China: Chinese National Network Security Standardization Technical Committee Secretariat closes consultation on national standard on network security technical authentication and authorisation focused on attribute-based access control model and management specification

On 26 October 2025, the Chinese National Network Security Standardisation Technical Committee Secretariat (TC260) closes the consultation on the national standard on network security technical authentication and authorisation, focused on the attribute-based access control model and management specification. The standard applies to organisations and cybersecurity product and service providers, and provides a reference for evaluators and regulators. The standard sets out obligations on attribute, policy, and engine management and requires natural language and digital policy expression with conflict resolution through metapolicies. The standard also mandates audits and maintenance of attribute-based access control engines, and introduces test methods for attributes, policies, and engines. It also outlines cryptographic safeguards for system integrity and confidentiality.