As a follow up reminder to our previous post, ANATEL Act Nº 2436 with mandatory cybersecurity requirements for Customer Premises Equipment (CPE) devices used to connect to the internet service provider’s network, will come in force March 10, 2024.
The new Act will include password requirements, defense requirements against unauthorized access attempts, and requirements for vendors to have Coordinated Vulnerability Disclosure Policy and policies for releasing software/firmware updates to fix security vulnerabilities.
The Act covers several types of CPE devices including:
- Cable modems
- xDSL modems
- ONUs and ONTs
- Access points or switches for internet
- Modems for FWA (Fixed Wireless Access) or for wideband satellite.
All devices which can be classified as CPE and that are already approved must be tested on renewal processes.
For further assistance regarding the new Act Nº 2436 and its cybersecurity requirements for Customer Premises Equipment (CPE), please contact iCertifi.
2 Comments
Brazil - ANATEL Letter Nº 83/2024 - Extended Deadline to Present Cyber Security Test Report - iCertifi March 12, 2024 at 12:39 pm
[…] Act Nº 2436 has officially come into force as of March 10, 2024, marking a significant stride towards enhancing […]
Brazil - ANATEL Important Updated Information on The Scope of Cybersecurity Testing for CPE Equipment - iCertifi March 20, 2024 at 3:20 pm
[…] update for ANATEL Act No 2436 mandatory cybersecurity requirements for Customer Premises Equipment (CPE) devices. Today March 20, […]