Electronic System Co., Ltd., Beijing Chuangyuan Tiandi Technology Co., Ltd.
The main drafters of this standard. Jing Jiwu, Gao Neng, Tu Chenyang, Zheng Yi, Jiang Weiyu, Zhou Guoliang, Ma Yuan, Liu Zongbin, Liu Zeyi, Wang Wei,
Luo Peng, Wang Xuelin, Chen Guo, Zhan Banghua, Zhu Pengfei, Jiang Hongyu, Chen Yue, Zhang Wantao, Liu Limin, Xiang Ji.
introduction
In information technology, the use of cryptography is increasing, such as the need for data protection to prevent unauthorized disclosure.
Or manipulation. The password mechanism can be used to support security services such as entity authentication and non-repudiation. The security and reliability of the password mechanism are directly taken.
Depending on the cryptographic module that implements them.
This standard proposes four incremental and qualitative security requirements for the cryptographic module, but does not apply correctly to the cryptographic module and the security department.
The Department conducts specifications. The operator of the cryptographic module is responsible for ensuring that the security provided by the cryptographic module is full when using or deploying the cryptographic module.
Subdivided and acceptable to the information owner, and any residual risk is communicated to the information owner. The operator of the cryptographic module is responsible
The cryptographic module that selects the appropriate security level enables the cryptographic module to meet the security requirements of the application and adapt to the security of the environment.
status quo.
Information Security Technology Password Module Security Requirements
1 Scope
This standard specifies the security requirements for the cryptographic module, defines four security levels for the cryptographic module, and gives four security levels, etc.
Corresponding requirements of the level.
This standard applies to cryptographic modules used in security systems that protect sensitive information in computers and telecommunications systems. This standard is also a password
Provide guidance for the design and development of the module, and provide reference for the detection of the security requirements of the cryptographic module.
2 Normative references
The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article.
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
GB/T 15843 (all parts) Information technology security technology entity identification
GB/T 15852 (all parts) Information Technology Security Technology Message Authentication Code
GB/T 17964 information security technology block cipher algorithm working mode
GB/T 25069 Information Security Technology Terminology
GB/T 32905 information security technology SM3 password hash algorithm
GB/T 32907 information security technology SM4 block cipher algorithm
GB/T 32918 (all parts) Information Security Technology SM2 Elliptic Curve Public Key Cryptography
GB/T 33133.1 Information security technology Zu Chongzhi sequence cipher algorithm Part 1. Algorithm description
GM/T 0001.2 Zu Chongzhi sequence cipher algorithm Part 2. Confidentiality algorithm based on Zu Chong algorithm
GM/T 0001.3 Zu Chongzhi sequence cipher algorithm Part 3. Integrity algorithm based on Zu Chong algorithm
GM/T 0044 (all parts) SM9 identification cipher algorithm
3 Terms and definitions
The following terms and definitions as defined in GB/T 25069 apply to this document.
3.1
Certificate certificate
A type of data about an entity that is issued by the certificate authority's private key or secret key and cannot be forged.
3.2
Conditional self test conditionalself-test
The test performed by the cryptographic module when the specified test conditions occur.
3.3
Critical security parameter criticalsecurityparameter
Security-related secret information that is compromised or modified can compromise the security of the cryptographic module.
Note. Critical security parameters can be in plain text or encrypted.
3.4
Password boundary cryptographicboundary
A well-defined edge that establishes the physical and/or logical boundaries of the cryptographic module and includes all hardware and softness of the cryptographic module.
Pieces and/or firmware components.
......
|