This document stipulates relevant regulations on security testing activities and content of embedded software during the software development cycle. This document applies to the development process of the embedded software life cycle, and is applicable to developers, purchasers and third-party testing institutions of embedded software.