NESAS Security Test Laboratories are security test laboratories that evaluate network products according to one or several 3GPP Security Assurance Specifications and any additional security requirements that may be defined by the GSMA.
In order to have sufficient confidence in a security test laboratory’s competence and capabilities, certain security requirements must be met. The overriding security requirement is that NESAS Security Test Laboratories must be ISO/IEC 17025 accredited to perform tests as defined in the 3GPP Security Assurance Specifications. The GSMA has produced guidelines for candidate NESAS test labs and ILAC member accreditation bodies on what is expected of candidate NESAS test labs to demonstrate their competency and have NESAS included in the scope of their ISO/IEC 17025 accreditation. The guidelines are available below and these are provided to help test laboratory engagement with the accreditation body of their choice.
The GSMA recognises the competency of International Laboratory Accreditation Cooperation (ILAC) member accreditation bodies to assess and accredit security test laboratories. Security test laboratories that are deemed by an ILAC member to have satisfied the ISO/IEC 17025 and NESAS requirements, and that have been ISO/IEC 17025 accredited, will be considered to have achieved NESAS accreditation.
Network Equipment Security Assurance Scheme (NESAS) Security Test Laboratory Competency Guidelines Prepared
Sunday 24 May 2020 | NESAS |
Prepared by GSMA’s Security Assurance Group (SECAG) to help ILAC member accreditation bodies assess the competency of ISO 17025 accredited test laboratories to undertake NESAS product evaluations
Security Test Laboratories
Security test laboratories that provide to GSMA evidence of their ISO/IEC 17025 accreditation and that are duly recognised by GSMA as being competent to undertake security evaluation of network products against relevant Security Assurance Specification (SCAS) documents will be listed here.