The National Centre for Communication Security (NCCS), under the Department of Telecommunications (DoT), Government of India, has officially released ITSAR 2.0 (Indian Telecom Security Assurance Requirements) for Wi-Fi Customer Premises Equipment (CPE) and IP Routers. This long-awaited update marks a major step forward in India’s telecom cybersecurity framework — particularly for the growing category of cloud-controlled and cloud-managed networking devices.
Understanding ITSAR 2.0
The ITSAR documents define security assurance requirements that telecom products must meet as part of India’s Telecom Security Certification Scheme (TSCS). ITSAR 2.0 is the latest revision and introduces updated test parameters and evaluation methods designed to keep pace with modern network architectures — where many devices are managed remotely through the cloud.
This update specifically targets:
Wi-Fi CPE (Customer Premises Equipment) – including access points, gateways, and home routers.
IP Routers – used across enterprise and service-provider networks.
By extending coverage to cloud-controlled and cloud-managed functionality, ITSAR 2.0 reflects the evolving reality of software-defined, remotely managed devices that play a central role in today’s connected infrastructure.
What’s New in ITSAR 2.0
Security Parameters for Cloud-Controlled Devices
ITSAR 2.0 introduces dedicated test parameters for Wi-Fi Access Points, Wi-Fi CPE, and IP Routers that are controlled or managed via cloud platforms. These tests focus on areas such as:
Secure data transmission between device and cloud.
Authentication and authorisation of remote management sessions.
Protection against cloud-based configuration or firmware manipulation.
Guidance for Cloud-Managed Product Evaluation
The new version provides structured guidance on how to evaluate products with cloud-based management capabilities — including verification of encryption methods, credential storage, update mechanisms, and access control integrity.
Proactive Compliance Pathway
While cloud-managed products are currently exempt from mandatory evaluation, the release of ITSAR 2.0 allows manufacturers to proactively assess readiness. This ensures smoother compliance once these devices are formally brought under certification in future updates to the Telecom Security Certification Scheme (TSCS).
Why This Update Matters
With cloud-based control becoming a standard feature across Wi-Fi and routing devices, ensuring their security is critical to India’s digital ecosystem.
ITSAR 2.0 bridges the gap between traditional hardware-focused security evaluation and modern cloud-centric architectures, setting the groundwork for stronger national cybersecurity assurance.
This development also aligns India’s telecom security roadmap with international best practices, reflecting principles from frameworks such as ISO/IEC 62443 and ETSI EN 303 645, which emphasise end-to-end device and network resilience.
Manufacturers and stakeholders are encouraged to review the full ITSAR 2.0 versions to understand applicable test clauses and begin internal readiness evaluations, linked below:
📄 Wi-Fi CPE ITSAR 2.0
📄 IP Router ITSAR 2.0
Next Steps for Manufacturers
Review the new ITSAR 2.0 parameters to identify potential impact on existing and upcoming Wi-Fi and IP Router product lines.
Evaluate internal design and documentation practices to ensure readiness for security testing under TSCS.
Engage with recognised test laboratories and certification partners early to streamline future compliance processes.
Need help? At C-PRAV India, our cybersecurity and telecom compliance specialists assist manufacturers in interpreting the new ITSAR 2.0 requirements, performing readiness assessments, and preparing for formal certification under the TSCS framework. Contact us today, we’re here to help!