Skip to product information
1 of 8

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0065-2019 English PDF (GMT0065-2019)

GM/T 0065-2019 English PDF (GMT0065-2019)

Regular price $135.00 USD
Regular price Sale price $135.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0065-2019
Historical versions: GM/T 0065-2019
Preview True-PDF (Reload/Scroll if blank)

GM/T 0065-2019: Specification for capability construction of production and guarantee for commercial-cryptographic products
GM/T 0065-2019
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Specification for Capability Construction of
Production and Guarantee for Commercial-
Cryptographic Products
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative References ... 6
3 Terms and Definitions ... 6
4 Evaluation Elements ... 7
4.1 Basic items ... 7
4.2 Declaration items ... 7
4.3 Evaluation items ... 7
5 Requirements for Basic Items ... 9
5.1 Legal person qualification ... 9
5.2 Main technical personnel ... 9
5.3 R and D of products ... 9
5.4 Industry management compliance ... 9
6 Requirements for Declaration Items ... 9
6.1 Crucial personnel information ... 9
6.2 Organization nature ... 10
6.3 Data management ... 10
7 Requirements for Evaluation Item ... 10
7.1 Production capacity ... 10
7.1.1 Technical force ... 10
7.1.2 Production management ... 11
7.1.3 Production conditions ... 12
7.1.4 Production process and flow ... 12
7.2 Quality assurance capability ... 13
7.2.1 System guarantee ... 13
7.2.2 Quality management in development process ... 13
7.2.3 Quality problem management ... 13
7.2.4 Measures for continuously improving product quality ... 13
7.3 Security guarantee capability ... 14
7.3.1 Organization guarantee ... 14
7.3.2 Security management ... 14
7.4 Service guarantee capability... 17
7.4.1 System guarantee ... 17
7.4.2 Emergency response capability ... 17
7.4.3 Service response mode ... 17
Specification for Capability Construction of
Production and Guarantee for Commercial-
Cryptographic Products
1 Scope
This Standard specifies the evaluation elements and evaluation requirements for the
production and guarantee capabilities of commercial cryptographic products.
This Standard is applicable to the capability building and verification of the production
organizations of the commercial cryptographic products for the production capacity,
quality assurance ability, security guarantee ability and service guarantee ability.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GM/Z 4001 Cryptography Terminology
Regulation on the Administration of Commercial Cipher Codes
3 Terms and Definitions
For the purpose of this document, the terms and definitions given in GM/Z 4001 and
the following apply.
3.1 Main technical personnel
Personnel engaged in the design, implementation, inspection or testing and technical
support of commercial cryptographic products.
3.2 Crucial personnel
Including legal representatives, actual controllers, senior management personnel, and
technical leaders.
6.2 Organization nature
Information on the nature of the organization should be declared; clearly define the
composition of registered capital and the scale of registered capital.
6.3 Data management
It shall declare the locations for the R and D, production and guarantee data center of the
commercial cryptographic products; and explain the approval process of data transfer
for the R and D, production, and guarantee of commercial cryptographic products, and
whether the data transfer passes overseas.
7 Requirements for Evaluation Item
7.1 Production capacity
7.1.1 Technical force
7.1.1.1 Human resources
There shall be key positions in the fields of R and D, production, and management; and
set the requirements for the capabilities of those who hold the positions.
7.1.1.2 Main technical team
a) It shall have a technical team that can support the R and D of cryptographic products;
b) It shall have a person in charge of the technology; and the person in charge of
the technology should master the key cryptographic technology of the
cryptographic product.
7.1.1.3 Technology accumulation and advantage
a) Cryptographic products shall conform to the research direction of the production
organization;
b) In the past 5 years, the scientific research activities similar to the projects of
cryptographic products have been carried out and obtained scientific research
results. There were professional technical research results in related fields of
cryptographic products and the results have been practically applied;
c) The professional and technical level of the production organization can meet the
demand for cryptographic products or reach the advanced domestic level.
7.1.1.4 Technical innovation
b) Supervising measures shall be taken for the supply links of the supplier and
processing links of the sub-contracting organization; put forward quality standard
requirements for the suppliers and sub-contracting processing products; and
conduct the monitoring, measuring, and accepting of the supplier and the
production quality of sub-contracting organization;
c) The production organization shall sign a quality assurance agreement with the
supplier and conduct regular quality reviews; and have clear management
regulations for outsourced personnel, processes and outsourced work.
7.1.3 Production conditions
7.1.3.1 Production site
It shall have the right to use the land and houses of production sites; and the production
facilities and storage sites shall meet the needs that are compatible with the production
capacity of the product.
7.1.3.2 Production equipment
It shall have production equipment and testing equipment that meet production
requirements.
7,1.3.3 Production sub-contracting
Proof that the production sub-contracting organization meets the requirements of
7.1.3.1 and 7.1.3.2 shall be provided.
7.1.4 Production process and flow
7.1.4.1 Production technology management
It shall have complete production technical documents and management specifications.
7.1.4.2 Mass production and test capability
It shall have mass production and test capability; have the automated production lines
and corresponding product test mechanisms; have the prescribed inspection, test and
measurement equipment; and be compatible with the scale of production.
7.1.4.3 Production sub-contracting
Proof that the production sub-contracting organization meets the requirements of
7.1.4.1, 7.1.4.2 shall be provided.
improvement plan shall be formulated accordingly;
c) Customer quality surveys shall be conducted.
7.3 Security guarantee capability
7.3.1 Organization guarantee
7.3.1.1 Leadership commitment
The importance of safety shall be clarified; establish the organization-wide safety
objectives; and senior management shall commit to ensuring safety R and D and
production.
7.3.1.2 Establish organization mechanism
a) Special persons or departments (organizations) shall be responsible for security;
b) The audit and review of the organization's internal safety management system
shall be carried out regularly to ensure the suitability and effectiveness of the
safety management system;
c) A mechanism shall be established to prevent and deal with security incidents.
7.3.1.3 Human resources security
a) A formal labor contract shall be signed with employees and safety training shall
be provided;
b) It shall sign confidentiality contracts with em...
View full details