As restrictions relating to COVID-19 continue to impact and evolve, the GSMA is managing and adapting NESAS to enable the scheme to deliver security assurance by allowing equipment vendors participate as fully and safely as possible during the current global pandemic.
NESAS Audits Audit travel and workplace attendance restrictions caused by the COVID-19 outbreak are preventing NESAS audit teams from visiting equipment vendor development sites to conduct product development and lifecycle management process audits. The GSMA recognises the potential for these unprecedented restrictions to negatively impact NESAS and security assurance generally.
As an exceptional arrangement, the GSMA is temporarily waiving the requirement for NESAS audits to be conducted at equipment vendor sites. The GSMA recognises the feasibility of conducting remote audits and the ability of auditors to assess if each of the NESAS security requirements have been satisfied. Consequently, audits may be performed remotely with prior approval from the GSMA.
NESAS Participation Equipment vendors wishing to participate in NESAS and have their development and product lifecycle management processes safely assessed are invited to contact the GSMA to discuss the options available.
The mobile network equipment vendors listed below have undergone an assessment and independent audit of their development and product lifecycle processes to evidence how security is integrated into their design, development, implementation, and maintenance processes.
Copies of the summary reports of the independent audits are also provided below for each vendor and for each of the processes audited.
Company
Month of Audit
Process Audited
Products Developed Under Audited Process
Summary Report
Huawei Technologies Co. Ltd.
Mar 2020
Huawei Integrated Product Development Process (IPD) – 10.0
LTE eNodeB and 5G gNodeB Product Lines
Nokia Solutions and Networks Oy
May 2020
Nokia MN CREATE Process v18.3
LTE eNB (SRAN) and 5G gNB Products
Huawei Technologies Co. Ltd.
May 2020
Huawei Integrated Product Development Process (IPD) – 10.0
5G Core product line for UDG, UDM, UNC, UPCF
Ericsson
June 2020
Ericsson DNEW Development Framework
eNodeB and gNodeB Product Lines
ZTE Corporation
July 2020
High Performance Product Development (HPPD) Process 2017
