Security and reliability level II, Huawei HiSilicon Kirin X90 processor unveiled for the first time
2025/3/15 17:52:20 Source: IT Home Author: Gui Long (Internship) Editor: Gui Long Comment: 192
Thank you to IT Home netizen Cainiao N iasky、BCGlass、 Clues for Nine who can play the piano, new friends on soft media 2314428, Yi Su, and Anont_Tokyo have been submitted!
On March 15th, IT Home reported that the China Information Security Evaluation Center released a security and reliability evaluation result announcement (No. 1 of 2025) yesterday, in which the security and reliability level evaluation result of Huawei HiSilicon Kirin X90 processor was Level II.
The security and reliability evaluation results of IT Home are as follows:
Central Processing Unit (CPU)
Serial number, product name, testing unit, safety and reliability level
1 Feiteng Tengyun S5000C-E Feiteng Information Technology Co., Ltd. Level II
2 Loongson 3B6000 Loongson Zhongke Technology Co., Ltd. Level II
3 Loongson 3C6000 Loongson Zhongke Technology Co., Ltd. Level II
4 Shenwei Weixin H8000 CETC Shentai Information Technology Co., Ltd. Level II
5 Kirin X90 Shenzhen Hisilicon Semiconductor Co., Ltd. Level II
1 Shenwei WY831 (GC version), CETC Shentai Information Technology Co., Ltd. Level I
2-megapixel processor KX-U6980S, Shanghai Zhaoxin Integrated Circuit Co., Ltd. Class I
3-megapixel processor KX-6940S, Shanghai Zhaoxin Integrated Circuit Co., Ltd. Class I
operating system
Desktop Operating System
Serial number, product name, testing unit, safety and reliability level
Galaxy Kirin Desktop Operating System V10 SP1
(Kernel version 5.10) Kirin Software Co., Ltd. Level I
Server operating system
Serial number, product name, testing unit, safety and reliability level
1 Day Wing Cloud CTyunOS System V2.0
(Kernel version 4.19) Tianyi Cloud Technology Co., Ltd. Level I
Security and reliability level II, Huawei HiSilicon Kirin X90 processor unveiled for the first time
It is reported that security and reliability evaluation mainly targets basic software and hardware products such as central processing units (CPUs), operating systems, and databases installed on computer terminals and servers. By evaluating the core technology, security guarantees, and sustainable development of the products and their research and development units, the security and sustainability of the products are evaluated, and the comprehensive measurement and objective evaluation of the full life cycle security and reliability of product research and development design, production and manufacturing, supply guarantee, and after-sales maintenance are achieved. The evaluation level is divided into level II and level I, with level II having higher security and reliability.
1、 Evaluation application
(1) Application process
The application process for safety and reliability assessment is divided into three stages: material submission, material review, and acceptance review.
▲ Application Process for Safety and Reliability Assessment
1. Material submission
(1) The testing unit shall, in accordance with the principle of voluntary participation, submit an email to the China Information Security Evaluation Center within the acceptance period( pdtscc@mail.itsec.gov.cn )Or the National Confidentiality Technology Evaluation Center( nsstecaqkk@163.com )Submit a scanned copy of the 'Application Registration Form for Safety and Reliability Assessment'.
(2) After receiving the "Safety and Reliability Evaluation Application Registration Form" submitted by the sending unit, the evaluation agency shall notify the sending unit to collect the list of evaluation application materials at the designated location within 5 working days.
(3) The sending unit shall submit relevant materials to the evaluation institution within the acceptance period according to the list of evaluation application materials, and shall be responsible for the authenticity of the materials.
(4) The acceptance period is twice a year, from the first working day of January to the last working day of February and from the first working day of July to the last working day of August.
2. Material review
(1) After receiving the application materials submitted by the testing unit, the evaluation agency will conduct material review and provide feedback on the review opinions to the testing unit within 15 working days.
(2) Those who have passed the material review will enter the acceptance and evaluation stage.
