National Centre for Communication Security (NCCS) is a Centre under Department of Telecommunications (DoT) responsible for implementation of Communication Security Certification Scheme. The ComSec Scheme is managed by the Scheme Controller. NCCS aims to meet the following objectives in operating and maintaining the ComSec scheme:
- Development of country specific standards, processes and specifications.
- Development of testing and certification eco-system.
- Ensure that Telecom network elements meet security assurance requirements.
- Ensure compliance of regulatory requirements pertaining to security testing
Scheme mainly comprises of three major activities:
- Development of country specific Security assurance standards called Indian Telecom Security Assurance Requirements (ITSAR) for every Telecom equipment
- Designation of third-party Telecom Security Test Laboratories (TSTL) meeting the specified requirements. The Designated TSTLs will be responsible for carrying out the security testing of telecom equipment as per ITSAR’s requirements
- Evaluation and Certification of the telecom equipment against ITSAR by NCCS
Sr. DDG, NCCS, who is also the Scheme Controller, heads the NCCS. NCCS is organised into three divisions. Each division is headed by a DDG level officer.
- Security Assurance Standards (SAS) Division: This division is responsible for developing ITSARs, Test procedures, best current practices, identification of Security test tools and managing the Security Assurance Standards Facility (SASF). The SAS Division is also responsible for testing of network elements in case of any security breach reported and in referral cases.
- Security Lab Recognition/Designation (SLR) Division: SLR Division is responsible for notifying TSTL designation mechanism along with requirements to be met by TSTL, conducting all activities associated with the designation of TSTL and designate TSTLs by issuing a certificate.
- Security Certification and Headquarters (SC & Hq) Division: This division is responsible for issuing security certificate for the successfully tested Telecom Equipment.
- The Indian Telegraph Rules, 1951, PART XI, Testing & Certification of Telegraph (Rule 528 to 537) provides that every Telecom equipment must undergo prior mandatory testing and certification. The certification process endeavors to ensure that every Telecom equipment complies with essential country specific Telecom Security standards and requirements namely the Indian Telecom Security Assurance Requirements (ITSARs).
- Subsequently, any Original Equipment Manufacturer (OEM)/ importer/ dealer who wishes to sell, import, or use any telecom equipment in India, shall have to get their equipment security tested and certified by NCCS. The scheme may be implemented in a phased manner.
- The scope of security certification covers all types of telecom equipment to be sold in India or to be connected to Indian telecom network after the date of effect of Communication Security Certification (ComSec) Scheme for which ITSAR is available and is in force (from a date to be notified separately by the Government).
- Applicants intending to get their equipment certified shall register on MTCTE portal. After successful evaluation, the applicant can choose a designated TSTL for security testing of its equipment against applicable ITSAR. After completion of the testing, test reports submitted by TSTL shall be evaluated by NCCS for security certification. On successful evaluation, the certificate shall be issued by the Security Certification division of NCCS.
- The Security Certificates issued for equipment shall be valid for Ten years from the date of issue, subject to compliance to applicable ITSAR amended from time to time. Further, NCCS may suspend/cancel the certificate, if it comes to the knowledge of NCCS of any violation of extant guidelines & rules.
- Division also manages General Administration, Staff and Establishment matters, Public Grievance redressal, Responding RTI queries, Advocacy/ Public Awareness of important events/ achievements in various social media platforms, Maintaining service records and e-HRMS related matters, Training, Capacity Building and iGoT matters, Procurement of Goods and services, Budget and Audit matters, Holding of workshops, conference, and presentations, Building works, Responding to Parliamentary matters, Handling Court cases including engagement of legal counsel, Vigilance matters and Other regular administrative works.