TC260 Released 7 Information Security Standards for Public Comment

On December 20, TC260 published 7 national cybersecurity standards for public comments, with a deadline of February 2, 2017.
 
The information security technology standards include:
 

• Security Capability Requirements for Big Data
• Personal Information Security Specification
• Testing and Evaluation Requirements for Industrial Control System Vulnerability Detection
• Testing and Evaluation Requirements for Industrial Control Network Monitoring
• Testing and Evaluation Methods for the Security of Hardcopy Devices
• Implementation Guide for Cybersecurity Classified Protection
• Guide for Security Risk Assessment of Industrial Control Systems

 
The new batch of standards includes the "long-awaited" Personal Information Security Specifications, which has tremendous implications for business as it includes rules and requirements on collection, storage, use and transfer (including cross border flow) of data.
 
The Implementation Guide for Cybersecurity Classified Protection, which references MLPS standards, requires users/organizations to evaluate their level of classified protection, plan and design their system based on national MLPS standards, and use IT products that meet MLPS requirements. Furthermore, the standard will have 3rd party testing and certification organizations perform the evaluation. It also requires any supplier of IT products to undergo testing to make sure their products meet all MLPS requirements.