Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Issue V1.0
Date 2018-01-05
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their
respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between
Huawei and the customer. All or partial products, services and features described in this document
may not be within the purchased scope or the usage scope. Unless otherwise specified in the
contract, all statements, information, and recommendations in this document are provided "AS IS"
without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in
the preparation of this document to ensure accuracy of the contents, but all statements, information,
and recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Contents
In 2013, Huawei carrier BG declared that all marketing and sales departments of the
HQ and frontline must actively introduce Huawei cyber security strategies and
approaches and security solutions to improve cyber security transparency and
eliminate customersʹ security concerns. At Huawei Market Conference 2014, the
frontline personnel said that they did not know what and how to talk about cyber
security issues.
The Marketing Guide to Huawei IT Product Line Cyber Security (the guide for short)
is compiled to meet Huawei requirements and frontline security requirements. It
provides guidance for marketing and sales personnel on how to effectively carry out
security marketing work in actual scenarios.
This document is applicable to the following scenarios:
1. Daily brand campaign
2. Customer cyber security communication
3. HQ visit
4. Network management and control and decision-making
5. Reply to frontline security questions
In the daily branding scenario, the frontline personnel must note the following:
Do not use the forbidden security words such as the super user and do not or
seldom use the discouraged words, such as private encryption algorithm and
monitoring.
Do not use case materials containing sensitive customer data unless it is approved
by the customer in written form.
Do not promote the locally-banned products, features, or solutions.
In the customer security communication scenario, the frontline personnel must note
the following:
In the security-sensitive countries, do not be afraid to talk about security issues
with the customers who care about them.
HQs can provide systematic security communication materials concerning
security strategies, approaches, and processes, and security promotional theme
slides and white papers.
Do not make any promises easily about security authentication and tests.
Do not promote products and features that are restricted by the local laws.
In the HQ visit scenario, the frontline personnel must know that there is one visit
resource available, which is Shenzhen Cyber Security War Room.
Change History
1 Overview
NOTE
Active communication about cyber security is recommended in security-sensitive countries and is
not recommended in security-insensitive countries.
1.2 Measures
This document is compiled to meet the company requirements and frontline
requirements and is used to instruct marketing and sales personnel on how to carry out
marketing activities in a variety of typical scenarios.
To meet the frontlineʹs urgent need for the security marketing guide, MO and IT
production line cyber security cooperated to compile this guide in 2014 Q4.
The following details the guidance and suggestions on the preceding five scenarios.
You can also provide Huawei white paper materials for customers in advance to
eliminate customers' concerns. Huawei has released two issues of cyber security white
papers. They mainly introduce the Huaweiʹs basic ideas and countermeasures about
cyber security, and Huawei security system construction.
Server
Cloud Technical White Paper for Huawei 2014-08
computing FusionSphere Security Solution
Huawei FusionCloud Desktop Solution 5.1 2014-08
Security Technical White Paper V1.0
(Internal)
Huawei FusionSphere 5.0 Technical White 2014-10
Paper on Security (Server Consolidation)
For details bout Huawei cyber security strategy and process issues, see the
Huawei Cyber Security White Paper 2012/2013 document and the Huawei Cyber
Security — Strategy and Approach slides.
Security authentication and tests
The frontline personnel must note that they cannot easily make any promises
about cyber security authentication and test and must especially pay attention to
the following:
− Do not encourage third-party authentication. If customers require Huawei to
provide third-party security authentication materials, CC authentication is
recommended (authentication of storage and cloud computing are under way).
− Do not popularize, discuss, promote, and mention source code-level security
test.
− When customers require a third party to carry out a security test (excluding
source codes):
1. Give priority to Huawei self-test.
2. If customers insist on a third-party test, tell customers to wait for HQ
decision.
3. If a third party carries out the security test, require the test report to be
sent to Huawei first.
− When customers require a third party to carry out a security test (on source
codes):
1. Any individual, subsidiary, branch, BG, or SBG has no right to make any
commitment about the open source codes without related approval or written
authorization.
2. It is recommended that customers carry out the security test at Huawei
headquarters. If customers insist on carrying on the test at their place, the test
must be approved by the CEO in charge.
− Do not actively mention the third-party source code security
test/authentication report.
Customer request response
− When discovering cyber security problems on the customer network, the
customer interface personnel must first report them to the security contact
person. The security contact person forwards them to the minister of the
Account Dept. and Huawei security emergency response team, and then works
out countermeasures according to the comments.
