ISACA Releases Guide on China’s National Cybersecurity Law

ROLLING MEADOWS, Ill.--()--ISACA has taken a proactive approach to help enterprises with the Cybersecurity Law of the People’s Republic of China, known popularly as the National Cybersecurity Law, by publishing the Guide to China’s Regulatory Cybersecurity Implementation Framework. The guide provides understanding to fulfill the National Cybersecurity Law and recommends use of the US National Institute of Standards and Technology (NIST)’s Cybersecurity Framework (CSF).

China’s National Cybersecurity Law, which took effect on 1 June 2017, prompts cybersecurity requirements to be legally documented for practitioners and enterprises in China, and defines the responsibilities of government authorities, network owners, operators and ordinary users, as well as potential penalties due to negligence. The ISACA publication offers advice to meet security requirements and enhance IT risk control by discussing six key areas:

1. Cybersecurity Implementation Methodology

2. Gap Analysis Required by the Law

3. Identifying Critical Network Information Infrastructure

4. Necessary Cybersecurity Control Measures for General Network

5. Necessary Security Controls in Critical Information Infrastructure

6. Cybersecurity Systems Implementation Procedures with Reference to NIST Cybersecurity Framework

“This law greatly aids China’s ability to improve information security awareness and strengthens protections over sensitive data,” said Matt Loeb, ISACA CEO. “China’s National Cybersecurity Law is just one example of how more countries are working toward having more rigorous cybersecurity protections.”

The Guide to China’s Regulatory Cybersecurity Implementation Framework is available to members for US $30 and non-members for US $60 and can be purchased at:

For additional information on cyber framework implementation, ISACA recommends the following:


Nearing its 50th year, ISACA® ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 217 chapters worldwide and offices in both the United States and China.



Michelle Micor, +1.847.385.7217

Release Summary

ISACA releases Guide to China's Regulatory Cybersecurity Implementation Framework to help enterprises with the National Cybersecurity Law.


Michelle Micor, +1.847.385.7217