""" CALEA SSI Plan — Wireless MVNO variant. A Mobile Virtual Network Operator has no radio-access network and no core-network switching of its own. Under the CALEA Reference Model, the host MNO is responsible for actual lawful-intercept provisioning and delivery; the MVNO's SSI Plan documents the division of responsibility, the designated point of contact for law enforcement service of process, and the contractual flow-down terms that obligate the host MNO to support intercepts initiated against the MVNO's subscribers. """ from __future__ import annotations import logging from datetime import date from pathlib import Path from typing import Optional LOG = logging.getLogger("document_gen.calea_wireless_mvno") try: from docx import Document from docx.shared import Pt, Inches, RGBColor from docx.enum.text import WD_ALIGN_PARAGRAPH except ImportError: LOG.warning("python-docx not installed — CALEA Wireless MVNO unavailable") Document = None # type: ignore[assignment,misc] NAVY = RGBColor(0x1A, 0x27, 0x44) if Document else None VARIANT_ID = "wireless_mvno" VARIANT_LABEL = "Wireless (CMRS) — MVNO" def _heading(doc, text): p = doc.add_paragraph() p.paragraph_format.space_before = Pt(12); p.paragraph_format.space_after = Pt(4) r = p.add_run(text); r.bold = True; r.font.size = Pt(13); r.font.color.rgb = NAVY def _body(doc, text, bold=False): p = doc.add_paragraph(); p.paragraph_format.space_after = Pt(6) r = p.add_run(text); r.font.size = Pt(11); r.bold = bold def _bullets(doc, items): for it in items: p = doc.add_paragraph(style="List Bullet") p.paragraph_format.left_indent = Inches(0.25) p.paragraph_format.space_after = Pt(3) p.clear(); r = p.add_run(it); r.font.size = Pt(11) def generate_calea_wireless_mvno( output_path: str, entity_name: str, frn: str = "", law_enforcement_contact: Optional[dict] = None, cpni_protection_officer: Optional[dict] = None, network_infrastructure_summary: str = "", interception_support_method: str = "", reporting_year: int = 0, host_mno_name: str = "", signatory_name: str = "", signatory_title: str = "Chief Executive Officer", effective_date: str = "", next_review_date: str = "", reviewer_name: str = "Justin Hannah", reviewer_company: str = "Performance West Inc.", **_: dict, ) -> Optional[str]: if Document is None: LOG.error("python-docx not installed") return None le = law_enforcement_contact or {} cpni = cpni_protection_officer or {} today = date.today() effective = effective_date or today.strftime("%m/%d/%Y") next_review = next_review_date or today.replace(year=today.year + 1).strftime("%m/%d/%Y") host = host_mno_name or "its host Mobile Network Operator" doc = Document() for s in doc.sections: s.top_margin = Inches(1); s.bottom_margin = Inches(1) s.left_margin = Inches(1.25); s.right_margin = Inches(1.25) title = doc.add_paragraph(); title.alignment = WD_ALIGN_PARAGRAPH.CENTER tr = title.add_run("System Security and Integrity (SSI) Plan") tr.font.size = Pt(15); tr.bold = True; tr.font.color.rgb = NAVY sub = doc.add_paragraph(); sub.alignment = WD_ALIGN_PARAGRAPH.CENTER sr = sub.add_run(entity_name); sr.font.size = Pt(13); sr.bold = True vsub = doc.add_paragraph(); vsub.alignment = WD_ALIGN_PARAGRAPH.CENTER vr = vsub.add_run(f"Variant: {VARIANT_LABEL}") vr.font.size = Pt(11); vr.italic = True cite = doc.add_paragraph(); cite.alignment = WD_ALIGN_PARAGRAPH.CENTER cr = cite.add_run("Pursuant to 47 U.S.C. \u00a7 229 and 47 CFR \u00a7 1.20003") cr.font.size = Pt(10); cr.italic = True cite.paragraph_format.space_after = Pt(18) _heading(doc, "1. Purpose") _body(doc, ( f"This SSI Plan governs {entity_name}'s compliance with CALEA and " f"its implementing rules as applied to {entity_name}'s operations " f"as a Mobile Virtual Network Operator (MVNO) that resells " f"wireless service provided by {host}." )) _heading(doc, "2. Scope and Applicability — Division of Responsibility") _body(doc, ( f"{entity_name} does not own or operate radio-access equipment, " f"a Mobile Switching Center, an EPC / 5GC, or HSS / UDM. Under " f"the CALEA Reference Model and the MVNO wholesale agreement " f"between {entity_name} and {host}, intercept capability is " f"provisioned and operated by {host}. {entity_name}'s SSI " f"responsibility is limited to: (i) maintaining a designated " f"24-hour law-enforcement point of