PROCEDURE

FOR
SECURITY CERTIFICATION
OF
TELECOMMUNICATION EQUIPMENT

Doc. No.: NCCS/SC/01/30032020

All Rights Reserved and no part of this publication may be reproduced, stored in a retrieval
system, or transmitted, in any form or by any means, electronic, mechanical, photocopying,
recording or otherwise without written permission from the Department of
Telecommunications, New Delhi

National Centre for Communication Security

Department of Telecommunications, Ministry of Communications,
City Telephone Exchange, Sampangirama Nagar, Bangalore- 560027.

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 1 of 10
NCCS/SC/01 1.0 0 ‐
 INDEX

1. INTRODUCTION ........................................................................................................................ 3

2. DEFINITIONS .............................................................................................................................. 3

3. SCOPE OF CERTIFICATION .................................................................................................... 3

4. GENERAL ..................................................................................................................................... 4

5. CERTIFICATION PROCESS ..................................................................................................... 5

6. FEES PAYABLE ........................................................................................................................... 6

7. CERTIFICATE MODIFICATION .............................................................................................. 6

8. RENEWAL .................................................................................................................................... 7

9. REVISION OF ITSAR ................................................................................................................. 7

10. SURVEILLANCE ...................................................................................................................... 8

11. NON CONFORMITY & CONTRAVENTIONS .................................................................... 8

12. APPEAL ..................................................................................................................................... 8

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 2 of 10
NCCS/SC/01 1.0 0 ‐
 Procedure for Security Certification of
Telecommunication Equipment

1. INTRODUCTION

1.1 The Indian Telegraph Rules, 1951, PART XI, Testing & Certification of Telegraph,
(Rule 528 to 537) provides that every Telecom equipment must undergo prior mandatory
testing and certification.

1.2 In this context, Department of Telecommunications has come out with a

“Communication Security Certification Scheme” vide document No.
NCCS/ComSec/01/30032020 for Security Certification of Telecom equipment.

1.3 This subordinate document gives the detailed procedure for security testing and
certification of Telecom equipment.

1.4 Any Original Equipment Manufacturer (OEM)/importer/dealer/Service Providers who

wishes to sell or import, or use any Telecom equipment in India, shall have to obtain Security
Certificate from National Centre for Communication Security (NCCS).

1.5 Certification process endeavors to ensure that Telecom equipment complies with the
essential country specific Telecom security standards and requirements namely the Indian
Telecom Security Assurance Requirements (ITSAR).

2. DEFINITIONS

2.1 All the definitions in the “Communication Security Certification Scheme” document shall
be applicable for this document.

2.2 ‘Authorized Indian representative (AIR)’ means a company or firm incorporated in

India, which, in case of imported equipment, has been duly authorized by Foreign OEM to
carry out all obligations required under MTCTE in respect of the imported equipment.

2.3 ‘BoM’ means Bill of Material, and is a file containing details of all major modules/
components of the model being offered for testing. In case of application for certification of
multiple models, the BoM shall include such details of all models.

3. SCOPE OF CERTIFICATION
3.1 The scope of Security certification would cover all types of Telecom equipment to be sold
in India or to be connected to Indian Telecom network for which ITSAR is available and in
force.

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 3 of 10
NCCS/SC/01 1.0 0 ‐
3.2 The effective dates for certification becoming mandatory for different Telecom equipment
shall be notified by the Government separately.

3.3 The use of certified equipment, unless specifically exempted, shall be governed by extant
guidelines and rules.

3.4 If the equipment is being imported for Research and Development or for demonstration
purpose in India or as a sample for mandatory testing, prior security certification may be
exempted for limited numbers of equipment.

3.5 Any uncertified equipment, which is not prohibited in India by any law, personally
accompanied on inward foreign travel to India for personal use, may be exempted from
mandatory testing and certification on self-declaration.

3.6 Security Testing under this scheme shall be done only in designated TSTLs. List of
Designated TSTLs and their scope of testing are available in MTCTE portal

4. GENERAL

4.1 Any OEM/importer/dealer/user of Telecom equipment must first ensure that the model of
equipment he intends to sell or use is certified under this Scheme.

4.2 Certification needs to be obtained only once for one ‘model’ of equipment, and is applicable
for any quantity of the certified model of the equipment. A different model of the equipment
needs separate certification.

4.3 The model with full configuration of hardware, interfaces and software is called the Main
model. Associated models for the purpose of Security certification are those models which
have identical software but having hardware which is a subset of the main model. Associated
models of the telecom equipment shall be certified without testing.

4.4 Only complete-in-itself, standalone, independent equipment are tested and certified under
the scheme. Equipment modules/ components are not covered by the scheme. Further,
combinations of independent equipment made to form systems are not certified under this
scheme; instead, each independent equipment would need separate certification.

4.5 The Certificate shall be valid for five years from the date of issue.

4.6 NCCS may suspend/cancel the certificate, if it comes to the knowledge of NCCS of any
violation of the extant guidelines and rules.

