On 27th June, Ministry of Public Security (MPS) published the draft of classified protection regulation of cyber security and called for public comments. The deadline was 27th July 2018.
On 11th June, National Information Security Standardization Technical Committee (SAC TC260) called for public comments on 24 information security standard drafts and deadline was 25th July 2018.
• Information security technology – Security impact assessment guide of personal information
• Information security technology – Cybersecurity protection requirements of critical information infrastructure
• Information security technology – Security controls of critical information infrastructure
• Information security technology – Evaluation approaches for industrial control systems information security
• Information security technology – Cybersecurity guide for automotive electronics systems
• Information security technology – Security test requirements for cryptographic modules
• Information security technology – Guidance of cryptographic application for electronic records
• Information security techniques – Security technical requirements for operating system on smart mobile terminal
• Information security technology – Guide to malware incident prevention and handling
• Information security technology – Trusted computing architecture
• Information security technology – Guide to Bluetooth usage security
• Information security technology – Secure coding guide for application software
• Information security technology – Code security audit specification
• Information technology – Security techniques – Network security – Part 1: Overview and concepts
• Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security
• Information technology – Security techniques – Anonymous digital signatures – Part 1: General
• Information technology – Security techniques – Anonymous digital signatures – Part 2: Mechanisms using a group public key
• Information security technology – Security technical requirements and test evaluation approaches of smart mobile terminals
• Information security technology – Security technical requirements and testing and assessment approaches for firewall
• Information security technology – Trusted computing specification – Trusted connect testing specification
• Information security technology – Technical framework for authentication of mobile smart terminals based on biometric
• Information security technology – Technical requirements for mobile internet security audit products
• Information security technology – Light-weight authentication and access control mechanism
• Information security technology – Technical requirements for remote face recognition authentication system based on trusted environment
Chinese Version is available: 24 standard drafts-Chinese Version
In order to actively deal with the serious and complex network security situation and further improve the public network security mechanism, MIIT issued a notice on public network security threat monitoring and disposal approach.
Sponsored by Certification and Accreditation Administration, German Federal Ministry of Economics and Energy and China Information Security Certification Center, the China – German Symposium on Information Security Assessment was successfully held in Beijing on September 11th, 2017.It is the first time for China and German to start network security conformity assessment cooperation, which attracted more than 200 participants from relevant government departments，testing certification bodies and related enterprises in China and German.
This symposium aims to promote strategic cooperation in “Made in China 2025” and “German industry 4.0”, focusing on the common concerned issues about the network security laws and regulations, standards, testing and certification. In order to facilitate trade development and technical exchanges between the two countries, China and German will share best practices to explore pragmatic cooperation, and enhance the mutual trust in network security certification.
On 25 August 2017, SAC/TC260 released the national standard: Information security technology – guide for the de-identification of personal information (draft for comments). The standard was developed to support the national standard；personal information protection specification.
The comments collection will continue to 9 October.
Recently, MIIT released the Critical Information Infrastructure Protection Regulations (Draft for Comments). The comments collection will be closed on 10 August, 2017. any comment can be delievered by email to email@example.com.
Original text: http://www.cac.gov.cn/2017-07/11/c_1121294220.htm
On 27th July, 2017, at the invitation of the Alibaba Group, Charles Brookson, chairman of the ETSI Cybersecurity Technical Committee, visited China for the 2017 Cybersecurity Summit, and presented a speech of “ETSI and Cybersecurity standard” in the meeting. In his speech, Charles introduced the ETSI organization, ETSI’s achievements in Cybersecurity and the focuses of ETSI’s future work. It gave the participants a better understanding of ETSI’s progress in cybersecurity area, and laid a foundation for the future cooperation as well.
During the summit, Chairman Charles was also invited to have a closed-door meeting with the standardization department of Alibaba Group, and the both sides discussed the issues of mutual interests.
On 12 May 2017, SESEC convened a Cybersecurity Standard Roundtable Meeting. More than 20 experts, scholars, and representatives from enterprises in cybersecurity field attended the meeting.
The theme of the meeting was the new Cybersecurity Law, relevant standards and their influences, and experts from UNI-PARTNER, SIEMENS and ORACLE shared their understandings and analysis on the development situation of the system in their presentations.
They presented the evolution process of the law, the trend of the relevant regulations and standards, and the constructive suggestions for enterprises to deal with the rapid development of the system. They also introduced the status of SAC/TC260 (Cybersecurity Technical Committee), including its organization structure, standardization activities, and achievements in recent months. Furthermore, the speakers elaborated on three ongoing standards that will support the Cybersecurity Law.
After the presentations, the participants discussed the influences that the Cybersecurity Law and relevant standards will exert on their business, and made in-deep communication with each other. The platform provided them an opportunity to exchange the up-to-date information obtained, which deepened their understandings on the everchanging system, so that they could take measures to lower the risks in the future.
For more information, please click here
(Please be noted that the follwing information is only available in Chinese)