ANATEL published on Jan 5th, 2020 the new Act 77. This act approves the Cyber Security Requirements for Telecommunications Equipment. This new Act will become in force after 180 days of its publication.
Here are some of main points:
• This act is applicable to all terminal devices with connection to internet and telecommunications network infrastructure equipment.
• According to item 4.1 , when request the approval of devices under the scope of this act, ANATEL will request a Declaration Letter from applicant with the following content:
a) indicating that the product was developed in compliance with the principle of security by design;
b) relating to which requirements of this document the equipment and its supplier meet at that moment; and
c) Recognizing that they are aware that cybersecurity requirements are subject to updates, including regulatory and administrative ones, in line with technological development, with the emergence of new threats or vulnerabilities.
• According to item 4.2, when ANATEL implement the Market Surveillance program, they can assess whether the product and its supplier maintain compliance with the requirements of this Act.
• The items 5 and 6 of Act 77, describes the specific requirements for Cyber Security, such as:
a) Software/Firmware update
b) Remote management
c) Installation and Operation
d) Access to the device configuration
e) Personal data.