00:33:58	Jody House:	KDB 641163,
00:34:00	Jody House:	H. TCB Grants of Certification In accordance with the requirements in 47 CFR Part 2, a TCB shall not: grant waivers of Commission rules; take enforcement actions; authorize a transfer of grantee control; or interpret the FCC rules
00:35:52	Andrew HOARE NB 2052:	Please mute if you are not speaking
00:47:26	US_Nicholas Abbondante CISPR-A Secretariat:	2.962(c)(5) A TCB shall participate in any consultative activities, identified by the Commission or NIST, to facilitate a common understanding and interpretation of applicable regulations.
00:48:29	Trevor Buls [Element]:	The difference is, don't we as the TCB community have the legal liability if we created the guidance vs something "blessed" by the FCC (incorporated by reference like ANSI C63)?
00:53:38	Lluis Boada_APPLUS:	As Chris said, we need endorsement from FCC, if not we Will not have any STRONG argument in front of applicants to request taht
00:53:59	Randy Clark - CKCCS (US0103/NB0976):	Reacted to "As Chris said, we ne..." with 👍
00:55:00	Adam Longley:	Is there merit in also asking the applicant if their product includes processors etc that would be capable of running Kaspersky?
00:55:43	Adam Longley:	If the answer is "no" then that simplifies matters.
00:56:17	Randy Clark - CKCCS (US0103/NB0976):	Replying to "Is there merit in al..."

Even low-grade processors have the capability, but no need.  For example, if EUT has no internet connection.
00:57:23	Lluis Boada_APPLUS:	Replying to "Is there merit in al..."

What about wired update or intallation?
00:58:13	Philip THOMPSON, Element:	Replying to "Is there merit in al..."

Was just going to say since the FCC provide no official guidance and just says 'no kaspersky' it doesn't stop from it being transferred into the device bypassing if the EUT has internet etc
01:00:13	Philip THOMPSON, Element:	How about user manuals having a statement saying no use of Kaspersky etc?
01:01:24	Randy Clark - CKCCS (US0103/NB0976):	Replying to "How about user manua..."

Or libraries, or subsidiaries, or assigns or whitelabels of named entities.
01:02:59	Randy Clark - CKCCS (US0103/NB0976):	Here's one example of text:  The software to be loaded prior to marketing of the equipment identified above ☐ is / ☐ is not “covered” software manufactured by any entity including predecessors, successors, parents, subsidiaries, or affiliates or any entity which has rebranded or relabeled the software produced by the entity(ies) identified on the “Covered List.”
01:03:12	Dustin Oaks:	Replying to "How about user manua..."

We don't have authority to require a statement be in the user manual.
01:03:51	Philip THOMPSON, Element:	Replying to "How about user manua..."

How come the interference statements go on user manuals don't they?
01:03:55	Randy Clark - CKCCS (US0103/NB0976):	Replying to "Here's one example o..."

This is for attestation text
01:04:31	Philip THOMPSON, Element:	Reacted to "Here's one example o..." with 👍
01:05:27	Dustin Oaks:	Replying to "Here's one example o..."

We current have the following as an attestation, "applicant certifies that the equipment for which authorization is sought does not contain cybersecurity and anti-virus software produced or provided
by Kaspersky Lab, Inc. or any of its successors and assignees, including equipment with integrated Kaspersky Lab, Inc. (or any of its successors and assignees) cybersecurity or anti-virus software."
01:05:49	Adam Longley:	Replying to "Is there merit in al..."

Maybe it's more an issue of storage. Anyone know how many Mb Kaspersky is? How much storage would the device have to have for it to be installed?
01:09:19	Lluis Boada_APPLUS:	Replying to "Is there merit in al..."

comments from the call during last TCB Council:
01:09:20	Lluis Boada_APPLUS:	Replying to "Is there merit in al..."

Kaspersky minimum HW requirements
HD 1 GHz of free space
CPU Intel pentium 1 GHz or higher
RAM : 1 GHz
Internet connection
01:10:02	Mark Briggs (UL 0984):	Replying to "Is there merit in al..."

There are other services for commercial systems that Kaspersky provide
01:10:59	Mark Briggs (UL 0984):	Replying to "Is there merit in al..."

But Kaspersky are not supporting sales or support in the US
01:11:39	Dustin Oaks:	Even if we had the source code, how many of us would know its Kaspersky software? How do we really check for this?
01:12:46	Trevor Buls [Element]:	The covered list says anti-virus and cybersecurity, not a specific software application. I don't think we should focus on a specific software package with specific hardware requirements. Kaspersky may make other "lite" versions of cybersecurity or anti virus tools that would still be on the covered list?
01:12:47	Lluis Boada_APPLUS:	Replying to "Even if we had the s..."

agree, sorce code review is "too much" requirement for a TCB review.
01:13:08	Mark Briggs (UL 0984):	The original covered equipment ruling is here: https://www.federalregister.gov/documents/2023/02/06/2022-28263/protecting-against-national-security-threats-to-the-communications-supply-chain-through-the#page-7623 - there are several instances where it alludes to: The Commission delegates to OET and PSHSB, working with WTB, IB, WCB, EB, and OGC, as appropriate, to develop further clarifications to inform applicants for equipment authorization, TCBs, and other interested parties with more specificity and detail.
01:14:10	Philip THOMPSON, Element:	So wouldn't a statement going back to 2.903 be sufficient or is that too vague?
01:14:22	Darren Shih:	Shall we define what kinds of products need to provide this Kaspersky attestation letter? Because not all of the RF products can install S/W, for example, a remote controller? a toy?
01:14:47	Lluis Boada_APPLUS:	Replying to "So wouldn't a statem..."

👍
01:15:21	Philip THOMPSON, Element:	Replying to "So wouldn't a statem..."

Added to the attestation that they aren't on the covered list already - which is a current requirement
01:15:45	Randy Clark - CKCCS (US0103/NB0976):	Replying to "Shall we define what..."

I agree.  For devices which are inherently compliant (e.g. hardware not capable, OS locked, or no internet connection), IMHO a simple attestation is sufficient.
01:18:17	Robert Kubik (Samsung):	Knox is not anti-virus software, is a secure mobile platform