Follow us on
Member Login
sign out
Critical Network Equipment and Specialized Cybersecurity Products List Updated in China - JUL 2023
#Certification#Compliance#Cybersecurity
Uploading Date: 2023-07-19 11:41:50

On 3 July, CAC, MIIT, MPS, and CNCA jointly released the 2023 edition of the Catalogue of Critical Network Equipment and Specialized Cybersecurity Products (hereinafter referred to as the “Catalogue”). The 2023 Catalogue designates 38 network products subject to mandatory Critical Network Equipment and Specialized Cybersecurity Products Certification (hereinafter referred to as the “CNESCP certification”).

The first edition of the Catalogue was r20230718 Network Equipment.jpgeleased in 2017, with the aim of supporting the implementation of Article 23 of the Cybersecurity Law, which stipulates that critical network equipment and specialized cybersecurity products shall be certified, or meet the requirements of security inspection prior to being sold or provided to the Chinese market.The 2017 edition of Catalogue identified 4 critical network equipment and 11 specialized cybersecurity products subject to CNESCP certification; minimum technical parameters for compliance were specified. The 2023 edition of the Catalogue, instead, removes the minimum technical parameters of the specialized cybersecurity products, and at the same time adds 20 new specialized cybersecurity products. Consequently, the 2023 Catalogue now contains 4 critical network equipment and 34 specialized cybersecurity products. The full list is provided below: 

No.


Categories of Equipment /Products

Product Scope or Description

1

Critical Network Equipment

Routers

Throughput of the Whole System (Bi-direction) ≥ 12 Tbps;

Routing Table Capacity of the Whole System ≥ 550,000 pieces

2

Switches

Throughput of the Whole System ≥ 30 Tbps;

Packet Forwarding Rate of the Whole System ≥ 10 Gbps

3

Servers (Rack)

Number of CPUs ≥ 8;

Number of Cores of a Single CPU ≥ 14;

Memory Capacity ≥ 256GB

4

Programmable Logic Controllers (PLC Equipment)

Controller Instruction Execution Time ≤ 0.08 ms

5

Specialised Cybersecurity Products

Data Backup and Recovery Products

Products that can back up and restore the data of an information   system and manage the backup and recovery process.

6

Firewalls

Products that analyze data flow and   implement access control and security protection functions.

7

Intrusion Detection Systems (IDS)

Products that use network packets as data source, and monitor and analyze all packets of protected network nodes to find abnormal behaviors.

8

Intrusion Prevention Systems (IPS)

Products that are deployed on a network in the form of a bridge or   gateway, detect network behaviors with intrusion characteristics by analyzing network traffic, and intercept them before they pass into the   protected network.

9

Network and Terminal Isolation Products

Products that establish security control points and provide   controllable access services between different network terminals and network   security domains.

10

Anti-spam Products

Software or combinations of software and hardware that can identify   and process spams, including but not limited to anti-spam gateways, anti-spam   email systems, anti-spam software installed on mail servers, and anti-spam   products integrated with mail servers.

11

Network Security Auditing Products

Products that collect recorded and activity data of networks,   information systems, and their components, and store and analyze such data for incident traceability and detection of security   violations or anomalies.

12

Network Vulnerability Scanning Products

Software, or a combination of software and hardware, that detect   possible security weaknesses in a target network system by the means of   scanning.

13

Secure Database Systems

Database systems that follow a complete set of system security   policies from all stages of system design, implementation, use and   management, with the aim to ensure data security at the database level.

14

Website Data Recovery Products

Products that provide website data monitoring, anti-tampering, and   realize data backup and recovery and other security functions.

15

Virtual Private Network products

Products that establish dedicated secure transmission channels on a   public communication network such as Internet.

16

Anti-virus Gateway

Products that are deployed between networks, analyze the communication between the   network layers and the application layers, and protect against viruses on the   network based on predefined filtering rules and protection policies.

17

Unified Threat Management Products (UTM)

Gateway devices or systems that   adopt a unified security policy and integrate multiple security functions to   comprehensively defend against security threats to networks and application   systems.

18

Virus Control Products

Products that are used to detect or prevent the spread of malicious   code as well as the tampering, theft and destruction of the applications of   host operating system and user files.

19

Secure Operating System

Operating systems that follow a complete set of security policies covering   system design, implementation, and use, with the purpose of ensuring system   security at the operating system level.

20

Secure Network Storage

Dedicated storage devices connected to a server over a network based   on different protocols.

21

Public Key Infrastructure

An infrastructure that supports   public key management and provides authentication, encryption, integrity, and   non-repudiation services.

22

Cybersecurity Situation Awareness Products

Products that collect network traffic, asset information, logs,   vulnerability information, alarm information, threat information and other   data, analyze and process   network behaviors, user behaviors, and other factors, grasp network security   state, predict network security trend, and conduct display, monitoring, and   early warning.

23

Secure Management Platforms of Information System

Platforms that implement unified management of the security policy of   information system as well as the security mechanisms in the secure computing   environment, security area boundary and secure communication network that   execute the policy.

24

Network Flow Control Products

Traffic management systems that monitor data flow and control   bandwidth on the network in security domains.

25

Load Balancing Products

Products that provide functions of link load balancing, server load   balancing, network traffic optimization, intelligent processing, etc.

26

Information Filtering Products

Products that screen and control text, pictures and other network   information.

27

Denial-of-Service Attacks Resistance Products

Products used to identify and intercept denial of service attacks and   ensure system availability.

28

Terminal Access Control Products

Products that provide access control function for terminals accessing   network

29

USB Mobile Storage Media Management Systems

Products that implement management measures like identity   authentication, access control, and audit, etc., to a mobile storage device,   so as to realize trusted access between the mobile storage device and the   host device.

30

File Encryption Products

Products used to prevent attackers from stealing data stored in files   and other forms, to ensure the security of stored data.

31

Data Breach Prevention Products

Products that conduct control and audit for the main output channels   of sensitive information in security domains to prevent unauthorized   disclosure of sensitive information in the security domains.

32

Data Destruction Software Products

Products that use   information technology to eliminate logic underlying data to completely   destroy the data carried by a storage media

33

Security Configuration Check Products

Products that realize security configuration and compliance analysis   for assets based on security configuration requirements, and generate   security configuration suggestions and compliance reports.

34

Operation and Maintenance Security Management Products

Products that implement single sign-on, centralized authorization,   centralized management, and audit during the maintenance of important assets   of information system

35

Log Analysis Product

Security products that collect log data from information systems, while storing and analyzing data centrally.

36

Identity Authentication Product

Products that require users to provide identification information   based on electronic information or biological information, and confirm the   identity of the users.

37

Terminal Security Monitoring Products

Products that monitor and control the security of a terminal, detect   and block unauthorized use of the system and network resources

38

Electronic Document Security Management Products

Products that produce secure electronic documents or convert   electronic documents to secure electronic documents, and manage, monitor,   audit them in a unified manner.

 




Follow us on:
Email: