Communication Security (ComSEC) Scheme – a revolutionary approach poised to redefine the landscape of secure communication.  

In today’s digital age, where information travels at the speed of light, ensuring the security of communication infrastructure has become paramount.   

With cyber threats evolving constantly, traditional encryption methods are often challenged, requiring innovative solutions to safeguard sensitive data.  

So, security testing of IT and telecom devices is a must to ensure a threat-free interconnected world, where personal and professional data can be exchanged without any risk.  

The Indian government has taken many steps in the past few years, ranging from the introduction of CERT-IN as India’s cyber security wing to an amendment in the Information Technology Act, to strengthen and solidify the digital footprint of the country.    

As India enters a new era of development, a question arises – why not design and manufacture inherently secure devices, rather than relying solely on the security of the applications and systems that run on these devices?   

With this thought, The Department of Telecom (DoT) in India, formed the National Centre for Communication Security (NCCS) department to devise the security testing requirements for telecom products in India.   

Let’s read and understand more about this topic.    

Who is NCCS (National Centre for Communication Security)?  

As mentioned above, NCCS is a centre under the DoT (Department of Telecommunications) which is responsible for the implementation of security requirements for telecom products in India.  

NCCS is responsible for:  

• Development of India-specific Security assurance standards called Indian Telecom Security Assurance Requirements (ITSAR) for every Telecom equipment.  

• Designation of third-party Telecom Security Test Laboratories (TSTL) for testing.  

• Evaluation and Certification of the telecom equipment against ITSAR.  

What is the ComSec Scheme? 

The ComSEC Scheme stands for Communication Security Certification Scheme, managed by NCCS to ensure the security of telecom equipment used in the country. 

The primary objective of the ComSEC Scheme is to make telecom devices undergo testing and certification according to specified ITSARs.   

These requirements are designed to assess and ensure the security features and standards compliance of telecom equipment.  

Although this scheme is yet to be implemented for most telecom devices in India, certain categories of products like WiFi CPE and IP Routers will require ComSec approval from NCCS by July 2024.   

After this date, it will be mandatory for all WiFi CPE equipment and IP Routers to obtain NCCS approval before they can be imported or sold in India.  

Furthermore, the ComSec certificate will be valid for ten years from the date they are issued, subject to the applicable ITSARs.   

Violation of extant guidelines and rules may also lead to NCCS suspending or cancelling the certificate.  

Mandatory Dates for Security Testing under ComSec   

As stated before, the effective date stands on 1st July 2024 for the notified product categories – Wi-Fi CPE, and IP Routers.   

This effective date is an extension three from the prior mandatory date of 1st April 2024.  

The Wi-Fi CPE ITSAR covers products like: 

• Wi-Fi Routers 
• Wi-Fi Modems 
• Broadband Modems with Wi-Fi facilities 
• Cable Modems with Wi-Fi facilities  
• FTTH ONTs with Wi-Fi facilities 
• Wi-Fi Data cards that provide Wi-Fi facilities with backend 2G / 3G / 4G connectivity.  

In a nutshell, for any Wi-Fi product which is covered under the MTCTE scheme, that falls under the above criteria, the OEM should subject their product to security testing under ComSec as well.   

Although the mandatory date has been extended, NCCS will be accepting voluntary applications for Voluntary Security Certification (VSC) from manufacturers and applicants.    

Why ComSec Scheme is Important for Manufacturers?   

All telecom equipment must undergo prior testing and certification under the Indian Telegraph Rules, so manufacturers, importers, and dealers who wish to sell, import, or use telecom equipment in India must comply with this requirement.   

Telecom products handle sensitive user data – calls, messages, internet traffic, and more.  

Certification by NCCS will ensure that these products meet stringent security standards, safeguarding user privacy.   

Also, it will be an added branding for the product to be marketed as NCCS certified, which would mean that the device adheres to the most uncompromising security standards in the world!   

What is Pre-Compliance in ComSec?   

Pre-compliance testing occurs before the formal compliance testing phase.    

Under the ComSec scheme’s formal test setup, the EUT undergoes security testing as per procedures defined by NCCS.   

Applicants must initially apply for testing and certification to NCCS through the MTCTE online portal, by providing the necessary documents.   

Following approval of the documents and application, the applicant can select a TSTL lab for testing.   

Upon TSTL approval, the OEM sends samples to the lab for formal testing. It’s noteworthy that NCCS appoints a validator to oversee the testing process.     

As security testing is a new regulation, conducting pre-compliance testing before the current testing phase is recommended to ensure a smooth and successful testing process.   

If witness testing from NCCS occurs, and if the product fails for any reason, only 16 weeks are given to the applicant to resolve the issues and get the retesting done with passing results.   

In case the product doesn’t pass within the 16-week duration, the result is considered a failure.    

Therefore, it is advised to perform a thorough security pre-compliance check before starting with the formal compliance testing phase.    

How can Vincular help with Telecom Product Certification and Testing?   

VINCULAR is the right partner who can help you understand anything and everything related to regulatory compliance in India.   

Security testing is one of our expertise, as we have seen this industry develop and take shape in recent years.   

A lot of brands and manufacturers have trusted us with their security pre-compliance and formal compliance testing requirements, and we have been delivering excellent results.    

Is your product mandatory to be subjected to COMSEC approval? When is the right time to start?   

Write to us at tec@vincular.in to get your first free consultation today! 

---

Follow us and Stay Updated!

If you are lagging behind with the latest compliance news, updates, amendments and so on then we have various options for you to stay up-to-date.

Subscribe to our Free Monthly Newsletter, and WhatsApp Channel or watch our Publication Space to stay ahead with the latest regulations and notifications without spending a dime!