Citation[]
Ministry of Public Security, Administrative Measures for the Graded Protection of Information Security (信息安全等级保护管理办法) (2007).
Overview[]
This document designates various grades of information systems and stipulate mandatory security measures applicable to each grade. Among other things, the Measures require that, for certain types of information systems, the developer or manufacturer of the information security products to be used in the systems must be incorporated in China as an independent legal person, and must be invested in or controlled by Chinese citizens, Chinese legal persons or the state; and the "core technology" and "critical components" of the information security products to be used in the systems are required to have "locally owned, independent" intellectual property rights.