The authoritative news source for communications regulation

CTIA: Base FCC Cybersecurity Rules on NIST Framework

CTIA expressed concerns about cybersecurity rules in the proposed 5G Fund (see 2403200071) and Alternative Connect America Cost Model rules. In a filing posted Monday in docket 22-329, CTIA said its concerns extend “insofar as these rules and proposals are…

Start A Trial
not harmonized with other federal approaches, such as the Broadband Equity, Access, and Deployment program, and go beyond a requirement to align cybersecurity risk management plans” with the National Institute of Standards and Technology’s cybersecurity framework (CSF) version 2.0. The CSF “is the best vehicle through which to facilitate robust cybersecurity programs: it is well understood by industry and critical infrastructure organizations, it is flexible, and it is future-proof,” CTIA said: “It includes informative references to a range of ‘standards, guidelines, and practices’ to achieve the outcomes laid out in its Functions and their associated Categories and Subcategories, while recognizing that there is no one-size-fits-all approach that is appropriate for cybersecurity risk management in an area as dynamic as cybersecurity.” In addition, the CSF has “international reach and understanding, which is important in an increasingly global cybersecurity environment,” the group said.