On February 7, 2024, the National Information Security Standardization Technical Committee (NISSTC) released a national standard "Information Security Technology — the Assessment Method for Security Capability of Cloud Computing Service (Draft for Comment)" (the "Draft") for public comments until April 4, 2024.

The Draft outlines the security capabilities that cloud service providers should possess to ensure the security of customer information and business in the cloud computing environment. The standard classifies the security capability requirements for cloud computing services into general, enhanced, and advanced categories, with enhanced and advanced requirements serving as supplements and reinforcements to the lower-level ones. Depending on the information sensitivity and business importance on the cloud computing platform, cloud service providers should possess corresponding security capabilities. In comparison to the previous version, the key technical changes in the Draft include: firstly, modifications to the scope of application of this standard; secondly, the addition of comprehensive assessments; thirdly, changes to the specific assessment methods outlined in Chapter VI to Chapter VIII; fourthly, the addition of data protection assessment methods; and fifthly, modifications to the specific assessment methods outlined in Chapter X to Chapter XVI. 

(Source: National Information Security Standardization Technical Committee)