FCC adopts new rules for third-party SHAKEN

The FCC adopted new rules on third-party authentication in STIR/SHAKEN. Let’s have a look.

Terminology

  • Obligated provider: A voice service provider that is required to authenticate with STIR/SHAKEN calls with NANP US calling numbers that it originates onto the IP-based service provider network.
    • This party has the ultimate SHAKEN compliance obligation.
    • This is the “first party” in any third-party authentication arrangement.
  • Third party: Another organization that performs the technological act of signing calls for an obligated provider.

Rules

  1. The obligated provider must make all attestation-level decisions consistent with the technical STIR/SHAKEN standards.
  2. All calls must be signed using the certificate of the obligated provider.
  3. Any obligated provider is prohibited from certifying to complete or partial implementation in the Robocall Mitigation Database unless they have obtained an SPC token and digital certificate and sign calls with their certificate, either themselves or when working with a third party to perform the technological act of signing calls.

Implementation and compliance requirements

All obligated providers that use third-party authentication must:

  1. Obtain an SPC token from the Policy Administrator and present their SPC token to a Certificate Authority to obtain a digital certificate
  2. Certify to complete or partial implementation in the Robocall Mitigation Database only if they have obtained an SPC token and digital certificate and sign calls with their certificate
  3. Maintain records of any third-party authentication agreement(s) they have entered.

Compliance deadline

The Commission believes that some of these new rules may require review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act. Therefore, the Commission set a compliance deadline for all rules in this report and order to be the later of either:

  • 30 days after the publication of this report and order in the Federal Register following OMB approval, or
  • 210 days after the release of this report and order.

More information

alarm clock radio displaying new rules

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 25 years of experience in providing telecom software solutions including branded calling, toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.