HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (12 Oct 2025)

GB/T 31167-2023 English PDF

US$599.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 31167-2023: Information security technology - Security guidance for cloud computing services
Status: Valid

GB/T 31167: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 31167-2023English599 Add to Cart 5 days [Need to translate] Information security technology - Security guidance for cloud computing services Valid GB/T 31167-2023
GB/T 31167-2014English150 Add to Cart 0--9 seconds. Auto-delivery Information security technology -- Security guide of cloud computing services Obsolete GB/T 31167-2014

PDF similar to GB/T 31167-2023


Standard similar to GB/T 31167-2023

GB/T 31505   GB/T 31509   GB/T 19713   GB/T 31168   

Basic data

Standard ID GB/T 31167-2023 (GB/T31167-2023)
Description (Translated English) Information security technology - Security guidance for cloud computing services
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.030
Word Count Estimation 29,238
Date of Issue 2023-05-23
Date of Implementation 2023-12-01
Older Standard (superseded by this standard) GB/T 31167-2014
Issuing agency(ies) State Administration for Market Regulation, China National Standardization Administration

GB/T 31167-2023: Information security technology - Security guidance for cloud computing services

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030 CCSL80 National Standards of People's Republic of China Replacing GB/T 31167-2014 Information Security Technology Cloud Computing Service Security Guidelines Released on 2023-05-23 2023-12-01 implementation State Administration for Market Regulation Released by the National Standardization Management Committee

table of contents

Preface III Introduction V 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 3 5 Cloud Computing Service Security Management 3 5:1 Overview 3 5:2 Responsibilities for Security Management Using Cloud Computing Services3 5:3 Basic principles of cloud computing service security management 4 5:4 Cloud Computing Service Lifecycle Security Management 4 6 planning preparation 5 6:1 Overview 5 6:2 Data classification 5 6:3 Business Classification 5 6:4 Security capability level 6 6:5 Requirements Analysis 7 6:6 Form a decision report 10 7 Select cloud service provider and deploy 10 7:1 Cloud Service Provider Security Capability Requirements 10 7:2 Select cloud service provider 10 7:3 Security considerations in contracts 11 7:4 Deployment 12 8 Operation Supervision 13 8:1 Overview 13 8:2 Roles and Responsibilities of Cloud Service Providers and Customer Operation Supervision 13 8:3 Customer's own operational supervision 14 8:4 Operation Supervision of Cloud Service Providers 15 9 Exit service 16 9:1 Exit Requirements 16 9:2 Determining the scope of data transfer16 9:3 Verifying Data Integrity 17 9:4 Safely delete data 17 Appendix A (informative) Safety responsibility division example 18 Appendix B (Informative) Cloud Computing Security Risks 21 Reference 23