− The frontline personnel report the cyber security problems from the customers
to the security contact or the director of the Account Dept. They are
responsible for resolving the problems and outputting response measures. The
(unclear) security problems are forbidden from being explained or
handled privately.
It is prohibited to spread misleading cyber security cases such as security baseline
cases and security warning cases.
It is prohibited to promote or deliver security-sensitive features to class A
countries (that are comprehensively sanctioned by America, including A2-Iran,
A5-North Sudan, A6-Cuba, A7-Syria, and A9-North Korea).
Decision-making process:
1. The business department submits an application.
2. BMT/IPMT reviews and approves the application.
3. BG IRB reviews and approves the application.
4. GCSO reviews and approves the application.
Decision-making focuses:
1. Do not violate local laws.
2. Observe the fair and nondiscriminatory principles.
3. Do not violate Huawei security requirements.
4. Customers have signed the disclaimer agreement.
5. Customized versions/patches have been provided for specific countries.
3. Customer requirements for opening source codes
Decision-making process:
1. The frontline personnel submit a security authentication applicant.
2. The representative in the Rep Office/the minister of the tier-1 Account Dept
reviews and approves the application.
3. The BU president reviews and approves the application.
4. The BG/SBG president reviews and approves the application.
5. The minister of the Quality & Information Security Dept. reviews and
approves the application.
6. GCSC reviews and approves the application.
7. The CEO in charge reviews and approves the application.
Decision-making focuses:
1. Observer the fair, reasonable, and nondiscriminatory principles.
2. Do no use security guarantee as marketing means.
3. Huawei security authentication center is preferably selected as the security
authentication institution.
4. In principle, do not open ASIC and FPGA source codes.
5. Do not make any promises about opening source codes to customers and
government agencies including America and India.
6. Security authentication is independent of product development and delivery.
7. The platform source codes can be used only when the SBG present of the 2012
Laboratories approves.
− The service departments confirm that the requirements comply with the
special requirements of local governments and Huawei.
− The customer requirements are open.
− The customer requirements are approved by the BG IRB or its authorized
organizations.
− The responsibilities of customers and Huawei must be clarified in written
form (for example, include exclusion clauses into the contract signed with
customers, sign a disclaimer with customers, keep exclusion emails
recognized by local laws) to eliminate the risks that Huawei may run.
Category Description
Emergency Joint Statement of Huawei Public Affairs and Communications
response Dept. Doc. No. [2013] 14 and Huawei Legal Affairs Dept. Doc.
No. [2013] 005 Cyber Security Crisis Management Requirements
Huawei Doc. No. [201] 014 Management Requirements of Product
Security Vulnerability Response
Security Huawei EMT Resolution No. [2013] 020 Resolution on Enhancing
authentication Source Code Management; Huawei GCSC Minute No. [2011] 03;
Huawei GCSC Minute No. [2012] 02 and 03
Huawei GCSO Office Doc. No. [2011] 03 Regulations for Using
the Cyber Security Evaluation Center
Huawei Doc. No. [2013] 05 Notification for Verifying Security
Requirements of the Products to Be Delivered to
Security-Sensitive Countries in the Internal Cyber Security Lab
External Huawei Doc. No. [2011] 099 Declaration of Building Global
communication Cyber Security Assurance System and Issuing 2012 Cyber
Security White Paper
Huawei GCSC Doc. No. [2012]
01--Policy_of_External_Open_&_Transparent_Cooperation_on_C
yber_Security
Cyber Security — Strategy and Approach (promotional theme
slides); Huawei 2013 Cyber Security White Paper Edition 2
HR Huawei Doc. No. [2013] 104 Employee Business Conduct
Guidelines (V2.0)
HRC Doc. No. [2012] 09/GCSC Doc. No. [2012] 05
Accountability System of Cyber Security Violation (Provisional)
GCSC Doc. No. [2012] 03 and 04 Comments on Employee
Education and Security Violation Accountability
Huawei Doc. No. [2013] 006 Notification on Carrying Out Cyber
Security Education and Learning of All Employees
Organizational Huawei GCSC Doc. No. [2012] 06 Resolution on the Setting of
construction Cyber Security Organization
Huawei GCSC Doc. No. [2011] 01
Management_Requirements_on_Cyber_Security_Baseline
Huawei GCSC Minute No. [2012] 02; [2013] 03 EMT Minute
[2013] 021