All CCTVs to undergo mandatory testing of ‘Essential Security Parameters’

New Delhi, Apr 10 (FN Agency) Concerned over public safety and national security in the deployment of CCTV Cameras (Closed-Circuit Television), the Government has made it mandatory for testing of the “essential security parameters” for all the CCTV cameras sold in India. A Notification has been issued in this regard making it mandatory for testing of the “essential security parameters.” The said order will be effective with effect from October 9 this year, giving enough time to industry to prepare themselves. The test reports from Bureau of Indian Standard (BIS) recognized labs like STQC etc. would need to be submitted. With this, the Government has ensured that any and all CCTV cameras deployed in India are safe from national security issues and ensure trusted source of critical components for CCTV/Video Surveillance Systems.

Securing a CCTV system is crucial to protect sensitive information and ensure the system operates effectively. Key areas of testing include exposed network services, device communication protocols etc., the ability to extract memory and firmware, firmware update process security and storage and encryption of data.All companies deploying CCTVs will have to reveal information about country of import of critical components and software as well. For this, the requirement are Physical Security – Use tamper-resistant camera enclosures and locking mechanisms to deter physical tampering; Access Control by Authentication, Role-Based Access Control (RBAC) and regularly review and update access permissions to reflect personnel changes; Network Security by employing encryption of data transmission; Software Security by Regular Updates, Disable Unused Features and Strong Password Policies; and Penetration Testing that is Employ penetration testing to assess the system’s resistance to cyberattacks and address vulnerabilities.

In the telecom sector also, all telecom service providers or other telecom infrastructure companies provide information to Trusted Telecom Cell (TTC) about the company and the product that would be deployed in their telecom network. Their inputs would be evaluated and based on the outcome of evaluation they will be classified as “Trusted Source / Trusted Product”. Earlier on 6th March, 2024, Ministry of Electronics & IT (MeitY) issued notification for Public Procurement of CCTV for essential testing of critical essential security parameters and giving details for Local Content (LC) calculations. Of special importance are requirements of verification for Trusted Source for sourcing the critical hardware components related to security functions. Not allowing Proprietary Network Protocol or giving implementation schedule and Source Code, verification of all codes including third parties.