Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)

Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)

Schedule C : Directive for Internet Service Providers in terms of Section 30(7)(a) read with Section 30(2) of the Regulation of Interception of Communications Information Act, 2002 (Act No. 70 of 2002)

Part 3 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception

9. Security Requirements

Purchase cart Previous page Return to chapter overview Next page

 

9.1Interception provisioning terminals must be housed in areas with access controls implemented to limit access by authorised staff only. Provisioning terminals may be accessible remotely across a network, in which case an encrypted communication channel is to be used.

 

9.2Logical access control must be implemented on the provisioning terminals; at minimum, a password that is changed monthly is required.

 

9.3The provisioning terminal must be configured to provide detailed togs of both successful and failed access attempts to the terminal.

 

9.4The provisioning terminal and mediation device must be secured through means of a network firewall. The rule set on the firewall must explicitly deny all externally originated communication sessions unless it is from the interception centre (IC).

 

9.5The provisioning terminals should have appropriate virus protection, and the virus protection chosen should be updated as often as is reasonably possible.

 

9.6The communication link between the mediation device and the IC for the delivery of intercept related information (ie. H12) and intercepted content (i.e. H12) must be encrypted using an IPSEC based link encryption software or device working in ESP mode. The encryption algorithm to be used is either 168-bit EDE mode Triple DES or 192-bit CBC mode AES.