Standard No.:	GB/T 42888-2023
English Name:	Information security technology—Assessment specification for security of machine learning algorithms
Chinese Name:	信息安全技术 机器学习算法安全评估规范
Chinese Classification:	L80    Data encryption
Professional Classification:	GB    National Standard
Source Content Issued by:	SAMR; SAC
Issued on:	2023-08-06
Implemented on:	2024-3-1
Status:	valid
Target Language:	English
File Format:	PDF
Word Count:	15500 words
Translation Price(USD):	465.0
Delivery:	via email in 1 business day

GB/T 42888-2023 Information security technology - Assessment specification for security of machine learning algorithms 1 Scope This document specifies the security requirements and assessment methods for machine learning algorithmic technologies and services, as well as the process for assessing the security of machine learning algorithms. This document is applicable to guiding machine learning algorithm providers in ensuring security throughout the machine learning algorithm lifecycle and assessing the security of machine learning algorithms. It can also serve as a reference for regulatory assessments. 2 Normative references There are no normative references in this document. 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 machine learning algorithm algorithm that enhances the performance of the function units by acquiring new knowledge and skills, or by organizing existing knowledge and skills 3.2 machine learning algorithm provider organization that utilizes machine learning algorithms to implement specific functions Note: This term is hereinafter referred to as “algorithm provider”, which includes both algorithmic technology providers and algorithmic service providers. Algorithm technology providers refer to the developers and providers of the algorithmic technology, while algorithmic service providers refer to those providing services that use and apply algorithmic technology. 3.3 algorithmic recommendation service internet information service of algorithmic recommendation service that provides information using algorithmic recommendation technology Note 1: “Using algorithmic recommendation technology” refers to activities that provide information to users using machine learning algorithms, including generation and synthesis algorithms, personalized push algorithms, sorting and selection sort algorithms, retrieval and filtering algorithms, and scheduling-related decision-making algorithms. Note 2: In this document, generation and synthesis algorithms, personalized push algorithms, sorting and selection algorithms, retrieval and filtering algorithms, and scheduling-related decision-making algorithms are collectively referred to as the five types of algorithms. 3.4 algorithm lifecycle evolution process of a machine learning algorithm from design to decommissioning Note 1: The algorithm lifecycle includes design and development, verification and validation, deployment and running, maintenance and upgrade, as well as retirement and decommissioning. Note 2: The algorithmic services are generally in the deployment and running stage.

Foreword i 1 Scope 2 Normative references 3 Terms and definitions 4 General 4.1 Security principles 4.2 Levels of security requirements 5 Security requirements and assessment methods for machine learning algorithmic technology 5.1 Security requirements 5.2 Assessment methods 6 Security requirements and assessment methods for machine learning algorithmic services 6.1 Security requirements 6.2 Assessment methods 7 Process of assessment for security of machine learning algorithms 7.1 Requirements for process 7.2 Preparation for assessment 7.3 Assessment scheme 7.4 Implementation of assessment 7.5 Assessment results 7.6 Assessment report Annex A (Normative) Requirements for security of algorithmic recommendation service Annex B (Normative) Assessment methods for algorithmic recommendation services Bibliography