Skip to main content
Find a Lawyer

Code of Federal Regulations Title 49. Transportation § 49.236.1033 Communications and security requirements

Current as of January 02, 2025 | Updated by Findlaw Staff

(a) All wireless communications between the office, wayside, and onboard components in a PTC system shall provide cryptographic message integrity and authentication.

(b) Cryptographic keys required under paragraph (a) of this section shall:

(1) Use an algorithm approved by the National Institute of Standards (NIST) or a similarly recognized and FRA approved standards body;

(2) Be distributed using manual or automated methods, or a combination of both;  and

(3) Be revoked:

(i) If compromised by unauthorized disclosure of the cleartext key;  or

(ii) When the key algorithm reaches its lifespan as defined by the standards body responsible for approval of the algorithm.

(c) The cleartext form of the cryptographic keys shall be protected from unauthorized disclosure, modification, or substitution, except during key entry when the cleartext keys and key components may be temporarily displayed to allow visual verification. When encrypted keys or key components are entered, the cryptographically protected cleartext key or key components shall not be displayed.

(d) Access to cleartext keys shall be protected by a tamper resistant mechanism.

(e) Each railroad electing to also provide cryptographic message confidentiality shall:

(1) Comply with the same requirements for message integrity and authentication under this section;  and

(2) Only use keys meeting or exceeding the security strength required to protect the data as defined in the railroad's PTCSP and required under § 236.1013(a)(7).

(f) Each railroad, or its vendor or supplier, shall have a prioritized service restoration and mitigation plan for scheduled and unscheduled interruptions of service. This plan shall be included in the PTCDP or PTCSP as required by §§ 236.1013 or 236.1015, as applicable, and made available to FRA upon request, without undue delay, for restoration of communication services that support PTC system services.

(g) Each railroad may elect to impose more restrictive requirements than those in this section, consistent with interoperability requirements specified in the PTCSP for the system.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Code of Federal Regulations Title 49. Transportation § 49.236.1033 Communications and security requirements - last updated January 02, 2025 | https://codes.findlaw.com/cfr/title-49-transportation/cfr-sect-49-236-1033/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard