scope:

The scope of the present document is to recommend a framework for the secure provision of Lawful Interception (LI) and Data Retention (DR) services of a Communication Service Provider (CSP) towards the Law Enforcement Agencies. This framework aims to guarantee security in terms of confidentiality, integrity, forward secrecy, forward integrity and non-repudiation within CSP's LI and DR systems, operations and CSP internal and external interfaces for the delivery of IRI, CC and DR data towards any LEAs.

The present document initially describes the assets to be protected and then analyses the related security threats. Finally it recommends a range of security measures and controls necessary for achieving the desired level of security. The security measures content contains an unbreakable set of security categories where most of the measures, for each category, are indispensable controls while some others can be optionally chosen for creating a tighter security framework. Annexes are also defined. Annex A lists all recommended measures and controls, associates these measures with the respective systems, services and interfaces and also with the respective threats that aims to overcome. Annex B provides a secure logging infrastructure. Annex C provides a solution for protecting the retained data during the operation of the DR service while annex D provides a guide for cryptographic algorithms.