Sales & Inquiries 408 465-7331

CLICK TO CHAT

ORBIS Newswire

Get the latest Regulatory Updates from the Experts at ORBIS

Telecom
Safety
Energy Efficiency
Battery
Medical
Environmental

Mexico

READ MORE

Central America

READ MORE

South America

READ MORE

Brazil - ANATEL Announces Act Nº 2436 for Mandatory Cybersecurity with CPE Devices

Brazil
March 7th 2023

ANATEL Announces Act Nº 2436 with Mandatory Cybersecurity Requirements for Customer Premises Equipment (CPE) Devices.

At 10:28 PM on March 7, 2023, ANATEL made a groundbreaking announcement regarding the cybersecurity requirements for Customer Premises Equipment (CPE) devices used to connect to the internet service provider's network. The new Act, named Act Nº 2436, will impose mandatory cybersecurity requirements on all CPE devices, and will come into force on March 10th, 2024.

The Act will include various requirements, including password requirements, defense requirements against unauthorized access attempts, and requirements for vendors to have Coordinated Vulnerability Disclosure Policy and policies for releasing software/firmware updates to fix security vulnerabilities. It will cover several types of CPE devices, including cable modem, xDSL modem, ONT/ONU, fixed wireless access router/modem, fixed broadband access via satellite router/modem, and wireless router/access point.

These cybersecurity requirements align with various cybersecurity standards, such as ANATEL Resolution Nº 740, ANATEL Act Nº 77, NST Special Publication 800-63B, Broadband Forum – TR-181 Issue-2, ISO/IEC 29147:2018, and ISO/IEC 30111:2019.

This Act marks a significant step forward in the fight against cyber threats and unauthorized access attempts. By imposing mandatory cybersecurity requirements on CPE devices, ANATEL aims to create a safer and more secure internet ecosystem for all users. In return, products that provide Internet connection will need to meet the minimum of the new requirements introduced by the Act, as new technical evaluations for cybersecurity will be needed.

These definitions are contained in the references below:

2.1. Regulation for Conformity Assessment and Homologation of Telecommunications Products, approved by Resolution No. 715, of October 23, 2019;

2.3. Cyber Security Requirements for Telecommunications Equipment, approved by Act No. 77, of January 5, 2021;

The OCDs are studying with ANATEL the impact on renewals and the issue of on-site testing.

Source: https://informacoes.anatel.gov.br/legislacao/index.php/component/content/article?id=1505

ANATEL ACT Cybersecurity

For more information please contact info@orbiscompliance.com or (408) 465-7331

Search

Contact ORBIS Compliance for more information

Contact

©2017 ORBIS Compliance - All Rights Reserved