On February 10, 2021, the People's Bank of China officially released the financial industry standard "JR/T 0214-2021 Financial cyber security—Guidelines of implementation for crowdsourced cyber security testing". This standard specifies the guidance on the implementation of financial information system network crowdsourced security testing, and clarifies the role of crowdsourced testing, key risk items, and the subject of implementation and responsibilities. It also provides the process of crowd test preparation, crowd test implementation, analysis and report preparation by relying on the crowd test demand side, crowd test organizer, crowd test test side and crowd test auditor. It is suitable for financial institutions to carry out crowdsourced cyber security testing, and provides a reference for organizations that provide network security crowd test service to financial institutions.
The publication of this standard will be helpful for financial institutions to clarify the implementation process of crowdsourced cyber security testing, provide comprehensive and reasonable crowd testing implementation guidelines for financial institutions based on the practice and risks of crowd testing of financial information system network security, and standardizes the crowd testing implementation activities of financial information system network security, which is conducive to the safe and orderly development of the crowd testing activities of financial information system network security.
This standard was prepared by China Financial Standardization Technical Committee, proposed and drafted by the Technology Department of the People's Bank of China with the participation of Industrial and Commercial Bank of China, ICBC Technology Company, and other institutions. After extensively consultation and demonstration, this standard has passed the review of China Financial Standardization Technical Committee.
For detailed standards, please visit Financial Industry Standard Full Text System (see: http://www.cfstc.org/bzgk).