This standard describes the main security risks that cloud computing may face, and proposes the basic requirements for security management of government departments using cloud computing services and the security management and technical requirements for each stage of the life cycle of cloud computing services. This standard provides full life cycle security guidance for government departments to adopt cloud computing services, especially socialized cloud computing services. It is applicable to government departments to purchase and use cloud computing services, and can also be used as a reference for key industries and other enterprises and institutions.