This standard specifies the assessment elements and requirements for the production and guarantee capabilities for commercial-cryptographic products.
It is applicable to the capability construction and check of the production, quality guarantee, security guarantee and service guarantee of the production units of commercial-cryptographic products.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/Z 4001 Cryptography terminology
Regulation on the administration of commercial cryptography
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001 and the following apply.
3.1
main technic personnel
personnel engaged in the design, implementation, inspection or testing and technical support of commercial-cryptographic products
3.2
crucial personnel
including the legal representative, actual controller, senior management personnel and technical director
3.3
crucial position
positions that play an important role in R&D, production and management, have a significant impact on the quality of results, and can even determine the success or failure of results
3.4
core cryptographic technology
technology used in commercial-cryptographic products to realize the core functions of cryptography
3.5
cryptographic firmware
components of programs and data in hardware within the cryptographic boundary that cannot be dynamically written or modified during execution, such as storage hardware, including but not limited to ROM, PROM, EEPROM and FLASH
