Method for evaluating security protection capabilities of critical information infrastructure
Newsletters
08 January 2021
On 10 August 2020 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Method for Evaluating the Security Protection Capabilities of Critical Information Infrastructure (Draft for Comment) for public comment.(1) The consultation period ended on 9 October 2020.
According to the draft method, the evaluation of the security protection capabilities of critical information infrastructure (CII) will focus on three areas:
- capability domain level;
- graded protection; and
- cryptography.
Before evaluating the security protection capabilities of CII, the CII should first pass the corresponding graded protection evaluation and related cryptography evaluation. The organisation should then:
- carry out the evaluation according to the evaluation content and operation method;
- issue the judgment result and grade for each evaluation index;
- obtain each capability domain level; and
- obtain the security protection capability level of the CII based on the evaluation results of the capability domain level and graded protection evaluation.
For further information on this topic please contact Samuel Yang or Hongyu Jiang at AnJie Law Firm by telephone (+86 10 8567 5988) or email (yanghongquan@anjielaw.com or jianghongyu@anjielaw.com). The AnJie Law Firm website can be accessed at www.anjielaw.com.
Endnotes
(1) Further information is available here.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.
Authors
