The call for extension comes after the DoT in December 2023 extended the start date for accepting applications from July 1, 2023 to January 1, 2024, later extending it to July 1, 2024 for models that have not undergone mandatory testing and certification of telecom equipment (MTCTE) certification, and October 1, 2024 for models that have already got MTCTE certificates.
MAIT said that as per NCCS procedure, the time required for security testing and certification is 6-7 months, which is further accentuated by activities such as contractual agreement time, time slot availability, logistics for equipment and competent resource availability, increasing the time frame to 10-12 months. “Under such circumstances, industry fears the July 1, 2024 enforcement date is very aggressive and unrealistic to meet,” MAIT said.
The industry body has also highlighted several ambiguities in the Indian Telecommunication Security Assurance Requirements (ITSAR) document released by DoT in 2022, requesting the department to not mandate security testing and certification until the issues highlighted are resolved.
The ITSAR document is a set of security testing guidelines and standards established by the NCCS under the MTCTE regime to ensure the security and integrity of telecom networks in India.As per MAIT, the testing of different hardware models using the same software, as mandated by ITSAR, is a redundant exercise, leading to a multifold increase in compliance cost for gear makers and significant delays in product certification due to repeated retesting.The industry body also called out the ITSAR mandate of cryptographic algorithm modules to be compliant with FIPS 140.x, which is a certification needed for defence or military deployment, stating that crypto algorithms in telecom products are sourced from open source and having it FIPS-140 certified will require considerable amount of effort, causing delays in product roll out.
“Based on the experience of MTCTE, industry strongly urges DoT to give a minimum of two years to comply with the security testing requirements. We request DoT to keep security certification on a voluntary basis until then,” MAIT said.