FS.14 Network Equipment Security Assurance Scheme – Security Test Laboratory Accreditation v1.0

Sunday 6 Oct 2019 | NESAS |

FS.14 Network Equipment Security Assurance Scheme – Security Test Laboratory Accreditation v1.0 image

NESAS covers the auditing of a vendor’s development and lifecycle processes against the security requirements defined under NESAS and the independent testing of manufactured network equipment by a competent test laboratory.

This document defines the requirements for NESAS Security Test Laboratories and sets the standard against which accreditation is to be assessed and awarded. It also provides a high level overview of the NESAS Security Test Laboratory accreditation process.

Audience: Auditor, Risk practitioner, Technical security practitioner

Resource technology specifics: Radio access network (RAN), Core network

Resource type: Process or procedure

Resource enforcement: Voluntary

Resource certification type: Third-party audit

Advantage Disadvantage
Vendors
– Demonstrates commitment to security and reduces risks for customers
– May result in fewer individual audits
– Delivers a baseline security review of relevant processes
– Offers a uniform approach to security audits
– Avoids fragmentation and potentially conflicting security assurance requirements in different marketsOperators
– Audits are conducted by qualified individuals at no cost to the operator
– The scheme sets a baseline security standard requiring a high-level of vendor commitment
– Offers peace of mind that vendors have implemented appropriate security procedures
Suppliers:
– Up-front and ongoing cost of investment in compliant security controls and certificationOperators:
– Visibility of certification status only; no first-hand view of security controls
– NESAS requirements may not provide coverage of bespoke operator requirements.