The National Information Security Standardization Technical Committee ("NISSTC") has recently issued the Requirements on National Standards Concerning Key Network Equipment and Exclusive Products for Cybersecurity (Draft for Comment) (the "Draft for Comment") for public consultation by June 5, 2019.
The Draft for Comment outlines the standards applicable to safety certification inspections over 15 types of key network equipment and exclusive products for cybersecurity, including routers, switches, rack-mounted servers, and programmable logic controllers (PLC outfit), and designates 16 third-party agencies that will undertake certification inspections. Among others, the Draft for Comment notes that routers should be able to execute the discretionary access control strategies, and by means of the administrator's attribute list, impose control over different administrators' access and alteration to routers' setup data and other data and over the execution of programs on the routers, in order to prevent unauthorized personnel from the aforesaid operations. In addition, the Draft for Comment requires that a router shall provide the data integrity function and the audit function.