 |
Code of Federal Regulations (Last Updated: July 5, 2024) |
 |
Title 47 - Telecommunication |
|
Chapter I - Federal Communications Commission |
|
SubChapter B - Common Carrier Services |
|
Part 30 - Upper Microwave Flexible Use Service |
|
Subpart A - General |
§ 30.8 - [Reserved]
-
§ 30.8 5G Provider cybersecurity statement requirements.
(a) Statement. Each Upper Microwave Flexible Use Service licensee is required to submit to the Commission a Statement describing its network security plans and related information, which shall be signed by a senior executive within the licensee's organization with personal knowledge of the security plans and practices within the licensee's organization. The Statement must contain, at a minimum, the following elements:
(1) Security approach. A high-level, general description of the licensee's approach designed to safeguard the planned network's confidentiality, integrity, and availability, with respect to communications from:
(i) A device to the licensee's network;
(ii) One element of the licensee's network to another element on the licensee's network;
(iii) The licensee's network to another network; and
(iv) Device to device (with respect to telephone voice and messaging services).
(2) Cybersecurity coordination. A high-level, general description of the licensee's anticipated approach to assessing and mitigating cyber risk induced by the presence of multiple participants in the band. This should include the high level approach taken toward ensuring consumer network confidentiality, integrity, and availability security principles, are to be protected in each of the following use cases: communications between a wireless device and the licensee's network; communications within and between each licensee's network; communications between mobile devices that are under end-to-end control of the licensee; and communications between mobile devices that are not under the end-to-end control of the licensee;
(3) Cybersecurity standards and best practices. A high-level description of relevant cybersecurity standards and practices to be employed, whether industry-recognized or related to some other identifiable approach;
(4) Participation with standards bodies, industry-led organizations. A description of the extent to which the licensee participates with standards bodies or industry-led organizations pursuing the development or maintenance of emerging security standards and/or best practices;
(5) Other security approaches. The high-level identification of any other approaches to security, unique to the services and devices the licensee intends to offer and deploy; and
(6) Plans with Information Sharing and Analysis Organizations. Plans to incorporate relevant outputs from Information Sharing and Analysis Organizations (ISAOs) as elements of the licensee's security architecture. Plans should include comment on machine-to-machine threat information sharing, and any use of anticipated standards for ISAO-based information sharing.
(b) Timing. Each Upper Microwave Flexible Use Service licensee shall submit this Statement to the Commission within three years after grant of the license, but no later than six months prior to deployment.
(c) Definitions. The following definitions apply to this section:
Availability. The accessibility and usability of a network upon demand.
Confidentiality. The protection of data from unauthorized access and disclosure, both while at rest and in transit.
Integrity. The protection against the unauthorized modification or destruction of information.
[Reserved]