FS.16 Network Equipment Security Assurance Scheme – Development and Lifecycle Security Requirements

Friday 4 Oct 2019 | NESAS |

FS.16 Network Equipment Security Assurance Scheme – Development and Lifecycle Security Requirements image

Within NESAS, the Vendor Development and Product Lifecycle covers specfic aspects potentially impacting the security of manfactured network equipment over its lifetime, including initial planning, design, implementation, delivery, in-service updates, and eventual decommissioning.

This document defines security requirements applicable to Equipment Vendor’s Development and Product Lifecycle Processes under NESAS.

Audience: Auditor, Technical security practitioner

Resource technology specifics: Radio access network (RAN), Core network

Resource type: Specification

Resource enforcement: Voluntary

Resource certification type: Self-assessment,

Advantage Disadvantage
Vendors
– Demonstrates commitment to security and reduces risks for customers
– May result in fewer individual audits
– Delivers a baseline security review of relevant processes
– Offers a uniform approach to security audits
– Avoids fragmentation and potentially conflicting security assurance requirements in different marketsOperators
– Audits are conducted by qualified individuals at no cost to the operator
– The scheme sets a baseline security standard requiring a high-level of vendor commitment
– Offers peace of mind that vendors have implemented appropriate security procedures
Suppliers:
– Up-front and ongoing cost of investment in compliant security controls and certificationOperators:
– Visibility of certification status only; no first-hand view of security controls
– NESAS requirements may not provide coverage of bespoke operator requirements.