ANATEL Act No. 2436, which outlines cybersecurity criteria for evaluating the conformity of CPE (Customer Premises Equipment), took effect on March 10th, 2024. You can see details here
ANATEL Act No. 2436, which outlines cybersecurity criteria for evaluating the conformity of CPE (Customer Premises Equipment), took effect on March 10th, 2024. This legislation outlines a series of obligatory cybersecurity standards for CPE devices utilized to connect to the Internet service provider’s network, including:
- Cable Modem.
- xDSL Modem.
- ONU, ONT;
- Router or Modem intended for fixed wireless access (FWA – Fixed Wireless Access);
- Router or Modem for fixed broadband access via satellite;
- Wireless Router or Access point.
On March 10th, ANATEL issued Official Letter nº 100 clarifying that cyber security testing does not just relate to devices used in corporate environments. This assurance from ANATEL occurred since this subject was not harmonised among all OCDs and due to enquiries from industry representatives.
It is acknowledged that equipment designated solely for corporate usage is typically set up and configured by a professional team possessing specialized technical expertise. Furthermore, such equipment functions within corporate networks that boast multiple layers of security and therefore typically do not establish direct connections with the Internet service provider’s network.
