appliedbits
LIBRARY  ·  Trust governance LIBRARY ENTRY
Last updated 2026-05-03 drafted

NANC CATA — the working group that established the US STI-GA, edited a decade of caller-authentication policy reports, and was shut down in 2025

The Call Authentication Trust Anchor (CATA) Working Group of the North American Numbering Council (NANC) is where US caller-authentication governance got worked out from 2018 onward. The CATA WG’s foundational May 2018 report — Selection of Governance Authority and Timely Deployment of SHAKEN/STIR — defined the STI-GA and STI-PA structure for the US deployment of the framework, recommending that an industry-established governance authority be set up alongside a Policy Administrator selected through a process the GA would oversee. Subsequent CATA reports through 2024 produced the policy substrate for nearly every major FCC caller-authentication rulemaking that followed: best practices for implementing call authentication, best practices for terminating providers using verified caller-ID information, robocall mitigation outside the US, foreign-originated calls, international cellular roaming, and direct access to numbers by interconnected VoIP providers. The reports were the texture under the texture — the technical and operational analysis that gave the FCC’s rules the substance they needed, produced through a federal advisory committee structure that made the work consensus-driven and publicly auditable.

NANC was not rechartered in 2025. The committee held its final meeting on June 24, 2025 under the chair of Karen Charles (Massachusetts Department of Telecommunications and Cable), with FCC Chairman Brendan Carr announcing at the start of the meeting that NANC’s functions would be absorbed into FCC staff rather than continued through an advisory committee. The charter expired September 8, 2025. CATA dissolved with the parent body. The reports remain, archived at the FCC and at the NANC chair site. They continue to inform rulemaking even as the institutional venue that produced them is gone — the FCC’s December 2025 Third VoIP Direct Access Report and Order cites the CATA work extensively, as do recent rulings on small-provider third-party authentication and on numbering resource oversight.

I was a participant in the CATA Working Group throughout its existence and edited every CATA WG report from the 2018 governance-establishment work through the final 2024 reports. The framing on this page is from inside the work.

What NANC was

The North American Numbering Council was a Federal Advisory Committee chartered by the FCC in 1995 and continuously rechartered for thirty years. Its mission was straightforward in purpose and broad in scope: advise the Commission and produce consensus recommendations on the efficient and impartial administration of the North American Numbering Plan. The committee was composed of representatives from telecommunications carriers, state regulators, cable providers, VoIP providers, industry associations, vendors, and consumer advocates — the broad coalition of parties with operational stake in numbering administration. Most of NANC’s substantive work happened through working groups and task forces that researched specific issues, developed consensus positions, and produced reports the full NANC voted to approve before transmission to the Commission.

The institutional design mattered. As a federal advisory committee operating under FACA (the Federal Advisory Committee Act), NANC’s meetings were public, its membership was disclosed, its conflicts-of-interest rules were enforced through the Designated Federal Officer, and its reports went through a formal vote-and-transmittal process that made the resulting documents authoritative in a way that pure-industry working groups can’t quite match. When NANC voted out a recommendation, that recommendation came with the institutional weight of a recognized federal advisory body — distinct from an ATIS spec or an industry-association report, both of which are also consensus-driven but lack the federal-advisory imprimatur that makes regulators treat the output as something they can rely on in their own proceedings.

NANC’s working-group structure evolved with the issues the FCC referred to it. By the 2020s the four standing working groups were the Numbering Administration Oversight Working Group (NAOWG, the largest and most permanent, overseeing NANPA, RNDA, and the Billing & Collection Agent), the Future of Numbering Working Group, the Call Authentication Trust Anchor Working Group (CATA), and various issue-specific groups that came and went as referrals arrived. CATA was the working group dedicated to caller-authentication policy work — the body that did the substantive analysis behind US SHAKEN governance.

How CATA was formed

The CATA Working Group was formed in early 2018 in response to the FCC’s Notice of Inquiry from July 14, 2017, which sought comment on the FCC’s role in promoting the SHAKEN/STIR framework and identified a set of substantive issues for analysis. The December 7, 2017 referral letter from the Wireline Competition Bureau to NANC’s chair (Travis Kavulla, then Chair of the Montana Public Service Commission) directed NANC to convene a working group to investigate the issues — selection criteria for a governance authority, the process for selecting a policy administrator, the appropriate role for the Commission in overseeing the system, and the path to timely deployment.

