ZTE Corporation » About ZTE » Responsibility » Product Security

In 2005, ZTE became the first Chinese enterprise to establish the ISO 27001 information security management system successfully. ZTE’s product security activities include standard establishment, security assurance, security evaluation, and emergency response. ZTE cooperates with international security service and assessment organizations, and has established the Product Security Committee with technical support by the product lines to improve product quality and enhance customer confidence continuously.

ZTE has built a thorough security guarantee system that covers the whole lifecycle of products and strictly complies with ISO 27001, ISO 15408 and ITU.T X.805. Guided by the Product Security Committee and organized by the Security Committee Office, ZTE continuously optimizes the product security management structure, and improves the security guarantee mechanism of the whole product lifecycle covering R&D, supply chains, manufacture, verification, service delivery, and incident management, to provide secure products and solutions for customers in all industries.

In 2010, a leading information security provider, atsec, evaluated ZTE's cryptographic algorithms. In the same year, ZTE's UPCL and UEPCM cryptographic modules were validated by the NIST, and reached the FIPS 140-2 standard. ZTE became the first Chinese communications equipment manufacturer to obtain the FIPS certificate. ZTE's CDMA/WiMAX, bearer network, core network, fixed network, GSM/UMTS and TD products are awarded the CC certificates. In addition, the CDMA/WiMAX NetNumen U31 is granted a CC certificate by the CC Scheme in Netherland, which is the first CC certificate obtained by Chinese communications manufacturers.

As an independent security verification department in the company, ZTE Cyber Security Laboratory is an integrated platform for evaluation, capability development, incident response, knowledge base management, and technical communication.

In 2014, ZTE will further improve the product security guarantee system, product security baselines, R&D standards, and supply chain security management, and build a supplier product security management system and a supplier-oriented purchase security baseline complying with ISO 28000. We will integrate the key product security requirements into all purchase, manufacture and delivery activities, and establish effective information release and emergency response mechanisms to ensure timely response within 24 hours.

As a global leading communications product and solution provider, ZTE considers customer focus, comprehensive guarantee, timely response, security and trust as the product security policies, and makes all efforts to bring more benefits to customers, industries and the society.

> ZTE Product Security White Paper

ZTE’s first official product security white paper contains ZTE’s achievements in product security, and ongoing security activities. [Detail]

> Statement of ZTE Cyber Security

ZTE Corporation has a profound understanding of its responsibilities in the industrial ecology and public security, and is willing to undertake these responsibilities. [Detail]

> ZTE PSIRT

ZTE Product Security Incident Response Team (PSIRT) receives, handles, and discloses security vulnerabilities related to ZTE’s products and solutions, and is the only channel to disclose vulnerabilities. [Detail]

> ZTE Information Security Award Program for White Hats

To improve our information security level, to guarantee the interests of clients, employees and shareholders, and to show gratitude, ZTE now initiates Information Security Award Program for White Hats. [Detail]

> Vulnerability Advisory

Security vulnerabilities are the defects or weaknesses that may threaten the confidentiality, integrality, availability, access control, and monitoring mechanism of a system or an application. [Detail]

> Vulnerability Report

We suggest you report ZTE security vulnerabilities to ZTE PSIRT mailbox psirt@zte.com.cn and use our PGP public key (key ID:FA43D231 ) to encrypt the sensitive information. [Detail]

> Vulnerability Response Process

If you report a vulnerability to ZTE, we assume that you agree to keep the information confidential before ZTE discloses the information. Likewise, ZTE is committed to keeping the sensitive information secret for customers before repairing and disclosing the vulnerability. [Detail]
©1998-2016 ZTE Corporation. All rights reserved Contact Us | Site Map | Legal | Comments     Find Us: Twitter Facebook Youtube

 Select your country

Global - English China - 中文