This standard specifies the method, procedure, report and description of key points for implementation of production and guarantee capability evaluation for commercial cryptographic products.
It is applicable to guiding the capacity construction of production, quality guarantee, security guarantee and service guarantee of the production unit.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/T 0008-2012 Cryptography test criteria for security IC
GM/T 0028-2014 Security requirements for cryptographic modules
GM/T 0065-2019 Specification for capability construction of production and guarantee for commercial-cryptographic products
GM/Z 4001 Cryptology terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001 and GM/T 0065-2019 and the following apply.
3.1
formal examination
examination on the formal compliance, integrity and effectiveness of the application materials submitted by the production unit
3.2
substantive examination
examination on whether (1) the production unit has the subject qualification; (2) the matters applied are true; (3) the documents and certificates submitted are true, valid, complete, compliant; (4) the provisions of national laws and regulations are observed, on the basis of formal examination. It includes written examination and on-site review
