標(biāo)準(zhǔn)解讀

《gm/t 0023-2023 IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范》相對于《gm/t 0023-2014 IPSec VPN網(wǎng)關(guān)產(chǎn)品規(guī)范》,在多個(gè)方面進(jìn)行了更新和調(diào)整,以適應(yīng)技術(shù)發(fā)展和安全需求的變化。首先,在密碼算法方面,新版標(biāo)準(zhǔn)增加了對更多國產(chǎn)密碼算法的支持,比如SM2、SM3、SM4等,同時(shí)對于舊版中使用的國際通用密碼算法的使用條件進(jìn)行了限制或調(diào)整,這反映了國家對信息安全自主可控的要求日益增強(qiáng)。

其次,在功能要求上,《gm/t 0023-2023》細(xì)化了IPSec VPN網(wǎng)關(guān)產(chǎn)品的安全特性描述,包括但不限于身份認(rèn)證機(jī)制、訪問控制策略、密鑰管理流程等方面的規(guī)定更加嚴(yán)格和完善,旨在提高整體系統(tǒng)的安全性與可靠性。此外,新版本還加強(qiáng)了對用戶數(shù)據(jù)隱私保護(hù)的要求,規(guī)定了更詳細(xì)的數(shù)據(jù)加密傳輸規(guī)則以及敏感信息處理指導(dǎo)原則。

再者,針對性能指標(biāo),《gm/t 0023-2023》提出了更高的要求,不僅涵蓋了吞吐量、延遲時(shí)間等基本性能參數(shù),還新增了一些關(guān)于系統(tǒng)穩(wěn)定性和可用性的評價(jià)標(biāo)準(zhǔn),如故障恢復(fù)時(shí)間、連續(xù)工作能力等,以此來確保IPSec VPN網(wǎng)關(guān)能夠在各種復(fù)雜環(huán)境下提供高效穩(wěn)定的服務(wù)。


如需獲取更多詳盡信息,請直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標(biāo)準(zhǔn)文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2023-12-04 頒布
  • 2024-06-01 實(shí)施
?正版授權(quán)
GM/T 0023-2023IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范_第1頁
GM/T 0023-2023IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范_第2頁
GM/T 0023-2023IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范_第3頁
GM/T 0023-2023IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范_第4頁
GM/T 0023-2023IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范_第5頁
免費(fèi)預(yù)覽已結(jié)束,剩余15頁可下載查看

下載本文檔

GM/T 0023-2023IPSec VPN 網(wǎng)關(guān)產(chǎn)品規(guī)范-免費(fèi)下載試讀頁

文檔簡介

ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標(biāo)準(zhǔn)

GM/T0023—2023

代替GM/T0023—2014

IPSecVPN網(wǎng)關(guān)產(chǎn)品規(guī)范

IPSecVPNgatewayproductspecification

2023?12?04發(fā)布2024?06?01實(shí)施

國家密碼管理局發(fā)布

GM/T0023—2023

目次

前言··························································································································Ⅲ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術(shù)語和定義··············································································································1

4縮略語····················································································································1

5功能要求·················································································································2

5.1隨機(jī)數(shù)生成········································································································2

5.2工作模式···········································································································2

5.3密鑰交換···········································································································2

5.4安全報(bào)文封裝·····································································································2

5.5NAT穿越··········································································································2

5.6鑒別方式···········································································································2

5.7IP協(xié)議版本支持··································································································2

5.8抗重放攻擊········································································································2

5.9密鑰更新···········································································································2

5.10包過濾·············································································································3

5.11熱備份·············································································································3

5.12負(fù)載均衡··········································································································3

5.13對端探測··········································································································3

5.14網(wǎng)絡(luò)適應(yīng)性·······································································································3

5.15集群部署··········································································································3

5.16動(dòng)態(tài)地址··········································································································3

6性能要求·················································································································3

6.1加解密吞吐率·····································································································3

6.2加解密時(shí)延········································································································3

6.3加解密丟包率·····································································································4

6.4每秒新建隧道數(shù)··································································································4

6.5最大并發(fā)隧道數(shù)··································································································4

7安全性要求··············································································································4

7.1密鑰管理要求·····································································································4

7.2密碼協(xié)議要求·····································································································4

7.3算法配用要求·····································································································5

GM/T0023—2023

7.4密碼部件調(diào)用接口要求·························································································5

7.5敏感參數(shù)管理要求·······························································································5

7.6硬件安全要求·····································································································5

7.7軟件安全要求·····································································································5

8管理要求·················································································································5

8.1配置管理···········································································································5

8.2設(shè)備監(jiān)控···········································································································6

8.3設(shè)備管理···········································································································7

8.4管理員要求········································································································7

8.5管理協(xié)議和接口··································································································8

9硬件要求·················································································································8

9.1外部接口···········································································································8

9.2密碼部件···········································································································8

9.3隨機(jī)數(shù)發(fā)生器·····································································································8

9.4環(huán)境適應(yīng)性········································································································8

9.5電磁兼容性········································································································8

9.6可靠性··············································································································8

