北京桑拿论坛 桑拿 Cryptographic Brand Draft Addition of Password "Safety Risk Assessment" mechanism

Cryptographic Brand Draft Addition of Password "Safety Risk Assessment" mechanism

Commercial passwords are widely used in the development of national economic development and social production and life, covering financial and communications, public security, taxation, social security, transportation, health, energy, e-government, etc., in safeguarding national security, promoting economic and social development, protection The legitimate rights and interests of citizens, legal persons and social organizations have played an important role.

The relevant provisions of the commercial password were perfected in the Draft II for consideration. In terms of commercial password development promotion and protection measures, an initial draft manuscript has made the cultivation and construction of a normal password talent team, and the draft convention will be transferred to the general rules, but not only clarifies the same attention to the country. Commercial password talent training, and highlights the importance of talent training on cryptography.

Draft two review regulations: The country strengthens password talent training and team building, organizational and individuals who have made outstanding contributions in password work, giving commendation and rewards in accordance with relevant state regulations. In terms of the security risk assessment of commercial passwords, the draft second review regulations, laws, administrative regulations and national regulations require key information infrastructure for the use of commercial passwords, and operators should use commercial passwords to protect, self-contained or entrusting merchandise. Testing agency conducts the safety assessment of commercial password applications. The commercial password application security assessment should be connected to the key information infrastructure security inspection assessment, the network security grade assessment system, avoiding repeated assessment and evaluation. The draft clearly, the key information infrastructure operator procurement involves network products and services involving commercial passwords, which may affect national security, and should follow the national network letter department with the national password management department in accordance with the provisions of the Cvin Security Law of the People’s Republic of China. National security review of relevant departments organizations.

In addition, draft second review has also increased, commercial password detection, and certification bodies should assume secrets and trade secrets known in commercial password testing certifications. The password management department and the relevant departments and their staff should have a strict trade secrets and personal privacy in the performance of their duties. They must not disclose or illegally provide others.