In continuation of the notification NCCS/HQ/COMSEC/2023-24/III dated 19.09.2024, the following important amendment has been issued regarding End of Sale/Life (EoS/EoL) telecom devices:
Key Update:
it was clarified that the devices for which EoS date is before the ITSAR mandatory enforcement date for the product category, such devices are exempted from initial security testing. However, if such devices undergo modification/update then OEM shall apply for security certificate by submitting internal test reports showing conformance to ITSAR.
- Procedure:
- OEMs can now apply for a Provisional Security Certificate via the ER → ER+ITSAR upgrade flow on the MTCTE portal.
- The application must include:
- Declaration of EoS/EoL dates
- Self-Declaration of Conformity (SDoC) to applicable ITSAR
No Security Report Evaluation Fee will be charged.
Validity: 5 years, or remaining ER certificate validity, or until the EoL date — whichever is earliest.
This move significantly eases compliance for legacy devices while ensuring adherence to baseline security standards.
