TC260 Issues Data Security Capability Maturity Model for Industrial Enterprises

Recently, the National Technical Committee 260 on Cybersecurity of the Standardization Administration of China (TC260) has issued the Practical Guide to Cybersecurity Standards — Data Security Capability Maturity Model for Industrial Enterprises (the "Guide").

The Guide puts forward a data security capability maturity model for industrial enterprises (ISMM). Drawing on the general model proposed by the International Electrotechnical Commission (IEC) for industrial enterprises, the Guide establishes a reference framework for typical data security risks in industrial enterprises. The framework covers five layers—L0 field device layer, L1 field control layer, L2 process monitoring layer, L3 production management layer, and L4 enterprise management layer—identifies 20 categories of common industrial enterprise data, analyzes major data flows in industrial enterprises, and outlines 11 categories of common data security risk issues, thereby providing a factual basis for the formulation of technical provisions. In addition, the Guide sets out maturity level requirements for data security across the lifecycle and for general security of industrial enterprise data, as well as methods for assessing capability maturity levels.



(Source: https://www.tc260.org.cn/portal/article/2/0604dc4de4e842cd92636c30c43aaa55)

Note: The link to the Chinese official website of the document is for your reference.