Relevant Standards and Regulations of Electronic Certification Service Institutions (reference)
I. Main Technical Standards of the certification system
Cryptographic algorithms and standards: |
Encryption: Ssf33 cryptographic algorithm |
Digital signature: RSA digital signature, compliant with PKCS #1 V2.0 |
Hash function: Sha-1, compliant with FIPS pub 180-1 and ANSI x9.30 (Part 2) |
Key management: RSA key transmission, which complies with the Internet RFC 1421 and 1423 (PEM) and PKCS #1 V2.0 |
Data format and protocol: RSA algorithm identifier and Public Key format, in line with PEM and PKCS #1 V2.0 |
Certificate and certificate logout form: 3rd certificate and certificate extensions, compliant with ITU-TREC. X.509 (1997) and public standard ISO/IEC 9594-8 (1997) Certificate Cancellation Form and certificate Cancellation Form extension, in line with IETF pkix-1 Profile Table Technical Specifications |
File package format: Standard file Encapsulation Format based on internet RFC 1421 (PEM) Secure File packaging technology, compliant with PKCS #7 and S/MIME |
Secure session format: Use a simple public key mechanism (SPKM) to comply with Internet RFC 2025; SPKM entity verification, compliant with FIPS 196 |
Directory Protocol: Lightweight Directory Access Protocol (LDAP), in line with RFC 1777 |
PKIOperation protocol: Pkix-2 |
Ii. Authentication system passwords and related security technical specifications
Office of the National cryptography Administration Committee of the certificate authentication system and related security technical specifications (Trial)
Iii. Physical Environment Construction Standards
(1) construction standards and specifications
GB 50174-93 electronic computer room design specification
GB 2887-89 technical conditions for computing site
GB 9361-88 computing site security requirements
GB 6650-1986 technical conditions for movable floor for Computer Room
GB 50034-1992 lighting design standard for Industrial Enterprises
GB 5054-95 specification for Design of Low-Voltage Distribution devices and lines
GBJ 19-87 design specifications for Heating, Ventilation and Air Adjustment
GB 157 Architectural Lightning Protection Design Specification
GBJ 79-85 telecommunication Grounding Design Specification for Industrial Enterprises
(2) acceptance criteria and specifications
GBJ 232-83 electrical device installation engineering and acceptance specifications
GB 50045-95 fire prevention Code for Design of High-Rise Civil Buildings
GBJ 16-87 fire prevention code for Architectural Design
GB 50222-95 fire prevention code for interior decoration design of buildings
GBJ 116-88 automatic fire alarm system design specifications
GB 50263-97 gas extinguishing system construction and acceptance Specification
(3) standards and specifications for inspection
GB 8702-88 electromagnetic radiation protection rules
GB-12190 Method for Measuring shielding performance of high performance Shielding Room
Gjbz 20219-94 General Technical Requirements and detection methods for Military Electromagnetic Shielding Room level C
BMB 3-1999 technical requirements and testing methods for Electromagnetic Shielding rooms for processing confidential information
Iv. Certification System security certification standards (for reference, not required for the moment ))
GB/T 18336-2001 Information Technology Security Technology Information Technology Security Assessment Guidelines
ISO/IEC 17799-2000 implementation rules on information technology information security management