标准解读
《gm/t 0023-2023 IPSec VPN 网关产品规范》相对于《gm/t 0023-2014 IPSec VPN网关产品规范》,在多个方面进行了更新和调整,以适应技术发展和安全需求的变化。首先,在密码算法方面,新版标准增加了对更多国产密码算法的支持,比如SM2、SM3、SM4等,同时对于旧版中使用的国际通用密码算法的使用条件进行了限制或调整,这反映了国家对信息安全自主可控的要求日益增强。
其次,在功能要求上,《gm/t 0023-2023》细化了IPSec VPN网关产品的安全特性描述,包括但不限于身份认证机制、访问控制策略、密钥管理流程等方面的规定更加严格和完善,旨在提高整体系统的安全性与可靠性。此外,新版本还加强了对用户数据隐私保护的要求,规定了更详细的数据加密传输规则以及敏感信息处理指导原则。
再者,针对性能指标,《gm/t 0023-2023》提出了更高的要求,不仅涵盖了吞吐量、延迟时间等基本性能参数,还新增了一些关于系统稳定性和可用性的评价标准,如故障恢复时间、连续工作能力等,以此来确保IPSec VPN网关能够在各种复杂环境下提供高效稳定的服务。
如需获取更多详尽信息,请直接参考下方经官方授权发布的权威标准文档。
....
查看全部
- 现行
- 正在执行有效
- 2023-12-04 颁布
- 2024-06-01 实施
文档简介
ICS35.030
CCSL80
中华人民共和国密码行业标准
GM/T0023—2023
代替GM/T0023—2014
IPSecVPN网关产品规范
IPSecVPNgatewayproductspecification
2023⁃12⁃04发布2024⁃06⁃01实施
国家密码管理局发布
GM/T0023—2023
目次
前言··························································································································Ⅲ
1范围·······················································································································1
2规范性引用文件········································································································1
3术语和定义··············································································································1
4缩略语····················································································································1
5功能要求·················································································································2
5.1随机数生成········································································································2
5.2工作模式···········································································································2
5.3密钥交换···········································································································2
5.4安全报文封装·····································································································2
5.5NAT穿越··········································································································2
5.6鉴别方式···········································································································2
5.7IP协议版本支持··································································································2
5.8抗重放攻击········································································································2
5.9密钥更新···········································································································2
5.10包过滤·············································································································3
5.11热备份·············································································································3
5.12负载均衡··········································································································3
5.13对端探测··········································································································3
5.14网络适应性·······································································································3
5.15集群部署··········································································································3
5.16动态地址··········································································································3
6性能要求·················································································································3
6.1加解密吞吐率·····································································································3
6.2加解密时延········································································································3
6.3加解密丢包率·····································································································4
6.4每秒新建隧道数··································································································4
6.5最大并发隧道数··································································································4
7安全性要求··············································································································4
7.1密钥管理要求·····································································································4
7.2密码协议要求·····································································································4
7.3算法配用要求·····································································································5
Ⅰ
GM/T0023—2023
7.4密码部件调用接口要求·························································································5
7.5敏感参数管理要求·······························································································5
7.6硬件安全要求·····································································································5
