15/05/2020
SAC has set up a standard project to develop a new standard on cybersecurity: Information Security Technology –Technical Security Requirements for Specialized Cybersecurity Products.
The National Standard Plan Information Security Technology – Technical Security Requirements for Specialized Cybersecurity Products is in the charge of the Ministry of Public Security of China (MPS). The main SDOs include the Cybersecurity Bureau of the MPS, the Third Research Institute of the MPS, the First Research Institute of the MPS, and China Electronics Standardization Institute (CESI).
1. Introduction of Information Security Technology – Technical Security Requirements for Specialized Cybersecurity Products
Information Security Technology – Technical Security Requirements for Specialized Cybersecurity Products specifies the functions of specialized cybersecurity products in identification, communication security protection, and user information security protection, particularly in border protection and security audition, as well as security requirements as well as security requirements for a product throughout its entire lifecycle.
This standard applies to firewall, network intrusion prevention, virus prevention, security audit and other specialized products for cybersecurity sold or provided in China. It can also provide a basis for network operators to purchase specialized products for network security. It is also applicable to the research, development, testing and production of specialized products for cybersecurity, and has instructions for third-party evaluation institutions to conduct safety assessment for specialized products of cybersecurity.
2. Background:
On February 18, 1994, the State Council issued the Regulations on the Security Protection of Computer Information Systems, in which Article 16 of Chapter II stipulates that “the State shall implement the licensing system for the sale of specialized products for the security of computer information systems. Specific measures shall be formulated by the Ministry of Public Security together with relevant departments.”
On December 1, 1997, the MPS issued Order No. 32 Measures for the Administration of Testing and Selling Licenses of Specialized Products for Computer Information Systems Security, in which Article 3 of Chapter I stipulates that the specialized safety products within the territory of China shall be sold under the sales license system. The producers of specialized safety products must apply for the Sales License of Specialized Safety Products for Computer Information Systems before their products enter the market. On this basis, the MPS officially began to manage and issue sales licenses for information security products in 1998.
The trial implementation of the Sales License System established MPS’s leading position in the information security industry management. The license plays an important role in ensuring the quality of information security products, improving the safety, reliability and controllability of products, and ensuring the safety of important information systems in China.
On June 1, 2017, the Cyber Security Law was officially implemented. Article 23 of the law stipulates that “Key network equipment and specialized cybersecurity products shall, in accordance with the compulsory requirements of relevant national standards, pass the security certification conducted by qualified institutions or meet the requirements of security detection before being sold or provided.”
To implement the relevant provisions of the Cyber Security Law and better guide the testing of specialized cybersecurity products, China plans to formulate the mandatory national standard for specialized cybersecurity products called Information Security Technology – Technical Security Requirements for Specialized Cybersecurity Products. This standard can guide specialized cybersecurity product developers to develop cybersecurity products with high security, prevent or reduce the risks of cybersecurity products, and improve the security level of China’s network and critical information infrastructure.
信息安全技术 网络安全专用产品安全技术要求
By Luna ZHAO on May 12,2020.
