Implemented on July 2, 2018, CCIS (China Certification of Information Security) is a certification that applies to information security products for the Chinese government procurement market. It is compulsory for government procurement, and voluntary in all other cases. However, with growing connectivity and cybersecurity concerns, many state-owned enterprises have also elected to use CCIS. The relevant regulation is CNCA-CCIS-2018 for Network (Cyber) Critical Equipment and Cybersecurity-Specific Products, which is implemented by the General Administration of Quality Supervision, Inspection and Quarantine of the PRC (AQSIQ) and the Certification and Accreditation Administration of the PRC (CNCA). Consisting of a certificate and a product marking requirement, the certification scheme is processed and administered by the China Information Security Certification Center (ISCCC). The scope covers 8 broad categories containing a total of 13 specific product types. Of these types, 6 are subject to cryptography certification - cipher test certification, conducted by the Office of the State Commercial Cryptography Administration (OSCCA). Please note that other certifications such as Network Access License (NAL) and/or Radio Type Approval (SRRC) may apply to a product in addition to CCIS; in this regard, CCIS is equivalent to CCC certification.
Regulator:
General Administration of Quality Supervision, Inspection and Quarantine of the PRC (AQSIQ) and Certification and Accreditation Administration of the PRC (CNCA)
Implementing Authority:
China Information Security Certification Center (ISCCC)
Certification Process:
Product Scope:
The list below is provided for convenience and not meant to be exhaustive. For further details, please consult:
http://www.isccc.gov.cn/zxyw/cprz/cprzzscx/index.shtml
Critical Network Equipment:
Router, Switch, Sever Rack, PLC (Programmable Logic Controller) equipment
Network Security Products:
Data Backup All-in-one Machine, Firewall (Hardware), WEB Application Firewall (WAF), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Security Isolation and Information Prevention Product (GAP), Anti-spam Product, Network Comprehensive Auditing System, Network Vulnerability Scanning Product, Secure Database System, Network Recovery Product
Document Requirements:
1. (1) 认证申请书;Application form
(2) 认证委托人声明;POA (Power of attorney) authorized applicant
(3) 相关法律地位证明材料(复印件);Relevant legal status documentation (copy)
(4) 质量体系方面有关的文件。Quality management system documentation
2. Technical specifications and supporting documents
3. Manufacturer-related instructions
(1) Chinese manual
(2) Applicability of certification standards
(3) List of main product development technical personnel
(4) List of product testing personnel
(5) List of main testing equipment
(6) Chinese nameplate and warning markings
Marking Requirement:
Sample Certificate:
