CNCA published the implementation rule of the certification of key network equipment and network security specific product on June 27^th,2018. Products fall under the “first product category of key network equipment and network security products”can apply for certification now.

The process is similar to the CCC certification: 

·       type test + initial factory inspection + follow up inspection.

·       Currently the only certification body is ISCCC (information security certification center). Applications need to be submitted to ISCCC to assign authorized test labs in China. 

·       Factory inspection is conducted by auditors from ISCCC and the inspection may be extended to R&D department if the factory site cannot prove conformance. 

·       The certificate is valid for 5 years.

Background

The CyberSecurity Law of the People's Republic of China has been implemented since June 1, 2017. It provides that "the network key equipment and network security products should be in accordance with the relevant national standards of mandatory requirements and should be certified or tested by qualified institutional before sell.

(Annex:  network key equipment and network security specific product catalog   June 1, 2017)

Product type

Scope

Key Network equipment

   a) Router 

         Entire system throughput capacity (two-way)≥12Tbps

         Entire system routing table capacity≥550,000 lines

   b) Switch

         Entire system throughput capacity (two-way)≥30Tbps

         Entire system packet forwarding rate≥10Gpps

    c) Server (Rack)

         CPU numbers≥8

         Single CPU core number≥14

         Memory capacity≥256GB

    d) Programmable Logic Controller (PLC)

        Controller instruction execution time≤0.08 ms

        Network security specific product

    e) Data backup integrated machine

         Backup capacity ≥20T

         Backup speed≥60MB/s

         Backup interval≤1 hour

     f) Firewall (hardware)

         Overall throughput capacity≥80Gbps

         Maximum number of concurrent connections≥3,000,000

         New connections per second≥250,000

     g) Web application firewall (WAF)

         Overall application throughput capacity≥6Gbps

         Maximum number of HTTP concurrent connections≥2,000,000

     h) Intrusion detection system(IDS)

          Full inspection speed≥15Gbps

          Maximum number of concurrent connections≥5,000,000

     i) Intrusion Prevention System (IPS)

          Full inspection speed≥20Gbps

          Maximum number of concurrent connections≥5,000,000

      j) Isolation and exchange of information security products (GAP)

          Throughput capacity≥1Gbps

          System delay≤5ms

k) Anti-Spam Product

    Connection processing rate(connection/second)>100

Average delay time<100ms

l) Network comprehensive audit system

     Capture rate≥5Gbps

     Record events capability≥50,000 lines/second

m) Network vulnerability scanning products 

      Maximum parallel IP scanning number≥60

n) Security database system

     TPC-E TPSE (tradable quantity per second) ≥4500

o) Website recover product

     Recover time≤2ms

     Maximum Site path≥10 levels

For more information, please contact assistant@bestao-consulting.com