This part of GB/T 21079 specifies the requirements for secure encryption devices (hereinafter referred to as SCD), which include the cryptographic procedures defined in ISO 9564, ISO 9807:1991 and ISO 11568. This standard has the following two main purposes: a) to specify the operational characteristics of SCD and the requirements for the management of the entire life cycle of SCD; b) to standardize the method of checking the conformity of these requirements. Cryptographic devices should have suitable characteristics to ensure proper operability and provide adequate protection for internal data. Proper device management is necessary to ensure the legitimacy of devices, i.e. devices cannot be altered by unauthorized methods (such as installing "listening devices", etc.), and sensitive data in devices cannot be leaked or tampered with. Absolute security is practically unattainable. Cryptographic security relies on a secure cryptographic device life cycle at every stage, and an effective combination of both proper device management procedures and secure cryptographic features. The hypervisor can take precautions to reduce the possibility of a device security breach. These safeguards are designed to increase the likelihood of uncovering unauthorized access to sensitive or classified data when the device itself cannot prevent or detect security attacks. Appendix A provides a description of the security levels described in this section when applied to secure encryption devices. This section does not address issues raised by SCD denial of service. The requirements for the characteristics and management of specific types of SCDs used in retail banking are described in ISO 11568-2.