On November 26, 2024, the National Telecommunications Agency (Anatel) released an Operational Procedure outlining auditing requirements for the cybersecurity policies of telecommunications equipment suppliers. This procedure, detailed in Act No. 16417, follows public consultation efforts and reflects recommendations from a diverse range of stakeholders, including service providers, industry representatives, and research organizations.
The document is designed to ensure that equipment suppliers adopt and maintain robust cybersecurity measures in compliance with R-Ciber (Resolution No. 740/2019). These guidelines, in conjunction with the Cybersecurity Policy for Suppliers approved earlier in 2023, emphasize proactive management of cybersecurity risks throughout the product lifecycle.
Collaborative Development of the Guidelines
The audit guidelines were developed by the Technical Subgroup on Equipment, Suppliers, and Requirements, a part of the Technical Group on Cybersecurity and Critical Infrastructure Risk Management (GT-Ciber). This subgroup operates under Anatel’s Certification and Numbering Management and includes approximately 160 members from:
- Service providers
- Telecommunications equipment manufacturers
- Academia and research centers
- Testing laboratories
- Designated Certification Bodies
- Anatel’s own staff
Their collaborative approach ensures a comprehensive framework for assessing suppliers’ cybersecurity policies, combining industry expertise and regulatory oversight.
Objectives of the Guidelines
The newly published audit guidelines, together with the previously established Cybersecurity Policy for Suppliers, aim to:
- Strengthen Network Security: Ensure that suppliers implement and maintain rigorous cybersecurity practices to mitigate risks.
- Promote Periodic Audits: Require regular reviews of supplier policies to verify ongoing compliance with R-Ciber standards.
- Lifecycle Security: Emphasize cybersecurity measures throughout the equipment’s lifecycle, from initial development to end-of-life security updates.
- Adapt to Emerging Threats: Encourage continuous updates to supplier practices to address new and evolving cybersecurity risks.
Importance for Telecommunications Networks
Telecommunications equipment suppliers, responsible for essential components like routers and switches, are critical to the infrastructure of service provider networks. Their adherence to robust cybersecurity standards is vital to safeguarding against threats that could disrupt services or compromise sensitive information.
Suppliers that align their policies with R-Ciber demonstrate their commitment to maintaining secure and reliable operations, ultimately supporting the resilience of Brazil’s telecommunications ecosystem.
All stakeholders, including telecommunications equipment suppliers and service providers, are encouraged to familiarize themselves with the Operational Procedure and align their cybersecurity policies accordingly.
For this article’s source information and any product certification guidance, please contact Global Validity.
Quick Country Facts
Brazil
Certification Body: Agencia Nacional de Telecomunicaciones (ANATEL)
Certification Type: Mandatory
License Validity: 24 or 36 months
Application Language: Portuguese
Legal License Holder: Available with Access Manager
In-Country Testing Requirement: Available with Access Manager
Access in-depth regulatory knowledge on over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form!
Global Validity is your partner for global certification success
Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch!