On July 22, the State Internet Information Office (SIIO), the National Development and Reform Commission (NDRC), the Ministry of Industry and Information Technology (MIIT), and the Ministry of Finance (MOF) jointly released the Measures for Security Assessment of Cloud Computing Services. The four ministries jointly conducted the cloud computing service security assessment in order to improve the security and controllability of cloud computing services procured and used by party and government agencies and critical information infrastructure operators, as well as to reduce the network security risks brought about by procuring and using the cloud computing services, and to improve the confidence of party and government agencies and critical information infrastructure operators in shifting their business and data to cloud service platforms.

Cloud computing service security assessment are a security assessment targeted at cloud platforms that provide service to party and government agencies and critical information infrastructure operators, upon application by the cloud service provider. Different cloud platforms operated by the same cloud service provider must separately apply for the security assessment. The steps mainly include: declaration, acceptance, evaluation by professional technical institutes, comprehensive evaluation by the cloud computing service security assessment expert panel, deliberation regarding the coordinating mechanism for cloud computing service security assessment work, approval by the SIIO, publication of the assessment results, and continual supervision, etc.

Source: Ministry of Finance