GM/T 0038-2014 English PDF (GMT0038-2014)
GM/T 0038-2014 English PDF (GMT0038-2014)
Regular price
$160.00 USD
Regular price
Sale price
$160.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0038-2014
Historical versions: GM/T 0038-2014
Preview True-PDF (Reload/Scroll if blank)
GM/T 0038-2014: Key management of certificate authority system test specification
GM/T 0038-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 44643-2014
Key management of certificate
authority system test specification
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Test objects ... 6
5 Test outline .. 6
6 Test environment .. 6
7 Test content ... 6
7.1 Site .. 6
7.2 Network ... 7
7.3 Post and authority management ... 9
7.4 Security management .. 9
7.5 System initialization ... 9
7.6 System functions .. 10
7.7 System performance .. 11
7.8 Data backup and recovery ... 12
7.9 Third-party security products ... 12
7.10 Documents ... 13
8 Test method .. 13
8.1 Site ... 13
8.2 Network .. 13
8.3 Management of posts and authorization ... 14
8.4 Security management ... 15
8.5 System initialization ... 15
8.6 System functions .. 15
8.7 System performance .. 16
8.8 Data backup and recovery ... 16
8.9 Third-party security products ... 16
8.10 Documents ... 16
9 Qualification determination .. 16
9.1 Item qualification determination ... 16
9.2 Product qualification determination ... 17
Appendix A ... 18
A.1 Test objective ... 18
A.2 Physical areas and network structure of key management system .. 18
A.3 Hardware and software configuration of key management system .. 18
A.4 Module and function of key management system ... 18
A.5 Test content ... 18
Appendix B ... 23
Appendix C ... 24
C.1 Computer room layout of certificate authentication key management system
... 24
C.2 The equipment location plan in the computer room of certificate authentication
key management system ... 24
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Changchun Jida Zhengyuan
Information Technology Co., Ltd., Shanghai Gale Software Co., Ltd., National
Information Security Engineering Technology Research Center, Beijing Haitai
Fangyuan Science and Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Gao Li, Tian Jingqi, Jiang Yulin, Zhang
Baoxin, Li Weiping, Zhao Lili, Zhu Guoxin, Yuan Feng, Tan Wuzheng, an
Xiaojiang, Zhang Wantao, Wu Chenghua.
Key management of certificate
authority system test specification
1 Scope
This Standard specifies the test contents and methods of the key management of
certificate authorization system.
This Standard is applicable to providing electronic authentication service for electronic
signature. The certificate authentication key management system developed or built
according to GM/T 0034-2014 can also provide reference for the test of other certificate
authorization key management systems.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GM/T 0034-2014 Specifications of cryptograph and related security technology for
certification system based on SM2 cryptographic algorithm
3 Terms and definitions
The following terms and definitions apply to this document.
3.1 Certificate authentication system; CA
The system of full life cycle management of digital certificates, such as the issuance,
publication, updating and revocation of digital certificates.
3.2 Key management system; KM
A system to realize key management.
3.3 SM2 algorithm
An Elliptic Curve Public key cryptographic algorithm with a key length of 256 bits.
The main security strategies of intrusion detection configured to system are.
a) Deploy intrusion detection device on the switch of key service area to ensure
detection of all external packets;
b) The intrusion detection management console shall be directly connected with the
intrusion detection device to ensure its independent management and detection;
c) Set intrusion detection to high alert level of packets detection and analysis;
d) There shall be corresponding response strategies of security events detected by
the intrusion detection devices;
e) The feature repository for intrusion detection shall be updated in a timely manner.
Note. Intrusion detection devices can also be set up as intrusion prevention devices.
7.2.2.3 Vulnerability scanning
The main security strategies of vulnerability scanning configured for the system are.
a) Conduct vulnerability scanning for critical server equipment, network equipment
and network security devices regularly;
b) There shall be corresponding response strategies for security events detected by
vulnerability scanning;
c) The vulnerability repository shall be updated in a timely manner.
7.2.2.4 Virus control
The main security strategies for the virus control configured for the system are.
a) Deploy antivirus products to key servers and operations, management terminals;
b) There shall be corresponding response strategies for security events detected by
antivirus products;
c) The virus repository shall be updated in a timely manner.
7.2.2.5 Cryptographic machine
The cryptographic machine shall be connected to the server via an independent
physical port.
The cryptographic machine shall be the product approved by the national
cryptographic management department.
7.8 Data backup and recovery
There shall be data backup and recovery strategy to realize the data backup and
recovery of key management system.
This article applies to item test only.
7.9 Third-party security products
7.9.1 Firewall
The deployment location of the firewall shall conform to the requirements of 7.1.2.
The firewall configuration strategies shall meet the requirements of 7.2.2.1.
The firewall products shall be products that qualify the inspection and certification of
the relevant national institutions.
This article applies to item testing only.
7.9.2 Intrusion detection
The deployment location of the intrusion detection product shall comply with the
requirements of the 7.1.2.
The configuration strategy of intrusion detection product shall meet the requirements
of 7.2.2.2.
Intrusion detection products shall qualify the inspection and certification of the relevant
national institutions.
This article applies to item test only.
Note. This article also applies to intrusion prevention products.
7.9.3 Vulnerability scanning
The deployment location of the vulnerability scanning product shall comply with the
requirements of 7.1.2.
The configuration strategy of vulnerability scanning product shall meet the
requirements of 7.2.2.3.
The vulnerability scanning product shall qualify the inspection and certification of the
relevant national institutions.
This article applies to item test only.