4.7 NCCS may issue such directions to OEMs/importers/dealers/users consistent with the
Act, Rule or this procedure, as may be necessary, for smooth functioning of certification
process.

4.8 The security certification procedures, which are detailed in this document, are subject to
revision from time to time.

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 4 of 10
NCCS/SC/01 1.0 0 ‐
5. CERTIFICATION PROCESS

5.1 Security Certification process broadly consists of two parts; firstly, testing against
applicable ITSAR, and secondly evaluation of test results for ensuring conformance with these
requirements. If equipment is found compliant with all applicable ITSAR, it will be certified to
that effect.

5.2Any applicant seeking certification under this scheme may apply online on MTCTE portal
(https://www.mtcte.tec.gov.in).The applicant may provide relevant documents like (i) Company
Registration (ii) Letter issued by company authorizing him for related responsibilities.
Additionally, in case of foreign OEMs, the applicant from Indian company shall provide
documents in support of (iii) MoU between foreign OEM and Indian representative (AIR) for
sale and support of the product in India, and (iv) authorizing the AIR for MTCTE related
responsibilities.

5.3The documents shall be scrutinized and any shortcoming in documents shall be intimated
to the applicant. After rectification of shortcomings, applicant’s registration shall be approved,
after which he may submit application for testing/ certification.

5.4 Applicant shall select product to be certified, its variant details, available interfaces and
associated models’ information, if applicable, and shall upload Bill of Materials (BoM) file on
the portal. BoM for the purpose of security certification shall include Software version of the
Operating System, Database, Cryptography module and any other third party/proprietary
software used in the equipment apart from other hardware details. After submission of his
application the applicable ITSAR and the fee to be paid will be intimated/shown to the
Applicant.

5.5 After payment of applicable fee, the applicant has to get his equipment tested against
applicable ITSAR from any of the designated TSTL. TSTL is required to complete testing
within a period of 16 weeks which includes any time required by the applicant to make good
any non-compliance brought out during the testing.

5.6 NCCS may appoint a validator for technical oversight of the testing carried out in the TSTL.

5.7 After completion of testing the TSTL shall upload the Test reports along with signature of
the tested equipment. Hard copy of the comprehensive test reports shall also be made over
to NCCS unit. The Test reports shall be evaluated for compliance against applicable ITSAR
by NCCS.

5.8 If equipment is found compliant with applicable ITSAR(s), a Certificate shall be issued to
the applicant, for the specific model of equipment.

5.9 The certificate will normally be issued within 4-8 weeks from the date of submission of
complete test results, depending upon complexity of equipment.

5.10 If ITSAR is amended and a new version of the ITSAR released, it will be applicable from
a prospective date indicated in the new version of ITSAR. Until that time, existing ITSAR will
be applicable.

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 5 of 10
NCCS/SC/01 1.0 0 ‐
5.11 Telecommunication Engineering Centre (TEC) or any other entity specified may be
contacted for clarifications pertaining to application process.

6. FEES PAYABLE

6.1 The Fees charged under the Scheme will consist of Security Test Report Evaluation Feeas
given below. This shall be payable over and above the fee prescribed by TEC as per Schedule
of fees given in the latest version TEC MTCTE document “Testing and Certification
Procedure”:

Security Test Report Evaluation Fee

Group of equipment
₹
A and B 2,00,000
C 2,50,000
D 3,50,000

6.2 The Security Test Report Evaluation Fee given above shall also be applicable for
Certification modification involving security testing.

6.3 Renewal Fee is applicable, if application for renewal of certificate is made, and no testing
or report evaluation is involved. The amount of this fee is same as Administrative fee, for the
respective product group.

6.4 Fee for issue of temporary certificate will be same as renewal fee as prescribed under
para 6.3.

6.4 Fees for contravention will be levied as prescribed in the Indian Telegraph (Amendment)
Rules, 2017.

6.5 Testing Fee: Fees charged by TSTLs for conducting security testing shall be payable
directly to the TSTL without involvement of MTCTE portal.

6.6 All fees are non-refundable.

6.7 The fees are to be deposited during the application process on MTCTE portal. During
processing, the MTCTE portal will lead the user to the Non-Tax Revenue Portal (NTRP) for
online payment.

7. CERTIFICATE MODIFICATION

7.1 In the event of Software patch/ bug fix/ update, the certificate holder is responsible for
ascertaining the compliance of certified equipment, including deployed equipment, with ITSAR

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 6 of 10
NCCS/SC/01 1.0 0 ‐
and apply for certificate modification. Whenever a patch/ bug fix/ update is released by OEM,
it may be permitted to be deployed with a temporary certificate. OEM will submit the changed
signature along with all the internal test reports demonstrating to compliance to all security
requirements of applicable ITSAR along with an undertaking given in the Annexure. The
modified signature of the said model will be incorporated in a temporary certificate with a
validity period of upto one year from the date of release or for balance period of initial certificate
whichever is earlier. Temporary certificate will be issued within 7 working days of Application
normally. Any subsequent request for modification of temporary certificate will be allowed with
a validity for balance period of that certificate.

