Network Equipment Security Assurance Scheme (NESAS)
The Network Equipment Security Assurance Scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry. NESAS defines security requirements and an assessment framework for secure product development and product lifecycle processes, as well as using 3GPP defined security test cases for the security evaluation of network equipment.
NESAS provides a security baseline to evidence that network equipment satisfies a list of security requirements and has been developed in accordance with vendor development and product lifecycle processes that provide security assurance. NESAS is intended to be used alongside other mechanisms to ensure a network is secure, in particular an appropriate set of security policies covering the whole lifecycle of a network. The scheme should be used globally as a common baseline, on top of which individual operators or national IT security agencies may want to put additional security requirements.
Audience: Technical security practitioner, Auditor
Resource target industry: Telecommunications
Resource technology specifics: Radio access network (RAN), core network
Resource type: Guideline
Resource enforcement: Voluntary
Resource certification type: Third party audit
Regulators and National Security Authorities