|
US$1259.00 · In stock
Delivery: <= 8 days. True-PDF full-copy in English will be manually translated and delivered via email.
GM/T 0028-2024: (Security requirements for cryptographic modules)
Status: Valid GM/T 0028: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GM/T 0028-2024 | English | 1259 |
Add to Cart
|
8 days [Need to translate]
|
(Security requirements for cryptographic modules)
| Valid |
GM/T 0028-2024
|
| GM/T 0028-2014 | English | 365 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Security requirements for cryptographic modules
| Valid |
GM/T 0028-2014
|
Basic data | Standard ID | GM/T 0028-2024 (GM/T0028-2024) | | Description (Translated English) | (Security requirements for cryptographic modules) | | Sector / Industry | Chinese Industry Standard (Recommended) | | Word Count Estimation | 57,544 | | Date of Issue | 2024-12-27 | | Date of Implementation | 2025-07-01 | | Issuing agency(ies) | State Administration of Cryptography | GM/T 0028-2014: Security requirements for cryptographic modules---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Security requirements for cryptographic modules
ICS 35.040
L80
Record number. 44629-2014
People's Republic of China Password Industry Standard
Password module security technical requirements
Released on.2014-02-13
2014-02-13 Implementation
Issued by the National Cryptography Administration
Table of contents
Preface Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Abbreviations 11
5 Password module security level 10
5.1 Overview 10
5.2 Security Level 11
5.3 Safety Level II 11
5.4 Security Level 3 11
5.5 Security Level 4 12
6 Functional safety goals 12
7 Safety requirements 13
7.1 General requirements 13
7.2 Cryptographic module specifications 14
7.3 Password module interface 16
7.4 Roles, services and identification 18
7.5 Software/Firmware Security 21
7.6 Operating environment 22
7.7 Physical security 25
7.8 Non-intrusive security 30
7.9 Management of sensitive security parameters 30
7.10 Self-test 33
7.11 Life Cycle Guarantee 36
7.12 Mitigation of other attacks 39
Appendix A (Normative Appendix) Document Requirements 40
A.1 Purpose 40
A.2 Clause 40
Appendix B (Normative Appendix) Cryptographic Module Security Policy 45
B.1 Purpose 45
B.2 Clause 45
Appendix C (Normative Appendix) Approved safety functions 49
C.1 Purpose 49
C.2 Clause 49
Appendix D (Normative Appendix) Approved methods for generating and establishing sensitive security parameters 51
D.1 Purpose 51
D.2 Clause 51
Appendix E (Normative Appendix) Approved authentication mechanism 52
E.1 Usage 52
E.2 Authentication mechanism 52
Appendix F (Normative Appendix) Non-invasive attacks and commonly used mitigation methods 53
F.1 Usage 53
F.2 Non-invasive attacks 53
Reference 54
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This standard uses the redrafting method to refer to ISO 19790.2012 "Security Requirements for Cryptographic Modules", which is consistent with ISO 19790.2012.
The degree of consistency is non-equivalent.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents.
This standard was proposed and managed by the Cryptographic Industry Standardization Technical Committee.
The main drafting units of this standard. Data and Communication Protection Research and Education Center of Chinese Academy of Sciences, Beijing Watch Intelligent Technology Co., Ltd.,
Beijing Digital Certification Co., Ltd., Zanjia Electronic Technology (Beijing) Co., Ltd., Feitian Chengxin Technology Co., Ltd., Beijing Haitaifang
Yuan Technology Co., Ltd., Beijing Huada Zhibao Electronic System Co., Ltd., Commercial Password Testing Center of the State Cryptography Administration, Shanghai Geer Software
Co., Ltd., Beijing Chuangyuan Tiandi Technology Co., Ltd.
The main drafters of this standard. Gao Neng, Jing Jiwu, Wang Jing, Tu Chenyang, Wang Xuelin, Chen Guo, Zhan Banghua, Zhang Jiachun, Zhu Pengfei, Jiang Hongyu,
Chen Yue, Luo Peng, Tan Wuzheng, Zhang Wantao, Liu Limin, Wang Yuewu, Xiang Ji, Wang Qiongxiao, Lin Jingqiang, Xia Luning.
Introduction
In information technology, the application requirements for passwords are increasing. For example, data needs to be protected by passwords to prevent unauthorized access. password
It can be used to support security services such as entity authentication and non-repudiation. The security and reliability of passwords directly depend on the passwords that implement them
Module.
This standard specifies four incremental and qualitative security requirements levels to meet the requirements of cryptographic modules in different applications and working environments.
begging. The security requirements specified in this standard cover security elements (domains) related to the security design, implementation, operation and abandonment of cryptographic modules. These ones
Domains include. cryptographic module specifications, cryptographic module interfaces, roles, authentication and services, software/firmware security, operating environment, physical security, non-intrusive
Type security, sensitive security parameter management, self-testing, life cycle guarantee, and mitigation of other attacks.
This standard puts forward security requirements for cryptographic modules, but does not regulate the correct application and security deployment of cryptographic modules. Cryptographic module
When applying or deploying a module, operators are responsible for ensuring that the security protection provided by the module is sufficient and accessible to the information owner
At the same time, any residual risks should be notified to the information owner. A cryptographic module with a suitable security level must be selected so that the module can meet
Application security requirements and adapt to the security status quo of the environment.
Password module security technical requirements
1 Scope
This standard specifies security requirements for cryptographic modules used in security systems used to protect sensitive information in computer and telecommunications systems.
begging. This standard defines 4 security levels for cryptographic modules to meet the different levels of security requirements for sensitive data and many application fields.
begging. For the 11 security domains of the cryptographic module, this standard gives the corresponding requirements for four security levels.
The level of safety is further improved.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GM /Z0001 Cryptographic terms
The documents listed in Appendix C, Appendix D and Appendix E of this standard.
3 Terms and definitions
The following terms and definitions defined in GM /Z0001 apply to this document.
3.1
Access control list
List of permissions allowed to access an object.
3.2
Administratorguidance
Written materials used by password supervisors and/or other management roles to properly configure, maintain and manage password modules.
3.3
Approvalauthority
Authorized agencies to approve and/or evaluate safety functions. The function of the approval agency is to evaluate and approve security functions, not to test cryptographic models.
Whether the block complies with this standard.
3.4
Approved data authentication technology approveddataauthenticationtechnique
Approved data authentication technology based on digital signature, message authentication code or hash with key (such as HMAC).
3.5
Approvedintegritytechnique
Approved, integrity technology based on hash, message authentication code or digital signature algorithm.
3.6
Approved mode of operation
A working mode of a cryptographic module, in which only approved security functions can be used. This term should not be used with cryptographic algorithm working mode
Confusion, such as CBC mode.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GM/T 0028-2024_English be delivered?Answer: Upon your order, we will start to translate GM/T 0028-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 5 ~ 8 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GM/T 0028-2024_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0028-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GM/T 0028-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GM/T 0028-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|