A February 22, 2018 update revised the working group’s scope to emphasize defining the criteria by which a GA should be selected rather than recommending a specific GA, with the deadline extended one month to May 7, 2018. The scope refinement mattered: it kept the working group focused on what governance needed to look like rather than on which entity should run it, which kept the work from becoming a procurement process and preserved the analytical neutrality that made the resulting report useful as the basis for the actual selection that followed.

The initial CATA WG was tri-chaired by Jackie Wohlgemuth (ATIS), Beth Choroser (Comcast), and Rosemary Leist (Sprint). The tri-chair structure reflected the breadth of the coalition: ATIS’s perspective on the standards work, the cable industry’s operational stake, and the wireless industry’s deployment concerns, all chairing simultaneously. I served as a technical editor throughout the working group’s development of the May 2018 report and continued in editing roles across every subsequent CATA report.

The reports — a chronological catalog

The CATA Working Group produced a sustained body of work over the seven years of its operation. Each report responded to a specific FCC referral letter, was developed through working-group consensus across multiple drafting cycles, and went through formal NANC vote-and-approval before transmission to the Commission. Below is a chronological catalog of the reports with their substantive contributions.

May 3, 2018 — Selection of Governance Authority and Timely Deployment of SHAKEN/STIR

The foundational CATA report. Defined the structure of the US SHAKEN governance ecosystem with two distinct functional roles: the Secure Telephone Identity Governance Authority (STI-GA) as the policy-setting body for the trust framework, and the Secure Telephone Identity Policy Administrator (STI-PA) as the operational entity that would manage the certificate ecosystem under the GA’s policies. Described the criteria by which a GA should be selected, the evaluation process, the role for the Commission in overseeing the administration, and the process for selecting a PA (whether solely by the GA or through a process including other stakeholders). Recommended milestones, metrics, and incentives to drive participation in the system. Approved by NANC on April 27, 2018; transmitted to the Commission May 3, 2018.

The report’s structure mapped directly onto what subsequently got built. The STI-GA was established by the ATIS Board, with iconectiv selected as STI-PA through the GA’s selection process. The dual-entity model — a policy-setting authority distinct from the operational administrator — became the structural template for SHAKEN governance and influenced parallel governance arrangements in Canada (CST-GA, Canadian Secure Token Governance Authority) and other jurisdictions evaluating STIR/SHAKEN adoption.

September 24, 2020 — Best Practices for the Implementation of Call Authentication Frameworks

Responded to the February 27, 2020 referral letter from the Wireline Competition Bureau, which directed CATA to recommend best practices that would, in NANC’s view, satisfy the TRACED Act’s directive to the Commission. The TRACED Act (Pallone-Thune, signed December 30, 2019) gave the FCC explicit statutory authority to mandate caller-ID authentication deployment and required the Commission to issue best practices for implementation; CATA’s report was the substantive basis for those best practices.

The report developed seven recommended best practices, each treated in detail across the working group’s deliberations:

  1. Subscriber vetting — what aspects of subscriber identity service providers should collect when approving a service application, provisioning network connectivity, entering a contract, or granting right-to-use telephone numbers.
  2. Telephone number validation — how providers should verify that a subscriber actually has the right to use the numbers they assert.
  3. A-level (full) attestation — the operational meaning of A-attestation grounded in direct customer relationship plus verified TN authority.
  4. B- and C-level (partial and gateway) attestation — when providers should use B- or C-level attestation rather than A-level, given the operational realities of multi-provider call paths.
  5. Third-party validation services — the role of validation services (like Numeracle, iconectiv) in establishing the subscriber-identity-to-TN binding that A-attestation requires.
  6. International call originators — best practices for service providers selling services to international callers using NANP numbers, including validation that the calling party is authorized to use the number.
  7. Ongoing robocall mitigation — the broader set of monitoring, traffic-pattern analysis, and remediation activities that providers should run alongside the technical authentication work.

Approved by NANC on September 24, 2020 and transmitted to the Commission. The FCC’s Wireline Competition Bureau issued a Public Notice (DA-20-1154) seeking comment on the recommendations, ultimately incorporating substantial portions into the Commission’s rules through subsequent rulemakings.

