justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
new-site/scripts/document_gen/templates/calea_clec_ss7_generator.py
justin f8cd37ac8c Initial commit — Performance West telecom compliance platform 
Includes: API (Express/TypeScript), Astro site, Python workers,
document generators, FCC compliance tools, Canada CRTC formation,
Ansible infrastructure, and deployment scripts.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-27 06:54:22 -05:00

250 lines
10 KiB
Python
Raw Blame History

"""
CALEA System Security and Integrity (SSI) Plan — CLEC SS7 / facilities.
Tailored variant of the generic CALEA SSI plan for a Competitive Local
Exchange Carrier that operates its own TDM / SS7 / SIGTRAN switching
infrastructure. The lawful-intercept method is provisioned at the Class 5
softswitch and at the SS7 / SIGTRAN STPs using the industry-standard
ATIS J-STD-025 interface. CALEA scope covers both local-exchange
switching and resold access transport.
"""
from __future__ import annotations
import logging
from datetime import date
from pathlib import Path
from typing import Optional
LOG = logging.getLogger("document_gen.calea_clec_ss7")
try:
from docx import Document
from docx.shared import Pt, Inches, RGBColor
from docx.enum.text import WD_ALIGN_PARAGRAPH
except ImportError:
LOG.warning("python-docx not installed — CALEA CLEC SS7 unavailable")
Document = None # type: ignore[assignment,misc]
NAVY = RGBColor(0x1A, 0x27, 0x44) if Document else None
VARIANT_ID = "clec_ss7"
VARIANT_LABEL = "Competitive Local Exchange Carrier — SS7 / SIGTRAN"
def _heading(doc, text):
p = doc.add_paragraph()
p.paragraph_format.space_before = Pt(12)
p.paragraph_format.space_after = Pt(4)
r = p.add_run(text); r.bold = True; r.font.size = Pt(13)
r.font.color.rgb = NAVY
def _body(doc, text, bold=False):
p = doc.add_paragraph()
p.paragraph_format.space_after = Pt(6)
r = p.add_run(text); r.font.size = Pt(11); r.bold = bold
def _bullets(doc, items):
for it in items:
p = doc.add_paragraph(style="List Bullet")
p.paragraph_format.left_indent = Inches(0.25)
p.paragraph_format.space_after = Pt(3)
p.clear()
r = p.add_run(it); r.font.size = Pt(11)
def generate_calea_clec_ss7(
output_path: str,
entity_name: str,
frn: str = "",
law_enforcement_contact: Optional[dict] = None,
cpni_protection_officer: Optional[dict] = None,
network_infrastructure_summary: str = "",
interception_support_method: str = "",
reporting_year: int = 0,
signatory_name: str = "",
signatory_title: str = "Chief Executive Officer",
effective_date: str = "",
next_review_date: str = "",
reviewer_name: str = "Justin Hannah",
reviewer_company: str = "Performance West Inc.",
**_: dict,
) -> Optional[str]:
if Document is None:
LOG.error("python-docx not installed")
return None
le = law_enforcement_contact or {}
cpni = cpni_protection_officer or {}
today = date.today()
effective = effective_date or today.strftime("%m/%d/%Y")
next_review = next_review_date or today.replace(year=today.year + 1).strftime("%m/%d/%Y")
doc = Document()
for s in doc.sections:
s.top_margin = Inches(1); s.bottom_margin = Inches(1)
s.left_margin = Inches(1.25); s.right_margin = Inches(1.25)
title = doc.add_paragraph(); title.alignment = WD_ALIGN_PARAGRAPH.CENTER
tr = title.add_run("System Security and Integrity (SSI) Plan")
tr.font.size = Pt(15); tr.bold = True; tr.font.color.rgb = NAVY
sub = doc.add_paragraph(); sub.alignment = WD_ALIGN_PARAGRAPH.CENTER
sr = sub.add_run(entity_name)
sr.font.size = Pt(13); sr.bold = True
vsub = doc.add_paragraph(); vsub.alignment = WD_ALIGN_PARAGRAPH.CENTER
vr = vsub.add_run(f"Variant: {VARIANT_LABEL}")
vr.font.size = Pt(11); vr.italic = True
cite = doc.add_paragraph(); cite.alignment = WD_ALIGN_PARAGRAPH.CENTER
cr = cite.add_run(
"Pursuant to 47 U.S.C. \u00a7 229 and 47 CFR \u00a7 1.20003"
)
cr.font.size = Pt(10); cr.italic = True
cite.paragraph_format.space_after = Pt(18)
_heading(doc, "1. Purpose")
_body(doc, (
f"This System Security and Integrity (SSI) Plan governs {entity_name}'s "
f"compliance with the Communications Assistance for Law Enforcement "
f"Act (CALEA), 47 U.S.C. \u00a7\u00a7 1001\u20131010, and the "
f"Commission's rules at 47 CFR Part 1 Subpart Z, as applied to "
f"{entity_name}'s operations as a Competitive Local Exchange Carrier "
f"(CLEC) with SS7 / SIGTRAN switching infrastructure."
))
_heading(doc, "2. Scope and Applicability")
_body(doc, (
f"{entity_name} is subject to CALEA as a facilities-based provider "
f"of common-carrier local exchange service. Its covered equipment "
f"includes Class 5 softswitch(es), trunk gateways, SS7 / SIGTRAN "
f"STPs, and signaling-link interconnections to interexchange "
f"carriers and to the public switched telephone network."
