GSMA Network Security Equipment Security Assurance Scheme participating vendors

Coronavirus COVID-19 Notice

As restrictions relating to COVID-19 continue to impact and evolve, the GSMA is managing and adapting NESAS to enable the scheme to deliver security assurance by allowing equipment vendors participate as fully and safely as possible during the current global pandemic.

NESAS Audits
Audit travel and workplace attendance restrictions caused by the COVID-19 outbreak are preventing NESAS audit teams from visiting equipment vendor development sites to conduct product development and lifecycle management process audits. The GSMA recognises the potential for these unprecedented restrictions to negatively impact NESAS and security assurance generally.

As an exceptional arrangement, the GSMA is temporarily waiving the requirement for NESAS audits to be conducted at equipment vendor sites. The GSMA recognises the feasibility of conducting remote audits and the ability of auditors to assess if each of the NESAS security requirements have been satisfied. Consequently, audits may be performed remotely with prior approval from the GSMA.

NESAS Participation
Equipment vendors wishing to participate in NESAS and have their development and product lifecycle management processes safely assessed are invited to contact the GSMA to discuss the options available.

The mobile network equipment vendors listed below have undergone an assessment and independent audit of their development and product lifecycle processes to evidence how security is integrated into their design, development, implementation, and maintenance processes.

Copies of the summary reports of the independent audits are also provided below for each vendor and for each of the processes audited.

>
CompanyMonth of AuditProcess AuditedProducts Developed Under Audited ProcessSummary Report
Huawei Technologies Co. Ltd.Mar 2020Huawei Integrated Product Development Process (IPD) – 10.0LTE eNodeB and 5G gNodeB Product Lines
Nokia May 2020Nokia MN CREATE Process v18.3LTE eNB (SRAN) and 5G gNB Products
Huawei Technologies Co. Ltd.May 2020Huawei Integrated Product Development Process (IPD) – 10.05G Core product line for UDG, UDM, UNC, UPCF
EricssonJune 2020Ericsson DNEW Development FrameworkeNodeB and gNodeB Product Lines
ZTE CorporationJuly 2020High Performance Product Development (HPPD) Process 20175G NR and 5GC Product lines
Nokia Oct 2020Nokia NSW CREATE ProcessCBND, NIAM, UDM/AUSF, SEPP, NEF products
EricssonNov 2020Ericsson BDGS Development Framework 2020CCSM, CCDM, CCRC, CCES, SAPC, PCC, PCG, SGSN-MME products
EricssonDec 2020Ericsson DNEW Development FrameworkMINI-LINK, Fronthaul, and Router 6000 Product Lines
Nokia Dec 2020Nokia ION CREATE ProcessCloud Mobility Manager – CMM (AMF) , Cloud Mobile Gateway – CMG/NRD (NRF, NSSF, SMF, UPF functions) product lines
Huawei Technologies Co. Ltd.Apr 2021Huawei Integrated Product Development Process (IPD) – 10.1LTE eNodeB and 5G gNodeB Product Lines
Samsung Electronics Co., Ltd.Jun 2021Samsung Network Product Development Process LTE eNodeB, 5G gNodeB and 5GC product lines
Samsung Electronics Co., Ltd.Jul 2021Samsung Network Product Development ProcessEMS, Analytics and Cloud Management product lines
EricssonOct 2021Ericsson Development Framework 2021 ProcessCovering SDI, CEE, CCD, OMC, SDN product lines
MavenirNov 2021Mavenir Integrated Management System 2021Covering 5G RAN, 4G RAN, Mavenir Webscale Platform, 5G Packet Core and 4G Packet Core product lines
EricssonNov 2021Ericsson Cloud RAN Development Process 2021Cloud RAN DU, CU-UP, CU-CP and RANS Discovery product lines