標(biāo)準(zhǔn)解讀

《GM/T 0132-2023 信息系統(tǒng)密碼應(yīng)用實施指南》是針對信息系統(tǒng)中密碼技術(shù)的應(yīng)用而制定的標(biāo)準(zhǔn)。該標(biāo)準(zhǔn)旨在指導(dǎo)組織或個人在信息系統(tǒng)的設(shè)計、開發(fā)、部署和維護過程中如何正確有效地使用密碼技術(shù),以確保信息的機密性、完整性以及可用性得到保護。

根據(jù)標(biāo)準(zhǔn)內(nèi)容,它首先明確了密碼技術(shù)在不同場景下的應(yīng)用原則與方法,包括但不限于身份認(rèn)證、數(shù)據(jù)加密、數(shù)字簽名等關(guān)鍵領(lǐng)域。同時,對于密碼產(chǎn)品的選擇與配置也提出了具體要求,強調(diào)了應(yīng)依據(jù)實際需求選用合適類型的密碼產(chǎn)品,并嚴(yán)格按照相關(guān)規(guī)范進行配置管理。

此外,《GM/T 0132-2023》還特別關(guān)注到了密碼安全管理方面的問題,指出需要建立健全的信息系統(tǒng)密碼安全管理制度,涵蓋密碼生命周期管理、密鑰管理等方面的內(nèi)容。通過這些措施來保證密碼技術(shù)能夠被合理有效地應(yīng)用于信息系統(tǒng)之中,從而達到提高整體信息安全水平的目的。


如需獲取更多詳盡信息,請直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標(biāo)準(zhǔn)文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2023-12-04 頒布
  • 2024-06-01 實施
?正版授權(quán)
GM/T 0132-2023信息系統(tǒng)密碼應(yīng)用實施指南_第1頁
GM/T 0132-2023信息系統(tǒng)密碼應(yīng)用實施指南_第2頁
GM/T 0132-2023信息系統(tǒng)密碼應(yīng)用實施指南_第3頁
GM/T 0132-2023信息系統(tǒng)密碼應(yīng)用實施指南_第4頁
GM/T 0132-2023信息系統(tǒng)密碼應(yīng)用實施指南_第5頁
免費預(yù)覽已結(jié)束,剩余27頁可下載查看

下載本文檔

GM/T 0132-2023信息系統(tǒng)密碼應(yīng)用實施指南-免費下載試讀頁

文檔簡介

ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標(biāo)準(zhǔn)

GM/T0132—2023

信息系統(tǒng)密碼應(yīng)用實施指南

Implementationguideforinformationsystemcryptographyapplication

2023?12?04發(fā)布2024?06?01實施

國家密碼管理局發(fā)布

GM/T0132—2023

目次

前言··························································································································Ⅲ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術(shù)語和定義··············································································································1

4信息系統(tǒng)密碼應(yīng)用實施概述·························································································1

4.1角色和職責(zé)········································································································1

4.2基本流程···········································································································2

5信息系統(tǒng)密碼應(yīng)用規(guī)劃·······························································································2

5.1規(guī)劃階段的工作流程····························································································2

5.2密碼應(yīng)用需求分析·······························································································3

5.2.1信息系統(tǒng)現(xiàn)狀分析··························································································3

5.2.2密碼應(yīng)用安全風(fēng)險分析····················································································4

5.2.3密碼應(yīng)用基本需求的確定·················································································4

5.2.4密碼應(yīng)用特殊需求的確定·················································································4

5.2.5需求分析結(jié)果文檔化·······················································································5

5.3密碼應(yīng)用方案設(shè)計·······························································································5

5.3.1總體策略設(shè)計································································································5

5.3.2密碼應(yīng)用技術(shù)方案設(shè)計····················································································5

5.3.3密碼應(yīng)用安全管理方案設(shè)計··············································································6

5.3.4合規(guī)性自查···································································································6

5.3.5實施保障方案設(shè)計··························································································6

5.3.6設(shè)計結(jié)果文檔化·····························································································7

5.4方案密評···········································································································7

6信息系統(tǒng)密碼應(yīng)用建設(shè)·······························································································8

6.1建設(shè)階段的工作流程····························································································8

6.2密碼建設(shè)方案設(shè)計·······························································································8

6.2.1密碼應(yīng)用技術(shù)措施實現(xiàn)內(nèi)容的設(shè)計·····································································8

6.2.2密碼應(yīng)用安全管理措施實現(xiàn)內(nèi)容的設(shè)計·······························································9

6.2.3設(shè)計結(jié)果文檔化·····························································································9

6.3密碼應(yīng)用技術(shù)措施的實現(xiàn)······················································································9

6.3.1密碼產(chǎn)品與密碼服務(wù)采購·················································································9

6.3.2密碼應(yīng)用集成······························································································10

GM/T0132—2023

6.4密碼應(yīng)用安全管理措施的實現(xiàn)···············································································10

6.4.1密碼應(yīng)用配套安全管理制度的制定···································································10

