INTRODUCTION
The DoT CSR Update 2026 has introduced a significant change in the scope of CSR Testing in India, especially for telecom and networking devices. Issued by NCCS under the Department of Telecommunications (DoT), this update focuses on expanding the coverage of Cyber Security Requirements (CSR) to include more modern network equipment.
With the rapid growth of digital infrastructure, ensuring the security of telecom devices has become critical. This is where Telecom Cyber Security Requirements in India play an important role. The latest amendment brings more devices under mandatory security testing, making compliance more structured and comprehensive.
Key Highlights of MTCTE 5G Core Update 2026
- Issued By: NCCS, DoT (Government of India)
- Issue Date: 23 April 2026
- Subject: Expansion of CSR Testing Scope for Telecom & Network Devices (Group IV)
- Applicable To: Routers, Wi-Fi CPE, Firewalls (IDS/IPS), L2 / L3 LAN Switches, CBC & PABX
- Group IV Update: Expanded with 4 New ITSARs (Total: 8 Devices)
- Testing Approach: Parameter-based testing (No need to test all parameters on every device)
- Optimization: Reduced duplication of testing, saving time & cost
- Security Focus: Enhanced cyber security requirements for modern network devices
- Effective Date: 23 April 2026
What is CSR Testing in Telecom India?
CSR Testing (Cyber Security Requirements Testing) is a mandatory security compliance framework for telecom and networking equipment in India. It is implemented by NCCS under the Department of Telecommunications (DoT) to ensure that all telecom products meet defined cybersecurity standards before being deployed in the market.
In simple terms, CSR testing verifies whether a telecom device is secure, reliable, and protected against cyber threats such as unauthorized access, data breaches, and network attacks.
Why CSR Testing is Important
With the increasing use of advanced telecom infrastructure, devices like routers, firewalls, and switches play a critical role in handling sensitive data. Any vulnerability in these devices can lead to serious security risks.
- Ensure secure communication networks
- Protect against cyber attacks and data leaks
- Maintain national security standards
- Build trust in telecom products
Group IV CSR Update – What Has Changed?
The DoT CSR Update 2026, issued by NCCS under the Department of Telecommunications, introduces a significant expansion in the scope of Group IV under ITSAR. This update reflects the government's focus on strengthening telecom cybersecurity compliance in India by including more advanced and widely used network devices.
Expansion of Group IV Scope
One of the most important changes in this update is the expansion of Group IV.
Earlier, Group IV covered a limited set of telecom devices. With the latest amendment:
- 4 new ITSARs have been added
- Total device categories in Group IV have increased to 8
Inclusion of Modern Network Devices
The update brings newer and more advanced devices under the CSR framework, including:
- IP Router (V2.0.0)
- Wi-Fi CPE (V2.0.0)
- Next Generation Firewall (with IDS/IPS)
- L2 / L3 LAN Switch
Revision of Testing Matrix
Another key change is the modification of the CSR testing matrix (Annexure-IV).
- Testing requirements are now better structured
- Device-specific parameters are clearly defined
- Testing responsibilities are aligned with device functionality
CSR Testing Requirements for Different Devices
With the DoT CSR Update 2026, the scope of CSR Testing in India has expanded across multiple telecom and networking devices. However, the testing requirements are not identical for every device. Instead, they are defined based on ITSAR guidelines and the role each device plays in the network.
The updated framework ensures that relevant security parameters are tested on the most appropriate devices, making the process both efficient and comprehensive.
| SI. No. | Clause Noin GroupIV ITSAR(V2.0.0) | Clause Title | Criterion to be followed for proving capability for TSTL designation for CSR Part of IP Router (V1.0.1 & V2.0.0), Wi-Fi CPE (V1.0.1 & V2.0.0), L2 and (or) L3 LAN Switch, Network Next Generation Firewall including IDS & IPS, CBC and PABX Group IV ITSAR (V2.0.0) |
|---|---|---|---|
| 1 | 2.1.5 | Remote Management Standards | Test against 'Wi-Fi CPE (V1.0.1 & V2.0.0)' only |
| 2 | 2.1.6 | Remote login restrictions for privileged users | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC' and 'PABX' only |
| 3 | 2.1.7 | Authorization Policy | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC' and 'PABX' only |
| 4 | 2.1.9 | Remote Management Standards for Connected Devices, Additional Features | Test against 'WiFi CPE (V1.0.1)' only |
| 5 | 2.2.2 | Authentication Support – External | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Wi-Fi CPE (V1.0.1)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC', or 'PABX' only |
| 6 | 2.2.9 | Logout function | Test against any one of 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'IP Router (V2.0.0)' and 'Wi-Fi CPE (V2.0.0)' only |
| 7 | 2.2.10 | Storage of Passwords in encrypted form | Test against 'Wi-Fi CPE (V1.0.1)' only |
| 8 | 2.2.11 | Policy regarding consecutive failed login attempts | Test against any one of the four devices 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'V2.0.0 of IP Router and Wi-Fi CPE' only |
