cancel
Clear records
history record
Clear records
history record
In order to safeguard national security, public interests, the legitimate rights and interests of citizens, legal persons, and other organizations in cyberspace, and to protect the security of personal information and important data, the CAC, together with relevant departments, conducted research and drafting of the "Measures for Data Security Management (Draft for Comments)" based on the "Cybersecurity Law of the People's Republic of China" and other laws and regulations.
On June 12, 2019, the CAC issued the "Methods for the Security Assessment of Personal Information Exiting the Country (Draft for Comments)."
The draft was formulated by the CAC in conjunction with relevant departments to safeguard personal information security, maintain cyberspace sovereignty, national security, and public interests, and protect the legitimate rights and interests of citizens and legal persons. It was based on the "Cybersecurity Law of the People's Republic of China" and other laws and regulations.
On June 18, 2019, the Ministry of Industry and Information Technology (MIIT) issued the "Regulations on the Management of Network Security Vulnerabilities (Draft for Comments)."
The MIIT, in conjunction with relevant departments, drafted the regulations to implement the "Cybersecurity Law of the People's Republic of China" and strengthen the management of network security vulnerabilities.
On July 22, 2019, four departments jointly issued the "Methods for the Security Assessment of Cloud Computing Services."
To improve the security and controllability of cloud computing services procured and used by Party and government agencies and operators of critical information infrastructure, the CAC, the National Development and Reform Commission, the MIIT, and the Ministry of Finance formulated the methods.
On August 23, 2019, the CAC issued the "Regulations on the Protection of Children's Personal Information on the Internet."
In order to protect the security of children's personal information and promote their healthy growth, the regulations were formulated based on the "Cybersecurity Law of the People's Republic of China" and the "Law on the Protection of Minors of the People's Republic of China" and were approved during the meeting of the CAC office. They came into effect on October 1, 2019.
On August 28, 2019, ten departments jointly issued the "Guiding Opinions on Strengthening the Security of Industrial Internet."
To accelerate the construction of a security assurance system for the industrial internet, enhance its security capabilities, promote high-quality development of the industrial internet, and support the implementation of the strategies for building a manufacturing power and a cyber power, the guiding opinions were released.
On October 26, 2019, the "Password Law of the People's Republic of China" was officially passed and came into effect on January 1, 2020.
As a comprehensive and fundamental law in the field of passwords in China, this law effectively regulates the application and management of passwords, promotes the development of the password industry, safeguards network and information security, and enhances the scientific, standardized, and legal level of password management. The promulgation of the "Password Law" has positive implications for accelerating the scientific development of China's password industry:
Strengthening the absolute leadership of the Party in password work, ensuring that the Party's propositions become the will of the state through legislative procedures.
Establishing a foundation for comprehensive legal management and promoting the legal construction of password work.
Effectively safeguarding national network and information security, and preventing and combating illegal activities related to passwords.
Standardizing the market order for passwords, emphasizing both development and security, and providing legal protection for the scientific development of China's password industry.
On November 20, 2019, the CAC issued the "Management Measures for the Release of Network Security Threat Information (Draft for Comments)."
To standardize the release of network security threat information, effectively respond to network security threats and risks, and ensure the security of network operations, the draft measures were formulated by the CAC in conjunction with the Ministry of Public Security and other relevant departments, based on the "Cybersecurity Law of the People's Republic of China" and other related laws and regulations.
On November 29, 2019, three departments jointly issued the "Regulations on the Management of Internet Audiovisual Information Services."
To promote the healthy and orderly development of internet audiovisual information services, protect the legitimate rights and interests of citizens, legal persons, and other organizations, and safeguard national security and public interests, the CAC, the Ministry of Culture and Tourism, and the National Radio and Television Administration formulated the regulations.
On December 17, 2019, the MIIT issued the "Guidelines for the Classification and Grading of Industrial Internet Enterprise Network Security (Trial) (Draft for Comments)."