October 13, 2021 — CATA Working Group Report (Small Providers / Third-Party Authentication)

Examined third-party authentication arrangements for service providers that don’t have their own STIR/SHAKEN signing infrastructure. Described the spectrum of arrangements available, including “hosted SHAKEN” services offered in public or private cloud configurations and “carrier SHAKEN” services in which calls are signed by an intermediate provider on the originator’s behalf. The report became a primary citation in the FCC’s subsequent work on small-provider third-party authentication rules, particularly the Sixth Caller ID Authentication Further Notice (May 2023) and the resulting Report and Order finalized in 2025 that defined the operational requirements for providers using third-party signing arrangements.

The report’s framing helped surface a tension that the FCC has since had to resolve: providers without their own SPC tokens and delegate certificates can’t sign their own calls, but allowing third parties to sign calls on their behalf needs operational controls to prevent the framework from being circumvented. The 2021 report mapped the arrangements; the FCC’s subsequent rules mapped the controls.

February 9, 2022 — Best Practices for Terminating Voice Service Providers Using Caller ID Authentication Information

Responded to a separate referral on the terminating-provider side of the framework: how should terminating providers use the verified caller-ID information they receive, how should they handle calls that arrive without authentication, and what operational practices best serve consumers. Where the September 2020 report covered the originating side (best practices for authentication), the February 2022 report covered the terminating side (best practices for using authenticated information for analytics, blocking, and presentation decisions). The two reports together sketch the full operational arc from origination to termination.

June 14, 2022 — Adoption of Caller ID Authentication for Combating Robocalls Outside US

Responded to the June 15, 2021 referral letter on STIR/SHAKEN, caller authentication, and robocalling policies outside the US. Examined the international dimension of the robocall problem and the role caller-authentication frameworks could play in mitigating illegal robocalls that originate outside US jurisdiction or exploit cross-border call paths to evade US enforcement. Treated the operational, policy, and standards-coordination questions that international adoption of STIR/SHAKEN-style frameworks raised. Influenced the FCC’s subsequent gateway-provider rulemaking and the broader consideration of how cross-border trust frameworks could complement domestic STIR/SHAKEN deployment.

The report sat in productive tension with parallel cross-border work happening in ATIS-1000087 and the CB-TACL discussions covered elsewhere in trust governance. CATA approached the question from the FCC-policy direction (what should the Commission do?); the ATIS work approached it from the technical-mechanism direction (what should the trust framework look like?). Both threads informed each other.

June 25, 2024 — Regulatory Treatment of International Cellular Roaming Traffic

Examined a specific operational case: how should international cellular roaming traffic — calls placed by foreign subscribers using NANP numbers while roaming on US networks, or by US subscribers using NANP numbers while roaming on foreign networks — be treated in the SHAKEN framework. The case is operationally distinct from generic foreign-originated calls and required a specific analytical treatment that the earlier reports hadn’t covered in depth. NANC voted to approve and transmit on June 25, 2024.

December 13, 2024 — Direct Access to Numbers by Interconnected VoIP Providers

The final substantive CATA report, addressing foreign-originated calls, the use of indirectly obtained numbers, and the use of numbers supplied on a trial basis by interconnected VoIP providers that obtain direct access to numbers. Responded to a February 2024 referral letter directing NANC to issue a report by December 17, 2024 on these specific topics. The report became a primary citation in the FCC’s December 19, 2025 Third VoIP Direct Access Report and Order, which adopted rules requiring all existing direct-access providers to make robocall-related certifications as part of their access applications.

NANC voted on the report at the December 13, 2024 meeting, alongside a related NAOWG report on number use, resale, and reclamation by direct-access VoIP providers, and an IoT Numbering Usage report. The December 13 meeting was the last NANC meeting at which CATA reports were voted on; the June 24, 2025 final NANC meeting handled outstanding administrative items without new CATA work.

How the reports connected to FCC rulemaking

The CATA reports weren’t the FCC’s rules — they were the substantive analysis the FCC drew on when writing rules. The connection ran roughly: a referral letter from the Wireline Competition Bureau directed CATA to investigate a specific question; the working group produced a report; NANC voted on the report and transmitted it to the Commission; the Commission issued a Public Notice seeking comment on the report’s recommendations; comments came in from industry, consumer groups, and other parties; the Commission then issued a Notice of Proposed Rulemaking; further comments arrived; the Commission issued a Report and Order with rules that incorporated, modified, or in some cases declined to adopt elements of the CATA recommendations.

