In China, network and information security have been getting rising
attention in these years, not only from the government and those large
enterprises, but also from whole society. More and more relevant
standards are issued, and internal control manuals are made and
executed in FSI (Financing, Securities and Insurance) and telecom
enterprises as well to strengthen their compliance management.
Since the beginning of 2006, 15 standards have been published in
security domain by the technical committee TC260, which is responsible for the information
security related standards under the government standardization
organization, the counterpart of NIST, USA.
Some of them cover the detailed management and technical requirements
for classify security protection, while some of them are updates of the
previous GB/T18336, which is the localized version of ISO15408 (CC).
Additionally, ISO17799:2000 has been adopted as GB/T19716-2005 in 2005.