(3) For those who have not passed the material review, the testing unit may supplement and improve the application materials based on the review opinions during the acceptance period and resubmit them.
(4) After the acceptance period expires, the evaluation agency will no longer accept application materials and supplementary materials submitted by the testing unit.
3. Acceptance review
(1) After the deadline for acceptance, the evaluation agency will conduct acceptance review based on the application materials submitted by the testing unit and provide feedback on the acceptance review results to the testing unit.
(2) After the acceptance review, the evaluation institution and the sending unit shall clarify the requirements for the test samples and materials, determine the evaluation workload, determine the evaluation fees, sign the evaluation agreement, and enter into the evaluation implementation stage.
(3) If the acceptance review is not passed or an evaluation agreement is not reached, the evaluation will be terminated.
(2) Application requirements
The testing unit should be an entity registered within China and meet the following conditions:
1. The tested products should be publicly sold to the market;
2. Have complete R&D documents, design materials, code data, and R&D environment for the tested products;
3. Possess one of the intellectual property rights (including applications) related to patents, trademarks, copyrights, integrated circuit layout designs, etc. of the products being tested;
4. Have a personnel team and working environment that matches the research and development design, production and manufacturing, supply guarantee, and after-sales maintenance of the tested products;
5. There are no behaviors or records that violate Chinese laws and regulations;
6. The qualitative positioning of product functions for testing should be accurate, and the product name should be consistent with the product function. Product names for different technical routes should be clearly distinguished and should not mislead users;
7. Similar products should be iteratively upgraded, and product names should maintain continuity. Non similar products should be clearly distinguished;
8. Within one acceptance period, the same testing unit can test up to two central processing units (CPUs), two operating systems, and two database products each.
2、 Evaluation implementation
(1) Evaluation process
The evaluation process is divided into three stages: evaluation initiation, evaluation implementation, and result evaluation.
Figure 2 Security and Reliability Evaluation Process
1. Evaluation initiation
(1) The sending unit shall submit test samples and evaluation materials within 10 working days from the date of receiving notification from the evaluation institution.
(2) After confirming the accuracy of the evaluation materials and test samples submitted by the testing unit, the evaluation agency will initiate the evaluation.
2. Conduct evaluation
(1) The evaluation mainly includes material verification, personnel interviews, code review, environmental review, on-site testing, on-site assessment, sample testing, and other stages.
(2) During the evaluation process, the sending unit should promptly respond to the needs of the evaluation institution, provide technical support or supplement relevant materials. If there are problems with the test samples that prevent the evaluation from being carried out normally, the sending unit should promptly replace or supplement the samples.
(3) From the date of self evaluation initiation, the evaluation institution shall, in principle, complete the evaluation within 90 working days. The time for the testing unit to supplement materials, replace or supplement samples is not included in the evaluation cycle. In case of special circumstances or force majeure, the evaluation period may be extended according to the actual situation.
(4) If it is found during the evaluation process that the tested product has any impact or may involve issues with network security laws and regulations, it should be confirmed that the tested product complies with relevant laws and regulations before continuing the evaluation.
(5) If it is found during the evaluation process that the sending unit has concealed, deceived, submitted false materials, exaggerated product code autonomy by more than 60%, or refused to cooperate with the evaluation, the evaluation institution will terminate the evaluation, handle it as not passing, and will no longer accept its evaluation application within two years.
3. Result evaluation
After the evaluation is completed, the evaluation agency will conduct a graded assessment of the evaluation situation and issue a safe and reliable evaluation result.
(2) Main content of evaluation
Regarding the products being tested:
(1) The completion of key processes such as design, development, and production within China, as well as the implementation of necessary safety measures;
(2) Compliance with relevant laws and regulations on intellectual property rights, industry standards and specifications of the People's Republic of China, and fulfillment of the requirements of open source license agreements and authorization contracts;
(3) There is no situation of undeclared functionality and known security risks;
(4) The situation of security risk prevention capability;
(5) The situation of supply chain security and sustained stability;
(6) The situation of service guarantee security, continuous stability, and traceability;
(7) Compliance with the laws, regulations, and technical standards related to network security in the People's Republic of China;
(8) Satisfy the technical requirements for full disclosure and traceability to the evaluation institution.
