Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)

Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)

Schedule B : Directive for Mobile Cellular Operators in terms of Section 30(7)(a) read with Section 30(2) of the Regulation of Interception of Communications Information Act, 2002 (Act No. 70 of 2002)

Part 6 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception

19. Security Requirements

Purchase cart Previous page Return to chapter overview Next page

 

19.1It is recommended that the operator applies the following guidelines in securing the marking facility implementation for lawful interception purposes:
the physical and information security measures and practices outlined in the Minimum Information Security Standards (MISS) national information security policy as approved by Cabinet on 4th December 1996.

 

19.2The marking facility must be hosted within a physically secured environment.

 

19.3Physical access control to the marking facility must be implemented using an electronic access control mechanism.

 

19.4The access control system to the marking facility must provide detailed logs of both successful and failed access attempts to the facility and must be hosted within the marking facility itself. These logs must be maintained for a period of thirty (30) days.

 

19.5The mechanical key mechanism should only be used in the event of the electronic access control mechanism or the access control system failing. Access to this key must be strictly controlled.

 

19.6Logical access control to the marking facility must be implemented using a token-based authentication mechanism such as a digital certificate enabled smart card or a one-time password token.

 

19.7The logical access control system on the provisioning and mediation platforms at the marking facility must provide detailed logs of both successful and failed access attempts to these platforms. These fogs must be maintained for a period of thirty (30) days.

 

19.8The marking facility network must be secured through means of a network firewall based on protocol proxy or stateful protocol inspection technology.

 

19.9The rule set on the firewall must explicitly deny all externally originated communication sessions unless stipulated otherwise by the interception centre (IC) and agreed upon by the MCO.

 

19.10The firewall security must be augmented with intrusion detection systems capable of identifying and blocking network hacking attempts on the marking facility. The IDS pattern files must be updated regularly from the vendor of the IDS solution.

 

19.11Both network and server based anti-virus solutions must be implemented for the marking facility. The anti-virus definition files must be updated on regularly from the vendor of the anti-virus software.

 

19.12The communication link between the marking facility and the IC for the delivery of intercept related information (i.e. H12) must be encrypted using an IPSEC based link encryption device working in ESP mode. The encryption algorithm to be used is either 468-bit EDE mode Triple DES or 192-bit CBC mode AES.