This pattern repeated across every major FCC caller-authentication rulemaking from 2018 onward. The May 2018 report shaped the STI-GA selection process. The September 2020 best-practices report shaped the TRACED Act implementation rules. The 2021 small providers report shaped the third-party authentication rules. The 2022 reports shaped the gateway-provider and international-traffic rulemaking. The 2024 reports are still being incorporated into rulemaking as of this writing, with the December 2025 Third VoIP Direct Access Report and Order citing the CATA work extensively.

The pattern’s strength was that the rulemaking process had a substantive technical base to work from — the FCC wasn’t writing rules from scratch, it was choosing among options the working group had already analyzed and surfaced. The pattern’s limitation was that it required a functioning advisory committee to produce the substantive base. With NANC not rechartered, that substrate has to come from somewhere else.

The 2025 shutdown

NANC’s final meeting was held on June 24, 2025. FCC Chairman Brendan Carr announced at the start of the meeting that the Commission would not recharter NANC after its current charter expired on September 8, 2025, and that the committee’s functions would be absorbed into FCC staff rather than continuing through an advisory-committee structure. The FCC indicated that numbering policy input would continue to come from public dockets and direct engagement with subject-matter experts, but not through a chartered advisory committee.

CATA dissolved with the parent body. The substantive work CATA had been doing on caller-authentication policy — the work that had produced seven major reports over seven years — had to find other venues. Some of it has migrated to the Industry Traceback Group at USTelecom, which handles operational traceback and mitigation coordination. Some of it has migrated to the STI-GA itself, which has its own technical committees and sets of working procedures. Some of it appears in industry-association filings to FCC dockets without the federal-advisory imprimatur that NANC reports carried. None of these alternatives reproduces the structural arrangement that made CATA distinctive: a broad-coalition working group operating under federal advisory committee rules, producing consensus reports with vote-and-transmittal authority behind them.

The shutdown reflected a broader pattern in the current FCC’s posture toward advisory committees rather than a specific judgment about NANC’s value. The reasoning Carr offered was that the work could be done more efficiently through staff rather than through a chartered committee. Whether that’s true depends on how successfully the staff arrangement reproduces the broad-coalition consensus-building that NANC had institutionalized. Time will tell.

What remains

Two things remain. First, the reports themselves. The full body of CATA work is preserved at the FCC’s NANC Recommendations archive page (linked in references), at the chair-side document archive (nanc-chair.org), and in various other archived locations. The reports continue to be cited in FCC rulemaking and in industry filings; they continue to function as the substantive technical baseline even as the institutional venue that produced them is gone.

Second, the network of participants. The CATA Working Group brought together a specific cross-section of the caller-authentication ecosystem — service providers (large and small, traditional and VoIP), governance bodies (STI-GA, ATIS), analytics and validation services, equipment vendors, consumer advocates, regulators (FCC, state PUCs). The working relationships built across years of CATA participation didn’t dissolve with the working group itself. Subsequent caller-authentication policy work — in industry forums, in FCC proceedings, in international standards bodies — continues to draw on those relationships in ways that aren’t visible from outside but matter operationally.

For trust governance more broadly, CATA’s body of work is one of the more important institutional records to catalog and document. The reports establish positions that subsequent rulemakings build on or modify. Understanding what current US caller-authentication policy actually says requires reading the reports the policy was built from. The reports also serve as a model for what consensus-driven policy analysis looks like in this domain — useful reference for similar work being done in other jurisdictions and in adjacent identity domains.

Where this fits

CATA sits in trust governance as a foundational institutional record. The page complements FCC Robocall Strike Force, which covers the predecessor governance moment that established STIR/SHAKEN as the framework. The handoff was direct: the Strike Force’s October 2016 Initial Report endorsed STIR/SHAKEN and called for the establishment of a governance structure; the follow-up Strike Force Report in April 2017 acknowledged that the governance structure was being designed; and the May 2018 NANC CATA report defined the structure that subsequent deployment used.

The page also connects to the technical content elsewhere in the library. Attestation levels covers the A/B/C model that CATA’s 2020 best-practices report operationalized. SHAKEN’s operational profile covers the deployed framework that CATA governance shaped. The IP-NNI Joint Task Force covers the standards-development venue whose output CATA governed the deployment of. The threads run together; no single page covers the full picture, but together they sketch the institutional and technical history that current US caller-authentication policy rests on.