On 10 August 2020 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Method for Evaluating the Security Protection Capabilities of Critical Information Infrastructure (Draft for Comment) for public comment.(1) The consultation period ended on 9 October 2020.

According to the draft method, the evaluation of the security protection capabilities of critical information infrastructure (CII) will focus on three areas:

  • capability domain level;
  • graded protection; and
  • cryptography.

Before evaluating the security protection capabilities of CII, the CII should first pass the corresponding graded protection evaluation and related cryptography evaluation. The organisation should then:

  • carry out the evaluation according to the evaluation content and operation method;
  • issue the judgment result and grade for each evaluation index;
  • obtain each capability domain level; and
  • obtain the security protection capability level of the CII based on the evaluation results of the capability domain level and graded protection evaluation.

Endnotes

(1) Further information is available here.