China Cryptography TC holds a meeting in Beijing


On August 28 to 29, 2019, the China Cryptography Standardization Technical Committee held a meeting in Beijing to review 31 industry standard development projects, which were all passed by voting. Mr. XU Hanliang, chairman of the Cryptography Standardization Technical Committee, presided over the meeting. Participants included cryptography experts and the leaders of various cryptography standard projects.


Out of the 31 industry standard projects, 15 are under development and 16 still require more research to reach the development stage. The standards are related to emerging fields such as artificial intelligence, cloud computing, big data, electronic bidding, intelligent transportation, smart lock, and video surveillance.


On October 2011, the Standardization Administration of China and the State Cryptography Administration approved the establishment of the “China Cryptography Industry Standardization Technical Committee”, which is under the leadership and management of the State Cryptography Administration. This TC in charge of drafting industry standards of cryptography, it has a secretariat and four working groups: General WG, Basic WG, Application WG and evaluation WG, which are composed of experts from the government, enterprises, research institutes, universities, testing institutions and trade associations and mainly deals with technology, products, systems and management of cryptography standardization.


SESEC’s Analysis on the WG-level and TC-level analysis of the Cryptography TC:

There are two membership levels in the Cryptography TC, one is the TC level membership and another one is the WG level membership.

The TC level members are called committee members; only experts who meet the following requirements are able to join. The WG level is composed of member organizations and observer organizations, not individual experts. The organizations who apply to join a WG of the Cryptography TC should be independent legal entities registered within China, with business related to cryptography products, services, research and development.


Industry standards and national standards published by the Cryptography TC:

The Cryptography TC has already published 80 industry standards, from which 11 became national standards. The development of these 11 national standards was led by TC260. The WG3 of TC 260 also deals with cryptography technical standards and is now open for FIEs to join; among the 47 members, there is one German company.

Measures for the Administration of the Standards Drafting Organizations of TC260


Article 1 These Measures are set up in accordance with the Articles of TC 260 and Measures for the Administration of National Standards Projects of Information Security, and are designed to promote national standards development in cybersecurity by encouraging organizations to participate more while also enhancing impartiality and transparency in the process to make standards more practical and of higher quality.

Article 2 These Measures are guidelines that are applicable to all participants of standards development and revision, including leading organizations. Leading organizations are those responsible for drafting and revising cybersecurity national standards.


Article 3 Standards drafting participants shall meet the following requirements:

  1. Participants shall be members of the working groups under TC 260.
  2. Participants shall comply with these measures.
  3. Participants shall be able to complete the standards development assignments given by the leading organization.
  4. Participants shall be able to attend standard drafting meetings, make technical contributions and give advice.
  5. Participants shall send technical personnel who are able to participate in the whole standards drafting process.

Article 4 The leading organization should call for participants through notices posted in the website of TC260 and other methods within 30 days since after taking the responsibility of developing standards. The participants list and assignment allocation should be reported to the Secretariat of TC260, and a carbon copy should be sent to the working group. Scientific institutions, manufacturers, and organizations who use the standards, as well as assessment bodies, can participate in standards development. The leading organization should hold a kick-off meeting to determine the working plan and assignment allocation. All the participants, experts, delegates of the working group and representative of the Secretariat should attend the meeting.

Article 5 The leading organizations should hold at least one standards development meeting every two months to discuss the standard. Participants should join in the plenary session of the working group to ensure that the standard development goes in accordance with the plan. The leading organizations are also encouraged to hold technical seminars of standards on their own.

Article 6 The leading organizations should send the standard and comments on it to all the participants at least seven days before the standard development meeting; participants need to give advice at least three days before the meeting. The comments should be discussed at the meeting and the leading organization should hand the minutes of the meeting to the working group. The leading groups need to record and deal with the comments they receive while communicating with those who put forward their ideas.

Article 7 The leading organizations should organize participants to test and evaluate the standard’s operability after calling for comments. In addition, a report should be completed after the verification and be sent to the Secretariat of TC260 when the standard is submitted to the director.

Article 8 The leading organizations should not publicly give comments that conflict with the technical contents of the standard. In addition, participants should not change their delegates frequently and a written explanation should be submitted to the leading organization if the change is necessary. A participant will be regarded as retreating from the standard development if it changes its delegates more than three times or its delegates are absent two times successively. If the above conditions emerge, leading organizations need to report it to the working group on time.

Article 9 These Measures shall be interpreted by the Secretariat of TC260.


TC260 published 17 draft national standards for public comments

On 26th December, TC260 (National Information Security Standardization Technical Committee) published draft national standard “cyber security: guide on health care information security” for public comments. The feedback shall be emailed to before the 26th of December, 2018. Meanwhile the feedback deadline for the other 16 national standards listed below is 11th February, 2019.

  • “Information Security Technology- Entity Authentication Assurance Framework ”
  • “Information Security Technology- Certificate Request and Application Protocol Based on Multiple Channels”
  • “Information Security Technology- XML Digital Signature Syntax and Processing Specification ”
  • “Information Technology- Security Techniques- Message Authentication Codes (MACs)- Part 1 Mechanisms using a block cipher”
  • “Information Security Technology- Light Weight Authentication and Access Control Mechanism”
  • “Information Security Technology- Security Protection Technical Requirements and Testing and Assessment Approaches for Industrial Control Systems”
  • “Information Security Technology- Security Techniques Requirement and Evaluation Criteria for Server”
  • “Information Techniques- System Security Engineering Capability Maturity Model”
  • “Information Security Technology-Cybersecurity Vulnerability Identification and Description Specification”
  • “Information Security Technology- Guidelines for the Category and Classification of Cybersecurity Vulnerability”
  • “Information Security Techniques-Cybersecurity Vulnerability Management Specification”
  • “Information Security Techniques- Terminology”
  • “Information Technology- Security Techniques- Information Security Incident Management- Part 2: Guidelines to plan and prepare for incident response”
  • “Information Technology- Security Techniques- Guidelines for Information Security Management Systems Auditing”
  • “Information Security Technology- Guide for Health Information Security ”
  • “Information Security Technology- Requirements for Data Security Technology of the Government Information Sharing”

26/06/2018 SAC approved the establishment of National Technical Committee on Integration of Informatization and Industrialization Management (SAC/TC573)

SAC approved the official establishment of National Technical Committee on Integration of Informatization and Industrialization Management (SAC/TC573). The committee would be in charge of the related formulation of national standards managed and supervised by MIIT. The committee possessed 68 members and located secretariat in National industrial information security development research centre.