DoT Releases Updated ITSAR for Wi-Fi CPEs (ITSAR402122512) – Effective Soon

The National Centre for Communication Security (NCCS) under the Department of Telecommunications (DoT), Government of India, has issued a new and updated Indian Telecom Security Assurance Requirement (ITSAR) for Wi-Fi Customer Premises Equipment (CPE).
This updated standard—ITSAR402122512, Version 2.0.0, released on 01 December 2025—introduces enhanced security requirements that manufacturers, importers, and service providers must comply with under MTCTE (Mandatory Testing & Certification of Telecom Equipment).

What This Notification Means

The new ITSAR replaces older versions and brings significant updates aligned with the latest international standards, 3GPP specifications, and evolving Wi-Fi technologies such as:

• Wi-Fi 6 & Wi-Fi 7
• Cloud-managed access points
• Virtualized network functions
• Modern authentication mechanisms (WPA3, OWE, etc.)

This ITSAR now forms the mandatory baseline security standard for all Wi-Fi CPEs undergoing MTCTE certification in India.

Scope of the New ITSAR

This requirement applies to all categories of Wi-Fi CPE, including:

• Wi-Fi Routers
• Wi-Fi Modems
• Broadband/Cable Modems with Wi-Fi
• Access Points (with/without controllers)
• Mesh Wi-Fi systems
• Controllers (hardware or cloud-based)
• Cloud-managed Wi-Fi solutions

Unless specifically exempted, the security clauses apply to all device types.

Key Highlights of ITSAR402122512

Updated ITSAR Security Requirements for Wi-Fi CPE

1. Stronger Access & Authentication Controls

• Mandatory mutual authentication for management interfaces
• Role-based access control (RBAC)
• Multi-factor authentication for user and machine accounts
• Forced password change at first login and after factory reset
• Strong anti-brute-force protection

2. Enhanced Software & Firmware Security

• Secure update and upgrade mechanisms
• Mandatory source code security assurance
• No orphaned or unused software components
• Malware-free declaration from OEMs
• Protection against known vulnerabilities in SoC components

3. Robust Data Protection Requirements

• Secure cryptographic communication (IPsec, TLS, SSH, etc.)
• Encryption of data at rest and in transit
• Protection against overt and covert data exfiltration
• Cryptographic key protection and secure storage

4. Logging, Monitoring & Audits

Devices must maintain logs of:

• Login attempts
• Configuration changes
• System events
• Security incidents
• Network interface status

Logs must be stored in non-volatile memory for audit readiness.

5. Network Security Requirements

• Traffic filtering at network and transport layers
• Logical separation of management and control plane traffic
• Anti-spoofing and Reverse Path Forwarding (RPF) enforcement
• DDoS protection mechanisms
• Blocking of unnecessary ICMP messages

6. Web Interface Security (If Applicable)

• Mandatory HTTPS
• Input validation to prevent XSS and injection attacks
• No default or unused HTTP methods
• Restricted execution of system commands via CGI

7. Specific Wi-Fi Security Requirements

Applicable to Wi-Fi interfaces, including:

• Disabling unused SSIDs or interfaces
• Use of WPA3-level cryptography
• Prevention of unauthorized wireless access
• Secure tunneling for controller-based access points

Why This Update Matters

With Wi-Fi devices forming the backbone of India’s digital infrastructure, the updated ITSAR framework ensures:

• Higher network security
• Transparency and accountability
• Protection against evolving cyber threats
• Alignment with global security benchmarks

Manufacturers and importers must ensure their Wi-Fi CPE products meet these requirements before applying for MTCTE certification.

How Aleph INDIA Can Help

Aleph INDIA supports manufacturers and telecom equipment providers with:

• MTCTE certification support
• Documentation and technical file preparation
• End-to-end regulatory approvals

Our team helps you achieve compliance in the shortest possible timelines.