China Information Security (CCIS) Certification Service
Starting in the fall of 2015, the Chinese government began to allow foreign manufacturers to apply for CCIS Certification. China Certification of Information Security, or CCIS, is the information security equivalent of China Compulsory Certification (CCC). It is required for information security products to be procured by the Chinese government, and in the near future is expected to be mandatory for some categories of commercially available products.
The CCIS certification is administered by China Information Security Certification Center (ISCCC). There are currently eight product categories within CCIS:
- Border security, including firewalls, network security separated cards and line selectors, and security isolation and information exchange products
- Communication security, such as secure routers
- Authentication and access control, such as smart card chip operating systems
- Data security, including data backup and recovery products, secure operating systems, and secure database systems
- Content security, such as anti-spam products
- Valuation, audit, and control, including intrusion detection systems, network vulnerability scanning products, and security audit products
- Application security, such as website recovery products
Obtaining China Certification of Information Security is a multi-step process, including an application, type testing, factory inspection, product marking, and follow-up inspections after certification.
The CCIS mark is based on type testing to Chinese national standards, which outline the technical requirements. The mark diagram is as follows: