The security audit products referred to in these rules refer to software or a combination of software and hardware that monitors, collects, and analyzes information on various events and behaviors of information systems and takes corresponding comparative actions. The product scope applicable to this rule is: products that target one or more types of audits, such as hosts, servers, networks, databases, and other application systems. The above-mentioned products intended to be used in confidential information systems shall be implemented in accordance with relevant national confidentiality regulations and standards, and this rule shall not apply.