NESAS Security Test Laboratories are security test laboratories that evaluate network products according to one or several 3GPP Security Assurance Specifications and any additional security requirements that may be defined by the GSMA.
In order to have sufficient confidence in a security test laboratory’s competence and capabilities, certain security requirements must be met. The overriding security requirement is that NESAS Security Test Laboratories must be ISO/IEC 17025 accredited to perform tests as defined in the 3GPP Security Assurance Specifications. The GSMA has produced guidelines for candidate NESAS test labs and ILAC member accreditation bodies on what is expected of candidate NESAS test labs to demonstrate their competency and have NESAS included in the scope of their ISO/IEC 17025 accreditation. The guidelines are available below and these are provided to help test laboratory engagement with the accreditation body of their choice.
The GSMA recognises the competency of International Laboratory Accreditation Cooperation (ILAC) member accreditation bodies to assess and accredit security test laboratories. Security test laboratories that are deemed by an ILAC member to have satisfied the ISO/IEC 17025 and NESAS requirements, and that have been ISO/IEC 17025 accredited, will be considered to have achieved NESAS accreditation.
Network Equipment Security Assurance Scheme (NESAS) Security Test Laboratory Competency Guidelines Prepared
Sunday 24 May 2020 | NESAS |
Prepared by GSMA’s Security Assurance Group (SECAG) to help ILAC member accreditation bodies assess the competency of ISO 17025 accredited test laboratories to undertake NESAS product evaluations
Security Test Laboratories
The following security test laboratories are recognised by GSMA as being competent to undertake security evaluation of network products against relevant Security Assurance Specification (SCAS) documents, having provided to GSMA evidence of their ISO/IEC 17025 accreditation. Network equipment vendors are free to select any one of these security test laboratories to undertake NESAS evaluations of their network products.
|Test Laboratory||Website||Contacts||Security Assurance Specifications and Products in Scope||Expiry|
|Palindrome Technologies||www.palindrometech.com||Technical – Mike Stauffer|
Administrative – Peter Thermos
|3GPP TS 33.117 – General Security Requirements 3GPP TS 33.216 – eNodeB Security Requirements|
3GPP TS 33.511 – gNodeB Security Requirements
|Reliability Laboratory of Huawei Technologies Co., Ltd.||www.huawei.com||Technical – Junning Yao Administrative – Junning Yao||3GPP TS 33.117 – General Security Requirements 3GPP TS 33.511 – gNodeB Security Requirements||25-May-2023|
|China Telecommunication Technology Labs – System Laboratory, CAICT||www.caict.ac.cn||Technical – Zhang Yawei|
Administrative – Zhang Zhibing
|3GPP TS 33.117 – General Security Requirements 3GPP TS 33.511 – gNodeB Security Requirements||19-Jun-2023|
|Security Research Institute, CAICT||www.caict.ac.cn||Technical – Feng Zebing Administrative – Yang Hongmei||3GPP TS 33.117 – General Security Requirements|
3GPP TS 33.511 – gNodeB Security Requirements 3GPP TS 33.512 – AMF Security Requirements 3GPP TS 33.513 – UPF Security Requirements 3GPP TS 33.514 – UDM Security Requirements 3GPP TS 33.515 – SMF Security Requirements 3GPP TS 33.516 – AUSF Security Requirements 3GPP TS 33.518 – NRF Security Requirements
|Atsec information security AB||www.atsec.se||Technical – Rasma Araby Administrative – Rasma Araby||3GPP TS 33.116 – MME Security Requirements 3GPP TS 33.117 – General Security Requirements 3GPP TS 33.216 – eNodeB Security Requirements 3GPP TS 33.250 – PGW Security Requirements 53GPP TS 33.511 – gNodeB Security Requirements 3GPP TS 33.512 – AMF Security Requirements 3GPP TS 33.513 – UPF Security Requirements 3GPP TS 33.514 – UDM Security Requirements 3GPP TS 33.515 – SMF Security Requirements 3GPP TS 33.516 – AUSF Security Requirements 3GPP TS 33.517 – SEPP Security Requirements 3GPP TS 33.518 – NRF Security Requirements 3GPP TS 33.519 – NEF Security Requirements||25-Sep-2023|
|DEKRA Testing and Certification, S.A||www.dekra.es/es/ciberseguridad-productos/||Technical – Jose Emilio Rico|
Administrative – Jose Emilio Rico
|3GPP TS 33.116 – MME Security Requirements 3GPP TS 33.117 – General Security Requirements 3GPP TS 33.216 – eNodeB Security Requirements 3GPP TS 33.511 – gNodeB Security Requirements||30-Sep-2025|