Ministry of Electronics and Information Technology (“MeitY”) has recently notified amendments to the Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order, 2021, specifically incorporating essential requisites for CCTV cameras to be sold in India. Effective from the 9th October, 2024, manufacturers and importers of CCTV cameras are mandated to comply with these requirements, including testing of the ‘essential security parameters’ of CCTV cameras.
The incorporation of essential requirements for CCTV cameras aim to ensure the security of sensitive data / information and the effective operation of the system. These requirements encompass various crucial areas of testing, including exposed network services, device communication protocols, physical access to the device’s UART, JTAG, SWD, etc., memory and firmware extraction capabilities, firmware update process security, and data storage and encryption. The essential requirements for CCTV cameras are outlined as follows:
- Physical Security: Use tamper-resistant camera enclosures and locking mechanisms to deter physical tampering.
- Access Control: Implement authentication, Role-Based Access Control (RBAC), and regularly review and update access permissions to reflect personnel changes.
- Network Security: Utilize encryption for data transmission.
- Software Security: Ensure regular updates, disable unused features, and enforce strong password policies.
- Penetration Testing: Conduct penetration testing to assess the system’s resilience against cyberattacks and address vulnerabilities.
Further, in adherence to Scheme II of the BIS Conformity Assessment Regulations, 2018, it is imperative to furnish test reports from BIS accredited laboratories as a prerequisite for obtaining licensing privileges associated with the Standard Mark.
For further details, please refer to the Notification attached herewith for ease of reference.
Source: Ministry of Electronics and Information Technology