What the ITSAR for wired network equipment is
ITSAR — Indian Telecom Security Assurance Requirements — are per-category security standards issued by the National Centre for Communication Security (NCCS). For wired infrastructure, the relevant documents cover equipment categories such as IP routers and LAN switching, phased in through DoT notifications. The premise is the same as for wireless: security stops being a brochure adjective and becomes a per-model test result, produced at a designated security lab against a published requirement set.
What the requirements cover for switches and routers
- Control-plane protection — the switch's own brain must survive hostile traffic: protection for management and control protocols, resistance to protocol-level abuse and resource exhaustion.
- Hardened management access — encrypted administrative access, legacy plaintext services disabled, authenticated and role-based administration rather than shared logins.
- Firmware and boot integrity — signed images, protected update paths, and a boot process that rejects tampered software.
- Segmentation behaviour — the features enterprises rely on for isolation (VLANs and related controls) behaving correctly under attack, not just under demo.
- Logging and audit — security events captured reliably enough to reconstruct an incident.
- Vulnerability handling — a working process for addressing published CVEs in shipped firmware.
As with all ITSARs, clauses and versions evolve; the version tested against is part of what a buyer should record.
Why wired gear gets its own scrutiny
A compromised access point owns a floor; a compromised core switch owns the building. Switches and routers see every VLAN, carry management traffic for everything else, and live in racks nobody looks at for years — the perfect persistence point. That asymmetry is why security regimes worldwide, India's included, treat wired infrastructure as certifiable security equipment rather than plumbing, and why availability design and security certification belong in the same conversation when specifying a core.
Testing and certification, briefly
The mechanics mirror the Wi-Fi CPE process: OEM application under the NCCS scheme, model-specific testing at a designated lab against the applicable ITSAR, certification on success. The same three buyer-relevant properties hold — model-specific, version-anchored, verifiable — and the same caveat: the mandate phases in by category, so check the current status for the equipment class in your tender window.
What buyers should ask
- Which ITSAR category and version applies to the quoted switches or routers, and what is the certification status for the exact models?
- Show the MTCTE certificates for the same models — how to verify them is covered in the MTCTE explainer.
- Is the vendor a Trusted Source with products on the Trusted Telecom Portal?
- What is the firmware security-patch commitment, in years, in writing — and who actually writes the firmware? (The OEM vs ODM question decides who can honour it.)
- For PoE estates powering cameras and APs: does the quoted PoE budget hold with security features enabled, not just in the datasheet's best case?
Where this sits in the stack
For wired equipment the Indian file is: MTCTE (TEC technical conformance), ITSAR-based security certification (NCCS), and — for licensed operators — Trusted Source procurement. No WPC is needed for non-radio gear. The framework explainer maps the whole regime; the certifications page shows Immunity's file.
The Immunity position
NetForce L2 and L3 switches and the NetGuard Controller are MTCTE certified (and CE, FCC & RoHS compliant), supplied by a Trusted Source with products on the Trusted Telecom Portal, manufactured at GIDC Sanand, and shipped under Immunity's own IEEE MAC block (OUI 50:48:2C:3) with firmware owned and supported in India. For security-certification status of specific models against the applicable ITSAR, ask us — we will answer with the documents your evaluation needs.
Frequently asked questions
Do unmanaged switches need this?
The regime targets specified categories of network equipment; the practical buyer's rule is that anything with a management plane deserves the management-plane questions, whatever the mandate status.
We already buy MTCTE-certified switches. Is that enough?
MTCTE answers technical conformance. Security assurance is the NCCS/ITSAR track. Ask for both statuses; they are different documents.
Does Trusted Source status certify the switch itself?
No — Trusted Source is vendor-level designation; product-level security certification is the ITSAR track. A rigorous tender references both.
How do we verify any of this?
Certificate numbers in the OEM's name, checked on the respective government portals, matched to the exact models quoted — before award, not after delivery.
