Brazil – ANATEL Act Nº 2436 Minimum Cyber Security Requirements for CPE Conformity Assessment

ANATEL Act 14430

As a follow up reminder to our previous post, ANATEL Act Nº 2436 with mandatory cybersecurity requirements for Customer Premises Equipment (CPE) devices used to connect to the internet service provider’s network, will come in force March 10, 2024.

The new Act will include password requirements, defense requirements against unauthorized access attempts, and requirements for vendors to have Coordinated Vulnerability Disclosure Policy and policies for releasing software/firmware updates to fix security vulnerabilities.

The Act covers several types of CPE devices including:

  • Cable modems
  • xDSL modems
  • ONUs and ONTs
  • Access points or switches for internet
  • Modems for FWA (Fixed Wireless Access) or for wideband satellite.

All devices which can be classified as CPE and that are already approved must be tested on renewal processes.

For further assistance regarding the new Act Nº 2436 and its cybersecurity requirements for Customer Premises Equipment (CPE), please contact iCertifi.

2 Comments

Leave a Reply

Your email address will not be published.*