On March 17, 2023, the State Administration for Market Regulation (SAMR) and the Standardization Administration of China (SAC) issued announcement on implementation of national standards.
Twelve national voluntary standards on security techniques of information technology will come to force on October 1, 2023, among which, seven are revision and five are newly drafted.
Further details of these standards are summarized as follows:
No. | Standard No. | Standard Name | Standard to be Replaced | Relation with International Standards |
1 | GB/T 15843.3-2023 | Information technology—Security techniques—Entity authentication—Part 3: Mechanisms using digital signature techniques | GB/T 15843.3-2016 | IDT ISO/IEC 9798-3:2019 |
2 | GB/T 17902.1-2023 | Information technology—Security techniques—Digital signatures with appendix—Part 1:General | GB/T 17902.1-1999 | IDT ISO/IEC 14888-1:2008 |
3 | GB/T 20274.1-2023 | Information security technology—Evaluation framework for information systems security assurance—Part 1:Introduction and general model | GB/T 20274.1-2006 | N/A |
4 | GB/T 21053-2023 | Information security techniques—Public key infrastructure—Security technology requirement for PKI system | GB/T 21053-2007 | N/A |
5 | GB/T 21054-2023 | Information security techniques—Public key infrastructure—Security testing assessment approaches for PKI system | GB/T 21054-2007 | N/A |
6 | GB/T 32922-2023 | Information security technology—Baseline and implementation guide of IPSec VPN securing access | GB/T 32922-2016 | N/A |
7 | GB/T 33134-2023 | Information security technology—Security requirement of public domain name service system | GB/T 33134-2016 | N/A |
8 | GB/T 42446-2023 | Information security technology—Basic requirements for competence of cybersecurity workforce | N/A | N/A |
9 | GB/T 42447-2023 | Information security technology—Data security guidelines for telecom field | N/A | N/A |
10 | GB/T 42453-2023 | Information security technology—General technical requirements for network security situation awareness | N/A | N/A |
11 | GB/T 42460-2023 | Information security technology—Guide for evaluating the effectiveness of personal information de-identification | N/A | N/A |
12 | GB/T 42461-2023 | Information security technology—Guidelines for cyber security service cost measurement | N/A | N/A |
These standards are under the scope of SAC/TC 260 (Information Security). Foreign stakeholders are suggested to further track if any of the standards will be cited or used in mandatory regulations or certification schemes on relevant products/solutions. Because once cited by mandatory regulation or certification, corresponding requirements will become mandatory for market access.