10檢測方法···············································································································8

10.1檢測說明··········································································································8

10.2外觀和結(jié)構(gòu)的檢查······························································································9

10.3提交文檔的檢查·································································································9

10.4功能檢測··········································································································9

10.5性能檢測········································································································10

10.6安全性檢測·····································································································11

10.7管理檢測········································································································11

10.8硬件檢測········································································································12

11判定規(guī)則··············································································································12

GM/T0023—2023

前言

本文件按照GB/T1.1—2020《標(biāo)準(zhǔn)化工作導(dǎo)則第1部分:標(biāo)準(zhǔn)化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

本文件代替GM/T0023—2014《IPSecVPN網(wǎng)關(guān)產(chǎn)品規(guī)范》。與GM/T0023—2014相比,除結(jié)構(gòu)

調(diào)整和編輯性改動(dòng)外,主要技術(shù)變化如下:

a)增加了GCM可鑒別加密機(jī)制作為對稱算法的工作機(jī)制(見5.4和7.3);

b)增加了“熱備份”“負(fù)載均衡”“對端探測”“網(wǎng)絡(luò)適應(yīng)性”“集群部署”“動(dòng)態(tài)地址”的要求(見

5.11、5.12、5.13、5.14、5.15和5.16);

c)刪除了“參數(shù)可配置能力要求”“過程保護(hù)”(見2014年版的5.6和5.7);

d)增加了“密碼協(xié)議要求”“算法配用要求”“密碼部件調(diào)用接口要求”“敏感參數(shù)管理要求”的要

求(見7.2、7.3、7.4和7.5);

e)將“管理功能要求”更改為“管理要求”,并對內(nèi)容進(jìn)行了更改:刪除了“合規(guī)性驗(yàn)證”,將“參數(shù)

配置管理”更改為“配置管理”并增加了“配置數(shù)據(jù)管理”,將“遠(yuǎn)程監(jiān)控管理”更改為“設(shè)備監(jiān)

控”并刪除了“參數(shù)查詢”,將“日志管理”更改為“日志功能”并合并到“設(shè)備監(jiān)控”,刪除了“遠(yuǎn)

程管理”,增加了“管理協(xié)議和接口”,增加了遠(yuǎn)程配置管理、遠(yuǎn)程設(shè)備監(jiān)控的協(xié)議和接口要求

(見第8章,2014年版的第5章);

f)將“檢測要求”更改為“檢測方法”,并按照新的章節(jié)結(jié)構(gòu)和內(nèi)容進(jìn)行了相應(yīng)更改(見第10章,

2014年版的第6章);

g)將“合格判定”更改為“判定規(guī)則”,并按照新的章節(jié)結(jié)構(gòu)和內(nèi)容進(jìn)行了相應(yīng)更改(見第11章,

2014年版的第7章)。

請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機(jī)構(gòu)不承擔(dān)識別專利的責(zé)任。

本文件由密碼行業(yè)標(biāo)準(zhǔn)化技術(shù)委員會(huì)提出并歸口。

本文件起草單位:中電科網(wǎng)絡(luò)安全科技股份有限公司、四川大學(xué)、深信服科技股份有限公司、阿里

云計(jì)算有限公司、鼎鉉商用密碼測評技術(shù)有限公司、格爾軟件股份有限公司、無錫江南信息安全工程技

術(shù)中心、興唐通信科技有限公司、山東得安信息技術(shù)有限公司、華為技術(shù)有限公司、天融信科技集團(tuán)股

份有限公司、西安交大捷普網(wǎng)絡(luò)科技有限公司、山東大學(xué)。

本文件主要起草人:羅俊、龔勛、葉潤國、張大江、鄒家須、鄭強(qiáng)、譚武征、李元正、徐明翼、徐強(qiáng)、

王妮娜、馬洪富、黃敏、孔凡玉。

本文件及其所代替文件的歷次版本發(fā)布情況為:

——2014年首次發(fā)布為GM/T0023—2014;

——本次為第一次修訂。

GM/T0023—2023

IPSecVPN網(wǎng)關(guān)產(chǎn)品規(guī)范

1范圍

本文件規(guī)定了IPSecVPN網(wǎng)關(guān)產(chǎn)品的功能要求、性能要求、安全性要求、管理要求、硬件要求、檢

測方法和合格判定條件。

本文件適用于IPSecVPN網(wǎng)關(guān)產(chǎn)品的研制、使用和檢測。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中,注日期的引用文

件,僅該日期對應(yīng)的版本適用于本文件;

溫馨提示

  • 1. 本站所提供的標(biāo)準(zhǔn)文本僅供個(gè)人學(xué)習(xí)、研究之用,未經(jīng)授權(quán),嚴(yán)禁復(fù)制、發(fā)行、匯編、翻譯或網(wǎng)絡(luò)傳播等,侵權(quán)必究。
  • 2. 本站所提供的標(biāo)準(zhǔn)均為PDF格式電子版文本(可閱讀打印),因數(shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務(wù)。
  • 3. 標(biāo)準(zhǔn)文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。

評論

0/150

提交評論