Promulgation Date: 2020-3-26 Title: 市场监管总局、国家密码管理局关于开展商用密码检测认证工作的实施意见 Document Number: Fafa (2020) #38 Expiration date: Promulgating Entities:State Administration of Market Regulation, State Cryptography Administration Source of text: http://gkml.samr.gov.cn/nsjg/rzjgs/202003/t20200331_313714.html
To the Bureau (department, commission) of market regulation and the encryption administration for each province, autonomous region, directly-governed municipality, and for the Xinjiang Construction and Production Corps:
In order to advance the establishment of the testing and certification system for commercial encryption and to promote the healthy and orderly development of the commercial encryption industry, the State Administration for Market Regulation and State Administration for Cryptography present the following Implementation Opinions on the implementation of testing and authentication for commercial encryption, based on the "Product Quality Law of the P.R.C.", the "Cryptography Law of the P.R.C.", and the "P.R.C. Regulations on Certification and Accreditation".
I. Work Principles and Mechanisms
Commercial encryption testing and certification work is to adhere to the basic principles of "uniform management, common implementation, standardization and order, and ensuring safety". Based on department duties, the State Administration for Market Regulation and State Cryptography Administration are to strengthen the organization and implement, oversight and management, and outcome acceptance for testing and certification work, to create a positive market environment for the development of commercial encryption.
The catalog of commercial encryption certifications is to be jointly published by the State Administration for Market Regulation and State Cryptography Administration, and rules for commercial encryption certification are to be published by the State Administration for Market Regulation.
The State Administration for Market Regulation and State Cryptography Administration are to jointly organize the establishment of a commission on commercial encryption certification technology, coordinating the resolution of technological problems that emerge in implementing certification, to provide technical support to the management departments, make recommendations, and so forth.
II. Implementation of Certification
(1) Commercial encryption certification bodies shall comply with the basic requirements of relevant administrative regulations and rules, possess the professional capacity to engage in commercial encryption certification activity, and obtain certification from the State Administration for Market Regulation after its hearing of the State Cryptography Administration.
(2) Commercial encryption certification bodies shall retain testing bodies that have obtained relevant commercial encryption testing credentials in accordance with law to carry out testing related to certification, and clarify their rights, obligations, and legal responsibilities.
(3) Commercial cryptography testing and certification bodies shall carry out commercial cryptography testing and certification in accordance with laws, administrative regulations, and technical regulations for commercial cryptography testing and certification, and establish trackable work mechanisms that record and archive the entire process of testing and certification.
(4) commercial encryption certification bodies shall disclose fee collection standards for certification, and information such as the validity, suspension, cancellation, or revocation of certification documents, and accept public oversight and inquiries.
(5) commercial encryption certification bodies shall follow relevant provisions to report on the implementation of commercial encryption certification and on information on certification documents.
(6) Commercial encryption testing and certification bodies shall bear an obligation to maintain the secrecy of state secrets and commercial secrets that they learn of in the course of commercial encryption testing and certifications.
III. Oversight and Management
(1) Departments for market regulation, together with departments for cryptography administration are to carry out oversight and management of commercial encryption testing and certification bodies as well as their activities, and where conduct in violation of law is discovered, give punishments in accordance with law.
(2) Where the persons requesting certification have objections to the testing and certification body's work or decision, they may submit a collateral appeal to the testing and certification body. Where they still have objections to the outcome reached by the testing and certification body, they may make a complaint to the departments for market supervision or for cryptography administration.
State Administration of Market Regulation, State Cryptography Administration
March 26, 2020