7.7软件安全要求·····································································································5
8管理要求·················································································································5
8.1配置管理···········································································································5
8.2设备监控···········································································································6
8.3设备管理···········································································································7
8.4管理员要求········································································································7
8.5管理协议和接口··································································································8
9硬件要求·················································································································8
9.1外部接口···········································································································8
9.2密码部件···········································································································8
9.3随机数发生器·····································································································8
9.4环境适应性········································································································8
9.5电磁兼容性········································································································8
9.6可靠性··············································································································8
10检测方法···············································································································8
10.1检测说明··········································································································8
10.2外观和结构的检查······························································································9
10.3提交文档的检查·································································································9
10.4功能检测··········································································································9
10.5性能检测········································································································10
10.6安全性检测·····································································································11
10.7管理检测········································································································11
10.8硬件检测········································································································12
11判定规则··············································································································12
Ⅱ
GM/T0023—2023
前言
本文件按照GB/T1.1—2020《标准化工作导则第1部分:标准化文件的结构和起草规则》的规
定起草。
本文件代替GM/T0023—2014《IPSecVPN网关产品规范》。与GM/T0023—2014相比,除结构
调整和编辑性改动外,主要技术变化如下:
a)增加了GCM可鉴别加密机制作为对称算法的工作机制(见5.4和7.3);
b)增加了“热备份”“负载均衡”“对端探测”“网络适应性”“集群部署”“动态地址”的要求(见
5.11、5.12、5.13、5.14、5.15和5.16);
c)删除了“参数可配置能力要求”“过程保护”(见2014年版的5.6和5.7);
d)增加了“密码协议要求”“算法配用要求”“密码部件调用接口要求”“敏感参数管理要求”的要
求(见7.2、7.3、7.4和7.5);
e)将“管理功能要求”更改为“管理要求”,并对内容进行了更改:删除了“合规性验证”,将“参数
配置管理”更改为“配置管理”并增加了“配置数据管理”,将“远程监控管理”更改为“设备监
控”并删除了“参数查询”,将“日志管理”更改为“日志功能”并合并到“设备监控”,删除了“远
程管理”,增加了“管理协议和接口”,增加了远程配置管理、远程设备监控的协议和接口要求
(见第8章,2014年版的第5章);
f)将“检测要求”更改为“检测方法”,并按照新的章节结构和内容进行了相应更改(见第10章,
2014年版的第6章);
g)将“合格判定”更改为“判定规则”,并按照新的章节结构和内容进行了相应更改(见第11章,
2014年版的第7章)。
请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。
本文件由密码行业标准化技术委员会提出并归口。
本文件起草单位:中电科网络安全科技股份有限公司、四川大学、深信服科技股份有限公司、阿里
云计算有限公司、鼎铉商用密码测评技术有限公司、格尔软件股份有限公司、无锡江南信息安全工程技
术中心、兴唐通信科技有限公司、山东得安信息技术有限公司、华为技术有限公司、天融信科技集团股
份有限公司、西安交大捷普网络科技有限公司、山东大学。
本文件主要起草人:罗俊、龚勋、叶润国、张大江、邹家须、郑强、谭武征、李元正、徐明翼、徐强、
王妮娜、马洪富、黄敏、孔凡玉。
本文件及其所代替文件的历次版本发布情况为:
——2014年首次发布为GM/T0023—2014;
——本次为第一次修订。
Ⅲ
GM/T0023—2023
IPSecVPN网关产品规范
1范围
本文件规定了IPSecVPN网关产品的功能要求、性能要求、安全性要求、管理要求、硬件要求、检
测方法和合格判定条件。
本文件适用于IPSecVPN网关产品的研制、使用和检测。
2规范性引用文件
下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文
件,仅该日期对应的版本适用于本文件;
温馨提示
- 1. 本站所提供的标准文本仅供个人学习、研究之用,未经授权,严禁复制、发行、汇编、翻译或网络传播等,侵权必究。
- 2. 本站所提供的标准均为PDF格式电子版文本(可阅读打印),因数字商品的特殊性,一经售出,不提供退换货服务。
- 3. 标准文档要求电子版与印刷版保持一致,所以下载的文档中可能包含空白页,非文档质量问题。
最新文档
- 南阳师范学院招聘笔试真题解析及答案
- 【2026】研究生考试考研植物生理学与生物化学(414)复习策略解析年
- 【锂离子电池不一致性研究进展综述【2000】字】
- 26年退休老年群体生理隐患
- 医学26年:慢性肾盂肾炎诊疗要点 查房课件
- 2026年GEO优化平台TOP3:不同规模企业的专属选型指南
- 2026春小学中高年级英语下册单元知识清单(3-6年级全册 人教PEP版)
- 嗓音健康保护方法
- 煤炭运输合同2026年保险条款
- 10.3保护财产权 课件 2025-2026学年统编版道德与法治七年级下册
- (2026年)急性颅脑损伤的围麻醉期管理新进展课件
- 2026云南西双版纳供电局及所属县级供电企业项目制用工招聘14人笔试参考题库及答案解析
- 2026年无人机理论知识资格证考试题库(附答案)
- 2025-2026学年成都市锦江区九年级下二诊英语试题(含答案和音频)
- 武汉市2026届高三年级四月供题(武汉四调)英语+答案
- 2026年铜陵经济技术开发区社会化公开招聘工作人员10名备考题库含答案详解(黄金题型)
- 铝储罐项目可行性研究报告
- 江苏国金资本运营集团校招面笔试题及答案
- 2026年中质协CAQ六西格玛黑带-控制-习题道必刷200题及参考答案详解(综合题)
- GA 53-2025爆破作业人员资格条件和管理要求
- 2025-2026学年人教版七年级历史上册第一单元同步测试卷(含答案解析)
评论
0/150
提交评论