""" CALEA System Security and Integrity (SSI) Plan — CLEC SS7 / facilities. Tailored variant of the generic CALEA SSI plan for a Competitive Local Exchange Carrier that operates its own TDM / SS7 / SIGTRAN switching infrastructure. The lawful-intercept method is provisioned at the Class 5 softswitch and at the SS7 / SIGTRAN STPs using the industry-standard ATIS J-STD-025 interface. CALEA scope covers both local-exchange switching and resold access transport. """ from __future__ import annotations import logging from datetime import date from pathlib import Path from typing import Optional LOG = logging.getLogger("document_gen.calea_clec_ss7") try: from docx import Document from docx.shared import Pt, Inches, RGBColor from docx.enum.text import WD_ALIGN_PARAGRAPH except ImportError: LOG.warning("python-docx not installed — CALEA CLEC SS7 unavailable") Document = None # type: ignore[assignment,misc] NAVY = RGBColor(0x1A, 0x27, 0x44) if Document else None VARIANT_ID = "clec_ss7" VARIANT_LABEL = "Competitive Local Exchange Carrier — SS7 / SIGTRAN" def _heading(doc, text): p = doc.add_paragraph() p.paragraph_format.space_before = Pt(12) p.paragraph_format.space_after = Pt(4) r = p.add_run(text); r.bold = True; r.font.size = Pt(13) r.font.color.rgb = NAVY def _body(doc, text, bold=False): p = doc.add_paragraph() p.paragraph_format.space_after = Pt(6) r = p.add_run(text); r.font.size = Pt(11); r.bold = bold def _bullets(doc, items): for it in items: p = doc.add_paragraph(style="List Bullet") p.paragraph_format.left_indent = Inches(0.25) p.paragraph_format.space_after = Pt(3) p.clear() r = p.add_run(it); r.font.size = Pt(11) def generate_calea_clec_ss7( output_path: str, entity_name: str, frn: str = "", law_enforcement_contact: Optional[dict] = None, cpni_protection_officer: Optional[dict] = None, network_infrastructure_summary: str = "", interception_support_method: str = "", reporting_year: int = 0, signatory_name: str = "", signatory_title: str = "Chief Executive Officer", effective_date: str = "", next_review_date: str = "", reviewer_name: str = "Justin Hannah", reviewer_company: str = "Performance West Inc.", **_: dict, ) -> Optional[str]: if Document is None: LOG.error("python-docx not installed") return None le = law_enforcement_contact or {} cpni = cpni_protection_officer or {} today = date.today() effective = effective_date or today.strftime("%m/%d/%Y") next_review = next_review_date or today.replace(year=today.year + 1).strftime("%m/%d/%Y") doc = Document() for s in doc.sections: s.top_margin = Inches(1); s.bottom_margin = Inches(1) s.left_margin = Inches(1.25); s.right_margin = Inches(1.25) title = doc.add_paragraph(); title.alignment = WD_ALIGN_PARAGRAPH.CENTER tr = title.add_run("System Security and Integrity (SSI) Plan") tr.font.size = Pt(15); tr.bold = True; tr.font.color.rgb = NAVY sub = doc.add_paragraph(); sub.alignment = WD_ALIGN_PARAGRAPH.CENTER sr = sub.add_run(entity_name) sr.font.size = Pt(13); sr.bold = True vsub = doc.add_paragraph(); vsub.alignment = WD_ALIGN_PARAGRAPH.CENTER vr = vsub.add_run(f"Variant: {VARIANT_LABEL}") vr.font.size = Pt(11); vr.italic = True cite = doc.add_paragraph(); cite.alignment = WD_ALIGN_PARAGRAPH.CENTER cr = cite.add_run( "Pursuant to 47 U.S.C. \u00a7 229 and 47 CFR \u00a7 1.20003" ) cr.font.size = Pt(10); cr.italic = True cite.paragraph_format.space_after = Pt(18) _heading(doc, "1. Purpose") _body(doc, ( f"This System Security and Integrity (SSI) Plan governs {entity_name}'s " f"compliance with the Communications Assistance for Law Enforcement " f"Act (CALEA), 47 U.S.C. \u00a7\u00a7 1001\u20131010, and the " f"Commission's rules at 47 CFR Part 1 Subpart Z, as applied to " f"{entity_name}'s operations as a Competitive Local Exchange Carrier " f"(CLEC) with SS7 / SIGTRAN switching infrastructure." )) _heading(doc, "2. Scope and Applicability") _body(doc, ( f"{entity_name} is subject to CALEA as a facilities-based provider " f"of common-carrier local exchange service. Its covered equipment " f"includes Class 5 softswitch(es), trunk gateways, SS7 / SIGTRAN " f"STPs, and signaling-link interconnections to interexchange " f"carriers and to the public switched telephone network." )) _heading(doc, "3. Designated Law Enforcement Contact (24-hour)") _body(doc, ( f"Per 47 CFR \u00a7 1.20003(a)(1), {entity_name} designates the " f"following senior officer as point of contact for law enforcement " f"inquiries, court orders, pen register / trap-and-trace orders, " f"and Title III wiretap orders. This contact is staffed 24 hours " f"a day, 365 days a year." )) _bullets(doc, [ f"Name: {le.get('name') or '[TO BE POPULATED]'}", f"Title: {le.get('title') or ''}", f"Phone (24-hour): {le.get('phone') or ''}", f"Email (24-hour): {le.get('email_24h') or ''}", f"Backup contact: {le.get('backup_name') or '[TO BE POPULATED]'}", ]) _body(doc, ( f"Service of process may be made on the above designee by " f"telephone, email, or in person. {entity_name} commits to " f"acknowledging any intercept or traffic-capture order within " f"two (2) business hours of receipt." )) _heading(doc, "4. Network Architecture and Interception Capability") _body(doc, network_infrastructure_summary or ( f"{entity_name} operates a Class 5 softswitch (or TDM Class 5 " "switch where retained) supported by redundant SS7 / SIGTRAN " "signaling through owned or leased STPs. Customer access is " "provided via copper loops, fiber, and resold UNE-P/loop " "facilities where applicable. Interconnection with the PSTN is " "by SS7 trunks to the relevant tandems." )) _body(doc, interception_support_method or ( f"Lawful intercept is provisioned at the Class 5 softswitch and " "at the SS7 / SIGTRAN STP in accordance with ATIS J-STD-025-B " "(TIA/ANSI-41/GSM LAES). Call content is delivered to the " "requesting law-enforcement agency via a Call Content Channel " "(CCC) and call-identifying information via a Call Data Channel " "(CDC), following the safe-harbor industry standard adopted by " "the FCC under 47 CFR Part 1 Subpart Z. The Designated Senior " "Officer coordinates provisioning, validates the court order, " "and certifies activation to law enforcement." )) _body(doc, ( f"{entity_name} retains copies of ATIS J-STD-025 compliance " f"attestations from its switch and SS7 vendors, and maintains " f"interconnection agreements with its tandem provider(s) that " f"address CALEA responsibilities." )) _heading(doc, "5. CPNI Safeguards") _body(doc, ( f"{entity_name} maintains a separate, written CPNI procedure " f"statement under 47 CFR \u00a7\u00a7 64.2001\u201364.2011. The " f"CPNI Protection Officer is:" )) _bullets(doc, [ f"Name: {cpni.get('name') or '[TO BE POPULATED]'}", f"Title: {cpni.get('title') or 'CPNI Protection Officer'}", ]) _body(doc, ( "SS7 / SIGTRAN LIDB access, PIC records, and intercept " "provisioning are all within the CPNI Protection Officer's " "oversight scope." )) _heading(doc, "6. Personnel Vetting and Training") _bullets(doc, [ f"All {entity_name} personnel with access to intercept " "provisioning interfaces complete annual CALEA and CPNI training.", "Background checks are performed prior to granting access.", "Access is revoked within 24 hours of termination.", "All intercept-related actions are attributed to named " "individuals via authenticated logins (no shared credentials).", ]) _heading(doc, "7. Supervisory Review") _body(doc, ( f"The {le.get('title') or 'Designated Senior Officer'} reviews " f"intercept-related activity at least quarterly. Anomalies " f"(unauthorized access attempts, tampering, missed response SLAs) " f"are escalated to the CEO within one business day of detection." )) _heading(doc, "8. Records Retention") _body(doc, ( "Records of intercept provisioning, service of process, " "acknowledgments, and termination are retained for a minimum of " "ten (10) years per 47 CFR \u00a7 1.20003(b). CPNI access logs " "are retained at least two (2) years per 47 CFR \u00a7 64.2009." )) _heading(doc, "9. Annual Review") _body(doc, ( f"This Plan is reviewed at least annually and updated upon " f"(i) material change to the switching infrastructure, " f"(ii) change of upstream tandem or IXC interconnection, " f"(iii) new Commission / DOJ guidance, or (iv) a material breach " f"or near-miss. Next scheduled review: {next_review}." )) _heading(doc, "10. Certification") _body(doc, ( f"I, {signatory_name or '[Authorized Officer]'}, as " f"{signatory_title} of {entity_name}, certify that I have " f"reviewed this SSI Plan and that {entity_name} has implemented " f"the policies, procedures, and technical measures described " f"herein, and complies with 47 U.S.C. \u00a7 229 and 47 CFR " f"\u00a7 1.20003." )) _body(doc, "") doc.add_paragraph("_" * 45) _body(doc, signatory_name or "[Authorized Officer]", bold=True) _body(doc, f"{signatory_title}, {entity_name}") _body(doc, f"Effective Date: {effective}") if frn: _body(doc, f"FRN: {frn}") _body(doc, f"Reviewed By: {reviewer_name}, {reviewer_company}") _body(doc, f"Next Review Date: {next_review}") out = Path(output_path) out.parent.mkdir(parents=True, exist_ok=True) doc.save(str(out)) LOG.info("CALEA CLEC SS7 SSI plan generated: %s", out) return str(out)