Following up on the last news regarding ANATEL Act No. 2436/2023 for cyber security requirements for assessing the conformity of CPE (Customer Premises Equipment) enforced on March 10, 2024, ANATEL release Official Letter 100/2024 on March 20, 2024, with clarifications of the scope for cybersecurity testing for CPE equipment.
According to the scope contained in item 1.1 of the Annex of Act No. 2436/2023, the requirements are applicable to CPE equipment used by the general public which connects subscribers to the Internet service provider's network. According to the definition contained in the requirements, the general public is understood as any person who uses and/or has access to the product and who does not have specialized technical knowledge about the telecommunications equipment and who is only interested in using its functionalities and consuming the telecommunications services.
It is understood that equipment intended exclusively for corporative use is installed and configured by a professional team with specialized technical knowledge. Additionally, such equipment operates on corporative networks that have different layers of security and, for this reason, normally do not connect directly to the Internet service provider's network.
Considering these characteristics, ORCN (Anatel's Certification and Numbering Management) clarifies that the requirements approved by Act No. 2436/2023 are not applicable to CPE equipment intended exclusively for corporative use.
For more details, check the below link:
sei.anatel.gov.br/sei/modulos/pesquisa/md_pesq_documento_consulta_externa.php
Please feel free to contact us for more details.
2024-04-18
|