6.4.2密碼管理崗位和人員的設(shè)置············································································10

6.4.3建設(shè)過程管理······························································································11

6.5系統(tǒng)密評··········································································································11

7信息系統(tǒng)密碼應(yīng)用運行·····························································································12

7.1運行階段的工作流程···························································································12

7.2運行管理和控制·································································································13

7.2.1運行管理過程控制························································································13

7.2.2運行管理人員控制························································································13

7.3變更管理和控制·································································································13

7.3.1變更需求和影響分析·····················································································13

7.3.2變更過程控制······························································································14

7.4密碼應(yīng)用安全狀態(tài)監(jiān)控························································································14

7.4.1監(jiān)控對象確定······························································································14

7.4.2監(jiān)控對象狀態(tài)信息收集··················································································14

7.4.3監(jiān)控狀態(tài)分析和報告·····················································································15

7.5安全自查和持續(xù)改進···························································································15

7.5.1密碼應(yīng)用安全狀態(tài)自查··················································································15

7.5.2密碼應(yīng)用整改······························································································16

7.6系統(tǒng)密評··········································································································16

7.7應(yīng)急響應(yīng)與保障·································································································17

7.7.1應(yīng)急準(zhǔn)備····································································································17

7.7.2應(yīng)急監(jiān)測與響應(yīng)···························································································17

7.7.3后期評估與改進···························································································18

7.7.4應(yīng)急保障····································································································18

8信息系統(tǒng)密碼應(yīng)用終止·····························································································18

8.1終止階段工作流程······························································································18

8.2密碼應(yīng)用信息轉(zhuǎn)移、暫存和清除·············································································19

8.3密碼應(yīng)用設(shè)備遷移或廢棄·····················································································19

8.4密碼應(yīng)用存儲介質(zhì)的清除或銷毀············································································20

附錄A(規(guī)范性)主要過程及其活動和輸入輸出································································21

參考文獻····················································································································24

GM/T0132—2023

前言

本文件按照GB/T1.1—2020《標(biāo)準(zhǔn)化工作導(dǎo)則第1部分:標(biāo)準(zhǔn)化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機構(gòu)不承擔(dān)識別專利的責(zé)任。

本文件由密碼行業(yè)標(biāo)準(zhǔn)化技術(shù)委員會提出并歸口。

本文件起草單位:興唐通信科技有限公司、國家密碼管理局商用密碼檢測中心、中國科學(xué)院信息工

程研究所、中國科學(xué)院數(shù)據(jù)與通信保護研究教育中心、北京信安世紀(jì)科技有限公司、北京數(shù)盾信息科技

有限公司、三未信安科技股份有限公司、阿里云計算有限公司、中電科網(wǎng)絡(luò)安全科技股份有限公司、

公安部第三研究所、螞蟻科技集團股份有限公司、鼎鉉商用密碼測評技術(shù)(深圳)有限公司、北京天融信

網(wǎng)絡(luò)安全技術(shù)有限公司、中金金融認(rèn)證中心有限公司、阿里巴巴(中國)網(wǎng)絡(luò)技術(shù)有限公司、上海市數(shù)字

證書認(rèn)證中心有限公司、中互金認(rèn)證有限公司、國家信息技術(shù)安全研究中心、深圳市騰訊計算機系統(tǒng)有

限公司、中國電子科技集團公司第十五研究所、中國國家鐵路集團有限公司、暨南大學(xué)、啟明星辰信息

安全技術(shù)有限公司。

本文件主要起草人:王彥力、劉尚焱、許長偉、王兵、馬原、鄭昉昱、肖秋林、吳星宇、賈世杰、田愛軍、

孫麗偉、姚長遠(yuǎn)、胡偉、何濟塵、梅秋麗、汪宗斌、秦體紅、吳冬宇、劉健、張立花、楊辰、陳天宇、呂娜、

袁靜、樂宏彥、陳蕭宇、許濤、張大江、周君平、張宇翔、宋錚、陳磊、萬志宇、馬春旺、朱紅儒、譚武征、

李增局、姬生利、楊龍、田濤、于航、高志權(quán)、鹿淑煜、吳波、華珊、李升、方海峰、肖飛、安高峰、賀磊、

司華峰、彭晉、黃天寧、李冰、謝燦、蔣增增、蘇繼海、孫欣、劉志剛、史汝輝、朱凌。

GM/T0132—2023

信息系統(tǒng)密碼應(yīng)用實施指南

1范圍

本文件給

溫馨提示

  • 1. 本站所提供的標(biāo)準(zhǔn)文本僅供個人學(xué)習(xí)、研究之用,未經(jīng)授權(quán),嚴(yán)禁復(fù)制、發(fā)行、匯編、翻譯或網(wǎng)絡(luò)傳播等,侵權(quán)必究。
  • 2. 本站所提供的標(biāo)準(zhǔn)均為PDF格式電子版文本(可閱讀打?。驍?shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務(wù)。
  • 3. 標(biāo)準(zhǔn)文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。

評論

0/150

提交評論