f8cd37ac8c
Includes: API (Express/TypeScript), Astro site, Python workers, document generators, FCC compliance tools, Canada CRTC formation, Ansible infrastructure, and deployment scripts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
231 lines
9.2 KiB
Python
231 lines
9.2 KiB
Python
"""
|
|
CALEA System Security and Integrity (SSI) Plan — Wireless (CMRS) variant.
|
|
|
|
Facilities-based wireless carrier SSI plan. LAES (Lawfully Authorized
|
|
Electronic Surveillance) capability is provisioned at the Mobile
|
|
Switching Center (MSC) / 4G EPC / 5G Core per 47 CFR § 20.13 and the
|
|
ATIS/3GPP LI standards. Content and call-identifying information are
|
|
delivered to law enforcement over the standardized LI interfaces (X1 /
|
|
X2 / X3 for 3GPP). The Plan also addresses per-device location data
|
|
as a CPNI safeguard integration point.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import logging
|
|
from datetime import date
|
|
from pathlib import Path
|
|
from typing import Optional
|
|
|
|
LOG = logging.getLogger("document_gen.calea_wireless")
|
|
|
|
try:
|
|
from docx import Document
|
|
from docx.shared import Pt, Inches, RGBColor
|
|
from docx.enum.text import WD_ALIGN_PARAGRAPH
|
|
except ImportError:
|
|
LOG.warning("python-docx not installed — CALEA Wireless unavailable")
|
|
Document = None # type: ignore[assignment,misc]
|
|
|
|
NAVY = RGBColor(0x1A, 0x27, 0x44) if Document else None
|
|
|
|
VARIANT_ID = "wireless"
|
|
VARIANT_LABEL = "Wireless (CMRS) Facilities"
|
|
|
|
|
|
def _heading(doc, text):
|
|
p = doc.add_paragraph()
|
|
p.paragraph_format.space_before = Pt(12); p.paragraph_format.space_after = Pt(4)
|
|
r = p.add_run(text); r.bold = True; r.font.size = Pt(13); r.font.color.rgb = NAVY
|
|
|
|
|
|
def _body(doc, text, bold=False):
|
|
p = doc.add_paragraph(); p.paragraph_format.space_after = Pt(6)
|
|
r = p.add_run(text); r.font.size = Pt(11); r.bold = bold
|
|
|
|
|
|
def _bullets(doc, items):
|
|
for it in items:
|
|
p = doc.add_paragraph(style="List Bullet")
|
|
p.paragraph_format.left_indent = Inches(0.25)
|
|
p.paragraph_format.space_after = Pt(3)
|
|
p.clear(); r = p.add_run(it); r.font.size = Pt(11)
|
|
|
|
|
|
def generate_calea_wireless(
|
|
output_path: str,
|
|
entity_name: str,
|
|
frn: str = "",
|
|
law_enforcement_contact: Optional[dict] = None,
|
|
cpni_protection_officer: Optional[dict] = None,
|
|
network_infrastructure_summary: str = "",
|
|
interception_support_method: str = "",
|
|
reporting_year: int = 0,
|
|
signatory_name: str = "",
|
|
signatory_title: str = "Chief Executive Officer",
|
|
effective_date: str = "",
|
|
next_review_date: str = "",
|
|
reviewer_name: str = "Justin Hannah",
|
|
reviewer_company: str = "Performance West Inc.",
|
|
**_: dict,
|
|
) -> Optional[str]:
|
|
if Document is None:
|
|
LOG.error("python-docx not installed")
|
|
return None
|
|
|
|
le = law_enforcement_contact or {}
|
|
cpni = cpni_protection_officer or {}
|
|
today = date.today()
|
|
effective = effective_date or today.strftime("%m/%d/%Y")
|
|
next_review = next_review_date or today.replace(year=today.year + 1).strftime("%m/%d/%Y")
