CLICK TO CHAT
ANATEL Announces Act Nº 2436 with Mandatory Cybersecurity Requirements for Customer Premises Equipment (CPE) Devices.
At 10:28 PM on March 7, 2023, ANATEL made a groundbreaking announcement regarding the cybersecurity requirements for Customer Premises Equipment (CPE) devices used to connect to the internet service provider's network. The new Act, named Act Nº 2436, will impose mandatory cybersecurity requirements on all CPE devices, and will come into force on March 10th, 2024.
The Act will include various requirements, including password requirements, defense requirements against unauthorized access attempts, and requirements for vendors to have Coordinated Vulnerability Disclosure Policy and policies for releasing software/firmware updates to fix security vulnerabilities. It will cover several types of CPE devices, including cable modem, xDSL modem, ONT/ONU, fixed wireless access router/modem, fixed broadband access via satellite router/modem, and wireless router/access point.
These cybersecurity requirements align with various cybersecurity standards, such as ANATEL Resolution Nº 740, ANATEL Act Nº 77, NST Special Publication 800-63B, Broadband Forum – TR-181 Issue-2, ISO/IEC 29147:2018, and ISO/IEC 30111:2019.
This Act marks a significant step forward in the fight against cyber threats and unauthorized access attempts. By imposing mandatory cybersecurity requirements on CPE devices, ANATEL aims to create a safer and more secure internet ecosystem for all users. In return, products that provide Internet connection will need to meet the minimum of the new requirements introduced by the Act, as new technical evaluations for cybersecurity will be needed.
These definitions are contained in the references below:
2.1. Regulation for Conformity Assessment and Homologation of Telecommunications Products, approved by Resolution No. 715, of October 23, 2019;
2.3. Cyber Security Requirements for Telecommunications Equipment, approved by Act No. 77, of January 5, 2021;
The OCDs are studying with ANATEL the impact on renewals and the issue of on-site testing.
Source: https://informacoes.anatel.gov.br/legislacao/index.php/component/content/article?id=1505
For more information please contact info@orbiscompliance.com or (408) 465-7331
©2017 ORBIS Compliance - All Rights Reserved