08-08-2021
In July 2021, Act Nº 77 issued by the ANATEL on the Cyber Security Requirements for Telecommunications Equipment became effective in Brazil. The Act establishes a set of cyber security requirements for telecommunications equipment to minimize or correct vulnerabilities through software/firmware updates or through configuration recommendations. Thus, it is applicable for terminal equipment that connects to the Internet and telecommunications network infrastructure equipment.
According to the Act, when equipment is passing the certification procedure for the first time, ANATEL requests a Declaration Letter (in Portuguese language) from the applicant where it is stated:
that the product is developed in compliance with the principle of security by design;
information on the requirements according to the Act that is followed by the equipment and its supplier at the time of declaring
confirmation of their awareness on keeping up-to-date cybersecurity requirements
Please, note that the ANATEL is able to access the compliance of the equipment and its supplier to the information stated in the Declaration within the market surveillance.
Cyber Security Requirements indicated in the Act concern:
Software/Firmware Update
Remote Management
Installation and Operation procedures
Access to the equipment configuration
Data communication services
Personal data
Resistance to cyberattacks
The full text of the Act you can find HERE.