Security Accreditation Scheme (SAS)

The GSMA’s Security Accreditation Scheme (SAS) enables mobile operators, regardless of their resources or experience, to assess the security of their UICC and eUICC suppliers, and of their eUICC subscription management service providers. Two schemes operate under SAS:

• SAS for UICC Production (SAS-UP): This is a well-established scheme through which UICC and eUICC manufacturers subject their production sites and processes to a comprehensive security audit. Successful sites are awarded security accreditation for a period of one year, extending to two further years upon each successful renewal. This scheme has accredited some of the industry’s largest suppliers. GSMA also provides advice to its members on how to benefit from SAS-UP.
• SAS for Subscription Management (SAS-SM): To ensure industry confidence in the security of remote provisioning for eUICCs, a related security auditing and accreditation scheme exists for the providers of eUICC subscription management services.

Audience: Technical security practitioner, Risk practitioner, Auditor

Resource technology specifics: Host virtualisation, Generic, Enterprise network, UICC/eUICC/iUICC

Resource type: Process or procedure

Resource enforcement: Voluntary

Resource certification type: Third-party audit