foreword

This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents" drafting: This document replaces GB/T 31167-2014 "Information Security Technology Cloud Computing Service Security Guidelines", and is consistent with GB/T 31167-2014 In addition to structural adjustments and editorial changes, the main technical changes are as follows: ---Changed the scope of application from "government department" to "customer" (see Chapter 1, see Chapter 1 of the:2014 edition); --- Added support for GB/T 32400-2015 (see Chapter 3), GB/T 36325-2018 (see 7:3:3), GB/T 37972-2019 (see 8:1) for normative references; --- Added and changed some terms (see Chapter 3, Chapter 3 of the:2014 edition); --- Added the chapter "Abbreviations" (see Chapter 4); --- Deleted "Overview of Cloud Computing" (see Chapter 4 of the:2014 edition); --- Added references to "cloud capability type" and "cloud service category" (full text); --- Take "5:2 Cloud Computing Security Risks" in the:2014 edition as an informative appendix (see Appendix B); ---The content of 5:3 of the:2014 edition is included in the chapter "5:2:1 Roles and Responsibilities", and "cloud service security provider" is added as the content of the cloud New roles for computing services security management (see 5:2:1); --- Added guidance and examples of "division of security responsibilities" (see 5:2:2 and Appendix A); ---Change "review" to "assessment", and unify the name with the relevant documents (full text); --- Deleted "benefit assessment" (see 6:2 of the:2014 edition); ---Changed the title and content of the:2014 edition "6:3 Government Information Classification" (see 6:2); --- Deleted the technical content related to "sensitive information" and "public information" (see 6:3:2 and 6:3:3 of the:2014 edition); ---Change the title "Government Business Classification" to "Business Classification" to expand the scope of business (see 6:3, see 6:4 of the:2014 edition); ---Changed the conditions of key business in the business classification (see 6:3:4, see 6:4:4 of the:2014 edition); ---Deleted the content of "priority determination" (see 6:5 of the:2014 edition); --- Changed the security protection requirements and proposed three security capability levels (see 6:4, see 6:6 of the:2014 edition); --- Changed Figure 3 in the:2014 edition, adding key business types and advanced security capabilities (see Figure 2); --- Deleted "6:7:1 Overview" (see 6:7:1 of the:2014 edition); ---Changed the title and content of "6:7:2 Service Mode" in the:2014 edition, and changed the scope of control from service mode division to passability Type division control scope (see 6:5:1); --- Changed Figure 4 in the:2014 edition, and changed the service model to the basic cloud service capability type (see Figure 3); ---Increase the consideration of business system integration requirements to guide customers during migration (see 6:5:7, see 6:7:8 of the:2014 edition); ---Changed the technical content of "6:7:9 Data storage location" of the:2014 edition (see 6:5:8); ---Changed the content of "7:1 Security Capability Requirements for Cloud Service Providers": For specific requirements, refer to GB/T 31168-2023 (see 7:1, see 7:1 of the:2014 edition); --- Deleted chapters 7:1:1 to 7:1:10 in the:2014 edition (see 7:1:1~7:1:10 in the:2014 edition); --- Merge the content of 7:2:2 in the:2014 edition to 7:2 (see 7:2, see 7:2 of the:2014 edition); --- Added references to relevant documents of the service level agreement (see 7:3:3, see 7:3:3 of the:2014 edition); ---Changed the content of "8:1 Overview" and introduced GB/T 37972-2019 to provide cloud computing services for cloud service providers and operation regulators Provide guidance on operating regulatory activities (see 8:1, see 8:1 of the:2014 edition); ---Changed the content of "8:2:1 Overview", emphasizing that the responsibility for the operation supervision of cloud service security providers should be borne by the importer (see 8:2:1, see 8:2:1 of the:2014 edition); --- Increased the relevant responsibilities of customers in operation supervision (see 8:2:2, see 8:2:2 of the:2014 edition); --- Increased the type of major changes (see 8:4:3, see 8:4:2 of the:2014 version); --- Added the type of security event (see 8:4:4, see 8:4:3 of the:2014 version); --- Added the "Migration Principles" section, which is used to guide the principles that customers should require cloud service providers to follow when migrating data (see 9:2:1); ---Change the content of "9:2 Determining the scope of transfer" in the:2014 edition to "9:2:2 Scope of transfer" (see 9:2:2); ---Deleted "3) The media storing sensitive information cannot be used to store public open information" (see 9:4 of the:2014 edition); --- Use the footnote in measure c) of "9:4 Securely Deleting Data" in the:2014 edition as the note in measure c) (see 9:4): Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents: This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260): This document was drafted by: Sichuan University, University of Science and Technology of China, Beijing Information Security Evaluation Center, Huawei Technologies Co:, Ltd:, China Electronic Technology Standardization Research Institute, Beijing Tianrongxin Network Security Technology Co:, Ltd:, National Information Technology Security Research Center, China Network Security Comprehensive Review Technology and Certification Center, China Mobile Communications Group Co:, Ltd:, Shaanxi Provincial Information Technology Engineering Research Institute, National Industrial Information Security Development Exhibition Research Center, Inspur Cloud Information Technology Co:, Ltd:, Sangfor Technology Co:, Ltd:, China Information Security Evaluation Center (Beijing), Hangzhou Anheng Information Technology Co:, Ltd:, the 30th Research Institute of China Electronics Technology Group Corporation, Huaxin Consulting Design Research Institute Co:, Ltd:, China Electric Great Wall Internet System Application Co:, Ltd:, Chengdu Shudao Yixin Technology Co:, Ltd:, New H3C Technology Co:, Ltd:, Tencent Cloud Computing (Beijing) limited liability company: The main drafters of this document: Chen Xingshu, Zhou Yachao, Wang Qixu, Min Jinghua, Yang Miaomiao, Luo Yonggang, Zhang Jianjun, Yang Jianjun, Zuo Xiaodong, Liu Haifeng, Zhang Bin, Jiang Weiqiang, Li Yuan, Yan Minrui, Wang Yan, Wang Huili, Zhang Mingming, Zhang Yong, Lu Xia, Wu Yang, Chen Xuehong, Shi Dawei, Liu Caiyun, Zhang Min, Qiu Qin, Wu Fuwei, Zhang Xiaofei, Zhao Dandan, Wang Yalu, Liu Junhe, Zhang Jiancong, Chen Jing, Wan Xiaolan, Ma Hongjun, Zhang Ge, Dong Ping, Yu Le, Yin Libo, Zhao Zhangjie, Zhu Yi, Qiu Yunxiang, Wang Yongxia: The release status of previous versions of this document and the documents it replaces are as follows: ---It was first published as GB/T 31167-2014 in:2014; --- This is the first revision:

