Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Schedule A : Directive for Fixed Line Operators in Terms of Section 30(7)(a) read with Section 30(2) of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Part 6 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception19. Security Requirements |
19.1 | The marking facility implementation for lawful interception purposes at the fixed line operator must comply with the following security guidelines: |
• | the Minimum Information Security Standards (MISS) national information security policy as approved by Cabinet on 4th December 1996. |
19.2 | This dedicated area of the marking facility must conform to the physical security requirements stipulated within MISS. |
19.3 | Physical access control to the marking facility must be implemented using an electronic access control device such as a RFID token. |
19.4 | The access control system to the marking facility must provide detailed logs of both successful and failed access attempts to the facility. |
19.5 | The mechanical key mechanism should only be used in the event of the electronic access control device or the access control system failing. This key must be kept safely with strict control over its access. |
19.6 | Logical access control to the marking facility must be implemented using a token-based authentication mechanism such as a one-time password token. |
19.7 | Insofar as is possible, the logical access control system on the provisioning and mediation platforms at the marking facility must provide detailed logs of both successful and failed access attempts to these platforms. |
19.8 | Network access to the marking facility must be secured through means of a network firewall. |
19.9 | The rule set on the firewall must explicitly deny all externally originated communication sessions. |
19.10 | The firewall security must be augmented with intrusion detection systems capable of identifying and blocking network hacking attempts on the marking facility. The IDS pattern files must be updated regularly from the vendor of the IDS solution. |
19.11 | Both network and server based anti-virus solutions must be implemented for the marking facility. The anti-virus definition files must be updated regularly from the vendor of the anti-virus software. |
19.12 | Insofar as is possible, the communication link between the marking facility and the IC for the delivery of intercept related information (ie. H12) must be encrypted using an IPSEC based link encryption device working in ESP mode. The encryption algorithm to be used is either 168-bit EDE mode Triple DES or 192-bit CBC mode AES. |