To implement the "Guiding Opinions on Strengthening the Security of Industrial Internet" and promote the implementation of security responsibilities in the industrial internet, the guidelines were drafted by the MIIT to classify and grade the network security of industrial internet enterprises and enhance their security capabilities. The guidelines were open for public comments.
On December 20, 2019, the CAC issued the "Regulations on the Governance of Internet Information Content Ecology," which came into effect on March 1, 2020.
To create a sound internet ecosystem, protect the legitimate rights and interests of citizens, legal persons, and other organizations, and safeguard national security and public interests, the regulations were approved during the meeting of the CAC office. They were based on the "National Security Law of the People's Republic of China," the "Cybersecurity Law of the People's Republic of China," and the "Administrative Measures for Internet Information Services."
On December 30, 2019, four departments jointly issued the "Methods for Determining Illegal Collection and Use of Personal Information by Apps."
In accordance with the "Announcement on the Special Governance of Illegal Collection and Use of Personal Information by Apps," and to determine the illegal collection and use of personal information by apps, the CAC, the MIIT, the Ministry of Public Security, and the State Administration for Market Regulation jointly formulated the methods. These methods were implemented based on the "Cybersecurity Law" and other relevant laws and regulations.
"Provisions on the Governance of Internet Information Content Ecology"
"GB/T 25058-2019 Guidelines for the Implementation of Network Security Grade Protection"
"GB/T 20272-2019 Technical Requirements for Operating System Security"
"GB/T 37962-2019 General Evaluation Criteria for Information Security of Industrial Control System Products"
"GB/T 21050-2019 Technical Requirements for Network Switch Security"
"GB/T 20009-2019 Guidelines for the Security Assessment of Database Management Systems"
"GB/T 18018-2019 Technical Requirements for Router Security"
"GB/T 20979-2019 Technical Requirements for Iris Recognition Systems"
"GB/T 37971-2019 Framework for Security Systems in Smart Cities"
"GB/T 37973-2019 Guidelines for Big Data Security Management"
"GB/T 20273-2019 Technical Requirements for Database Management System Security"
"GB/T 37980-2019 Guidelines for Security Inspection of Industrial Control Systems"
"GB/T 37931-2019 Technical Requirements and Test Evaluation Methods for Web Application Security Testing Systems"
"GB/T 37934-2019 Technical Requirements for Industrial Control Network Security Isolation and Information Exchange Systems"
"GB/T 37932-2019 Security Requirements for Data Transaction Services"
"GB/T 37933-2019 Information Security Technology - Technical Requirements for Industrial Control System-Specific Firewalls"
"GB/T 37988-2019 Information Security Technology - Data Security Capability Maturity Model"
"GB/T 37972-2019 Regulatory Framework for Cloud Computing Service Operation and Supervision"
"GB/T 37935-2019 Trusted Computing Specification - Trusted Software Basics"
"GB/T 37941-2019 Technical Requirements for Industrial Control System Network Audit Products"
"GB/T 37939-2019 Technical Requirements for Network Storage Security"
"GB/T 37964-2019 Guidelines for De-identification of Personal Information"
"GB/T 37950-2019 Technical Requirements for Desktop Cloud Security"
"GB/T 37954-2019 Technical Requirements and Test Evaluation Methods for Industrial Control System Vulnerability Detection Products"
"GB/T 37952-2019 Technical Requirements for Mobile Terminal Security Management Platforms"
"GB/T 37953-2019 Technical Requirements and Test Evaluation Methods for Industrial Control Network Monitoring Security"
"GB/T 37955-2019 Technical Requirements for Numerical Control Network Security"
"GB/T 37956-2019 Technical Requirements for Website Security Cloud Protection Platforms"
Additionally, laws and regulations such as the Personal Information Protection Law and Data Security Law are currently being drafted and are expected to be enacted in the near future, further enhancing China's regulatory framework for network and information security.
Related News