Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)

Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)

Schedule A : Directive for Fixed Line Operators in Terms of Section 30(7)(a) read with Section 30(2) of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)

Part 6 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception

19. Security Requirements

Purchase cart Previous page Return to chapter overview Next page

 

19.1The marking facility implementation for lawful interception purposes at the fixed line operator must comply with the following security guidelines:
the Minimum Information Security Standards (MISS) national information security policy as approved by Cabinet on 4th December 1996.

 

19.2This dedicated area of the marking facility must conform to the physical security requirements stipulated within MISS.

 

19.3Physical access control to the marking facility must be implemented using an electronic access control device such as a RFID token.

 

19.4The access control system to the marking facility must provide detailed logs of both successful and failed access attempts to the facility.

 

19.5The mechanical key mechanism should only be used in the event of the electronic access control device or the access control system failing. This key must be kept safely with strict control over its access.

 

19.6Logical access control to the marking facility must be implemented using a token-based authentication mechanism such as a one-time password token.

 

19.7Insofar as is possible, the logical access control system on the provisioning and mediation platforms at the marking facility must provide detailed logs of both successful and failed access attempts to these platforms.

 

19.8Network access to the marking facility must be secured through means of a network firewall.

 

19.9The rule set on the firewall must explicitly deny all externally originated communication sessions.

 

19.10The firewall security must be augmented with intrusion detection systems capable of identifying and blocking network hacking attempts on the marking facility. The IDS pattern files must be updated regularly from the vendor of the IDS solution.

 

19.11Both network and server based anti-virus solutions must be implemented for the marking facility. The anti-virus definition files must be updated regularly from the vendor of the anti-virus software.

 

19.12Insofar as is possible, the communication link between the marking facility and the IC for the delivery of intercept related information (ie. H12) must be encrypted using an IPSEC based link encryption device working in ESP mode. The encryption algorithm to be used is either 168-bit EDE mode Triple DES or 192-bit CBC mode AES.