On September 21, 2023, the National Information Security Standardization Technical Committee issued a public call for comments on the national standard "Technical Requirements for the Security of Network Critical Equipment - Programmable Logic Controllers (PLCs)." The deadline for comments is November 20, 2023.

This standard specifies the security requirements and security provisions for programmable logic controllers (PLCs) included in network critical equipment. It covers security functional requirements and security assurance requirements in areas such as device identification security, redundancy, backup, recovery, and anomaly detection, prevention of vulnerabilities and malicious programs, secure pre-installed software boot and updates, user identity and authentication, access control security, log auditing security, communication security, and data security.

In the future, this standard is highly likely to be used to support the relevant access requirements of Article 23 of the " Cybersecurity Law of People's Republic of China." Importantly, this standard was developed without reference to any international standards, making it worthy of close attention by overseas PLC manufacturers. If you need text translation, please contact BESTAO, info@bestao-consulting.com .

See：SAC TC 260 - National Standard "Technical Requirements for Security of Network Critical Equipment - Programmable Logic Controllers (PLCs)" (Draft for Comments) - SEP 2023 (bestao-consulting.com) for more information.