China: State Administration for Market Regulation adopted National Standard on Information Security Technology Cloud Computing Service Security Capability Assessment Method

On 1 August 2025, the State Administration for Market Regulation adopted the National Standard on Information Security Technology Cloud Computing Service Security Capability Assessment Method, having been drawn up by the National Network Security Standardization Technical Committee (TC260). The standard specifies the security capabilities required for cloud service providers. The standard categorises security capability requirements into general, enhanced, and advanced levels, with the latter two serving as supplements and reinforcements to the lower-level requirements. This document also provides assessment methods and is intended to guide third-party assessment organisations in conducting security assessments. It can also serve as a reference for cloud service providers conducting self-assessments.