| 9 | 2.2.12 | Suspend accounts on non-use | Test against any one of 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch' only |
| 10 | 2.3.9 | Restricted reachability of services | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'Wi-Fi CPE (V1.0.1)', 'CBC', or 'PABX' only |
| 11 | 2.3.10 | Restricting System Boot Source | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'Wi-Fi CPE (V2.0.0)', 'CBC', or 'PABX' only |
| 12 | 2.3.11 | Avoidance of Unspecified Wireless Access | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'PABX', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'CBC' only |
| 13 | 2.3.12 | Feature / Service Activation Policy | Test against 'Wi-Fi CPE (V1.0.1 and V2.0.0)' only |
| 14 | 2.4.3 | No Known Vulnerabilities in System on Chip (SOC) solution | Test against 'Wi-Fi CPE (V1.0.1 and V2.0.0)' only |
| 15 | 2.5.1 | Audit trail storage and protection | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC', or 'PABX' only |
| 16 | 2.5.3 | Secure Log Export | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC', or 'PABX' only |
| 17 | 2.5.4 | Logging access to personal data | Test against 'Network Next Generation Firewall including IDS & IPS' only |
| 18 | 2.5.5 | Security audit log | Test against 'Network Next Generation Firewall including IDS & IPS' only |
| 19 | 2.5.6 | Audit Logs | Test against 'Network Next Generation Firewall including IDS & IPS' only |
| 20 | 2.5.7 | Centralized log Auditing | Test against 'Network Next Generation Firewall including IDS & IPS' only |
| 21 | 2.6.2 | Cryptographic Based Secure Communication on Wi-Fi Access | Test against 'Wi-Fi CPE (V1.0.1)' only |
| 22 | 2.6.3 | Cryptographic Module Security Assurance | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC', or 'PABX' only |
| 23 | 2.6.4 | Cryptographic Algorithms implementation Security Assurance | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC', or 'PABX' only |
| 24 | 2.6.5 | Cryptographic Algorithm selection for Wi-Fi Access | Test against 'Wi-Fi CPE (V1.0.1)' only |
| 25 | 2.6.7 | Crypto-Key Protection Mechanism | Test against 'Wi-Fi CPE (V1.0.1 & V2.0.0)' only |
| 26 | 2.6.9 | Protection against Copy of Data | Test against any one of 'CBC', 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', or 'L2 and (or) L3 LAN Switch' only |
| 27 | 2.6.10 | Protection against Data Exfiltration - Overt Channel | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'Wi-Fi CPE', or 'L2 and (or) L3 LAN Switch' only |
| 28 | 2.6.11 | Protection against Data Exfiltration - Covert Channel | Test against 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V2.0.0)', 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V1.0.1 & V2.0.0)' only |
| 29 | 2.7.1 | Traffic Filtering - Network Level | Test against 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', or 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V1.0.1 & V2.0.0)' only |
| 30 | 2.7.2 | Traffic Separation | Test against 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'CBC', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 31 | 2.7.3 | Traffic Protection - Anti-Spoofing | Test against any of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'Wi-Fi CPE (V2.0.0)', or 'CBC' only |
| 32 | 2.8.2 | Filtering IP Options | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Wi-Fi CPE (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'CBC' only |
| 33 | 2.8.3 | Network Level and application level DDoS | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'Wi-Fi CPE (V2.0.0)', 'CBC', or 'PABX' only |
| 34 | 2.8.4 | Interfaces Robustness Requirements | Test against any one of 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', or 'L2 and (or) L3 LAN Switch' only |
| 35 | 2.9.4 | SSID Scanning | Test on 'Wi-Fi CPE (V1.0.1)' only |
| 36 | 2.10.2 | Growing Content Handling | Test against any of 'CBC', 'PABX', 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V2.0.0)' only |
| 37 | 2.10.6 | Protection from buffer overflows | Test against any of 'CBC', 'PABX', 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V1.0.1 & V2.0.0)' only |
| 38 | 2.10.8 | No automatic launch of removable media | Test against any of 'CBC', 'PABX', 'IP Router (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', or 'L2 and (or) L3 LAN Switch' only and (or) L3 LAN Switch', or 'Wi-FiCPE(V2.0.0)' only |
| 39 | 2.10.9 | File-system Authorization privileges | Test against any one of 'CBC', 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 40 | 2.10.10 | Restrictions on running Scripts / Batch-processes | Test against any one of 'CBC', 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V2.0.0)' only |
| 41 | 2.10.11 | SYN Flood Prevention | Test against any one of 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', and 'Wi-Fi CPE (V2.0.0)' only |
| 42 | 2.10.12 | Restrictions on Soft-Restart | Test against any one of 'CBC', 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V2.0.0)' only |
| 43 | 2.11.3 | HTTP User sessions | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', or 'Wi-Fi CPE (V1.0.1 & V2.0.0)'; 'Network Next Generation Firewall including IDS & IPS' only |
| 44 | 2.11.7 | No compiler, interpreter, or shell via CGI or other server-side scripting | Test against any one of 'IP Router (V1.0.1 & V2.0.0)', 'Wi-Fi CPE (V1.0.1 & V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'CBC', or 'PABX' only |
