Follow us on
Member Login
sign out
[Cybersecurity] - JUL 12, 2021, Three Chinese Ministries Manage Cybersecurity Vulnerabilities
Uploading Date: 2021-08-12 11:47:41


On July 12, 2021, the Ministry of Industry and Information Technology (MIIT), the Cyberspace Administration of China (CAC), and the Ministry of Public Security (MPS) issued the Administrative Measures of Networking Product Security Vulnerability, effective since September 1, 2021.


The Administrative Measures are developed to regulate the discovery, reporting, patching, and disclosure of security vulnerabilities among network products. The details of the Measures are as follows:


1. Scope of Application:

    A) All networking product providers and network operators in China;

    B) Organizations or individuals engaged in activities concerning networking product security vulnerability;


2. Main content:

    A) Networking product providers and network operators should establish platforms for collecting security vulnerability information and report the platforms to MIIT for record.

    B) Once security vulnerability is discovered and verified, the providers or operators shall submit relevant information to MIIT Network Security Threat Information Sharing Platform within 2 days.

    C) Network operators shall immediately verify and patch vulnerabilities once they are discovered.

    D) 8 specific requirements on the disclosure of the vulnerabilities are stipulated, together with relevant penalties if providers and operators fail to meet such requirements.

    E) During significant national events, providers and operators are not allowed to disclose security vulnerability to the public without the permission of the Ministry of Public Security.

    F) Security vulnerabilities, which haven’t been made to public, should not be disclosed to any overseas organizations or individuals.


With higher supervision requirements on networking product security vulnerability management, the Administrative Measures complements existing cybersecurity laws and regulations in China. Foreign providers and operators need to pay more attention to the information storage and system reporting of security vulnerabilities.


For more information on the topic, or the English version of the Administrative Measures, please contact:

assistant@bestao-consulting.com


Follow us on:
Email: