China: National Cybersecurity Standardisation Technical Committee closes consultation on draft national standard on technical requirements for network security technology and network storage security

On 12 September 2025, the Secretariat of the National Cybersecurity Standardisation Technical Committee (TC260) closes the public consultation on the draft national standard on technical requirements for network security technology and network storage security. It applies to providers and operators of block, file, object, and big data storage services. The draft adds new obligations on resource isolation, access control, auditing, communication security, supporting system protection, product upgrades, and user information protection. It also introduces residual information protection, default account and password management, a longer minimum password length of eight characters, weak password prevention, physical isolation, and supply chain security assurance. It also includes new methods for security functional testing and assurance evaluation.