Path: Home > GB/T > Page207 > GB/T 43206-2023 Home > Standard_List > GB/T > Page207 > GB/T 43206-2023
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 43206-2023 | English | 879 |
Add to Cart
|
7 days [Need to translate]
|
Information security technology - Testing and evaluation requirements for information system cryptography application
| Valid |
GB/T 43206-2023
|
PDF similar to GB/T 43206-2023
Basic data | Standard ID | GB/T 43206-2023 (GB/T43206-2023) | | Description (Translated English) | Information security technology - Testing and evaluation requirements for information system cryptography application | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 46,492 | | Date of Issue | 2023-09-07 | | Date of Implementation | 2024-04-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 43206-2023: Information security technology - Testing and evaluation requirements for information system cryptography application
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standards of People's Republic of China
Information security technology
Information system password application evaluation requirements
Published on 2023-09-07
2024-04-01 Implementation
State Administration for Market Regulation
Released by the National Standardization Administration Committee
Table of contents
Preface III
1 Scope 1
2 Normative reference documents 1
3 Terms and Definitions 1
4 General 2
5 General assessment requirements 3
5.1 Cipher Algorithm 3
5.2 Cryptotechnology 3
5.3 Cryptocurrency products 3
5.4 Password Service 4
5.5 Key Management 4
6 Technical evaluation requirements 4
6.1 Physical and environmental security 4
6.2 Network and communications security7
6.3 Device and Computing Security10
6.4 Application and data security14
7 Management Assessment Requirements 20
7.1 Management system 20
7.2 Personnel management 22
7.3 Construction and operation 25
7.4 Emergency response 27
8 Overall evaluation requirements 29
8.1 Overview 29
8.2 Inter-unit evaluation 29
8.3 Inter-level evaluation 29
9 Risk Analysis and Evaluation29
10 Evaluation Conclusion 29
Appendix A (informative) Key Life Cycle Management Check Points 31
Appendix B (informative) Typical password function evaluation technology 35
Appendix C (informative) Typical encryption product application evaluation technology 38
Reference 41
Foreword
This document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents"
Drafting.
Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents.
This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260).
This document was drafted by. Commercial Cryptometry Testing Center of the State Cryptography Administration, Institute of Information Engineering, Chinese Academy of Sciences, and the Third Research Institute of the Ministry of Public Security.
Research Institute, National Information Technology Security Research Center, China Electronics Technology Group Corporation 15th Research Institute, China Electronics Technology Standardization Institute,
National Information Center, Fifth Institute of Electronics of the Ministry of Industry and Information Technology, Institute of Software of the Chinese Academy of Sciences, Beijing Municipal Government Information Security Center
Center (Beijing Information Security Evaluation Center), Beijing National Digital Financial Technology Testing Center Co., Ltd., Shenzhen Network Security Computer Security Testing Technology
Technology Co., Ltd., Daopu Information Technology Co., Ltd., Guodian Nanjing Automation Co., Ltd., Zhejiang Dongan Testing Technology Co., Ltd., Beijing
UnionPay Gold Card Technology Co., Ltd., Zhixun Password (Shanghai) Detection Technology Co., Ltd., Harbin Institute of Technology (Shenzhen), Anhui Kechai Information Technology
Technology Co., Ltd., Xinjiang Quantum Communication Technology Co., Ltd.
The main drafters of this document. Luo Peng, Xiao Qiulin, Ma Yuan, Zhang Lihua, Xu Changwei, Chen Tianyu, Huang Jingjing, Zheng Fangyu, Tian Minqiu, Wang Bing,
Liu Jian, Yang Hongzhi, Wu Dongyu, Lu Zhen, Zhang Yuxiang, Li Sheng, Ren Jinqiang, Li Shuilin, Li Dawei, Li Hongzhuo, Zhang Wuyi, Zhang Xiaoxi, Yang Chen,
Cai Yiming, Sun Xin, Gao Rui, Lu Na, Song Lingwei, Guo Shoukun, He Shuangyu, Yang Long, Li Xia, Wang Guochao, Hu Gai, Hu Yanxiong, Shen Ting, Zhang Shaobo,
Han Wei.
Information security technology
Information system password application evaluation requirements
1 Scope
This document stipulates the general evaluation requirements, technical evaluation requirements, and management evaluation requirements for information system level one to level four password applications.
requirements, and provides requirements for overall assessment requirements, risk analysis and evaluation, and assessment conclusions.
Note. The information system password application levels described in this document are consistent with the password application levels specified in GB/T 39786-2021, among which the fifth-level password application
Assessment requirements are not described in this document.
This document is suitable for guiding and standardizing the evaluation activities in the security assessment of information system password applications.
2 Normative reference documents
The contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations
For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to
this document.
GB/T 25069-2022 Information security technical terms
GB/T 39786-2021 Basic requirements for information security technology information system password application
GM/Z4001 cryptographic terminology
3 Terms and definitions
The following terms and definitions as defined in GB/T 25069-2022, GB/T 39786-2021 and GM/Z4001 apply to this document.
document.
3.1
Pass the assessment recognized by the national cryptography management department or have the professional skill level certificate of cryptography technology application technician or cryptography engineering technician
Book, personnel engaged in security assessment of cryptographic applications.
Note. Referred to as "secret evaluator".
3.2
Checkexamine
Secret evaluators conduct interviews, document review, on-site inspection and analysis of evaluation objects to help the secret evaluators understand, clarify or obtain evidence.
the process of.
Note. Please refer to GM/T 0116-2021 for the evaluation methods that can be used during verification and the method selection instructions.
[Source. GB/T 25069-2022, 3.237, with modifications]
3.3
A relatively independent and complete set of assessment content, consisting of assessment indicators, assessment objects, assessment implementation and result determination.
Price & DeliveryUS$879.00 ยท In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 43206-2023: Information security technology - Testing and evaluation requirements for information system cryptography application
Status: Valid
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 43206-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 43206-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 43206-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 43206-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |