標(biāo)準(zhǔn)解讀

《GM/T 0026-2023 安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范》與《GM/T 0026-2014 安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范》相比,在多個(gè)方面進(jìn)行了更新和補(bǔ)充,旨在適應(yīng)網(wǎng)絡(luò)安全技術(shù)的發(fā)展趨勢(shì)以及滿足更加嚴(yán)格的安全需求。主要變化包括但不限于以下幾個(gè)方面:

一、標(biāo)準(zhǔn)范圍:新版本明確了安全認(rèn)證網(wǎng)關(guān)產(chǎn)品的定義,并擴(kuò)大了適用范圍,不僅限于傳統(tǒng)的網(wǎng)絡(luò)環(huán)境,還涵蓋了云計(jì)算等新型計(jì)算模式下的應(yīng)用場(chǎng)景。

二、功能要求:在原有基礎(chǔ)上增加了對(duì)多因素認(rèn)證的支持能力要求,強(qiáng)調(diào)了生物特征識(shí)別技術(shù)的應(yīng)用;同時(shí)加強(qiáng)了對(duì)于用戶隱私保護(hù)的相關(guān)規(guī)定,比如個(gè)人信息收集最小化原則等。

三、性能指標(biāo):提高了處理速度、并發(fā)連接數(shù)等方面的技術(shù)參數(shù)門檻,以應(yīng)對(duì)日益增長(zhǎng)的數(shù)據(jù)流量及復(fù)雜度挑戰(zhàn)。

四、安全性要求:強(qiáng)化了數(shù)據(jù)加密算法的選擇與使用指南,推薦采用更先進(jìn)的密碼學(xué)方法來保障通信過程中的信息安全;此外,還新增了針對(duì)已知漏洞的防御措施說明,幫助企業(yè)更好地防范潛在威脅。

五、測(cè)試方法:修訂后的文檔提供了更為詳盡的產(chǎn)品檢測(cè)流程指導(dǎo),確保每項(xiàng)功能都能按照統(tǒng)一的標(biāo)準(zhǔn)進(jìn)行驗(yàn)證,從而保證產(chǎn)品質(zhì)量的一致性。

六、附錄部分:增加了示例配置文件等內(nèi)容,為開發(fā)者提供參考依據(jù),便于快速理解和實(shí)現(xiàn)相關(guān)功能。

這些調(diào)整反映了行業(yè)對(duì)于更高水平安全保障的需求變化,同時(shí)也體現(xiàn)了國(guó)家對(duì)于推動(dòng)信息技術(shù)自主創(chuàng)新發(fā)展的重視態(tài)度。


如需獲取更多詳盡信息,請(qǐng)直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標(biāo)準(zhǔn)文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2023-12-04 頒布
  • 2024-06-01 實(shí)施
?正版授權(quán)
GM/T 0026-2023安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范_第1頁
GM/T 0026-2023安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范_第2頁
GM/T 0026-2023安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范_第3頁
GM/T 0026-2023安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范_第4頁
GM/T 0026-2023安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范_第5頁
免費(fèi)預(yù)覽已結(jié)束,剩余19頁可下載查看

下載本文檔

GM/T 0026-2023安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范-免費(fèi)下載試讀頁

文檔簡(jiǎn)介

ICS35.030

CCSL80

中華人民共和國(guó)密碼行業(yè)標(biāo)準(zhǔn)

GM/T0026—2023

代替GM/T0026—2014

安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范

Securityauthenticationgatewayproductspecification

2023?12?04發(fā)布2024?06?01實(shí)施

國(guó)家密碼管理局發(fā)布

GM/T0026—2023

目次

前言·······················································································································…Ⅲ

1范圍····················································································································…1

2規(guī)范性引用文件·····································································································…1

3術(shù)語和定義···········································································································…1

4縮略語·················································································································…1

5部署模式··············································································································…2

6密碼算法和密鑰種類·······························································································…2

6.1算法要求···········································································································2

6.2密鑰種類···········································································································2

7安全認(rèn)證網(wǎng)關(guān)產(chǎn)品要求····························································································…2

7.1產(chǎn)品功能要求·····································································································2

7.2產(chǎn)品性能參數(shù)要求·······························································································5

