Standards

Published Standards

  1. [牵头/1st author]GM/T 0105-2021 “Design guide for software-based random number generators” 《软件随机数发生器设计指南》
  2. GB/T 37092-2018 “Information security technology—Security requirements for cryptographic modules” 《信息安全技术 密码模块安全要求》
  3. GB/T 39786-2021 “Information security technology—Baseline for information system cryptography application” 《信息安全技术 信息系统密码应用基本要求》
  4. GB/T 40018-2021 “Information security technology—Certificate request and application protocol based on multiple channels” 《信息安全技术 基于多信道的证书申请和应用协议》
  5. GM/T 0115-2021 “Testing and evaluation requirements for information system cryptography application” 《信息系统密码应用测评要求》
  6. GM/T 0116-2021  “Testing and evaluation process guide for information system cryptography application”  《信息系统密码应用测评过程指南》
  7. GM/T 0005-2021 “Randomness testing specifications”《随机性检测规范》
  8. GM/T 0103-2021 “General Framework of random number generators”《随机数发生器总体框架》
  9. GM/T 0084-2020 “Guideline for the mitigation of non-invasive attacks against cryptographic modules”《密码模块物理攻击缓解技术指南》
  10. GM/T 0083-2020 “Guideline for the mitigation of physical attacks against cryptographic modules”《密码模块非入侵式攻击缓解技术指南》
  11. GM/T 0078-2020 “The design guidelines for cryptographic random number generation module”《密码随机数生成模块设计指南》

Published Whitepapers

  1. “Guide for cryptography application and security evaluation of government information system” 《政务信息系统密码应用与安全性评估工作指南》
  2. “Quantitative evaluation rules for commercial cryptography application security evaluation” 《商用密码应用安全性评估量化评估规则》
  3. “High-risk determination guide for information system cryptography application” 《信息系统密码应用高风险判定指引》
  4. “Report template of commercial cryptography application security evaluation (2021 version)” 《商用密码应用安全性评估报告模板(2021版)》

  5. “FAQ of commercial cryptography application security evaluation” 商用密码应用安全性评估FAQ》

Developing Standards

  1. [牵头/1st author]“Competence requirements and accessment specification for evaluation organization of commercial cyrptography application security” 《商用密码应用安全性评估机构能力要求和评价规范》
  2. “Design guide for information system cryptography application” 《信息系统密码应用设计技术指南》
  3. “Implementation guide for information system cryptography application” 《信息系统密码应用实施指南》