The Cyberspace Administration of China (CAC) is China's central Internet regulator, oversight, and control agency. It organizes cybersecurity reviews that analyze the security and controllability of information service products and services provided within its border, including:
1) Inherent security risks of products and services, as well as their risks of being controlled, interfered with, or interrupted by an unauthorized party.
2) Supply chain security risks for products and their key components, from production and testing to delivery and technical support.
3) Risks of unauthorized collection, storage, processing, and use of user information by product and service providers whilst in the process of providing these products and services.
4) Risks of product and service providers compromising cybersecurity and harming user interests by taking advantage of the users' dependency on their products and services.
5) Other risks that may endanger national security.
Such reviews were proposed by the Office of the Central Leading Group for Cyberspace Affairs in December 2014 as it issued "opinions on strengthening the cybersecurity administration of cloud computing services" provided to Chinese government agencies and affiliated organizations. The issued document stipulates that third-parties shall be invited to conduct such reviews based on China's national standards on cybersecurity.