7.3產(chǎn)品安全性要求··································································································5

7.4產(chǎn)品管理要求·····································································································6

7.5產(chǎn)品硬件要求·····································································································8

7.6產(chǎn)品過程保護(hù)·····································································································8

8安全認(rèn)證網(wǎng)關(guān)產(chǎn)品檢測(cè)要求······················································································…8

8.1檢測(cè)說明···········································································································8

8.2外觀和結(jié)構(gòu)的檢查·······························································································8

8.3提交文檔的檢查··································································································9

8.4產(chǎn)品功能檢測(cè)·····································································································9

8.5產(chǎn)品性能檢測(cè)····································································································10

8.6安全管理檢測(cè)····································································································11

8.7硬件檢測(cè)··········································································································12

9判定規(guī)則············································································································…13

GM/T0026—2023

前言

本文件按照GB/T1.1—2020《標(biāo)準(zhǔn)化工作導(dǎo)則第1部分:標(biāo)準(zhǔn)化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

本文件代替GM/T0026—2014《安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范》,與GM/T0026—2014相比,除結(jié)構(gòu)調(diào)

整和編輯性改動(dòng)外,主要技術(shù)變化如下:

a)增加了GB/T25069(見第3章)、GB/T36624(見6.1)、GM/T0028(見7.3.2.2,7.3.2.3和

7.3.2.4)、GM/T0062(見7.4.2.3.3和8.4.7)、GM/T0068(見7.1.5)、GM/T0069(見7.1.5)和

GM/Z4001(見第3章),刪除了GM/T0014(見2014年版的第2章),更改了GB/T9813為

GB/T9813.3(見7.5.4);

b)刪除了術(shù)語“密碼算法”(見2014年版的3.1)、“帶密鑰的雜湊算法”(見2014年版的3.2)、

“非對(duì)稱密碼算法/公鑰密碼算法”(見2014年版的3.3)、“對(duì)稱密碼算法”(見2014年版的

3.4)、“分組密碼算法”(見2014年版的3.5)、“密文分組鏈接工作模式”(見2014年版的3.6)、

“初始化向量/值”(見2014年版的3.7)、“數(shù)據(jù)源鑒別”(見2014年版的3.8)、“數(shù)字證書”(見

2014年版的3.9)、“SSL協(xié)議”(見2014年版的3.10)、“認(rèn)證頭”(見2014年版的3.11)、“封

裝安裝載荷”(見2014年版的3.12)、“虛擬專用網(wǎng)絡(luò)”(見2014年版的3.13)、“安全報(bào)文”(見

2014年版的3.14)、“SM1算法”(見2014年版的3.15)、“SM2算法”(見2014年版的3.16)、

“SM3算法”(見2014年版的3.17)、“SM4算法”(見2014年版的3.18)和“安全認(rèn)證網(wǎng)關(guān)”(見

2014年版的3.19);

c)增加了縮略語“GCM”“TLCP”(見第4章),刪除了“IV”(見2014年版的第4章);

d)刪除了安全認(rèn)證網(wǎng)關(guān)部署模式中“物理”兩字(見2014年版的第5章);

e)增加了GCM模式(見6.1);

f)更改了“密鑰種類”的描述(見6.2,見2014年版的6.2);

g)更改了隨機(jī)數(shù)生成相關(guān)的功能要求(見7.1.7,2014年版的7.1.7);

h)增加了采用的密碼協(xié)議(見7.1.5);

i)增加了密鑰交換的描述(見7.1.9);

j)更改了密鑰更新部分的描述(見7.1.11,2014年版的7.1.11);

k)更改了NAT穿越的功能描述(見7.1.12,2014年版的7.1.12);

l)增加了包過濾功能(見7.1.14);

m)更改了產(chǎn)品性能參數(shù)的描述(見7.2.1和7.2.2,2014年版的7.2.1和7.2.2);

n)更改了密鑰安全的描述(見7.3.1,2014年版的7.3.1);

o)增加了敏感參數(shù)配置安全(見7.3.2.2);

p)增加了應(yīng)符合GM/T0028對(duì)硬件模塊物理安全的規(guī)定(見7.3.2.2);

q)增加了產(chǎn)品的軟件或固件應(yīng)符合GM/T0028對(duì)軟件/固件安全的規(guī)定和對(duì)軟件升級(jí)安全要

求進(jìn)行了規(guī)定(見7.3.2.3);

r)更改了7.4.1的標(biāo)題名稱(見2014年版的7.4.1,2014年版的7.4.1);

s)更改了合規(guī)性驗(yàn)證和遠(yuǎn)程參數(shù)配置,對(duì)相關(guān)內(nèi)容進(jìn)行簡(jiǎn)化。[見7.4.1a)和b),2014年版的

