NESAS Security Test Laboratories

NESAS Security Test Laboratories are security test laboratories that evaluate network products according to one or several 3GPP Security Assurance Specifications and any additional security requirements that may be defined by the GSMA.

In order to have sufficient confidence in a security test laboratory’s competence and capabilities, certain security requirements must be met. The overriding security requirement is that NESAS Security Test Laboratories must be ISO/IEC 17025 accredited to perform tests as defined in the 3GPP Security Assurance Specifications. The GSMA has produced guidelines for candidate NESAS test labs and ILAC member accreditation bodies on what is expected of candidate NESAS test labs to demonstrate their competency and have NESAS included in the scope of their ISO/IEC 17025 accreditation. The guidelines are available below and these are provided to help test laboratory engagement with the accreditation body of their choice.

The GSMA recognises the competency of International Laboratory Accreditation Cooperation (ILAC) member accreditation bodies to assess and accredit security test laboratories. Security test laboratories that are deemed by an ILAC member to have satisfied the ISO/IEC 17025 and NESAS requirements, and that have been ISO/IEC 17025 accredited, will be considered to have achieved NESAS accreditation.


Network Equipment Security Assurance Scheme (NESAS) Security Test Laboratory Competency Guidelines Prepared


Sunday 24 May 2020 | NESAS |

Prepared by GSMA’s Security Assurance Group (SECAG) to help ILAC member accreditation bodies assess the competency of ISO 17025 accredited test laboratories to undertake NESAS product evaluations

Security Test Laboratories

The following security test laboratories are recognised by GSMA as being competent to undertake security evaluation of network products against relevant Security Assurance Specification (SCAS) documents, having provided to GSMA evidence of their ISO/IEC 17025 accreditation. Network equipment vendors are free to select any one of these security test laboratories to undertake NESAS evaluations of their network products.


Test Laboratory



Security Assurance Specifications and Products in Scope


Palindrome Technologies

Technical – Mike Stauffer
Administrative – Peter Thermos

3GPP TS 33.117 – General Security Requirements

3GPP TS 33.216 – eNodeB Security Requirements


China Telecommunication Technology Labs – System Laboratory, CAICT

Technical – Zhang Yawei
Administrative – Zhang Zhibing

3GPP TS 33.117 – General Security Requirements

3GPP TS 33.511 – gNodeB Security Requirements


Security Research Institute, CAICT

Technical – Feng Zebing

Administrative – Yang Hongmei

3GPP TS 33.117 – General Security Requirements
3GPP TS 33.511 – gNodeB Security Requirements

3GPP TS 33.512– AMF Security Requirements

3GPP TS 33.513– UPF Security Requirements

3GPP TS 33.514– UDM Security Requirements

3GPP TS 33.515– SMF Security Requirements

3GPP TS 33.516– AUSF Security Requirements

3GPP TS 33.518– NRF Security Requirements