|
|
|
|
doc = Document()
|
|
for s in doc.sections:
|
|
s.top_margin = Inches(1); s.bottom_margin = Inches(1)
|
|
s.left_margin = Inches(1.25); s.right_margin = Inches(1.25)
|
|
|
|
title = doc.add_paragraph(); title.alignment = WD_ALIGN_PARAGRAPH.CENTER
|
|
tr = title.add_run("System Security and Integrity (SSI) Plan")
|
|
tr.font.size = Pt(15); tr.bold = True; tr.font.color.rgb = NAVY
|
|
|
|
sub = doc.add_paragraph(); sub.alignment = WD_ALIGN_PARAGRAPH.CENTER
|
|
sr = sub.add_run(entity_name); sr.font.size = Pt(13); sr.bold = True
|
|
|
|
vsub = doc.add_paragraph(); vsub.alignment = WD_ALIGN_PARAGRAPH.CENTER
|
|
vr = vsub.add_run(f"Variant: {VARIANT_LABEL}")
|
|
vr.font.size = Pt(11); vr.italic = True
|
|
|
|
cite = doc.add_paragraph(); cite.alignment = WD_ALIGN_PARAGRAPH.CENTER
|
|
cr = cite.add_run(
|
|
"Pursuant to 47 U.S.C. \u00a7 229, 47 CFR \u00a7 1.20003, "
|
|
"and 47 CFR \u00a7 20.13"
|
|
)
|
|
cr.font.size = Pt(10); cr.italic = True
|
|
cite.paragraph_format.space_after = Pt(18)
|
|
|
|
_heading(doc, "1. Purpose")
|
|
_body(doc, (
|
|
f"This SSI Plan governs {entity_name}'s compliance with CALEA "
|
|
f"(47 U.S.C. \u00a7\u00a7 1001\u20131010) and the Commission's "
|
|
f"rules at 47 CFR Part 1 Subpart Z and 47 CFR \u00a7 20.13 as "
|
|
f"applied to {entity_name}'s operations as a facilities-based "
|
|
f"Commercial Mobile Radio Service (CMRS) provider."
|
|
))
|
|
|
|
_heading(doc, "2. Scope and Applicability")
|
|
_body(doc, (
|
|
f"{entity_name} is a facilities-based CMRS provider subject to "
|
|
f"the Lawfully Authorized Electronic Surveillance (LAES) "
|
|
f"obligations of 47 CFR \u00a7 20.13. Its covered equipment "
|
|
f"includes the Mobile Switching Center (MSC), 4G Evolved Packet "
|
|
f"Core (EPC), 5G Core, HSS / UDM, SMS-C, and the associated "
|
|
f"radio-access network (eNB / gNB) provisioning systems."
|
|
))
|
|
|
|
_heading(doc, "3. Designated Law Enforcement Contact (24-hour)")
|
|
_body(doc, (
|
|
f"Per 47 CFR \u00a7 1.20003(a)(1), {entity_name} designates the "
|
|
f"following senior officer as 24-hour point of contact for court "
|
|
f"orders, pen-register/trap-and-trace orders, Title III wiretap "
|
|
f"orders, and location-information orders."
|
|
))
|
|
_bullets(doc, [
|
|
f"Name: {le.get('name') or '[TO BE POPULATED]'}",
|
|
f"Title: {le.get('title') or ''}",
|
|
f"Phone (24-hour): {le.get('phone') or ''}",
|
|
f"Email (24-hour): {le.get('email_24h') or ''}",
|
|
f"Backup contact: {le.get('backup_name') or '[TO BE POPULATED]'}",
|
|
])
|
|
_body(doc, (
|
|
f"{entity_name} commits to acknowledging any order within two (2) "
|
|
f"business hours of receipt."
|
|
))
|
|
|
|
_heading(doc, "4. Network Architecture and Interception Capability")
|
|
_body(doc, network_infrastructure_summary or (
|
|
f"{entity_name} operates a radio-access network (eNB / gNB), a 4G "
|
|
"EPC with MME / S-GW / P-GW elements, and where deployed a 5G "
|
|
"Core with AMF / SMF / UPF. Subscriber identity and location are "
|
|
"held in the HSS / UDM. Voice service is delivered via IMS / "
|
|
"VoLTE or via circuit-switched fallback."