7.2 In the event of Software patch/ bug fix/ update affecting any Security Functionality,
recertification will be necessary subject to clause 7.3.

7.3 Modifications that can be differentiated as incremental change shall be permitted to

undergo incremental testing.

7.4 Any modification in the certified product without a valid certificate shall amount to use of
uncertified equipment and shall be dealt accordingly.

8. RENEWAL

8.1 For renewal, a Certificate holder must apply online and pay the renewal fee at least one
month prior to expiry of the current certificate’s validity period.

8.2 A certificate shall be renewed only if there is no change in the ITSAR applicable to the
equipment, and there is no change in the equipment model.

8.3 After evaluation of the renewal application, a fresh certificate valid for another five years
shall be issued, indicating the previous certificate number thereon.

9. REVISION OF ITSAR

9.1 Technological developments, Country specific requirements, changes in international

standards or other regulatory requirements may entail revision of ITSAR.

9.2 A new version of ITSAR will generally be issued along with a prospective date of effect
indicated thereon.

9.3 The revision of ITSAR shall not generally affect the validity of certificate of already certified
Telecom Equipment till the notified date of effect of new version of the ITSAR after which the
equipment is to be certified against the new version of the ITSAR. The new version of ITSAR
will indicate, for the equipment certified against the earlier version of ITSAR, whether the

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 7 of 10
NCCS/SC/01 1.0 0 ‐
equipment requires to undergo full or incremental testing for certification against the new
version of the ITSAR. Equipment for which applications are received after the notified date of
effect of revised ITSAR shall be required to be certified against revised ITSAR. However,
Government of India may direct the certificate holders to get specified models re-tested.

10. SURVEILLANCE

10.1 Appropriate Authority (AA) reserves the right to inspect and/ or test any telegraph, which
requires mandatory certification at any time and at any premises including sites where it is in
use or at the place of manufacturing to ensure that the telegraph used/ sold has required
certifications and conforms to the ITSAR of existing certifications. Such inspection and/or
testing may be carried out periodically, or at the discretion of Telegraph Authority or due to
any complaint.

10.2 NCCS may call for re-testing/ re-evaluation of certified telecom equipment and charge
the relevant fee, should the need arise to check on the compliance of the equipment to the
ITSARs. These cases may be tested in Security Assurance Standards Facility of NCCS or
designated TSTLs as decided by the Scheme Controller on a case-by-case basis.

11. NON-CONFORMITY & CONTRAVENTIONS

11.1 If it comes into the notice of the Telegraph Authority/Appropriate Authority (AA) that,
(i) an uncertified equipment or certified equipment with unauthorized modifications or
equipment whose certification has expired is being sold/ used or intended to be sold/
used, or
(ii) a certified equipment is not conforming to the ITSAR for which the certification has
been issued
then such non-conformity or contravention shall be dealt with in accordance with
Telegraph rules in force.
.

12. APPEAL
12.1 Any dispute regarding the processing of application till the commencement of testing
may be addressed to the Appeal Officer, TEC. The Appeal will be disposed off by TEC.

12.2 Any dispute brought forth by an Applicant or a TSTL, concerning the operation of the
scheme or any of its associated activities shall be addressed to the Security Certification
Division head. If not satisfied with the disposal, the applicant/ TSTL may appeal to the Scheme
Controller for resolution. The decision of the Scheme Controller will be final and binding on
the concerned parties.

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 8 of 10
NCCS/SC/01 1.0 0 ‐
 Flow Chart for Security Certification

TEC Registration of Applicant and APPLICANT

Submission of Application form
through MTCTE portal

Processing and scrutinization Corrective Action by

of Application Applicant

Acceptance of Application
and documents by TEC Payment of Applicable fee

Applicant Chooses the

designated TSTL in Portal
SC Division

TSTL
SC Division receives TSTL accepts the
notification of request
acceptance

Appointment of Participation by
Validator TSTL starts the security testing against
Validator
corresponding chosen requirement

Submission of Security
testing Report

Evaluation of Report and

Acceptance

Issue of Certificate

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 9 of 10
NCCS/SC/01 1.0 0 ‐
 Annexure

Undertaking/ Declaration

I, Sri ………………………., Authorized representative of M/s………………………,

here by undertake and certify that

a) The Model no (Hardware & Software) ……………was certified on ………. Vide

certificate no: ……….
b) The model No……………. Of …………(type of Equipment) complies with ITSAR
no…………………after modification and has been tested internally. Original and
Modified signature(s) of the equipment are given below.

Original Signatures Modified Signatures

i)…………………………. i)………………….
ii)…………………………. ii)………………….

.
.
c) Description of the Modification along with IAD (Impact assessment document)
enclosed.
…

d) This modification affects/ does not affect security features of the equipment.

e) The internal tests conducted against ITSAR (no of tests: ….) and their reports (no
of pages: ……) are annexed.

(Signature of the Authorized Representative & Company Seal)

Document Procedure for Security Certification of Telecommunication Equipment

Doc No. Issue No Issue Date Revision No Revision Date Page no.
, 2019 Page 10 of 10
NCCS/SC/01 1.0 0 ‐