標準解讀

《gm/t 0023-2023 IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范》相對于《gm/t 0023-2014 IPSec VPN網(wǎng)關產(chǎn)品規(guī)范》,在多個方面進行了更新和調(diào)整,以適應技術發(fā)展和安全需求的變化。首先,在密碼算法方面,新版標準增加了對更多國產(chǎn)密碼算法的支持,比如SM2、SM3、SM4等,同時對于舊版中使用的國際通用密碼算法的使用條件進行了限制或調(diào)整,這反映了國家對信息安全自主可控的要求日益增強。

其次,在功能要求上,《gm/t 0023-2023》細化了IPSec VPN網(wǎng)關產(chǎn)品的安全特性描述,包括但不限于身份認證機制、訪問控制策略、密鑰管理流程等方面的規(guī)定更加嚴格和完善,旨在提高整體系統(tǒng)的安全性與可靠性。此外,新版本還加強了對用戶數(shù)據(jù)隱私保護的要求,規(guī)定了更詳細的數(shù)據(jù)加密傳輸規(guī)則以及敏感信息處理指導原則。

再者,針對性能指標,《gm/t 0023-2023》提出了更高的要求,不僅涵蓋了吞吐量、延遲時間等基本性能參數(shù),還新增了一些關于系統(tǒng)穩(wěn)定性和可用性的評價標準,如故障恢復時間、連續(xù)工作能力等,以此來確保IPSec VPN網(wǎng)關能夠在各種復雜環(huán)境下提供高效穩(wěn)定的服務。


如需獲取更多詳盡信息,請直接參考下方經(jīng)官方授權發(fā)布的權威標準文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2023-12-04 頒布
  • 2024-06-01 實施
?正版授權
GM/T 0023-2023IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范_第1頁
GM/T 0023-2023IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范_第2頁
GM/T 0023-2023IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范_第3頁
GM/T 0023-2023IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范_第4頁
GM/T 0023-2023IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范_第5頁
免費預覽已結束,剩余15頁可下載查看

下載本文檔

GM/T 0023-2023IPSec VPN 網(wǎng)關產(chǎn)品規(guī)范-免費下載試讀頁

文檔簡介

ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標準

GM/T0023—2023

代替GM/T0023—2014

IPSecVPN網(wǎng)關產(chǎn)品規(guī)范

IPSecVPNgatewayproductspecification

2023?12?04發(fā)布2024?06?01實施

國家密碼管理局發(fā)布

GM/T0023—2023

目次

前言··························································································································Ⅲ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術語和定義··············································································································1

4縮略語····················································································································1

5功能要求·················································································································2

5.1隨機數(shù)生成········································································································2

5.2工作模式···········································································································2

5.3密鑰交換···········································································································2

5.4安全報文封裝·····································································································2

5.5NAT穿越··········································································································2

5.6鑒別方式···········································································································2

5.7IP協(xié)議版本支持··································································································2

5.8抗重放攻擊········································································································2

5.9密鑰更新···········································································································2

5.10包過濾·············································································································3

5.11熱備份·············································································································3

5.12負載均衡··········································································································3

5.13對端探測··········································································································3

5.14網(wǎng)絡適應性·······································································································3

5.15集群部署··········································································································3

5.16動態(tài)地址··········································································································3

6性能要求·················································································································3

6.1加解密吞吐率·····································································································3

6.2加解密時延········································································································3

6.3加解密丟包率·····································································································4

6.4每秒新建隧道數(shù)··································································································4

6.5最大并發(fā)隧道數(shù)··································································································4

7安全性要求··············································································································4

7.1密鑰管理要求·····································································································4

7.2密碼協(xié)議要求·····································································································4

7.3算法配用要求·····································································································5

GM/T0023—2023

7.4密碼部件調(diào)用接口要求·························································································5

7.5敏感參數(shù)管理要求·······························································································5

7.6硬件安全要求·····································································································5

7.7軟件安全要求·····································································································5

8管理要求·················································································································5

8.1配置管理···········································································································5

8.2設備監(jiān)控···········································································································6

8.3設備管理···········································································································7

8.4管理員要求········································································································7

8.5管理協(xié)議和接口··································································································8

9硬件要求·················································································································8

9.1外部接口···········································································································8

9.2密碼部件···········································································································8

9.3隨機數(shù)發(fā)生器·····································································································8

9.4環(huán)境適應性········································································································8

