Equipment vendors like Ericsson, Huawei, Nokia and ZTE’s 5G Radio Access Network (RAN) technology are fully compliant with the new 3GPP/GSMA Network Security Assurance Schemes (NESAS) standards.
NESAS is jointly defined by 3GPP and the GSMA as an industry-wide security assurance framework and it facilitates improvements in security levels through 20 defined security requirements for the development and product lifecycle processes of network products. The NESAS scheme is open to all vendors of network equipment products that support 3GPP defined functions.
NESAS is focused on the vendor aspects of the supply chain and provides a security assurance framework to improve security levels across the mobile industry. NESAS has been developed following established practices and schemes that provide security assurance.
Security has always been crucial for 3GPP standards and telecom networks in general. Furthermore, the introduction of 5G and its new use cases, as well as the growing recognition of telecom networks as critical infrastructure, have also put network security high on the agenda of governments, regulatory bodies, communications services providers and businesses of all sizes.
“The GSMA recognises the support and participation of Ericsson, Huawei, Nokia and ZTE who have satisfied the scheme’s security requirements via an independent security audit and we congratulate them on achieving this important first step,” said Alex Sinclair, Chief Technology Officer, GSMA.
“By committing to NESAS, vendors are helping network operators, and other stakeholders make informed decisions about secure product development. We look forward to others participating in the scheme, evidencing their commitment to good security practice by promoting a security-by-design culture within the industry,” added Sinclair.
Per Narvinger, Head of Product Area Networks, Ericsson said, “Our security assurance framework is an important part of us doing business in a responsible way, and we are pleased to announce that we are fully compliant with the new NESAS network security global standards.”
Huawei supports GSMA and 3GPP in developing a global standardized security assessment, an idea that has largely been accepted as an industry consensus.
“The Assessment is also a valuable reference for stakeholders, such as operators, equipment vendors, government regulators, and application service providers. Huawei has always focused on technology-driven cyber security. We welcome NESAS with full support and collaboration. We also invite the entire industry to jointly promote the development of a more aligned mobile communications market,” said Devin Duan, Head of 5G E2E Cybersecurity Marketing, Huawei.
ZTE has passed GSMA’s NESAS audit for its development and product lifecycle processes. With the focus on network products of ZTE 5G New Radio (NR) and 5G Common Core (5GC), the security assessment is implemented by ATSEC, a Swedish independent information security company designated by GSMA.
The final report results show that ZTE’s development and lifecycle processes are fully compliant with the security requirements defined in the GSMA NESAS FS.13 and FS.16 specifications, and have been applied in practice, thereby demonstrating the security of ZTE’s 5G development and lifecycle processes. ZTE’s High Performance Product Development (HPPD) process has been proved to be in full compliance with the first aspect of security assessment with respect to the requirements defined in NESAS.
During the second stage of NESAS, vendors will submit network equipment products to qualified test laboratories for evaluation. This stage involves laboratories running security tests, defined by 3GPP, and checking that the products undergoing evaluation have been developed under the assessed development and lifecycle management processes. The evaluation concludes with the production, by the test laboratory, of a valuation report that records the test results. The report is provided to the vendor who can make it available to its customers and other stakeholders at its discretion.