​TC260 Drafts New Standard for China's Cloud Security Review Regime

Recently, TC260 has published the draft "Information Security Technology - Security Capability Evaluation Methods of Cloud Computing Services" for comments. The public comment period will end on August 11. This draft standard, complementary to the GB/T31168-2014 "Information Security Technology - Security Capability Requirements of Cloud Computing Services," aims to provide guidance for third-party agencies on how to conduct cloud service capability evaluation via interviews, inspections and testing.

Together with the GB/T 31167-2014 "Information Security Technology - Security Guide of Cloud Computing Services," the three standards cover guidelines for cloud service provider's size and operational experience, business dealings between cloud service providers and government customers, cloud computing services cybersecurity management and a range of other issues. The three standards have also been adopted as main references in the CAC's Cloud Computing Services Cybersecurity Review, which was announced on June 26, 2015 and targets services for Party and government departments.