Brazil ANATEL has published new Act 77 and which is Cyber Security Requirements for Telecommunications Equipment. The Act was mandated 180 days after being published.
Act 77 was published on January 5th, 2020. Here is a summary of the requirements:
- This act is applicable to all terminal devices with connection to internet and telecommunications network infrastructure equipment.
- Document indicating that the product was developed in compliance with the principle of security by design.
- Showing which requirements of this document the equipment and its supplier meet at that moment.
- Recognizing that they are aware that the cybersecurity requirements are subject to updates, including regulatory and administrative ones, in line with technological development, with the emergence of new threats or vulnerabilities.
When ANATEL implements the Market Surveillance program, they can assess whether the product and its supplier maintain compliance with the requirements of this Act. So far, there is not a Market Surveillance procedure.
Act 77, describes the specific requirements for Cyber Security, such as:
- Software/Firmware updates
- Remote management
- Installation and Operation
- Access to the device configuration
- Personal data
When requesting the approval of devices under the scope of this act, ANATEL will request a Declaration Letter from the applicant with the following content: