Call Authentication Trust Anchor

Document Headings Document headings vary by document type but may contain the following: the agency or agencies that issued and signed a document the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to the agency docket number / agency internal file number the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details. Federal Communications Commission 47 CFR Part 64 [WC Docket No. 17-97; FCC 24-120; FR ID 304848] AGENCY: Federal Communications Commission. ACTION: Final rule. SUMMARY: In this document, the Federal Communications Commission (Commission) adopts rules that strengthen the Commission's caller ID authentication requirements by establishing clear practices for providers that rely on third parties to fulfill their STIR/SHAKEN implementation obligations. The rules authorize providers with a STIR/SHAKEN implementation obligation to engage third parties to perform the technological act of digitally “signing” calls consistent with the requirements of the STIR/SHAKEN technical standards so long as: the provider with the implementation obligation makes the “attestation-level” decisions for authenticating caller ID information; and all calls are signed using the certificate of the provider with the implementation obligation—not the certificate of a third party. The rules also explicitly require all providers with a STIR/SHAKEN implementation obligation to obtain a Service Provider Code (SPC) token from the STIR/SHAKEN Policy Administrator and present that token to a STIR/SHAKEN Certificate Authority to obtain a digital certificate. Additionally, the rules include recordkeeping requirements for third-party authentication arrangements to enable the Commission to monitor compliance with and enforce Commission rules. DATES: These rules are effective September 18,…