|
US$669.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 28447-2012: Information security technology -- Specification on the operation management of a certificate authority
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 28447-2012 | English | 669 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology -- Specification on the operation management of a certificate authority
| Valid |
GB/T 28447-2012
|
PDF similar to GB/T 28447-2012
Basic data | Standard ID | GB/T 28447-2012 (GB/T28447-2012) | | Description (Translated English) | Information security technology -- Specification on the operation management of a certificate authority | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.020 | | Word Count Estimation | 29,220 | | Quoted Standard | GB/T 2887; GB/T 9361; GB/T 25056-2010; GB/T 26855-2011; GB 50045; GB 50057; GB 50174; GB 50343; SJ/T 10796 | | Regulation (derived from) | National Standards Bulletin No. 13 of 2012 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | | Summary | This standard specifies the electronic certification service providers in business operations, the certification system is running, the physical environment and facility safety, organization and personnel management, documentation, records, and media mana | GB/T 28447-2012: Information security technology -- Specification on the operation management of a certificate authority
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology. Specification on the operation management of a certificate authority
ICS 35.020
L80
National Standards of People's Republic of China
Information Security Technology
Electronic authentication service operations management norms
Issued on. 2012-06-29
2012-10-01 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Introduction Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions
4 Abbreviations 2
5 electronic certification service operator business 2
5.1 User Certificate Services 2
5.2 User Certificate Key Services 4
5.3 authentication system functional requirements 5
5.4 Business Process certification requirements 5
6 operations risk 6
7 authentication system operating requirements 6
7.1 Network Security 6
7.2 host systems Security 6
7.3 system redundancy and backup 7
Operation and maintenance and safety management system 7.4 8
7.5 Password Security Device Management 9
7.6 CA key and certificate management 10
8 physical environment and facilities 11
11 8.1 Site Operations
8.2 Operations and zoning requirements 11
Safety Monitoring System 12 8.3
8.4 Protection and control facility 13
8.5 support facility 14
8.6 Site Access Security Management 14
8.7 Monitoring site safety management 14
8.8 Registration Authority site security 14
9 organization and personnel management 14
14 9.1 Functions and Roles Settings
15 9.2 Security organization
Security personnel managed 16 9.3
10 documents, records and media management 16
10.1 Document Management 16
10.2 Records Management 18
10.3 Media Management 18
11 19 business continuity requirements
11.1 Business Continuity Plan 19
11.2 emergency treatment plan 19
11.3 Disaster Recovery Plan 19
11.4 Disaster Recovery Center 20
12 Audit and Improvement 20
12.1 Audit 20
12.2 Improved 21
Appendix A (informative) Examples risk operations 22
Foreword
This standard was drafted in accordance with GB/T 1.1-2009 given rules.
This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points.
Drafting of this standard. Beijing VeriSign E-Commerce Service Co., Ltd. Yi letter.
The main drafters of this standard. Novelty Retrieval Liyan Zhao Wei a just, Xu Hu, Long Yihong, Liu Xu, Xu Lei, Zhao Branch, Zhang Haisong, Guo Hongjie.
Introduction
This standard is to implement the "People's Republic of China Electronic Signature Law" (hereinafter referred to as "Electronic Signature Act"), standardized electronic authentication service
Operation and management mechanism developed.
This standard covers the main aspects of electronic authentication service operations management, the provision of public certification services of electronic certification service providers should
To carry out relevant work in accordance with the provisions of the standard. This standard covers many, but only focus on every aspect of critical, essential elements of Regulation
Given, in particular to ensure that technically, there is great flexibility on programs and policies on electronic certification service providers implementing this standard. For example, for
Security authentication system, this standard only requires that security techniques and tools need to adopt and the key points to be considered for implementation skills
Surgery did not make provision.
Information Security Technology
Electronic authentication service operations management norms
1 Scope
This standard specifies the electronic authentication service running operations, authentication systems, physical environment and facilities security, organization and personnel tube
Management, documents, records, and media management, business continuity, auditing and improvement in many aspects and other requirements to be followed.
This standard applies to provide digital certificate services in an open network environment, construction, management and evaluation of electronic certification services agency.
For in a closed environment (such as a specific group or industry) electronic authentication service run according to their own security risk assessment
Assessment and state laws and regulations relating to selective reference to this standard. Evaluation of relevant national institutions, regulators may be present standard
As a basis for evaluation and monitoring.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein
Member. For undated references, the latest edition (including any amendments) applies to this document.
GB/T 2887 computer sites generic specification
GB/T 9361 computer site security requirements
GB/T 25056-2010 Information technology security certificate authentication system password security and related technical specifications
GB/T 26855-2011 Information Technology Security Public Key Infrastructure Certificate Policy Statement and Assurance Framework
GB 50045 Code for fire protection design of tall buildings
GB 50057 Lightning in design
GB 50174 electronic information system room design specifications
GB 50343 building electronic information system lightning protection technical specifications
SJ/T 10796 anti-static floor general specification
3 Terms and Definitions
The following terms and definitions apply to this document.
3.1
Electronic authentication services certificateauthority
Responsible for creating, distributing, and offers validation certificate if necessary to confirm the identity of the user organization, is subject to the general authority trusted by the user,
The user can choose the agency to create a key. Usually referred to as electronic authentication services CA, also known as CA Center, CA mechanism,
Certification bodies, certificate authority and so on.
3.2
Electronic certification service electroniccertificationservice
Electronic authentication service is to provide authenticity, reliability verification of electronic signature-related activities of the parties.
3.3
Certificate Policy certificatepolicy
Named set of rules, noted that the certificate of specific groups with common security requirements and/or fitness applications.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 28447-2012_English be delivered?Answer: Upon your order, we will start to translate GB/T 28447-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 28447-2012_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 28447-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|