Supply Chain Toolbox Resources

You can use the filter menu below using the relevant criteria.


ANSSI – Safe operation of Critical Information Systems


Friday 13 Dec 2019 | Operational |

Regulations for the operation of systems for 'ELECTRONIC COMMUNICATIONS AND THE INTERNET' that are considered critical to national / economic security and safety. The regulation specifies the security requirements for these "Critical ...

Network Equipment Security Assurance Scheme (NESAS)


Friday 1 Nov 2019 | Build | Design and Development | NESAS | Procurement |

The Network Equipment Security Assurance Scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry. NESAS ...

COBIT 2019


Friday 1 Nov 2019 | Deployment | Design and Development | Operational |

An umbrella framework for governance and management of enterprise information and technology, including audit & assurance, risk management, information security, regulatory and compliance, and governance of enterprise ...

Security Accreditation Scheme (SAS)


Thursday 25 Jul 2019 | Build |

The GSMA’s Security Accreditation Scheme (SAS) enables mobile operators, regardless of their resources or experience, to assess the security of their UICC and eUICC suppliers, and of their eUICC subscription management service ...

ANSSI IT Good Practice


Tuesday 18 Jun 2019 | Operational |

Provides a number of guides to help protect an organisation from attacks on its IT systems. Audience: Technical security practitioner Resource technology specifics: Generic, Enterprise ...

IR.88 LTE and EPC Roaming Guidelines v19.0


Friday 7 Jun 2019 | Operational |

This guideline provides a standardised view on how LTE and EPC networks can interwork to support roaming. Audience: Technical security practitioner Resource technology specifics: Radio access ...

GSMA Coordinated Vulnerability Disclosure (CVD)


Wednesday 29 May 2019 | Build | Concept | Deployment | Design and Development | Operational |

The GSMA Coordinated Vulnerability Disclosure (CVD) Programme provides a formal structure for security researchers and similar parties to disclose details of security vulnerabilities affecting the mobile industry, and allow the mobile ...

FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines v6.0


Friday 17 May 2019 | Deployment | Operational |

This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply ...

FS.19 Diameter Interconnect Security v7.0


Friday 17 May 2019 | Deployment | Operational |

This document outlines potential operator network specfic Diameter and countermeasures against those attacks. It aims to provide an understanding of potential risks, threats and countermeasures related to LTE and 5G interconnection ...

IMEI Blacklisting


Monday 22 Apr 2019 | Decommissioning | Operational |

If a device is reported as lost or stolen to an operator (using the IMEI), the operator is able to blacklist the device and block access to the mobile network. Blacklisted IMEIs are submitted to the GSMA IMEI Database to allow ...

FS.21 Interconnect Signalling Security Recommendations v6.0


Thursday 11 Apr 2019 | Deployment | Operational | Procurement |

This document highlights the key risks associated with interconnect security vulnerabilities and outlines suggested MNO responses to these risks.

IR.77 InterOperator IP Backbone Security Req. For Service and Inter-operator IP backbone Providers v5.0


Thursday 4 Apr 2019 | Operational |

In conjunction with IR.34, this document describes a set of common guidelines to enable baseline security level to be achieved on the Internet Protocol Packet Exchange (IPX) Network. It contains detailed security requirements (binding ...

Telecommunication Information Sharing and Analysis Centre (T-ISAC)


Wednesday 27 Feb 2019 | Operational |

The Telecommunication Information Sharing and Analysis Centre (T-ISAC) has been established to act as the point of coordination for the security of the mobile ecosystem. It collects, disseminates information and advice on security ...

FS.20 GPRS Tunnelling Protocol (GTP) Security v3.0


Monday 18 Feb 2019 | Deployment | Operational |

This document provides a technical background on how the GPRS Tunnelling Protocol (GTP) is used. It outlines potential attacks and exploitation possibilities and assesses the associated risk. It then presents countermeasures for ...

ITIL – IT service management v 4.0


Monday 18 Feb 2019 | Delivery | Deployment | Operational |

ITIL supports organizations and individuals to gain optimal value from IT and digital services. It helps define the direction of the service provider with a clear capability model and aligns them to the business strategy and customer ...

European Electronic Communications Code (EECC)


Tuesday 11 Dec 2018 | Build | Concept | Deployment | Design and Development |

The European Electronic Communications Code Directive (EECC) updates the regulatory framework to reflect evolving technologies and developments in the way people communicate. The EECC introduces a renewed focus on increasing regulatory ...

NCSC Supply chain security guidance


Friday 16 Nov 2018 | Build | Decommissioning | Delivery | Deployment | Design and Development | Operational | Procurement |

This guidance outlines a series of 12 principles designed to help establish effective control and oversight of a supply chain. It recognises that most organisations are reliant upon suppliers to deliver products, systems and services ...

IR.21 GSM Association Roaming Database, Structure and Updating Procedures v12.0


Monday 12 Nov 2018 | Operational |

This document lays out procedures and data formats to be used for updating the GSMA RAEX IR.21 Roaming Database for storing the most important data for each MNO related to International Roaming. Audience:  Technical ...

GSMA IoT Security Assessment Checklist


Sunday 30 Sep 2018 | Build | Concept | Decommissioning | Delivery | Deployment | Design and Development | Operational | Procurement |

Without security, the Internet of Things will cease to exist. To enable a secure market, companies have to take responsibility to embed security from the beginning and at every stage of the IoT value chain. The GSMA, together with ...

ANSSI Transposition of NIS


Saturday 15 Sep 2018 | Operational |

Regulatory framework for Operators of Essential Services (OESs) and Digital Service Providers (DSPs) to enhance cybersecurity that is essential to the functioning of the economy and society. N.b. mobile Operators are not specified in ...