中文
English
# Core Definition & Purpose
National Software Evaluation is an official, third‑party or government‑authorized assessment that verifies software compliance with national laws, technical standards, and security requirements. Its primary goals are:
- To establish unified national quality benchmarks for software products and enterprises.
- To ensure software security, reliability, and compliance in critical sectors (government, finance, healthcare, energy, etc.).
- To regulate the software market, protect intellectual property, and promote industry standardization.
- To support government procurement, certification, and cybersecurity governance.
- To enhance the competitiveness of domestic software enterprises and drive technological innovation.
---
Key Characteristics
1. **Authoritativeness & Legitimacy**
Conducted or accredited by national agencies (e.g., CNITSEC, MIIT, CNAS) and aligned with national laws and regulations.
2. **Standardization**
Based on national standards (e.g., GB/T series), industry norms, and cybersecurity regulations.
3. **Comprehensiveness**
Covers functional quality, performance, security, compatibility, maintainability, and compliance.
4. **Security Priority**
Emphasizes cybersecurity evaluation, vulnerability detection, and data protection for national‑level systems.
5. **Certification & Accreditation**
Results are often tied to official certifications (e.g., software product evaluation, enterprise capability assessment) required for government projects and critical infrastructure.
6. **Industry Guidance**
Guides enterprise development, technology upgrading, and market access.
---
Main Evaluation Domains & Criteria
### 1. Functional Quality Evaluation
Assesses whether software meets specified functional requirements, completeness, correctness, and compliance with business logic.
- Functional suitability, accuracy, interoperability, and compliance with national business standards.
2. Security Evaluation (Critical for National Systems)
Evaluates cybersecurity posture, vulnerability resistance, and data protection.
- Vulnerability assessment, penetration testing, access control, encryption, and data privacy compliance (e.g., Cybersecurity Law, Data Security Law).
- Conducted by authoritative bodies like **China Information Technology Security Evaluation Center (CNITSEC)**.
3. Performance & Reliability Evaluation
Measures stability, efficiency, load capacity, and fault tolerance under national‑scale usage scenarios.
- Response time, throughput, concurrency, availability, and disaster recovery capabilities.
4. Compliance & Regulatory Evaluation
Verifies adherence to national laws, industry regulations, and mandatory standards.
- Intellectual property rights, data security, privacy protection, and sector‑specific norms (finance, healthcare, government).
5. Software Enterprise Capability Evaluation
Assesses the maturity, management, and technical capabilities of software enterprises.
- Examples: **SPCA (Software Process Capability Assessment)** – China’s national software process maturity standard, aligned with domestic industry practices.
- **Dual‑Software Evaluation (Software Product + Software Enterprise)** – Official industry certification by the China Software Industry Association.
6. Maintainability & Scalability Evaluation
Evaluates ease of update, upgrade, and adaptation to national digital infrastructure evolution.
---
National Evaluation Institutions & Standards (China)
Authoritative Institutions
- **China Information Technology Security Evaluation Center (CNITSEC)** – National cybersecurity evaluation authority.
- **China National Accreditation Service for Conformity Assessment (CNAS)** – Accredits third‑party testing and evaluation bodies.
- **Ministry of Industry and Information Technology (MIIT)** – Oversees software industry standards and certification.
- **China Software Industry Association (CSIA)** – Implements dual‑software evaluation and industry self‑regulation.
### Core National Standards
- **GB/T 25000.51 (ISO/IEC 25010)** – Software product quality model and evaluation criteria.
- **GB/T 16260 (ISO/IEC 9126)** – Software engineering – Product quality.
- **GB/T 30976** – Information security technology – Security evaluation criteria for software products.
- **T/SIA 002 / 003** – CSIA dual‑software evaluation standards (software enterprise & product).
- **SPCA (Software Process Capability Assessment)** – National software process maturity standard.
---
Common Evaluation Types
1. **Software Product Evaluation**
Certifies individual software products for quality, security, and compliance (required for government procurement).
2. **Software Enterprise Evaluation**
Assesses enterprise capability, process maturity, and qualification (e.g., national encouraged software enterprises).
3. **Cybersecurity Evaluation**
Mandatory security testing for critical information infrastructure and government systems.
4. **Compliance Audit Evaluation**
Verifies alignment with national laws (Cybersecurity Law, Data Security Law, Personal Information Protection Law).
5. **Government Procurement Evaluation**
Pre‑qualification for software suppliers bidding on national and local government projects.
---
Evaluation Process
1. **Application & Acceptance**
Enterprise submits software/enterprise materials to an accredited evaluation body.
2. **Document Review**
Verifies requirements, design documents, test reports, and compliance evidence.
3. **Technical Testing**
Conducts functional, performance, security, and compatibility testing per national standards.
4. **On‑Site Assessment**
For enterprise capability evaluation (e.g., SPCA, dual‑software).
5. **Defect Rectification & Re‑testing**
Addresses non‑conformities and re‑verifies.
6. **Evaluation Report & Certification**
Issues official report and certificate if compliant.
7. **Supervision & Re‑evaluation**
Regular surveillance and periodic re‑certification to maintain validity.
