China: Closed Consultation on National Standard on Information Security Technology Cloud Computing Service Security Capability Assessment Method

On 4 April 2024, the public consultation of the Secretariat of the National Network Security Standardization Technical Committee on the draft version of the National Standard on Information Security Technology Cloud Computing Service Security Capability Assessment Method ended. The standard specifies the security capabilities required for cloud service providers. The standard categorises security capability requirements into general, enhanced, and advanced levels, with the latter two serving as supplements and reinforcements to the lower-level requirements. This document also provides assessment methods and is intended to guide third-party assessment organisations in conducting security assessments. It can also serve as a reference for cloud service providers conducting self-assessments.