FS.14 Network Equipment Security Assurance Scheme – Security Test Laboratory Accreditation v1.0
NESAS covers the auditing of a vendor’s development and lifecycle processes against the security requirements defined under NESAS and the independent testing of manufactured network equipment by a competent test laboratory.
This document defines the requirements for NESAS Security Test Laboratories and sets the standard against which accreditation is to be assessed and awarded. It also provides a high level overview of the NESAS Security Test Laboratory accreditation process.
Audience: Auditor, Risk practitioner, Technical security practitioner
Resource technology specifics: Radio access network (RAN), Core network
Resource type: Process or procedure
Resource enforcement: Voluntary
Resource certification type: Third-party audit
– Demonstrates commitment to security and reduces risks for customers
– May result in fewer individual audits
– Delivers a baseline security review of relevant processes
– Offers a uniform approach to security audits
– Avoids fragmentation and potentially conflicting security assurance requirements in different marketsOperators
– Audits are conducted by qualified individuals at no cost to the operator
– The scheme sets a baseline security standard requiring a high-level of vendor commitment
– Offers peace of mind that vendors have implemented appropriate security procedures
– Up-front and ongoing cost of investment in compliant security controls and certificationOperators:
– Visibility of certification status only; no first-hand view of security controls
– NESAS requirements may not provide coverage of bespoke operator requirements.