Department of Telecommunication (DoT) has published “Communication Security Certification Scheme“. They have also published “Procedure For Security Certification Of Telecommunication Equipment”.

HIGHLIGHTS:

All testing to be done at TEC approved CAB called as Telecom Security Testing Laboratory (TSTL)

Presently, the security requirement for the following products have been finalized and released:

1. 1. IP Router
   2. Mobility Management Entity (MME)
   3. Cryptographic Controls
   4. Wi-Fi CPEs

The security requirement for the following products are under consideration and has been published for comments:

• 1. Mobile Device
  2. Pluggable (U)ICC
  3. E-Node B
  4. P-Gateway

• Whenever a patch/ bug fix/update is released by OEM, it may be permitted to be deployed with a temporary certificate
• OEM will submit the changed signature along with all the internal test reports demonstrating to compliance to all security requirements of applicable ITSAR along with an undertaking
• The modified signature of the said model will be incorporated in a temporary certificate with a validity period of upto one year from the date of release or for balance period of initial certificate whichever is earlier.
• Temporary certificate will be issued within 7 working days of Application normally
• In the event of Software patch/ bug fix/update affecting any Security Functionality, recertification will be necessary
• Modifications that can be differentiated as incremental change shall be permitted to undergo incremental testing