TC260 Seeks Comments on Guide of Implementation for Information Security Risk Assessment and Other Standards

Recently, the National Technical Committee 260 on Cybersecurity of the Standardization Administration of China (TC260) has released five draft documents for public consultation, including the Cybersecurity Technology—Guide of Implementation for Information Security Risk Assessment (Draft for Comment) (the "Draft") and the Cybersecurity Technology—Guidelines for Categorization and Classification of Cybersecurity Vulnerability (Draft for Comment). The deadline for submitting comments is June 29, 2026.

The Draft sets out the requirements for four stages of information security risk assessment implementation: assessment preparation, risk identification, risk analysis, and risk evaluation. It applies to information security risk assessment activities conducted by various organizations that do not involve State secrets. Compared with the previous version, in addition to structural adjustments and editorial revisions, the Draft mainly introduces technical changes such as deleting the "principle of standardization," removing provisions on "forms of risk assessment" and "risk assessment throughout the lifecycle of information systems," and revising the implementation procedures for risk assessment, among other changes.



(Source: https://www.tc260.org.cn/portal/suggestion-detail/0965be07eef8468b8db986400d5732c0

https://www.tc260.org.cn/portal/suggestion-detail/2d8a76cfb58444eaaabe83dff3bf209c

https://www.tc260.org.cn/portal/suggestion-detail/5a2572fcd24f419490411d43dc3c3393

https://www.tc260.org.cn/portal/suggestion-detail/99a402622994421c97ac07fa11d21342

https://www.tc260.org.cn/portal/suggestion-detail/cc50c191c3c9490084cfce37616afb2b)

Note: The link to the Chinese official website of the document is for your reference.