On June 9, 2017, the Cyberspace Administration of China (CAC), jointly with Ministry of Industries and Information, Ministry of Public Security, and the Certification and Accreditation Administration of China, published the Announcement on the Catalogue of Network Critical Equipment and Network Security Products (First Batch) (Catalogue), identifying certain network products that are subject to mandatory testing or accreditation by independent qualified third parties as required by Article 23 of the Cybersecurity Law of China.
The Catalogue covers 15 products, including routers, switch, servers, programmable logic controllers, data backup machine, firewall (hardware), web application firewall, intrusion detection system, air gap, anti-spam products, network comprehensive audit system, network vulnerability scanners, database security system, and website recovery products (hardware). Products falling in these categories will be captured by the Catalogue only if certain specification thresholds are further met. It is also noted some of the products on the list have already been subject to pre-existing certification requirements. The Catalogue is the first one for such purpose and will be followed by similar ones in the future.