CTIA: Base FCC Cybersecurity Rules on NIST Framework
CTIA expressed concerns about cybersecurity rules in the proposed 5G Fund (see 2403200071) and Alternative Connect America Cost Model rules. In a filing posted Monday in docket 22-329, CTIA said its concerns extend “insofar as these rules and proposals are…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
not harmonized with other federal approaches, such as the Broadband Equity, Access, and Deployment program, and go beyond a requirement to align cybersecurity risk management plans” with the National Institute of Standards and Technology’s cybersecurity framework (CSF) version 2.0. The CSF “is the best vehicle through which to facilitate robust cybersecurity programs: it is well understood by industry and critical infrastructure organizations, it is flexible, and it is future-proof,” CTIA said: “It includes informative references to a range of ‘standards, guidelines, and practices’ to achieve the outcomes laid out in its Functions and their associated Categories and Subcategories, while recognizing that there is no one-size-fits-all approach that is appropriate for cybersecurity risk management in an area as dynamic as cybersecurity.” In addition, the CSF has “international reach and understanding, which is important in an increasingly global cybersecurity environment,” the group said.