2. For the testing unit:
(1) Operate legally and compliantly in accordance with relevant laws and regulations of the People's Republic of China, and possess relevant qualifications for operation, research and development, management, services, etc;
(2) The implementation of intellectual property protection and management in accordance with relevant laws and regulations of the People's Republic of China;
(3) The protection of core and important data in accordance with relevant laws and regulations of the People's Republic of China;
(4) The situation or risks of supply chain services;
(5) The situation of having a personnel team that matches the research and development design, production and manufacturing, supply guarantee, and after-sales maintenance of the tested products;
(6) Capable of customized product development, able to build an industrial ecosystem based on their own products, maintain ecological openness and transparency, and meet the needs of various application scenarios;
(7) Ability to respond to vulnerabilities and management mechanisms;
(8) Having timely and effective after-sales service capabilities and management mechanisms;
(9) Having independent research and development capabilities for testing products, and possessing relevant intellectual property protection;
(10) The situation of having a research and development environment and process records for testing products;
(11) Ensure that the evaluation materials are fully disclosed and traceable to the evaluation agency.
3、 Result query
1. The testing unit can check the evaluation results through the official websites of the China Information Security Evaluation Center (website: www.itsec. gov.cn) and the National Security Technology Evaluation Center (website: www.nsstec. org. cn). The evaluation results are valid for 3 years from the date of publication.
During the validity period of the evaluation results, if there is a change in the actual controller or controlling stake of the sending unit, a change in product technology route, or a discovery of major security vulnerabilities that may affect the evaluation results, the sending unit should promptly inform the evaluation institution. If not notified in a timely manner, the evaluation agency has the right to handle it according to the situation, until the product evaluation results are cancelled.
3. If the testing unit has objections to the evaluation results, they shall file a written appeal to the evaluation institution. Generally, the evaluation agency will respond within 30 working days.
4. Products that have not passed the evaluation and have made significant progress in supply chain security, core technology control, intellectual property, and resisting security risks may reapply for testing within the acceptance period. Those who fail the evaluation twice will no longer be accepted for similar product evaluation applications within two years.
4、 Confidentiality Commitment
1. The evaluation institution shall assume confidentiality obligations for trade secrets and undisclosed materials known during the evaluation work, and promise not to infringe on the intellectual property rights of the testing unit.
2. The testing unit shall assume confidentiality obligations for any undisclosed matters related to the evaluation work, and shall not publicize, report, or disclose them to third parties.
5、 Reference basis
1. National Security Law of the People's Republic of China
2. Cybersecurity Law of the People's Republic of China
3. Data Security Law of the People's Republic of China
4. Personal Information Protection Law of the People's Republic of China
5. Law of the People's Republic of China on Guarding State Secrets
6. Password Law of the People's Republic of China
7. Patent Law of the People's Republic of China
8. Trademark Law of the People's Republic of China
9. Copyright Law of the People's Republic of China
10. Anti Monopoly Law of the People's Republic of China
11. Regulations on the Protection of Computer Software
12. Regulations on the Protection of Integrated Circuit Layout Design
13. Regulations on the Security Protection of Critical Information Infrastructure
14. Measures for Cybersecurity Review
15. Measures for Security Assessment of Data Export
16. Management Measures for Security Assessment of Commercial Password Applications (Trial)
17. Measures for the Transfer of Intellectual Property to Foreign Parties (Trial)
18. General Criteria for Determining Trademark Infringement
19. "Trademark Infringement Judgment Standards"
20. Regulations on the List of Unreliable Entities
21. Regulations on Intellectual Property Credit Management of the China National Intellectual Property Administration
22. GB/T 18336-2015 Information Technology Security Assessment Criteria
23. GB/T 29490-2023 "Requirements for Enterprise Intellectual Property Compliance Management System"
24. GB/T 37286-2019 "Intellectual Property Analysis and Evaluation Services - Service Standards"
25. GB/T 22239-2019 "Basic Requirements for Network Security Level Protection of Information Security Technology"
26.GB/T 25070-2019 Information Security Technology - Technical Requirements for Security Design of Network Security Level Protection
27.GB/T 28448-2019 "Information Security Technology - Requirements for Evaluation of Network Security Level Protection"
28. GB/T 39786-2021 "Basic Requirements for Password Application in Information Systems"
Advertising statement: The external redirect links contained in the article (including but not limited to hyperlinks, QR codes, passwords, etc.) are used to convey more information and save selection time. The results are for reference only. All articles in IT Home contain this statement.