contact, (ii) coordinating " f"service of process between law enforcement and {host}, " f"(iii) ensuring contractual flow-down of CALEA obligations to " f"{host}, and (iv) protecting its own customer records." )) _heading(doc, "3. Designated Law Enforcement Contact (24-hour)") _body(doc, ( f"Per 47 CFR \u00a7 1.20003(a)(1), {entity_name} designates the " f"following senior officer as 24-hour contact for law enforcement." )) _bullets(doc, [ f"Name: {le.get('name') or '[TO BE POPULATED]'}", f"Title: {le.get('title') or ''}", f"Phone (24-hour): {le.get('phone') or ''}", f"Email (24-hour): {le.get('email_24h') or ''}", f"Backup contact: {le.get('backup_name') or '[TO BE POPULATED]'}", ]) _body(doc, ( f"Upon receipt of a valid court order, {entity_name}'s designated " f"officer (a) acknowledges service within two (2) business hours, " f"(b) confirms that the subscriber is provisioned on {host}'s " f"network, and (c) coordinates with {host}'s CALEA / LAES team " f"to effect intercept provisioning, providing the ordering " f"agency with the appropriate host-MNO CALEA contact as " f"required." )) _heading(doc, "4. Network / Interception Capability (Host MNO)") _body(doc, network_infrastructure_summary or ( f"Voice, SMS, and data services consumed by {entity_name}'s " f"subscribers traverse {host}'s radio-access network and core. " f"Authentication is performed against {host}'s HSS / UDM." )) _body(doc, interception_support_method or ( f"Lawful intercept is provisioned by {host} using the standardized " f"3GPP LI interfaces (X1 / X2 / X3) at {host}'s MSC / EPC / 5GC, " f"per ATIS T1.724 / J-STD-025 and 3GPP TS 33.126 / 33.127 / " f"33.128. {host} is responsible for delivering content and " f"call-identifying information to the requesting law-enforcement " f"agency." )) _body(doc, ( f"{entity_name} retains an executed copy of the MVNO wholesale " f"agreement with {host}, including the CALEA flow-down clauses, " f"and a current copy of {host}'s CALEA attestation on file." )) _heading(doc, "5. CPNI Safeguards") _body(doc, ( f"{entity_name} maintains separate CPNI procedures under 47 CFR " f"\u00a7\u00a7 64.2001\u201364.2011 with respect to retail " f"customer records, billing data, and support interactions that " f"{entity_name} directly controls. The CPNI Protection Officer is:" )) _bullets(doc, [ f"Name: {cpni.get('name') or '[TO BE POPULATED]'}", f"Title: {cpni.get('title') or 'CPNI Protection Officer'}", ]) _heading(doc, "6. Personnel Vetting and Training") _bullets(doc, [ "Annual CALEA + CPNI training for personnel handling customer " "records or law-enforcement service of process.", "Background checks prior to granting access.", "Access revoked within 24 hours of termination.", "All service-of-process and CPNI actions attributed to named " "authenticated users.", ]) _heading(doc, "7. Supervisory Review") _body(doc, ( f"The {le.get('title') or 'Designated Senior Officer'} reviews " f"service-of-process logs and MVNO-host coordination records at " f"least quarterly." )) _heading(doc, "8. Records Retention") _body(doc, ( "Service-of-process coordination records retained ten (10) years " "per 47 CFR \u00a7 1.20003(b); CPNI access logs retained at least " "two (2) years per 47 CFR \u00a7 64.2009." )) _heading(doc, "9. Annual Review") _body(doc, ( f"This Plan is reviewed at least annually and upon any change to " f"the MVNO wholesale agreement or to {host}'s CALEA attestation. " f"Next scheduled review: {next_review}." )) _heading(doc, "10. Certification") _body(doc, ( f"I, {signatory_name or '[Authorized Officer]'}, as " f"{signatory_title} of {entity_name}, certify that I have " f"reviewed this SSI Plan and that {entity_name} complies with 47 " f"U.S.C. \u00a7 229 and 47 CFR \u00a7 1.20003 through its MVNO " f"wholesale arrangement with {host}." )) _body(doc, "") doc.add_paragraph("_" * 45) _body(doc, signatory_name or "[Authorized Officer]", bold=True) _body(doc, f"{signatory_title}, {entity_name}") _body(doc, f"Effective Date: {effective}") if frn: _body(doc, f"FRN: {frn}") _body(doc, f"Reviewed By: {reviewer_name}, {reviewer_company}") _body(doc, f"Next Review Date: {next_review}") out = Path(output_path) out.parent.mkdir(parents=True, exist_ok=True) doc.save(str(out)) LOG.info("CALEA Wireless MVNO SSI plan generated: %s", out) return str(out)