On 4 February 2024, the Secretariat of the National Network Security Standardization Technical Committee published a draft version of the National Standard on Information Security Technology Cloud Computing Service Security Capability Assessment Method and opened a consultation until 4 April 2024. The standard specifies the security capabilities required for cloud service providers. The standard categorises security capability requirements into general, enhanced, and advanced levels, with the latter two serving as supplements and reinforcements to the lower-level requirements. This document also provides assessment methods and is intended to guide third-party assessment organisations in conducting security assessments. It can also serve as a reference for cloud service providers conducting self-assessments.
Original source