FS.13 Network Equipment Security Assurance Scheme – Overview Version 1.0

Monday 7 Oct 2019 | NESAS |

FS.13 Network Equipment Security Assurance Scheme – Overview Version 1.0 image

This document provides an overview of the NESAS scheme allowing readers to familiarise themselves with NESAS. The objective of NESAS is to provide an industry-wide security assurance

Audience: Senior leadership, Technical security practitioner, Risk practitioner, Auditor

Resource technology specifics: Radio access network (RAN), Core network

Resource type: Process or procedure

Resource enforcement: Voluntary

Resource certification type: Self-assessment, Third-party audit

Advantage Disadvantage
Vendors

  • Demonstrates commitment to security and reduces risks for customers
  • May result in fewer individual audits
  • Delivers a baseline security review of relevant processes
  • Offers a uniform approach to security audits
  • Avoids fragmentation and potentially conflicting security assurance requirements in different markets

Operators

  • Audits are conducted by qualified individuals at no cost to the operator
  • The scheme sets a baseline security standard requiring a high-level of vendor commitment
  • Offers peace of mind that vendors have implemented appropriate security procedures
Suppliers

  • Up-front and ongoing cost of investment in compliant security controls and certification

Operators

  • Visibility of certification status only; no first-hand view of security controls
  • NESAS requirements may not provide coverage of bespoke operator requirements.