Skip to content
Search our site  
    April 3, 2023

    Brazil Implements Cybersecurity Requirements for Connected Devices

      Back                                                                                                                                                                                     

    Anatel

    Like many other countries, Brazil has during the past few years experienced significant increase in cyberattacks, whereby cybersecurity has become a high-profile issue with an increasing demand for regulations.

    Already in 2021 the Brazilian telecom authority ANATEL (Agência Nacional de Telecomunicações) implemented Resolution No 740 and Act No.77 with cybersecurity requirements for products with Internet connection, which made it mandatory for manufacturers of equipment and the local applicant to submit for ANATEL’s review a declaration letter that the device meets basic cybersecurity requirements as defined in Act 77 and provides cybersecurity.

    Now, on 7 March this year, ANATEL published Act No. 2436, with “Minimum Cybersecurity Requirements for
    Assessing the Conformity of CPE (Customer Premises Equipment) Equipment.” This Act establishes a set of
    mandatory enforceable minimum cybersecurity requirements in the assessment of compliance for CPE Equipment for general public use that connects subscribers to Internet networks. The new Act covers the below listed types of devices and shall become effective 10 March in 2024

    • Cable Modem
    • xDSL modem
    • Optical Network Unit (ONU/ONT)
    • Router or modem intended for fixed wireless access (FWA)
    • Router or modem for fixed broadband access via satellite
    • Wireless router or access point.

    The added requirements are related to amongst other passwords, unauthorized access attempts and policies for
    releasing software/firmware updates to fix security vulnerabilities.

     

    Other than Resolution No 740 and Act No 77, the added requirements are aligned with, amongst other, the US NIST Special Publication 800-63B, the Broadband Forum-TR-181 Issue 2 and the international standards ISO/IEC 29147:2018 and IEC 30111:2019.

     

    For further information, please contact Michelle.Furrow@nemko.com

    (Article is based on text provided by Michelle Furrow edited by T.Sollie)

    Click Here To Subscribe To Our News In Brief

    Nemko

    Nemko

    Some of the other articles in this newsletter