Brasilien: Anatel Act 2436/2022 – Anatel Cybersecurity Requirements for CPE
This Act determines a set of mandatory cybersecurity requirements of CPE devices used to connect to the network of the Internet Service Providers
ANATEL had published last week the new Act nº 2436 with cybersecurity requirements for the conformity assessment of CPE (Customer Premises Equipment).
This Act determines a set of mandatory cybersecurity requirements of CPE devices used to connect to the network of the Internet Service Provider (ISP), such as:
- cable modem
- xDSL modem
- ONU, ONT
- router or modem intended for fixed wireless access (FWA – Fixed Wireless Access)
- router or modem for fixed broadband access via satellite
- wireless router or access point.
The main requirements relate to:
- passwords
- defense against unauthorized access attempts
- vendors, e. g. requiring a coordinated vulnerability disclosure policy and policies for releasing software/firmware updates to fix security vulnerabilities
The requirements apply to the following:
- ANATEL Resolution nº 740
- ANATEL Act nº 77
- NST Special Publication 800-63B
- Broadband Forum – TR-181 Issue-2
- ISO/IEC 29147:2018
- ISO/IEC 30111:2019
- Other standards for cybersecurity
Our team of experts in international type approval procedures is familiar with changes of requirements and guidelines and can give you the best advice if you are uncertain.
In case of any questions, feel free to get in touch with us: mail@cetecomadvanced.com / +49 681 598 0