))
_heading(doc, "3. Designated Law Enforcement Contact (24-hour)")
_body(doc, (
f"Per 47 CFR \u00a7 1.20003(a)(1), {entity_name} designates the "
f"following senior officer as point of contact for law enforcement "
f"inquiries, court orders, pen register / trap-and-trace orders, "
f"and Title III wiretap orders. This contact is staffed 24 hours "
f"a day, 365 days a year."
))
_bullets(doc, [
f"Name: {le.get('name') or '[TO BE POPULATED]'}",
f"Title: {le.get('title') or ''}",
f"Phone (24-hour): {le.get('phone') or ''}",
f"Email (24-hour): {le.get('email_24h') or ''}",
f"Backup contact: {le.get('backup_name') or '[TO BE POPULATED]'}",
])
_body(doc, (
f"Service of process may be made on the above designee by "
f"telephone, email, or in person. {entity_name} commits to "
f"acknowledging any intercept or traffic-capture order within "
f"two (2) business hours of receipt."
))
_heading(doc, "4. Network Architecture and Interception Capability")
_body(doc, network_infrastructure_summary or (
f"{entity_name} operates a Class 5 softswitch (or TDM Class 5 "
"switch where retained) supported by redundant SS7 / SIGTRAN "
"signaling through owned or leased STPs. Customer access is "
"provided via copper loops, fiber, and resold UNE-P/loop "
"facilities where applicable. Interconnection with the PSTN is "
"by SS7 trunks to the relevant tandems."
))
_body(doc, interception_support_method or (
f"Lawful intercept is provisioned at the Class 5 softswitch and "
"at the SS7 / SIGTRAN STP in accordance with ATIS J-STD-025-B "
"(TIA/ANSI-41/GSM LAES). Call content is delivered to the "
"requesting law-enforcement agency via a Call Content Channel "
"(CCC) and call-identifying information via a Call Data Channel "
"(CDC), following the safe-harbor industry standard adopted by "
"the FCC under 47 CFR Part 1 Subpart Z. The Designated Senior "
"Officer coordinates provisioning, validates the court order, "
"and certifies activation to law enforcement."
))
_body(doc, (
f"{entity_name} retains copies of ATIS J-STD-025 compliance "
f"attestations from its switch and SS7 vendors, and maintains "
f"interconnection agreements with its tandem provider(s) that "
f"address CALEA responsibilities."
))
_heading(doc, "5. CPNI Safeguards")
_body(doc, (
f"{entity_name} maintains a separate, written CPNI procedure "
f"statement under 47 CFR \u00a7\u00a7 64.2001\u201364.2011. The "
f"CPNI Protection Officer is:"
))
_bullets(doc, [
f"Name: {cpni.get('name') or '[TO BE POPULATED]'}",
f"Title: {cpni.get('title') or 'CPNI Protection Officer'}",
])
_body(doc, (
"SS7 / SIGTRAN LIDB access, PIC records, and intercept "
"provisioning are all within the CPNI Protection Officer's "
"oversight scope."
))
_heading(doc, "6. Personnel Vetting and Training")
_bullets(doc, [
f"All {entity_name} personnel with access to intercept "
"provisioning interfaces complete annual CALEA and CPNI training.",
"Background checks are performed prior to granting access.",
"Access is revoked within 24 hours of termination.",
"All intercept-related actions are attributed to named "
"individuals via authenticated logins (no shared credentials).",
])
_heading(doc, "7. Supervisory Review")
_body(doc, (
f"The {le.get('title') or 'Designated Senior Officer'} reviews "
f"intercept-related activity at least quarterly. Anomalies "
f"(unauthorized access attempts, tampering, missed response SLAs) "
f"are escalated to the CEO within one business day of detection."
))
_heading(doc, "8. Records Retention")
_body(doc, (
"Records of intercept provisioning, service of process, "
"acknowledgments, and termination are retained for a minimum of "
"ten (10) years per 47 CFR \u00a7 1.20003(b). CPNI access logs "
"are retained at least two (2) years per 47 CFR \u00a7 64.2009."
))
_heading(doc, "9. Annual Review")
_body(doc, (
f"This Plan is reviewed at least annually and updated upon "
f"(i) material change to the switching infrastructure, "
f"(ii) change of upstream tandem or IXC interconnection, "
f"(iii) new Commission / DOJ guidance, or (iv) a material breach "
f"or near-miss. Next scheduled review: {next_review}."
))
_heading(doc, "10. Certification")
_body(doc, (
f"I, {signatory_name or '[Authorized Officer]'}, as "
f"{signatory_title} of {entity_name}, certify that I have "
f"reviewed this SSI Plan and that {entity_name} has implemented "
f"the policies, procedures, and technical measures described "
f"herein, and complies with 47 U.S.C. \u00a7 229 and 47 CFR "
f"\u00a7 1.20003."
))
_body(doc, "")
doc.add_paragraph("_" * 45)
_body(doc, signatory_name or "[Authorized Officer]", bold=True)
_body(doc, f"{signatory_title}, {entity_name}")
_body(doc, f"Effective Date: {effective}")
if frn:
_body(doc, f"FRN: {frn}")
_body(doc, f"Reviewed By: {reviewer_name}, {reviewer_company}")
_body(doc, f"Next Review Date: {next_review}")
out = Path(output_path)
out.parent.mkdir(parents=True, exist_ok=True)
doc.save(str(out))
LOG.info("CALEA CLEC SS7 SSI plan generated: %s", out)
return str(out)
Reference in a new issue View git blame Copy permalink