8 CCR 1507-82
DEPARTMENT OF PUBLIC SAFETY COLORADO TELECOMMUNICATIONS SECURITY REGISTRATION PROGRAM 8 CCR 1507-82 [Editor’s Notes follow the text of the rules at the end of this CCR Document.] _________________________________________________________________________ Statement of Basis, Statutory Authority and Purpose The General Assembly enacted Section 24-33.5-1624, C.R.S. via Senate Bill 24-151 to declare that it is in the best interest of the state to secure Colorado's telecommunications network and protect national security by identifying and removing communications hardware and software that is produced by countries of concern or by other sanctioned entities from Colorado's telecommunications network and by monitoring the progress of the removal of such equipment. The statute mandates that the Director of the Division of Homeland Security and Emergency Management shall promulgate rules establishing registration procedures and fees as well as notification to relevant State Agencies or political subdivisions of the State as to when Telecommunication Providers are planning to remove, discontinue, or replace any telecommunications equipment from a federally banned entity. The purpose of this emergency rule making is to establish new rules by the January 15, 2025 date set forth in section 24-33.5-1624, C.R.S. Because the statute is necessary for the immediate preservation of the public peace, health or safety, delay in the promulgation of these rules would be contrary to the statutory mandate. The absence of implementing rules to carry out the purpose of the statute would be contrary to this declaration. For these reasons, it is imperatively necessary that the proposed rules be adopted.
1. Kevin R. Klein Director, Division of Homeland Security and Emergency Management January 15, 2025 Date of Adoption 2. Authority This regulation is adopted pursuant to the authority in Section 24-33.5-1624, C.R.S. and is intended to be consistent with the requirements of the State Administrative Procedure Act, Section 24-4-101 et seq. (the “APA”).
3. Scope and Purpose This regulation shall govern the implementation of the Colorado Telecommunications Security Registration Program, which includes the time frames for Telecommunications Providers to register with the Division, the notification to the Division as to when Telecommunication Providers are planning to remove, discontinue, or replace any critical telecommunications infrastructure equipment from a federally banned entity, and the payment of registration fees and late fees. 1 CODE OF COLORADO REGULATIONS 8 CCR 1507-82 4. Applicability The provisions of these rules shall be applicable to all eligible Telecommunications Providers as provided by law.
5. Definitions The following definitions apply only to these rules and do not in any way apply to the rules, regulations, or procedures of telecommunications providers or other state agencies or local governments. All definitions that appear in Section 24-33.5-1624, C.R.S. shall apply to these rules. All publications, standards, or rules adopted and incorporated by reference in these rules are available for public inspection and copies are available for a reasonable charge. Information regarding obtaining copies is available by contacting the Division of Homeland Security and Emergency Management at 9195 E. Mineral Ave, Suite 200, Centennial, CO 80112 or by phone at 720-852-6600. The materials incorporated by reference in these rules may also be examined at any state publications depository library. These rules do no include later amendments to or editions of any materials incorporated by reference.
• Questions, clarification, or interpretation of these rules should be addressed in writing to: Colorado Telecommunications Security Registration Program c/o DHSEM Grants Management at 9195 E. Mineral Ave, Suite 200, Centennial, CO 80112.
"Critical telecommunications infrastructure" means all physical telecommunications infrastructure and equipment that supports the transmission of information, regardless of the transmission medium or technology employed, and that connects to a telecommunications network that permits the user to engage in the use of telecommunications service, including telecommunications service provided directly to the public or to such classes of uses as to be effectively available to the public. "Critical telecommunications infrastructure" does not include telecommunications equipment that is used solely for the operation of a utility and that is not used in connection with telecommunications service offered to the public.
"Federally banned entity" means any entity or equipment that the Federal Government has banned or imposed sanctions against, including banning or sanctions imposed by the following federal agencies and acts:
● (III) The United States Cybersecurity and Infrastructure Security Agency; ● (IV) The Federal Acquisition Security Council, established pursuant to the Federal "Secure Technology Act", 41 U.S.C. Sec. 1322, as amended, Pub. L. 115-390, title II, § 202(a), Dec. 21, 2018, 132 Stat. 5178; and 2 CODE OF COLORADO REGULATIONS 8 CCR 1507-82 ● (V) Section 889 of the Federal "John S. McCain National Defense Authorization Act for Fiscal Year 2019", Pub.L. 115-232 (Aug. 13, 2018).
“Telecommunications provider" means an entity that offers wireless telecommunications service for a fee directly to the public or to such classes of uses as to be effectively available to the public. ● "Telecommunications provider" does not include a municipality or a municipally owned utility.
6. Program Requirements
5.1 Registration and Initial Registration Fee
A. Telecommunication Providers will register with the Division on or before January 15th 2025 and pay a fifty (50) dollar registration fee.
B. Telecommunication Providers will provide the Division with the name, address, telephone number, and email address of the primary point of contact that will oversee the operation of telecommunications service in Colorado.
5.2 Certification and Notification
A. Telecommunication Providers will report every year on or by January 15th each year as to their progress in removing all federally banned equipment.
B. Once a Telecommunications Provider can certify compliance, they are no longer required to continue annual reporting.
5.3 Late Fees – Non-Compliance
A. TBD
5.4 Program Guidance
The DHSEM Office of Grants Management is responsible for the implementation of this program and will develop and publish guidance including the following requirements: