Huawei's Security Standards and Certification
Huawei advocates and promotes the establishment of cyber security standards that are globally recognized and agreed upon. Huawei has also been actively participating with industry standards organizations to promote the establishment of new standards.
1.Huawei has participated in more than 360 industry standards organizations; held more than 300 important positions in these industry standards organizations; and actively submits proposals to industry standards organizations, making significant contributions to the development of these standards. Huawei has joined more than 360 standards organizations, industry alliances, and open-source communities, and held over 300 key positions, including board or executive committee membership, in the IIC, IEEE-SA, BBF, ETSI, TMF, WFA, OASIS, WWRF, OpenStack, Linaro, ONAP, IFAA, GP, CCSA, and AII. In 2018, Huawei submitted more than 5,000 standard proposals, increasing Huawei’s total number of standard proposals to 54,000. Huawei also submitted 251 security standard proposals to the 3GPP SA Working Group (WG) 3, ranking first in terms of comprehensive contributions; submitted 34 security proposals to the NFV Security Group, ranking high in terms of contribution; and promoted the 5G security project initiative while working with industry leaders to complete 5G security architecture and incorporating it into the 3GPP 5G security specifications. Huawei has also proposed 4 WG drafts to the Internet Engineering Task Force (IETF), and chaired the DOTS I2NSF WG.
2.Huawei not only participates in existing industry standards organizations, but also advocates the establishment of new industry standards organizations. For example:
- To build a globally unified machine-to-machine (M2M) standards platform and promote the healthy development of the M2M market, Huawei and Qualcomm launched the M2M Industry Group in 2010. Since July 2011, seven standards developing organizations (SDOs) have participated in the M2M Industry Group and organized four face to face (F2F) preparation meetings. In July 2012, the OneM2M standards organization was officially established.
- To address cyber security challenges in the information and communications technology (ICT) supply chain, Huawei helped develop the Open Trusted Technology Forum (OTTF) standards, actively analyzed threats and countermeasures, discussed its best practices and viewpoints with industry partners, and officially released the Open Trusted Technology Supplier Standard V1.0 with industry partners in April 2013.
Figure 1-1 Huawei's participation and contribution in standards organizations
Huawei believes that trust needs to be based on facts, facts need to be verifiable, and verification needs to be based on common standards. By using industry practices, certification is the most effective way to address security issues.
1.Management System Security Certification
Huawei has established a sustainability management system based on the International Standards Organization (ISO) standards, and passed third-party certification to ensure that Huawei’s R&D and production processes are trustworthy.
- Huawei has established an information security management system based on the ISO27000 series standards and passed the ISO 27001 certification.
- Huawei has established a supply chain security management system based on the ISO 28000 standards, as well as the TAPA and C-TPAT requirements; passed the ISO 28000 certification (Chinese Supply Center, European Supply Center, and Mexican Supply Center); and obtained C-TPAT membership. (3) Huawei has optimized its development and supply chain management practices by referring to the Open Trusted Technology Supplier Standard (OTTPS) and is conducting the OTTPS certification.
Huawei has incorporated internationally recognized cyber security certification standards and requirements, such as CC and FIPS, into product R&D, and actively invites third-party labs to certify Huawei products. In April 2019, Huawei already obtained 242 product security certificates, including 43 CC certificates, 6 CC EAL4+ certificates, 20 FIPS certificates, and 15 PCI certificates.
Figure 1-1 Huawei's certificates