📞FCC Caller ID Authentication Compliance Requirements
Call Authentication Trust Anchor
Summary
In this document, the Federal Communications Commission (Commission) adopts rules that strengthen the Commission's caller ID authentication requirements by establishing clear practices for providers that rely on third parties to fulfill their STIR/SHAKEN implementation obligations. The rules authorize providers with a STIR/ SHAKEN implementation obligation to engage third parties to perform the technological act of digitally "signing" calls consistent with the requirements of the STIR/SHAKEN technical standards so long as: the provider with the implementation obligation makes the "attestation- level" decisions for authenticating caller ID information; and all calls are signed using the certificate of the provider with the implementation obligation--not the certificate of a third party. The rules also explicitly require all providers with a STIR/SHAKEN implementation obligation to obtain a Service Provider Code (SPC) token from the STIR/SHAKEN Policy Administrator and present that token to a STIR/SHAKEN Certificate Authority to obtain a digital certificate. Additionally, the rules include recordkeeping requirements for third- party authentication arrangements to enable the Commission to monitor compliance with and enforce Commission rules.
Agencies
- Federal Communications Commission
Business Impact
$$$ - High
The regulatory text establishes compliance and regulatory requirements for voice service providers engaging in third-party authentication under STIR/SHAKEN rules. This has financial implications as businesses must implement new practices and maintain records to avoid penalties.