安全可靠等级 II 级,华为海思麒麟 X90 处理器首曝
2025/3/15 17:52:20 来源:IT之家 作者:归泷(实习) 责编:归泷 IT之家 3 月 15 日消息,中国信息安全评测中心昨日发布安全可靠测评结果公告(2025 年第 1 号),其中华为海思麒麟 X90 处理器安全可靠等级评测结果为 II 级。
IT之家附安全可靠测评结果如下:
中央处理器(CPU)
| 序号 | 产品名称 | 送测单位 | 安全可靠等级 |
| 1 | 飞腾腾云 S5000C-E | 飞腾信息技术有限公司 | II 级 |
| 2 | 龙芯 3B6000 | 龙芯中科技术股份有限公司 | II 级 |
| 3 | 龙芯 3C6000 | 龙芯中科技术股份有限公司 | II 级 |
| 4 | 申威威鑫 H8000 | 中电科申泰信息科技有限公司 | II 级 |
| 5 | 麒麟 X90 | 深圳市海思半导体有限公司 | II 级 |
|
| 1 | 申威 WY831(GC 版) | 中电科申泰信息科技有限公司 | I 级 |
| 2 | 兆芯处理器 KX-U6980S | 上海兆芯集成电路股份有限公司 | I 级 |
| 3 | 兆芯处理器 KX-6940S | 上海兆芯集成电路股份有限公司 | I 级 |
操作系统
桌面操作系统
| 序号 | 产品名称 | 送测单位 | 安全可靠等级 |
| 1 | 银河麒麟桌面操作系统 V10 SP1
(内核版本 5.10) | 麒麟软件有限公司 | Ⅰ 级 |
服务器操作系统
| 序号 | 产品名称 | 送测单位 | 安全可靠等级 |
| 1 | 天翼云 CTyunOS 系统 V2.0
(内核版本 4.19) | 天翼云科技有限公司 | Ⅰ 级 |
据介绍,安全可靠测评主要面向计算机终端和服务器搭载的中央处理器(CPU)、操作系统以及数据库等基础软硬件产品,通过对产品及其研发单位的核心技术、安全保障、持续发展等方面开展评估,评定产品的安全性和可持续性,实现对产品研发设计、生产制造、供应保障、售后维护等全生命周期安全可靠性的综合度量和客观评价,评测等级分为 Ⅱ 级和 Ⅰ 级,其中 Ⅱ 级安全可靠性更高。
一、测评申请
(一)申请流程
安全可靠测评申请流程分为材料提交、材料审核、受理评审 3 个阶段。
▲ 安全可靠测评申请流程
1.材料提交
(1)送测单位按照自主自愿原则,在受理期内通过邮件方式向中国信息安全测评中心(pdtscc@mail.itsec.gov.cn)或国家保密科技测评中心(nsstecaqkk@163.com)提交《安全可靠测评申请登记表》扫描件。
(2)测评机构收到送测单位提交的《安全可靠测评申请登记表》后,5 个工作日内通知送测单位到指定地点领取测评申请材料清单。
(3)送测单位根据测评申请材料清单在受理期内向测评机构提交相关材料,并对材料的真实性负责。
(4)受理期每年两次,为 1 月第一个工作日至 2 月最后一个工作日和 7 月第一个工作日至 8 月最后一个工作日。
2.材料审核
(1)测评机构收到送测单位提交的申请材料后开展材料审核,15 个工作日内向送测单位反馈审核意见。
(2)通过材料审核的,进入受理评审环节。
(3)未通过材料审核的,送测单位可在受理期内根据审核意见补充完善申请材料并重新提交。
(4)受理期截止后,测评机构不再接受送测单位提交的申请材料和补充材料。
3.受理评审
(1)受理期截止后,测评机构根据送测单位提交的申请材料进行受理评审,并向送测单位反馈受理评审结果。
(2)通过受理评审的,测评机构与送测单位明确测试样品和测评材料有关要求,核定测评工作量,确定测评费用并签订测评协议,进入测评实施环节。
(3)未通过受理评审或未达成测评协议的,终止本次测评。
(二)申请条件
送测单位应为中国境内注册的实体,且满足以下条件:
1.送测产品应面向市场公开销售;
2.具有送测产品完备的研发文档、设计资料、代码数据和研发环境;
3.拥有送测产品相关的专利、商标、著作权、集成电路布图设计等知识产权(含申请)之一;
4.具备与送测产品研发设计、生产制造、供应保障、售后维护相匹配的人员队伍和工作环境;
5.不存在违反中国法律法规的行为和记录;
6.送测产品功能定性定位应准确,产品名称应与产品功能一致,不同技术路线产品名称应有明确区分,不得误导用户;
7.同类产品迭代升级,产品名称应保持连续性,非同类产品应做明确区分;
8.同一送测单位一个受理期内最多送测中央处理器(CPU)、操作系统、数据库产品各两款。
二、测评实施
(一)测评流程
测评流程分为测评启动、测评开展、结果评定 3 个阶段。
图 2 安全可靠测评流程
1.测评启动
(1)送测单位自接到测评机构通知起 10 个工作日内提交测试样品及测评材料。
(2)测评机构对送测单位提交的测评材料及测试样品确认无误后,启动测评。
2.测评开展
(1)测评主要包括材料核验、人员访谈、代码审查、环境审查、现场测试、现场考核、样品测试等环节。
(2)测评过程中,送测单位应及时响应测评机构需要,提供技术支持或补充相关材料。若测试样品出现问题导致测评无法正常开展,送测单位应及时更换或补充样品。
(3)自测评启动之日起,测评机构原则上在 90 个工作日内完成测评。送测单位补充材料、更换或补充样品的时间不计入测评周期。如遇特殊情况或受不可抗力影响,测评周期可根据实际情况延长。
(4)若测评过程中发现送测产品存在影响或者可能涉及网络安全法律法规的问题,应当确认送测产品符合相关法律法规后,再继续开展测评。
(5)若测评过程中发现送测单位存在隐瞒、欺骗、提交虚假材料、夸大产品代码自主量超过 60%、不配合测评等行为,测评机构终止本次测评,作不通过处理,且两年内不再受理其测评申请。
3.结果评定
测评完成后,测评机构对测评情况进行分级评定,出具安全可靠测评结果。
(二)测评主要内容
1.针对送测产品:
(1)设计、开发、生产等关键环节在中国境内完成的情况,以及实施必要的安全防护措施的情况;
(2)遵守中华人民共和国知识产权相关法律法规、行业标准规范的情况,履行开源许可协议、授权许可合同的要求的情况;
(3)不存在未声明功能和已知安全风险的情况;
(4)安全风险防护能力的情况;
(5)供应链安全性和持续稳定性的情况;
(6)服务保障安全性、持续稳定性和可追溯性的情况;
(7)符合中华人民共和国网络安全相关的法律法规及技术标准的情况;
(8)满足技术要件对测评机构充分公开和可追溯的情况。
2.针对送测单位:
(1)依据中华人民共和国相关法律法规合法合规运营,具备相关的运营、研发、管理、服务等资质的情况;
(2)依据中华人民共和国相关法律法规实施知识产权保护及管理的情况;
(3)依据中华人民共和国相关法律法规对核心数据、重要数据进行保护的情况;
