The Secure Telephone Identity Governance Authority (STI-GA) is a critical body helping the industry achieve success in mitigating the problem of unwanted robocalls. The STI-GA, managed by ATIS, defines the rules governing the certificate management infrastructure to ensure effective use and security of SHAKEN certificates.
In its latest report, the STI-GA provides an overview of change requests that have been approved in the 2021 year.
SHAKEN Ecosystem Implementation
As of December 31, 2021, the STI-GA has authorized 408 service providers, a high enough number to allow for a generally lower cost for providers to implement the standard.
STI-GA Policy: Changes Requests (PCR)
Responsible Organization Access to Service Provider Code (SPC) Tokens
The STI-GA responded to a PCR from Somos after ATIS finalized the Standards on Toll-Free Numbers within the SHAKEN framework, broadening the SPC Token access to authorize Resp Orgs to assign toll-free numbers to a customer.
Optional Use of Delegate Certificates
The STI-GA approved the changes proposed to allow for the optional use of delegate certificates for originating service providers who have chosen to accept the certificate claims as true and assign A-Level Attestation to calls.
SPC Token Access Policy
The STI-GA approved broadening SPC Tokens, allowing service providers to qualify if they had properly certified in the Robocall Mitigation Database within 30 days of the FCC’s June 30, 2021 (or risk having their token revoked), whether they have direct access to phone numbers or not.
Certificate Policy Updates
The STI-GA approval of the use of delegate certificates and Resp Org access to SPC tokens has impacted the following certificate policy updates:
The entity assigning intermediate delegate certificates is ultimately responsible for their use in assigning appropriate attestation
The institution of an annual letter of attestation authorized by the STI-CAs each February to provide information on any security issue experience the year prior to protect the integrity of the SHAKEN framework
FCC issued an NPRM and FCC order establishing a process to hear appeals on the STI-GA board decisions on SPC token revocation, adding another level of appeals for an entity having its token revoked.
“As more SPs and Resp Orgs participate in the SHAKEN ecosystem, a greater number of calls will be signed. Increasing the number of verified calls will benefit consumers because SPs will be better able to assess the right of a caller to use the TN that is displayed in the caller ID.”