China Information Technology Security Evaluation Center

China Information Technology Security Evaluation Center
中国信息安全测评中心 (Chinese)
Bureau overview
Formed	1997
Jurisdiction	Government of China
Headquarters	Building 1, Yard No.8, Shangdi West Road, Haidian District, Beijing, China
Employees	classified
Parent Ministry	Ministry of State Security
Child Bureau	Chinese National Vulnerability Database;
Website	www.itsec.gov.cn

The China Information Technology Security Evaluation Center (Chinese: 中国信息安全测评中心; CNITSEC, SNIT-sec) is the cover identity of the 13th Bureau of the Ministry of State Security, the information technology component of China's civilian spy agency which houses much of its technical cyber expertise.^[1] The bureau manages much of the conduct of cyberespionage for the agency, and provides aid to the many advanced persistent threats (APTs) run directly by the agency, by its semi-autonomous provincial State Security Departments (SSD) and municipal State Security Bureaus (SSB), and by contractors.^[2]^[3] In support of provincial state and party leadership, the bureau also runs its own semi-autonomous provincial Information Technology Security Evaluation Centers (ITSEC) in collaboration with provincial counterparts.^[4] In the past these ITSECs have been identified collaborating with APTs run by provincial state security units.^[4] The bureau also manages the Chinese National Vulnerability Database (CNNVD), where it has been found to selectively suppress or delay public reporting of certain zero-day vulnerabilities.^[3]

^ Inkster, Nigel (2015). "The Chinese Intelligence Agencies: Evolution and Empowerment in Cyberspace". In Reveron, Derek S.; Lindsay, Jon R.; Cheung, Tai Ming (eds.). China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain. Oxford University Press. doi:10.1093/acprof:oso/9780190201265.003.0002. ISBN 9780190201296.
^ Del Rosso, Kristin (15 December 2022). "Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure". SentinelOne. Retrieved 22 June 2023.
^ ^a ^b INSIKT GROUP (31 August 2017). "China's Cybersecurity Law Gives the Ministry of State Security Unprecedented New Powers Over Foreign Technology". Recorded Future. Retrieved 18 May 2023.
^ ^a ^b Cite error: The named reference :2 was invoked but never defined (see the help page).

[1] Inkster, Nigel (2015). "The Chinese Intelligence Agencies: Evolution and Empowerment in Cyberspace". In Reveron, Derek S.; Lindsay, Jon R.; Cheung, Tai Ming (eds.). China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain. Oxford University Press. doi:10.1093/acprof:oso/9780190201265.003.0002. ISBN 9780190201296.

[:0-2] Del Rosso, Kristin (15 December 2022). "Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure". SentinelOne. Retrieved 22 June 2023.

[:1-3] INSIKT GROUP (31 August 2017). "China's Cybersecurity Law Gives the Ministry of State Security Unprecedented New Powers Over Foreign Technology". Recorded Future. Retrieved 18 May 2023.

[:2-4] Cite error: The named reference :2 was invoked but never defined (see the help page).

[1]

[2]

[3]

[4]

Bureau overview
中国信息安全测评中心 (Chinese)

Formed	1997 (1997)
Jurisdiction	Government of China
Headquarters	Building 1, Yard No.8, Shangdi West Road, Haidian District, Beijing, China
Employees	classified
Parent Ministry	Ministry of State Security
Child Bureau	Chinese National Vulnerability Database
Website	www.itsec.gov.cn

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

China Information Technology Security Evaluation Center

Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.