The industry-led Secure Telephone Identity Governance Authority (STI-GA) today announced new policies to advance protection of the STIR/SHAKEN ecosystem — critical in the fight against illegal caller ID spoofing. The STI-GA provides a venue for service provider collaboration in establishing the overall governance to ensure that only approved service providers are enrolled in the SHAKEN ecosystem. STIR/SHAKEN enables service providers to sign calls with digital certificates and authenticate the accuracy of the caller ID.
The STI-GA has issued an updated Service Provider Code (SPC) token Access Policy. The SPC token is granted to service providers who qualify under the policy to participate in the STIR/SHAKEN ecosystem. With the SPC token, a 
service provider may obtain the digital certificate needed to sign calls. To receive a token, the new policy requires all services providers to have certified with the FCC either that they have implemented STIR/SHAKEN or have a robocall mitigation program certification on file with the FCC, an Operating Company Number (OCN), and a 499A report also on file, which is the form the FCC uses to track telecommunications service provider revenues. This new policy will not go into effect until the FCC makes available the portal for SPs to file certifications, currently projected to be around March 31, 2021. Until that time, the current SPC token access policy remains in effect.
The STI-GA also issued its Revocation and Reinstatement processes designed to remove any bad actor service providers from the ecosystem. Once service providers have taken the appropriate action to ensure calls they sign are indeed legitimate, reinstatement is possible.
In launching STIR/SHAKEN and now continually strengthening its integrity, the STI-GA advances a major industry objective of helping customers, once again, answer their phones with confidence. Learn more at www.atis.org/sti-ga/.
