Find out more about the scheme, policies, processes, and procedures that define NESAS in the documentation on this page – from the current applicable release: NESAS 2.1. Simply search the 3GPP specifications that define the scheme, and the scheme’s processes and requirements from GSMA.
Please note that NESAS is designed to be improved iteratively. Therefore, all the lessons learnt from the application of NESAS will be considered and reflected in future releases. Updated releases will take feedback from the various stakeholders into account and will also strengthen NESAS’ ability to support equipment vendors to deliver continual security improvements.
If you would like to know more or speak to someone about GSMA NESAS, please get in touch.
3GPP Security Assurance Specifications
The following SCAS documents are published by 3GPP:
| TS 33.116 | Security Assurance Specification (SCAS) for the MME network product class |
| TS 33.117 | Catalogue of general security assurance requirements |
| TS 33.216 | Security Assurance Specification (SCAS) for the evolved Node B (eNB) network product class |
| TS 33.250 | Security assurance specification for the PGW network product class |
| TS 33.511 | Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class |
| TS 33.512 | 5G Security Assurance Specification (SCAS); Access and Mobility management Function (AMF) |
| TS 33.513 | 5G Security Assurance Specification (SCAS); User Plane Function (UPF) |
| TS 33.514 | 5G Security Assurance Specification (SCAS) for the Unified Data Management (UDM) network product class |
| TS 33.515 | 5G Security Assurance Specification (SCAS) for the Session Management Function (SMF) network product class |
| TS 33.516 | 5G Security Assurance Specification (SCAS) for the Authentication Server Function (AUSF) network product class |
| TS 33.517 | 5G Security Assurance Specification (SCAS) for the Security Edge Protection Proxy (SEPP) network product class |
| TS 33.518 | 5G Security Assurance Specification (SCAS) for the Network Repository Function (NRF) network product class |
| TS 33.519 | 5G Security Assurance Specification (SCAS) for the Network Exposure Function (NEF) network product class |
GSMA Scheme Documents
The following documents are published by the GSMA
| FS.13 – NESAS Overview v.2.1 | This document provides an overview of the NESAS scheme allowing readers to familiarise themselves with NESAS. |
| FS.14 – NESAS Security Test Laboratory Accreditation v.2.1 | This document defines the requirements for NESAS Security Test Laboratories and sets the standard against which accreditation is to be assessed and awarded. |
| FS.15 – NESAS Development and Lifecycle Assessment Methodology v.2.1 | This document describes the assessment and audit process for NESAS Vendor Development and Product Lifecycle Processes. |
| FS.16 – NESAS Development and Lifecycle Security Requirements v.2.1 | This document defines security requirements for an Equipment Vendor’s Development and Product Lifecycle Processes. |
| FS.46 – NESAS Audit Guidelines v.1.0 | This document provides guidelines, tips and information on how to prepare for and carry out a Vendor Development and Product Lifecycle Process audit. |
| FS.47 – NESAS Product and Evidence Evaluation Methodology v.1.0 | This document describes how the NESAS product and evidence evaluation is done at the procedural and operational level. |