(4)供应链服务的情况或风险;
(5)具备与送测产品研发设计、生产制造、供应保障、售后维护相匹配的人员队伍的情况;
(6)具备产品定制开发能力,能够基于自身产品构建产业生态,保持生态开放性、透明性,满足各种应用场景需求的情况;
(7)具备漏洞响应等能力与管理机制的情况;
(8)具备及时有效的售后服务能力与管理机制的情况;
(9)具备送测产品的独立研发能力,且拥有相关知识产权保护的情况;
(10)具备送测产品的研发环境及过程记录的情况;
(11)确保测评材料对测评机构充分公开和可追溯。
三、结果查询
1.送测单位可通过中国信息安全测评中心(网址:www.itsec.gov.cn)和国家保密科技测评中心(网址:www.nsstec.org.cn)官方网站查询测评结果,测评结果自发布之日起有效期 3 年。
2.测评结果有效期内,若送测单位出现实控人或控股权发生变化、产品技术路线更换、产品被发现重大安全漏洞等可能影响测评结果的情形,送测单位应及时告知测评机构。未及时告知的,测评机构有权视情处置,直至取消产品测评结果。
3.送测单位对测评结果有异议,采用书面方式向测评机构提出申诉。一般情况下,测评机构 30 个工作日内予以答复。
4.未通过测评的产品,如在供应链安全、核心技术掌控、知识产权、抵御安全风险等方面取得重要进展,可在受理期内重新申请送测。两次未通过测评的,两年内不再受理其同类产品测评申请。
四、保密承诺
1.测评机构对在测评工作中知悉的商业秘密和未公开材料承担保密义务,承诺不侵犯送测单位的知识产权。
2.送测单位应对测评工作涉及的未公开事项承担保密义务,不公开宣传、报道,不向第三方泄露。
五、参考依据
1.《中华人民共和国国家安全法》
2.《中华人民共和国网络安全法》
3.《中华人民共和国数据安全法》
4.《中华人民共和国个人信息保护法》
5.《中华人民共和国保守国家秘密法》
6.《中华人民共和国密码法》
7.《中华人民共和国专利法》
8.《中华人民共和国商标法》
9.《中华人民共和国著作权法》
10.《中华人民共和国反垄断法》
11.《计算机软件保护条例》
12.《集成电路布图设计保护条例》
13.《关键信息基础设施安全保护条例》
14.《网络安全审查办法》
15.《数据出境安全评估办法》
16.《商用密码应用安全性评估管理办法(试行)》
17.《知识产权对外转让有关工作办法(试行)》
18.《商标一般违法判断标准》
19.《商标侵权判断标准》
20.《不可靠实体清单规定》
21.《国家知识产权局知识产权信用管理规定》
22.GB/ T 18336-2015《信息技术安全评估准则》
23.GB/ T 29490-2023《企业知识产权合规管理体系要求》
24.GB/ T 37286-2019《知识产权分析评议服务 — 服务规范》
25.GB/ T 22239-2019《信息安全技术网络安全等级保护基本要求》
26.GB/ T 25070-2019《信息安全技术网络安全等级保护安全设计技术要求》
27.GB/ T 28448-2019《信息安全技术网络安全等级保护测评要求》
28.GB/ T 39786-2021《信息系统密码应用基本要求》
广告声明:文内含有的对外跳转链接(包括不限于超链接、二维码、口令等形式),用于传递更多信息,节省甄选时间,结果仅供参考,IT之家所有文章均包含本声明。