The National Information Security Standardization Technical Committee ("NISSTC") has recently released the Requirements on National Standards Concerning Key Network Equipment and Dedicated Cybersecurity Products (Second Draft for Comment) (the "Draft for Comment") to seek public comments for the second time by September 11, 2019.
Major amendments proposed by the Draft for Comment include: 1. adjusting the contents of the standard in relation to programmable logic controllers (PLC) by adding articles setting out requirements for safety of PLC devices themselves from the Standard GB/T 33008.1-2016, and changing the standard to be "Annex A Capability Level CL3: Requirements for Hierarchy I"; and 2. removing requirements relating to server labels (as laid out in Article 5.3.1.1.1 of the Standard GB/T 21028—2007 and in Article 6.1.1 of the Standard GB/T 25063—2010) and those relating to limits on data flow for security databases (as laid out in Article 5.3.1.5 of the Standard GB/T 20273—2006).