On 10 August 2020 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Method for Evaluating the Security Protection Capabilities of Critical Information Infrastructure (Draft for Comment) for public comment.(1) The consultation period ended on 9 October 2020.
According to the draft method, the evaluation of the security protection capabilities of critical information infrastructure (CII) will focus on three areas:
- capability domain level;
- graded protection; and
- cryptography.
Before evaluating the security protection capabilities of CII, the CII should first pass the corresponding graded protection evaluation and related cryptography evaluation. The organisation should then:
- carry out the evaluation according to the evaluation content and operation method;
- issue the judgment result and grade for each evaluation index;
- obtain each capability domain level; and
- obtain the security protection capability level of the CII based on the evaluation results of the capability domain level and graded protection evaluation.
Endnotes
(1) Further information is available here.