| 45 | 2.11.14 | No system privileges | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 46 | 2.11.15 | Access rights for web server configuration | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 47 | 2.11.16 | Minimized file type mappings | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 48 | 2.11.17 | Restricted file access | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 49 | 2.11.18 | Execute rights exclusive for CGI/Scripting directory | Test against any of 'CBC', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 50 | 2.12.3 | Secure System Software Revocation | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V2.0.0)' only |
| 51 | 2.12.4 | Software Integrity Check – Installation | Test against any of 'CBC', 'Network Next Generation Firewall including IDS & IPS', 'IP Router (V1.0.1 & V2.0.0)', 'L2 and (or) L3 LAN Switch', 'PABX', or 'Wi-Fi CPE (V1.0.1)' only |
| 52 | 2.12.6 | Unused Physical Interfaces Disabling | Test against 'IP Router (V1.0.1)' and 'Wi-Fi CPE (V1.0.1)' only |
| 53 | 2.12.7 | Unused Physical and Logical Interfaces Disabling | Test against any of 'Wi-Fi CPE (V1.0.1)', 'CBC', 'IP Router (V2.0.0)', 'Network Next Generation Firewall including IDS & IPS', 'L2 and (or) L3 LAN Switch', or 'PABX' only |
| 54 | 2.12.9 | Security Algorithm Modification | Test against 'L2 and (or) L3 LAN Switch', 'IP Router (V1.0.1 & V2.0.0)', or 'CBC' or 'PABX' only |
| 55 | 2.12.10 | Management Interface Isolation | Test against 'PABX' only |
| 56 | 2.12.11 | External Alert Generation | Test against 'PABX' only |
| 57 | 2.12.12 | Secure VPN connection | Test against 'PABX' only |
| 58 | 2.12.13 | Control Plane Traffic Protection | Test against 'Network Next Generation Firewall including IDS & IPS' or 'IP Router (V1.0.1)' only |
Impact on Telecom Businesses in India
The DoT CSR Update 2026 has a direct impact on all stakeholders involved in telecom and networking products. With the expansion of CSR Testing in India, businesses now need to be more proactive in understanding and meeting compliance requirements.
For Manufacturers and OEMs
Manufacturers need to ensure that their products comply with the updated CSR requirements before launching in the Indian market.
- Reviewing product categories under Group IV ITSAR
- Aligning product design with security requirements
- Planning testing and certification in advance
For Importers and Brand Owners
Importers and brand owners must verify whether their products now fall under the expanded scope of CSR testing.
- Existing products may now require CSR certification
- Documentation and compliance checks become more important
- Proper coordination with testing labs is required
Benefits of the DoT CSR Update 2026
The DoT CSR Update 2026, issued by NCCS, introduces an expanded and more structured approach to cyber security testing for telecom and networking devices in India. With the expansion of Group IV under ITSAR, more modern network devices are now covered under the CSR compliance framework.
This update not only strengthens telecom cyber security requirements but also makes the testing process more efficient through a parameter-based approach, reducing unnecessary duplication and improving overall compliance efficiency.
- Expanded Compliance Scope: More telecom devices such as routers, Wi-Fi CPE, firewalls, and LAN switches are now covered under CSR testing.
- Optimized Testing Approach: Parameter-based testing reduces the need to test all parameters on every device.
- Reduced Testing Effort: Eliminates duplicate testing across similar device categories, saving time and resources.
- Stronger Cyber Security Framework: Enhances security requirements for modern telecom and network infrastructure.
- Faster Compliance Planning: Structured testing matrix helps businesses better plan certification and market entry.
Official Notification For GroupIV 2026
The DoT CSR Update 2026 has been officially issued by the National Centre for Communication Security (NCCS) under the Department of Telecommunications (DoT), Government of India. This update comes in the form of an Office Memorandum (OM) and serves as an amendment to earlier notifications related to CSR testing.
Conclusion
The DoT CSR Update 2026 marks an important step towards strengthening telecom cyber security requirements in India. By expanding Group IV under ITSAR and introducing a more practical testing approach, the government has ensured that modern network devices are brought under a structured and secure compliance framework.
This update not only increases the scope of CSR Testing in India but also makes the process more efficient through parameter-based testing, reducing unnecessary duplication and saving both time and cost for businesses.
For manufacturers, importers, and telecom brands, this is a clear signal that compliance is evolving and becoming more comprehensive. Staying updated and planning certification in advance will be key to avoiding delays and ensuring smooth market entry.
Read Also
Frequently Asked Questions (FAQs)
Request Service Today!
Ready to get certified or need expert compliance support? Fill out the form below and our team at SS Global Services will connect with you shortly.
We offer fast, reliable, and hassle-free assistance for all BIS and regulatory certification needs.