9.5電磁兼容性········································································································8

9.6可靠性··············································································································8

10檢測方法···············································································································8

10.1檢測說明··········································································································8

10.2外觀和結構的檢查······························································································9

10.3提交文檔的檢查·································································································9

10.4功能檢測··········································································································9

10.5性能檢測········································································································10

10.6安全性檢測·····································································································11

10.7管理檢測········································································································11

10.8硬件檢測········································································································12

11判定規(guī)則··············································································································12

GM/T0023—2023

前言

本文件按照GB/T1.1—2020《標準化工作導則第1部分:標準化文件的結構和起草規(guī)則》的規(guī)

定起草。

本文件代替GM/T0023—2014《IPSecVPN網(wǎng)關產(chǎn)品規(guī)范》。與GM/T0023—2014相比,除結構

調(diào)整和編輯性改動外,主要技術變化如下:

a)增加了GCM可鑒別加密機制作為對稱算法的工作機制(見5.4和7.3);

b)增加了“熱備份”“負載均衡”“對端探測”“網(wǎng)絡適應性”“集群部署”“動態(tài)地址”的要求(見

5.11、5.12、5.13、5.14、5.15和5.16);

c)刪除了“參數(shù)可配置能力要求”“過程保護”(見2014年版的5.6和5.7);

d)增加了“密碼協(xié)議要求”“算法配用要求”“密碼部件調(diào)用接口要求”“敏感參數(shù)管理要求”的要

求(見7.2、7.3、7.4和7.5);

e)將“管理功能要求”更改為“管理要求”,并對內(nèi)容進行了更改:刪除了“合規(guī)性驗證”,將“參數(shù)

配置管理”更改為“配置管理”并增加了“配置數(shù)據(jù)管理”,將“遠程監(jiān)控管理”更改為“設備監(jiān)

控”并刪除了“參數(shù)查詢”,將“日志管理”更改為“日志功能”并合并到“設備監(jiān)控”,刪除了“遠

程管理”,增加了“管理協(xié)議和接口”,增加了遠程配置管理、遠程設備監(jiān)控的協(xié)議和接口要求

(見第8章,2014年版的第5章);

f)將“檢測要求”更改為“檢測方法”,并按照新的章節(jié)結構和內(nèi)容進行了相應更改(見第10章,

2014年版的第6章);

g)將“合格判定”更改為“判定規(guī)則”,并按照新的章節(jié)結構和內(nèi)容進行了相應更改(見第11章,

2014年版的第7章)。

請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機構不承擔識別專利的責任。

本文件由密碼行業(yè)標準化技術委員會提出并歸口。

本文件起草單位:中電科網(wǎng)絡安全科技股份有限公司、四川大學、深信服科技股份有限公司、阿里

云計算有限公司、鼎鉉商用密碼測評技術有限公司、格爾軟件股份有限公司、無錫江南信息安全工程技

術中心、興唐通信科技有限公司、山東得安信息技術有限公司、華為技術有限公司、天融信科技集團股

份有限公司、西安交大捷普網(wǎng)絡科技有限公司、山東大學。

本文件主要起草人:羅俊、龔勛、葉潤國、張大江、鄒家須、鄭強、譚武征、李元正、徐明翼、徐強、

王妮娜、馬洪富、黃敏、孔凡玉。

本文件及其所代替文件的歷次版本發(fā)布情況為:

——2014年首次發(fā)布為GM/T0023—2014;

——本次為第一次修訂。

GM/T0023—2023

IPSecVPN網(wǎng)關產(chǎn)品規(guī)范

1范圍

本文件規(guī)定了IPSecVPN網(wǎng)關產(chǎn)品的功能要求、性能要求、安全性要求、管理要求、硬件要求、檢

測方法和合格判定條件。

本文件適用于IPSecVPN網(wǎng)關產(chǎn)品的研制、使用和檢測。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過文中的規(guī)范性引用而構成本文件必不可少的條款。其中,注日期的引用文

件,僅該日期對應的版本適用于本文件;

溫馨提示

  • 1. 本站所提供的標準文本僅供個人學習、研究之用,未經(jīng)授權,嚴禁復制、發(fā)行、匯編、翻譯或網(wǎng)絡傳播等,侵權必究。
  • 2. 本站所提供的標準均為PDF格式電子版文本(可閱讀打?。驍?shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務。
  • 3. 標準文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。

最新文檔

評論

0/150

提交評論