7.4.1a)和b)];

t)更改了“加密部件”的描述(見7.5.2,2014年版的7.5.2);

u)更改了隨機(jī)數(shù)發(fā)生器直接引用GM/T0062E類產(chǎn)品檢測(cè)(見7.5.2和8.4.7,2014年版的

GM/T0026—2023

7.5.3和8.1.7);

v)增加了檢測(cè)說明,外觀和結(jié)構(gòu)的檢查和提交文檔的檢查(見8.1,8.2和8.3);

w)增加了產(chǎn)品功能檢測(cè)中每個(gè)功能的檢測(cè)方法(見8.4);

x)更改了產(chǎn)品性能檢測(cè)的描述(見8.5,2014年版的8.2);

y)增加了敏感參數(shù)配置安全的檢測(cè)描述(見8.6.1.3);

z)增加了管理安全的檢測(cè)方法的描述(見8.6.1.7);

aa)增加了遠(yuǎn)程管理的檢測(cè)方法的描述(見8.6.2.4)。

請(qǐng)注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機(jī)構(gòu)不承擔(dān)識(shí)別專利的責(zé)任。

本文件由密碼行業(yè)標(biāo)準(zhǔn)化技術(shù)委員會(huì)提出并歸口。

本文件起草單位:格爾軟件股份有限公司、無錫江南信息安全工程技術(shù)中心、上海數(shù)字證書認(rèn)證中

心有限公司、北京信安世紀(jì)科技股份有限公司、中電信量子信息科技集團(tuán)有限公司、飛天誠(chéng)信股份有限

公司、北京國(guó)脈信安科技有限公司、山東得安信息技術(shù)有限公司、山東漁翁信息技術(shù)股份有限公司、廣

東省電子商務(wù)認(rèn)證有限公司、天融信科技集團(tuán)股份有限公司、上海智巡密碼檢測(cè)技術(shù)有限公司、山東

大學(xué)。

本文件主要起草人:鄭強(qiáng)、譚武征、徐強(qiáng)、劉承、汪宗斌、羅俊、朱鵬飛、梁寧寧、藥樂、胡金山、王鵬、

安高峰、韓瑋、孔凡玉、邱媛、韓琳、董明富。

本文件所代替文件的歷次版本發(fā)布情況為:

——2014年首次發(fā)布版為GM/T0026—2014;

——本次為第一次修訂。

GM/T0026—2023

安全認(rèn)證網(wǎng)關(guān)產(chǎn)品規(guī)范

1范圍

本文件規(guī)定了安全認(rèn)證網(wǎng)關(guān)的密碼算法和密鑰種類、產(chǎn)品的要求、產(chǎn)品的檢測(cè)及合格判定。

本文件用于安全認(rèn)證網(wǎng)關(guān)產(chǎn)品的研制、檢測(cè)、使用和管理。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中,注日期的引用文

件,僅該日期對(duì)應(yīng)的版本適用于本文件;不注日期的引用文件,其最新版本(包括所有的修改單)適用于

本文件。

GB/T9813.3計(jì)算機(jī)通用規(guī)范第3部分:服務(wù)器

GB/T15153

溫馨提示

  • 1. 本站所提供的標(biāo)準(zhǔn)文本僅供個(gè)人學(xué)習(xí)、研究之用,未經(jīng)授權(quán),嚴(yán)禁復(fù)制、發(fā)行、匯編、翻譯或網(wǎng)絡(luò)傳播等,侵權(quán)必究。
  • 2. 本站所提供的標(biāo)準(zhǔn)均為PDF格式電子版文本(可閱讀打?。?,因數(shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務(wù)。
  • 3. 標(biāo)準(zhǔn)文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。

評(píng)論

0/150

提交評(píng)論