Information Security Technology - Security Capability Requirements of Cloud Computing Services & Security Guide of Cloud Computing Services (China)
Governing of the standard: China's National Information Security Standards Technical Committee (TC260).
Accreditation Body/Bodies: TC260
Scope: Cloud security
Cloud-relevance: Security guides and security requirements for the cloud
Type of certifiable organisation: Cloud computing services
Type of trust models applicable: Third party
Is the certification proprietary or open: Open
Programme, status (operational, in development): In development
The Chinese cloud security national standard is currently under development with the first round of public comments. Developed by TC260, the standardization group in charge of security standards development, there are 2 standards in total:
- Information Security Technology - Security Capability Requirements of Cloud Computing Services.
- Information Security Technology - Security Guide of Cloud Computing Services.
The standard sets guidelines for data retention, data sovereignty, identity management, cloud service provider size and operational experience, and business dealings between cloud service providers and government customers. Initial drafts were completed without formal industry participation, as foreign companies are restricted from becoming voting members of TC260.