FEDERAL COMMUNICATIONS COMMISSION WASHINGTON OFFICE OF THE C H AIRMAN The Honorable Mike Pompeo U.S. House ofRepresentatives 436 Cannon House Office Building Washington, D.C. 20515 Dear Congressman Pompeo: July 11 , 2016 Thank you for sharing your views on the importance of including strong security measures in the local number portability administrator ("LNP A") Master Services Agreement ("MSA"). I understand and share your belief that security for this critical component of our communications infrastructure is paramount. From the outset of this proceeding, the Commission has taken proactive steps to ensure that the LNPA contract fully addresses and adequately mitigates any public safety, law enforcement or national security concerns. The initial Request for Proposal for the LNP A established a high level base line designed to ensure applicants be adept at meeting security and reliability requirements. Moreover, our March 27, 2015 Order provisionally selecting Telcordia d/b/a iconectiv ("Telcordia") committed to addressing the security requirements provided by Executive Branch entities with expertise in and responsibility for law enforcement and national security matters. Further, while overseeing the negotiations between the North American Portability Management LLC ("NAPM") and Telcordia on the security provisions of the MSA, the Commission required the parties to include terms and conditions in the MSA that would ensure the secure and reliable operation of the number portability system. The resulting MSA being considered by the Commission includes granular detail regarding cybersecurity, supply chain risk management, and insider threat management, among other security and reliability measures . In this respect, provisions are in place that address each of the nine considerations cited in your letter, and incorporate the National Institute Standards and Technology ("NIST") cybersecurity framework and supply chain risk management practices, as well as other standards-based requirements. The FCC has already begun implementing a ri gorous audit and inspection process in conjunction with the FBI and the North American Portability Management LLC, which will remain in place throughout the term of the contract. Further, Telcordia's Security Plan, which is included in the MSA, will evolve over time as the security threat environment evolves. You asked for my assurance that the MSA now filed at the Commission contains the security provisions outlined in your letter. In addressing the security provisions of the Page 2-The Honorable Mike Pompeo MSA, the Commission sought, and continues to seek, the most secure and reliable operation of the number portability system. While I cannot publicly comment on the specific aspects of the MSA under consideration, I can provide my assurance that the MSA addresses each of the nine provisions outlined in your letter, as noted above. In addition, I would be happy to have my staff brief you or your staff on the MSA under consideration. You also asked how the Commission is addressing the recent reports of Telcordia' s use of non-U.S . citizens to perform pre-contract work. In close coordination with the national security agencies, the Commission required and Telcordia agreed that it would discard all pre-contract work performed through the time that the Commission learned of such work. In addition, the MSA includes rigorous oversight measures and explicitly requires that only appropriately vetted U.S. citizens work on the project. The Commission, in coordination with our federal law enforcement and national security partners and the NAPM, will continue to closely oversee the LNPA transition. Clear lines of authority, risk responsibility, and accountability are in place. Moreover, the Commission will take all appropriate steps to ensure that these security requirements continue to be met moving forward. Again, thank you for contacting me regarding your interest in this matter. Please let me know if I can be of further assistance. ~:;;;Itt;;~ Tom Wheeler