Introduction

This document and GB/T 31168-2023 "Information Security Technology Cloud Computing Service Security Capability Requirements" constitute cloud computing service security requirements: Basic file management: GB/T 31168-2023 describes the security features that cloud service providers should have when providing cloud computing services to customers: This document proposes security management and technical measures for customers when using cloud computing services: This document guides customers to do a good job in the preliminary analysis and planning of cloud computing services, select the appropriate cloud service provider and deployment mode, and implement cloud computing services: Supervise the operation of computing services to avoid the security risks of quitting cloud computing services or changing cloud service providers: This document guides customers in adopting cloud computing According to the life cycle of computing services, corresponding security technology and management measures are adopted to ensure the security of data and business, and to use cloud computing services safely: Information Security Technology Cloud Computing Service Security Guidelines

1 Scope

This document puts forward the basic principles of security management for customers to adopt cloud computing services, and gives the life cycle stages of cloud computing services: The safety management and technical measures of the section are put forward, and the principles of cloud computing service safety management and the division of related responsibilities are proposed: This document is applicable to guide customers to safely adopt cloud computing services:

2 Normative references

The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document: GB/T 25069-2022 Information Security Technical Terminology GB/T 31168-2023 Information Security Technology Cloud Computing Service Security Capability Requirements GB/T 32400-2015 Information Technology Cloud Computing Overview and Vocabulary

3 Terms and Definitions

The following terms and definitions defined in GB/T 25069-2022 and GB/T 32400-2015 apply to this document: 3:1 cloud computing cloudcomputing Access scalable and flexible physical or virtual shared resource pools through the network, and self-service acquisition and management of resources on demand: Note: Examples of resources include servers, operating systems, networks, software, applications and storage devices, etc: [Source: ISO /IEC 17788:2014, 3:2:5] 3:2 cloud service cloudservice capability to provide one or more resources through cloud computing (3:1) using defined interfaces [Source: ISO /IEC 17788:2014, 3:2:8, with modifications] 3:3 Participant party A natural or legal person or group of persons, whether registered or not: [Source: GB/T 32400-2015, 3:1:6, modified] 3:4 cloud service provider cloudserviceprovider cloud service provider Participants that provide cloud computing services: [Source: GB/T 32400-2015, 3:2:15, modified]

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 31167-2023_English be delivered?

Answer: Upon your order, we will start to translate GB/T 31167-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 31167-2023_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 31167-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GB/T 31167-2023?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 31167-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.