Information Security Technology - Security Capability Requirements of Cloud Computing Services & Security Guide of Cloud Computing Services (China)

Name of the programme: Information Security Technology - Security Capability Requirements of Cloud Computing Services; 2. Information Security Technology - Security Guide of Cloud Computing Services

Governing of the standard: China's National Information Security Standards Technical Committee (TC260).

Accreditation Body/Bodies: TC260

Scope: Cloud security

Cloud-relevance: Security guides and security requirements for the cloud

Type of certifiable organisation: Cloud computing services

Type of trust models applicable: Third party

Is the certification proprietary or open: Open

Programme, status (operational, in development): In development

The Chinese cloud security national standard is currently under development with the first round of public comments. Developed by TC260, the standardization group in charge of security standards development, there are 2 standards in total:

  • Information Security Technology - Security Capability Requirements of Cloud Computing Services.
  • Information Security Technology - Security Guide of Cloud Computing Services.

The standard sets guidelines for data retention, data sovereignty, identity management, cloud service provider size and operational experience, and business dealings between cloud service providers and government customers. Initial drafts were completed without formal industry participation, as foreign companies are restricted from becoming voting members of TC260.