On 3 July, CAC, MIIT, MPS, and CNCA jointly released the 2023 edition of the Catalogue of Critical Network Equipment and Specialized Cybersecurity Products (hereinafter referred to as the “Catalogue”). The 2023 Catalogue designates 38 network products subject to mandatory Critical Network Equipment and Specialized Cybersecurity Products Certification (hereinafter referred to as the “CNESCP certification”).
The first edition of the Catalogue was r
eleased in 2017, with the aim of supporting the implementation of Article 23 of the Cybersecurity Law, which stipulates that critical network equipment and specialized cybersecurity products shall be certified, or meet the requirements of security inspection prior to being sold or provided to the Chinese market.The 2017 edition of Catalogue identified 4 critical network equipment and 11 specialized cybersecurity products subject to CNESCP certification; minimum technical parameters for compliance were specified. The 2023 edition of the Catalogue, instead, removes the minimum technical parameters of the specialized cybersecurity products, and at the same time adds 20 new specialized cybersecurity products. Consequently, the 2023 Catalogue now contains 4 critical network equipment and 34 specialized cybersecurity products. The full list is provided below:
No. | Categories of Equipment /Products | Product Scope or Description | |
1 | Critical Network Equipment | Routers | Throughput of the Whole System (Bi-direction) ≥ 12 Tbps; Routing Table Capacity of the Whole System ≥ 550,000 pieces |
2 | Switches | Throughput of the Whole System ≥ 30 Tbps; Packet Forwarding Rate of the Whole System ≥ 10 Gbps | |
3 | Servers (Rack) | Number of CPUs ≥ 8; Number of Cores of a Single CPU ≥ 14; Memory Capacity ≥ 256GB | |
4 | Programmable Logic Controllers (PLC Equipment) | Controller Instruction Execution Time ≤ 0.08 ms | |
5 | Specialised Cybersecurity Products | Data Backup and Recovery Products | Products that can back up and restore the data of an information system and manage the backup and recovery process. |
6 | Firewalls | Products that analyze data flow and implement access control and security protection functions. | |
7 | Intrusion Detection Systems (IDS) | Products that use network packets as data source, and monitor and analyze all packets of protected network nodes to find abnormal behaviors. | |
8 | Intrusion Prevention Systems (IPS) | Products that are deployed on a network in the form of a bridge or gateway, detect network behaviors with intrusion characteristics by analyzing network traffic, and intercept them before they pass into the protected network. | |
9 | Network and Terminal Isolation Products | Products that establish security control points and provide controllable access services between different network terminals and network security domains. | |
10 | Anti-spam Products | Software or combinations of software and hardware that can identify and process spams, including but not limited to anti-spam gateways, anti-spam email systems, anti-spam software installed on mail servers, and anti-spam products integrated with mail servers. | |
11 | Network Security Auditing Products | Products that collect recorded and activity data of networks, information systems, and their components, and store and analyze such data for incident traceability and detection of security violations or anomalies. | |
12 | Network Vulnerability Scanning Products | Software, or a combination of software and hardware, that detect possible security weaknesses in a target network system by the means of scanning. | |
13 | Secure Database Systems | Database systems that follow a complete set of system security policies from all stages of system design, implementation, use and management, with the aim to ensure data security at the database level. | |
14 | Website Data Recovery Products | Products that provide website data monitoring, anti-tampering, and realize data backup and recovery and other security functions. | |
15 | Virtual Private Network products | Products that establish dedicated secure transmission channels on a public communication network such as Internet. | |
16 | Anti-virus Gateway | Products that are deployed between networks, analyze the communication between the network layers and the application layers, and protect against viruses on the network based on predefined filtering rules and protection policies. | |
17 | Unified Threat Management Products (UTM) | Gateway devices or systems that adopt a unified security policy and integrate multiple security functions to comprehensively defend against security threats to networks and application systems. | |
18 | Virus Control Products | Products that are used to detect or prevent the spread of malicious code as well as the tampering, theft and destruction of the applications of host operating system and user files. | |
19 | Secure Operating System | Operating systems that follow a complete set of security policies covering system design, implementation, and use, with the purpose of ensuring system security at the operating system level. | |
20 | Secure Network Storage | Dedicated storage devices connected to a server over a network based on different protocols. | |
21 | Public Key Infrastructure | An infrastructure that supports public key management and provides authentication, encryption, integrity, and non-repudiation services. | |
22 | Cybersecurity Situation Awareness Products | Products that collect network traffic, asset information, logs, vulnerability information, alarm information, threat information and other data, analyze and process network behaviors, user behaviors, and other factors, grasp network security state, predict network security trend, and conduct display, monitoring, and early warning. | |
23 | Secure Management Platforms of Information System | Platforms that implement unified management of the security policy of information system as well as the security mechanisms in the secure computing environment, security area boundary and secure communication network that execute the policy. | |
24 | Network Flow Control Products | Traffic management systems that monitor data flow and control bandwidth on the network in security domains. | |
25 | Load Balancing Products | Products that provide functions of link load balancing, server load balancing, network traffic optimization, intelligent processing, etc. | |
26 | Information Filtering Products | Products that screen and control text, pictures and other network information. | |
27 | Denial-of-Service Attacks Resistance Products | Products used to identify and intercept denial of service attacks and ensure system availability. | |
28 | Terminal Access Control Products | Products that provide access control function for terminals accessing network | |
29 | USB Mobile Storage Media Management Systems | Products that implement management measures like identity authentication, access control, and audit, etc., to a mobile storage device, so as to realize trusted access between the mobile storage device and the host device. | |
30 | File Encryption Products | Products used to prevent attackers from stealing data stored in files and other forms, to ensure the security of stored data. | |
31 | Data Breach Prevention Products | Products that conduct control and audit for the main output channels of sensitive information in security domains to prevent unauthorized disclosure of sensitive information in the security domains. | |
32 | Data Destruction Software Products | Products that use information technology to eliminate logic underlying data to completely destroy the data carried by a storage media | |
33 | Security Configuration Check Products | Products that realize security configuration and compliance analysis for assets based on security configuration requirements, and generate security configuration suggestions and compliance reports. | |
34 | Operation and Maintenance Security Management Products | Products that implement single sign-on, centralized authorization, centralized management, and audit during the maintenance of important assets of information system | |
35 | Log Analysis Product | Security products that collect log data from information systems, while storing and analyzing data centrally. | |
36 | Identity Authentication Product | Products that require users to provide identification information based on electronic information or biological information, and confirm the identity of the users. | |
37 | Terminal Security Monitoring Products | Products that monitor and control the security of a terminal, detect and block unauthorized use of the system and network resources | |
38 | Electronic Document Security Management Products | Products that produce secure electronic documents or convert electronic documents to secure electronic documents, and manage, monitor, audit them in a unified manner. |