7.9.4 Virus control
Count the keys in the standby, working and history repository, and the results shal...
Get QUOTATION in 1-minute: Click GM/T 0038-2014
Historical versions: GM/T 0038-2014
Preview True-PDF (Reload/Scroll if blank)
GM/T 0038-2014: Key management of certificate authority system test specification
GM/T 0038-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 44643-2014
Key management of certificate
authority system test specification
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Test objects ... 6
5 Test outline .. 6
6 Test environment .. 6
7 Test content ... 6
7.1 Site .. 6
7.2 Network ... 7
7.3 Post and authority management ... 9
7.4 Security management .. 9
7.5 System initialization ... 9
7.6 System functions .. 10
7.7 System performance .. 11
7.8 Data backup and recovery ... 12
7.9 Third-party security products ... 12
7.10 Documents ... 13
8 Test method .. 13
8.1 Site ... 13
8.2 Network .. 13
8.3 Management of posts and authorization ... 14
8.4 Security management ... 15
8.5 System initialization ... 15
8.6 System functions .. 15
8.7 System performance .. 16
8.8 Data backup and recovery ... 16
8.9 Third-party security products ... 16
8.10 Documents ... 16
9 Qualification determination .. 16
9.1 Item qualification determination ... 16
9.2 Product qualification determination ... 17
Appendix A ... 18
A.1 Test objective ... 18
A.2 Physical areas and network structure of key management system .. 18
A.3 Hardware and software configuration of key management system .. 18
A.4 Module and function of key management system ... 18
A.5 Test content ... 18
Appendix B ... 23
Appendix C ... 24
C.1 Computer room layout of certificate authentication key management system
... 24
C.2 The equipment location plan in the computer room of certificate authentication
key management system ... 24
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Changchun Jida Zhengyuan
Information Technology Co., Ltd., Shanghai Gale Software Co., Ltd., National
Information Security Engineering Technology Research Center, Beijing Haitai
Fangyuan Science and Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Gao Li, Tian Jingqi, Jiang Yulin, Zhang
Baoxin, Li Weiping, Zhao Lili, Zhu Guoxin, Yuan Feng, Tan Wuzheng, an
Xiaojiang, Zhang Wantao, Wu Chenghua.
Key management of certificate
authority system test specification
1 Scope
This Standard specifies the test contents and methods of the key management of
certificate authorization system.
This Standard is applicable to providing electronic authentication service for electronic
signature. The certificate authentication key management system developed or built
according to GM/T 0034-2014 can also provide reference for the test of other certificate
authorization key management systems.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GM/T 0034-2014 Specifications of cryptograph and related security technology for
certification system based on SM2 cryptographic algorithm
3 Terms and definitions
The following terms and definitions apply to this document.
3.1 Certificate authentication system; CA
The system of full life cycle management of digital certificates, such as the issuance,
publication, updating and revocation of digital certificates.
3.2 Key management system; KM
A system to realize key management.
3.3 SM2 algorithm
An Elliptic Curve Public key cryptographic algorithm with a key length of 256 bits.
The main security strategies of intrusion detection configured to system are.
a) Deploy intrusion detection device on the switch of key service area to ensure
detection of all external packets;
b) The intrusion detection management console shall be directly connected with the
intrusion detection device to ensure its independent management and detection;
c) Set intrusion detection to high alert level of packets detection and analysis;
d) There shall be corresponding response strategies of security events detected by
the intrusion detection devices;
e) The feature repository for intrusion detection shall be updated in a timely manner.
Note. Intrusion detection devices can also be set up as intrusion prevention devices.
7.2.2.3 Vulnerability scanning
The main security strategies of vulnerability scanning configured for the system are.
a) Conduct vulnerability scanning for critical server equipment, network equipment
and network security devices regularly;
b) There shall be corresponding response strategies for security events detected by
vulnerability scanning;
c) The vulnerability repository shall be updated in a timely manner.
7.2.2.4 Virus control
The main security strategies for the virus control configured for the system are.
a) Deploy antivirus products to key servers and operations, management terminals;
b) There shall be corresponding response strategies for security events detected by
antivirus products;
c) The virus repository shall be updated in a timely manner.
7.2.2.5 Cryptographic machine
The cryptographic machine shall be connected to the server via an independent
physical port.
The cryptographic machine shall be the product approved by the national
cryptographic management department.
7.8 Data backup and recovery
There shall be data backup and recovery strategy to realize the data backup and
recovery of key management system.
This article applies to item test only.
7.9 Third-party security products
7.9.1 Firewall
The deployment location of the firewall shall conform to the requirements of 7.1.2.
The firewall configuration strategies shall meet the requirements of 7.2.2.1.
The firewall products shall be products that qualify the inspection and certification of
the relevant national institutions.
This article applies to item testing only.
7.9.2 Intrusion detection
The deployment location of the intrusion detection product shall comply with the
requirements of the 7.1.2.
The configuration strategy of intrusion detection product shall meet the requirements
of 7.2.2.2.
Intrusion detection products shall qualify the inspection and certification of the relevant
national institutions.
This article applies to item test only.
Note. This article also applies to intrusion prevention products.
7.9.3 Vulnerability scanning
The deployment location of the vulnerability scanning product shall comply with the
requirements of 7.1.2.
The configuration strategy of vulnerability scanning product shall meet the
requirements of 7.2.2.3.
The vulnerability scanning product shall qualify the inspection and certification of the
relevant national institutions.
This article applies to item test only.
7.9.4 Virus control
Count the keys in the standby, working and history repository, and the results shal...