|
|
))
|
|
_body(doc, interception_support_method or (
|
|
f"Lawful intercept (LAES) is provisioned at {entity_name}'s MSC / "
|
|
"EPC / 5GC elements using the 3GPP-standardized LI interfaces "
|
|
"(X1 for provisioning / administration, X2 for intercept-related "
|
|
"information, X3 for content-of-communications) per 3GPP TS "
|
|
"33.126 / 33.127 / 33.128 and ATIS T1.724 / J-STD-025. Call "
|
|
"content and call-identifying information (including cell-site "
|
|
"/ E911 / handover location data where lawfully ordered) are "
|
|
"delivered to the requesting agency through these standard "
|
|
"interfaces."
|
|
))
|
|
|
|
_heading(doc, "5. CPNI Safeguards")
|
|
_body(doc, (
|
|
f"{entity_name} maintains a separate CPNI procedure statement "
|
|
f"under 47 CFR \u00a7\u00a7 64.2001\u201364.2011. Device-level "
|
|
f"location data is treated as CPNI, consistent with the "
|
|
f"Commission's 2020 LocationSmart Consent Decree (DA 20-299) "
|
|
f"and 2024 NAL against unauthorized third-party location sharing. "
|
|
f"The CPNI Protection Officer is:"
|
|
))
|
|
_bullets(doc, [
|
|
f"Name: {cpni.get('name') or '[TO BE POPULATED]'}",
|
|
f"Title: {cpni.get('title') or 'CPNI Protection Officer'}",
|
|
])
|
|
|
|
_heading(doc, "6. Personnel Vetting and Training")
|
|
_bullets(doc, [
|
|
"Annual CALEA + CPNI training for all personnel with LI or CPNI "
|
|
"access.",
|
|
"Background checks performed prior to granting access to LI "
|
|
"provisioning or HSS / UDM systems.",
|
|
"Access revoked within 24 hours of termination.",
|
|
"All LI actions attributed to authenticated named users; no "
|
|
"shared credentials.",
|
|
])
|
|
|
|
_heading(doc, "7. Supervisory Review")
|
|
_body(doc, (
|
|
f"The {le.get('title') or 'Designated Senior Officer'} reviews "
|
|
f"LI activity logs at least quarterly. Anomalies are escalated "
|
|
f"to the CEO within one business day."
|
|
))
|
|
|
|
_heading(doc, "8. Records Retention")
|
|
_body(doc, (
|
|
"LI provisioning and service-of-process records retained ten (10) "
|
|
"years per 47 CFR \u00a7 1.20003(b); CPNI access logs retained at "
|
|
"least two (2) years per 47 CFR \u00a7 64.2009."
|
|
))
|
|
|
|
_heading(doc, "9. Annual Review")
|
|
_body(doc, (
|
|
f"This Plan is reviewed at least annually and upon (i) material "
|
|
f"core or RAN network change, (ii) new 3GPP LI release adoption, "
|
|
f"(iii) new Commission / DOJ guidance, or (iv) a material breach. "
|
|
f"Next scheduled review: {next_review}."
|
|
))
|
|
|
|
_heading(doc, "10. Certification")
|
|
_body(doc, (
|
|
f"I, {signatory_name or '[Authorized Officer]'}, as "
|
|
f"{signatory_title} of {entity_name}, certify that I have "
|
|
f"reviewed this SSI Plan and that {entity_name} complies with "
|
|
f"47 U.S.C. \u00a7 229, 47 CFR \u00a7 1.20003, and 47 CFR "
|
|
f"\u00a7 20.13."
|
|
))
|
|
_body(doc, "")
|
|
doc.add_paragraph("_" * 45)
|
|
_body(doc, signatory_name or "[Authorized Officer]", bold=True)
|
|
_body(doc, f"{signatory_title}, {entity_name}")
|
|
_body(doc, f"Effective Date: {effective}")
|
|
if frn: _body(doc, f"FRN: {frn}")
|
|
_body(doc, f"Reviewed By: {reviewer_name}, {reviewer_company}")
|
|
_body(doc, f"Next Review Date: {next_review}")
|
|
|
|
out = Path(output_path)
|
|
out.parent.mkdir(parents=True, exist_ok=True)
|
|
doc.save(str(out))
|
|
LOG.info("CALEA Wireless SSI plan generated: %s", out)
|
|
return str(out)
|