Consumer Electronics Daily was a Warren News publication.

FCC's Equipment Security NPRM Had Several Changes

There were numerous changes between draft supply chain rules and final rules OK’d by commissioners 4-0 Thursday (see 2106170063). The FCC added several questions to a section on certification rules, including for telecom certification bodies (TCB) that do most of the work. “Are there additional compliance measures beyond” an attestation “that we should consider?” it now says: “Should the applicant have an ongoing duty during the pendency of the application to monitor the list of covered equipment and provide notice to the TCB or the Commission if, subsequent to the initial filing of the application or at the time a grant of certification, the equipment or a component part had become newly listed as ‘covered’ equipment in an updated Covered List?” The NPRM now asks whether existing rules or procedures should “be enhanced with respect to applicants that intentionally attempt to circumvent our rules or TCBs that repeatedly fail to meet their responsibilities to comply with our proposed prohibition” and on “revisions that could better ensure that applicants comply with our proposed requirements.” The draft was changed to ask for comment on “any other types of action or activity (e.g., outreach and education) that would be helpful to ensure that all parties potentially affected by these changes understand the changes and will comply the prohibition associated with ‘covered’ equipment.” Other sections also were modified to ask about the need for additional education. In a change requested by Commissioner Geoffrey Starks, the NPRM asks “should we also require that the compliance statement include the name of a U.S. agent for service of process (if different from the responsible party)?” As indicated Thursday, the NOI now includes new language on the roles played by stores and standards groups. “Even with broad adoption of industry best practices and standards, some equipment sold in the United States may lack appropriate security protections,” it says: “What is the role of retailers in voluntarily limiting the sale of such equipment? How can retailers educate consumers about the importance of security protections for their devices?” The NPRM asks for comment on “the status of international standards setting that could be relevant to supply chain security.” As mentioned by Commissioner Nathan Simington, the NOI asks: “Are there other technologies or cybersecurity methods that mitigate security risks (e.g., RF fingerprinting256 or some other method)? What, if anything, should the Commission be doing to encourage” such.