quick guide for measures for cloud computing services ... · security capability requirements of...
TRANSCRIPT
Main reference standards
of the assessment adipiscing
Security capability requirements of cloud
computing services (GB/T 31168-2014)
Security guide of cloud computing
services (GB/T 31167-2014)
Tips
Security Capability Requirements of Cloud Computing Services
impose several requirements for system development and supply
chain security, system and communication protection, access
control, configuration management, maintenance, emergency
response and disaster recovery, audit, risk assessment and
continuous monitoring, security organization and personnel,
physical and environmental security.
Application of the assessment
Date of the application for assessment
From September 1, 2019
Application materials
A completed application form
A report on the business
continuity and security of the
service supply chain
A report on the possibility and
ease of transferring customers’
data
A security plan of the cloud
computing service system
Tips
The format of the application materials can be
downloaded from http://www.cac.gov.cn.
Some cloud computing service platforms have already Some cloud computing service platforms have already
passed the cyber security review by party and
government organizations. These platforms are
regarded as having passed the cloud computing
service security assessment, so they do not need to
apply again.
Assessment process
Application
Acceptance
Assessment by professional
technical organizations
Comprehensive evaluation by
expert groups for cloud
computing service security
Review by cloud computing
services security assessment
coordination mechanism
Approval by Cyberspace
Administration of China (CAC)
Release of assessment
results
Continuous
Monitoring
The results of the assessment will be
released on http://www.cac.gov.cn
by Cybersecurity Coordination
Bureau of Cyberspace
Administration of China.
The results are valid for 3 years.
How to protect trade secrets and intellectual property rights
of cloud service providers during the security assessment?
In the process of the security assessment, the organizations and
people involved undertake confidentiality obligations to not
disclose confidential materials submitted by the cloud service
providers and those obtained from the security assessment.
A cloud platform management
operator can report to CAC or relevant
departments if it finds that the relevant
institutions and personnel fail to
assume the confidentiality obligation.
How to get more information about cloud computing
service security assessment?
Send your questions [email protected]
Call 010-55635861
Measures for Cloud Computing Services
Security Assessment
Quick Guide for
Editor: CHEN WuyangEnglish Translation by SESEC Designer: LIU Xiaolong
Scan the QR code
to follow the Wechat Official Account of CAC
Cyberspace Administration of China