Commercial Password Management Regulations
Chapter 1 General
Article 1 In order to strengthen commercial password management, protect information security, protect citizenship rights and interests, and maintain national security and interests, this regulation is developed. Article 2 The commercial passwords referred to in this Ordinance refer to encrypted protection or password products that are encrypted or securely certified for information that does not involve national secret content. Article 3 The commercial password technology is a state secret. The state's research, production, sales and use of commercial password products is implemented. Article 4 The State Password Management Committee and its office (hereinafter referred to as the National Password Management Agency) competent national commercial password management. The province, autonomous region, and municipality directly under the Central Government, the institutions responsible for password management shall bear the management of commercial passwords based on the delegation of the national password management agency.
Chapter II Scientific Research, Production Management
Article 5 The scientific research task of commercial password is borne by the unit designated by the national password management agency. Commercial password designated scientific research units must have the corresponding technical strength and equipment, which can adopt advanced coding theory and technology, compiled commercial cryptographic algorithms have high confidentiality and anti-attack capabilities. Article 6 The scientific research results of commercial passwords shall be approved by the State Password Management Institutions in accordance with the technical standards and technical specifications of commercial passwords and technical specifications. Article 7 The commercial password product is produced by the unit designated by the national password management agency. Without designation, any unit or individual may not produce commercial cryptographic products. Commercial password products designated production units must have technical strengths to be adapted to the production of merchants and ensure equipment, production process and quality assurance system for commercial password product quality. Article 8 Commercial Password Products Specifies the variety and model of commercial password products produced by the production unit, and must be approved by the national password management agency and must not exceed the approved range of producers. Article 9 The commercial password product must be qualified by the product quality testing mechanism designated by the national password management institution.
Chapter III Sales Management
Article 10 The commercial password product is sold by the unit licensed by the National Password Administration. No unit or individual may not sell customer password products without permission. Article 11 If the sales business password product shall be applied to the national password management agency and should have the following conditions: (1) Familiar with commercial cryptographic product knowledge and after-sales service; (2) Have a perfect sales service and safety Management rules and regulations; (3) has an independent legal person qualification. After reviewing the qualified unit, the national password management institution is issued to "Commercial Password Product Sales License". Article 12 Salence Cryptographic Products, must register directly using the name of the user of the commercial password product (name), address (address), organizational code (resident ID number), and use of each commercial password product, and will Registration reports the national password management agency filing. Article 13 Imported password products and equipment or export commercial password products containing password technology, must report to national password management agencies. Any unit or individual may not sell overseas password products.
Chapter 4 Using Management
Article 14 Any unit or individual can only use the commercial password product approved by the State Password Management Institute, and shall not use self-developed or overseas cryptographic products. Article 15 Overseas organizations or devices that use cryptographic products in China or a password technology must report to national password management agencies; however, foreign diplomatic representatives and consular agencies in China. Article 16 Users of commercial password products shall not transfer their commercial password products. Commercial password products have failed and must be repaired by the national password management agency. Scrapped, destroying commercial cryptographic products, should be filed with national password management agencies.
Chapter 5 Security, Confidential Management
Article 17 The research and production of commercial password products shall be carried out in an environment in accordance with safety and confidentiality requirements. Sales, transportation, keeping commercial password products, should take appropriate safety measures. Engaged in the research, production and sales of commercial password products, units and personnel using commercial password products, must assume confidential obligations to the commercial password technology of the contact and mastery. Article 18 Propaganda, public exhibitors, password products, must be approved by the national password management institution in advance. Article 19 Any unit and individual shall not illegally attack commercial passwords, and must not use commercial password to harm the national security and interests, endanger social security or other illegal crimes. Chapter 6 is penalized
Article 20 One of the following acts, the national cryptographic management agency will confiscate cryptographic products in different situations according to different circumstances, and have illegal income, confiscation of illegal income; if the circumstances are serious, it can be illegal 1 to 3 times a fine: (1) Unauthorized producer cryptographic products, or commercial password products, designated production units, or commercial password products, or commercial password products; (2) unauthorized, unauthorized sales of password products (3) Unauthorized importing password products and equipment, exporters with password technology, exporters, or password products sold outdated. The unit of license vendor's password product is not in accordance with the regulations of the sales business password product, and the national password management agency will give a warning with the industrial and commercial administrative department and order to be corrected. Article 21 If one of the following acts, the national password management agency will give a warning according to the different situations, and the national security organs will give warnings, or order to immediately correct: (1) In the research and production process of commercial password products, Confidentiality; (b) sales, transportation, storage commercial password products, no corresponding safety measures; (3) unauthorized, publicized, public exhibitors; (4) Transfer commercial password products or not The unit repair commercial password product specified by the national password management institution. Use self-developed or overseas cryptographic products, transfer commercial cryptographic products, or less than those designated by the national password management institution, the plot is serious, and the national password management institution will follow the public security, national security organs, respectively. Do not receive its password products. Article 22 The scientific research, production and sales unit of commercial password products has the first paragraph (1), 21 (2), paragraph 1 (1), (2), and (3) of Article 21 (1), (2), etc. The consequences of the national password management agency revoke its designated scientific research, production unit qualification, and revoke "commercial password product sales license". Article 23: Leaking business password technology secrets, illegal attack commercial passwords or use commercial passwords to endanger the safety and interests of harm to countries, serious circumstances, constitute crime, and investigate criminal responsibility according to law. If the behavior listed in the preceding paragraph has not constituted a crime, the national password management agency will confiscate the commercial password products used by the national security organ or the confidentiality department according to different conditions, and the national security organs shall be based on the national security authority. Administrative detention; belonging to national staff, and administrate administrative punishment according to law. Article 24 Overseas organizations or individuals are not approved, using password products or equipment containing password technologies, the national password management agency will give warnings, order to correct, ordered to confiscate password products or password technology. equipment. Article 25 The staff of the commercial password management institution abuses the power, neglects the duties, and the malpractice, constitutes a criminal responsibility, and is investigated criminal responsibility according to law; it does not constitute a crime, and the administrative punishment shall be given according to law.
Chapter VII
Article 26 The State Password Management Committee may formulate relevant management regulations in accordance with this Ordinance. Article 27 This regulations shall be implemented from the date of issuance.
