This standard specifies the basic requirements for the application of cryptography from the first level to the fourth level of the information system, and proposes the first level from the four technical aspects of the information system's physical and environmental security, network and communication security, equipment and computing security, and application and data security. The technical requirements for cryptographic applications from level one to level four are put forward, and the management requirements for cryptographic applications from level one to level four are put forward from the four aspects of management system, personnel management, construction operation and emergency response. Note: The fifth-level password application only describes the general requirements in this standard, and the fifth-level password application technical requirements and management requirements are not described in this standard. This standard is applicable to guide and standardize the planning, construction, operation and evaluation of cryptographic applications in information systems. On the basis of this standard, various fields and industries can guide and standardize the application of cryptography in information systems in combination with the cryptography application requirements of this field and industry.
GB/T 39786-2021 Referenced Document
GB/T 37092 Information security technology—Security requirements for cryptographic modules
GB/T 39786-2021 history
2021GB/T 39786-2021 Information security technology—Baseline for information system cryptography application