International hacking incidents are putting the spotlight on countries’ security loopholes and weaknesses. With many governments calling for higher security, requirements for secure connected products are increasingly stringent. Indian Telecom Security Assurance Requirements (ITSARs) are security assurance standards (SAS) set by India’s Department of Telecommunications for mobile and network communications devices and equipment.
UL is committed to helping customers demonstrate security compliance, adhere to standards and get their products to market regardless of the complexity in design and choice of technology. UL offers training, pre-compliance/gap analysis and compliance testing services to help vendors fulfill security evaluations.
Product types covered in ITSAR*
ITSAR for cryptographic controls
The manufacturer must adopt various categories of cryptographic controls specified in the ITSAR document, which include symmetric key encryption and decryption, asymmetric key encryption and decryption, all secure protocols or services at every layer of TCP/IP or OSI stack in the network element, such as IPsec at the network layer, TLS/SSL/DTLS at the transport/session layer, SSH/SNMP/diameter/HTTPS at the application layer, etc., and shall strictly implement the list of cryptographic controls specified in the ITSAR document only for all other ITSARs.
ITSAR for IP routers
An IP router used for the access network element that provides connectivity between mobile equipment, gateways, end points and other core networks.
ITSAR for Wi-Fi CPEs
Wi-Fi CPEs are equipment used or deployed at customer premises in telecommunications networks to provide internet connectivity to end users.
ITSAR applies to Wi-Fi routers and modems, broadband modems with Wi-Fi facility, cable modems with Wi-Fi facility, FFTH ONTs with Wi-Fi facility and Wi-Fi data cards, which provide Wi-Fi facilities with back-end 2G/3G/4G connectivity.
ITSAR for mobile devices
“Mobile devices” refers to all types of mobile user equipment, e.g., mobile handset, feature phone, smartphone, tablet/phablet or any other device having cellular interface and other optional features.
ITSAR for mobility management entity (MME)
MME for the access LTE mobile network element, which provides connectivity between user mobile, 3G and 4G networks and service providers.
Additional ITSAR products in scope include:
- eNodeB (4G access network element)
- P-GW/PDN-GW (4G core network element)
- Pluggable (U)ICC
*Subject to Mandatory Testing and Certification of Telecom Equipment (MTCTE) notification.
UL’s ITSAR solutions
During an interactive training or tailored workshop, we will empower you to make educated choices based on the specific ITSAR security assurance standard requirements, considering security aspects related to cryptographic controls and common security requirements in ITSARs.
We can provide a constructive review that will help you differentiate between your current and desired state for meeting device-specific ITSAR security assurance standards. Our experts will provide results in a gap analysis report that can be customized to include testing if necessary or requested.
UL can assess and test your devices to specific ITSAR security assurance standard requirements to check compliance levels and adherence to ITSAR. We offer a selection of assessment and testing options to respond to your business needs.
Compliance testing under TSTL Certification program*
We can assess and test your devices to specific ITSAR security assurance standards requirements under the TSTL certification program defined by NCCS.
For telecom device and system manufacturers, adhering to ITSAR security assurance standards helps you demonstrate your security compliance to a wide range of target markets and customers.
UL is a recognized leader in cybersecurity assessment and certification services for Common Criteria (ISO/IEC 15408), FIPS 140, UL 2900, IEC 62443 standards. UL leads consumer IoT standards, supply chain cybersecurity and other training and advisory services that address secure product development, cybersecurity in connected ecosystems and supply chain risk management.