The Federal Communications Commission (FCC) released its 19-72A1 Report and Order in December 2019, which aimed to enhance the security of communications networks in the United States. The order contained new rules and requirements for service providers, and it has significant implications for businesses of all sizes. Cybersecurity is a major concern for companies today, and the FCC’s order highlights the need for businesses to take steps to protect themselves from cyber threats. This article will provide an overview of FCC 19-72A1 and offer practical advice on how businesses can improve their cybersecurity.

What is FCC 19-72A1?

FCC 19-72A1 is a report and order issued by the FCC that focuses on the security of communications networks. The order is intended to address the growing threat of cyber attacks and the need to protect critical infrastructure. The order establishes new rules and requirements for service providers, including requirements for risk management, vulnerability reporting, and compliance certifications.

Why is FCC 19-72A1 Important for Businesses?

FCC 19-72A1 is important for businesses because it highlights the need for improved cybersecurity measures. The order recognizes that businesses are an important part of the communications network and that they have a role to play in protecting against cyber threats. The order also acknowledges that cyber threats can have a significant impact on businesses, both in terms of financial losses and damage to reputation.

What are the Key Provisions of FCC 19-72A1?

The key provisions of FCC 19-72A1 include:

Risk Management

Service providers are required to have a risk management program in place that includes periodic risk assessments and the development of appropriate risk mitigation strategies.

Vulnerability Reporting

Service providers must report vulnerabilities to the FCC and other appropriate authorities within a certain timeframe. The order also requires service providers to establish a process for receiving and responding to reports of vulnerabilities from customers and third-party vendors.

Compliance Certifications

Service providers are required to obtain compliance certifications from independent auditors that verify compliance with the new rules and requirements.

Other Requirements

The order also includes other requirements, such as the establishment of a point of contact for cybersecurity issues, implementation of access controls and monitoring, and the development of response plans for cyber incidents.

How Can Businesses Improve their Cybersecurity?

Businesses can improve their cybersecurity by taking a number of steps, including:

Conducting Risk Assessments

Businesses should conduct regular risk assessments to identify potential vulnerabilities and develop strategies for addressing them.

Establishing Cybersecurity Policies and Procedures

Businesses should establish clear cybersecurity policies and procedures that address issues such as access controls, incident response, and third-party vendor management.

Training Employees

Employees are often the weakest link in a company’s cybersecurity defense. Businesses should provide regular training to employees on best practices for cybersecurity.

Implementing Cybersecurity Controls

Businesses should implement appropriate cybersecurity controls, such as firewalls, intrusion detection systems, and encryption technologies.

Regularly Testing and Updating Cybersecurity Measures

Cybersecurity measures should be regularly tested and updated to ensure they remain effective against evolving threats.

Conclusion

FCC 19-72A1 is an important order that highlights the need for improved cybersecurity measures for businesses. The order establishes new rules and requirements for service providers and emphasizes the need for risk management, vulnerability reporting, and compliance certifications. Businesses can improve their cybersecurity by conducting regular risk assessments, establishing clear policies and procedures, training employees, implementing appropriate controls, and regularly testing and updating their cybersecurity measures. By taking these steps, businesses can protect themselves against cyber threats and ensure the security of their operations.