Supply Chain Toolbox Resources

You can use the filter menu below using the relevant criteria.

Filter

FS.33 Network Function Virtualisation (NFV) Threats Analysis

Document

Friday 6 Mar 2020 | Deployment | Design and Development | Operational |

This document aims to provide a comprehensive overview of the threats related to NFV and the underlying infrastructure and platforms hosting the NFV. The virtualization of network functions can be realized in several different ways and ...

FS.37 GTP-U Security

Document

Friday 6 Mar 2020 | Design and Development | Operational |

GPRS Tunnelling Protocol (GTP) is a group of IP-based communication protocols used to carry packet data ...

IR.88 LTE and EPC Roaming Guidelines

Document

Wednesday 19 Feb 2020 | Operational |

This guideline provides a standardised view on how LTE and EPC networks can interwork to support roaming. Audience: Technical security practitioner Resource technology specifics: Radio access ...

FS.31 GSMA Baseline Security Controls

Documents

Wednesday 5 Feb 2020 | Build | Decommissioning | Design and Development | Operational |

Mobile Network Operators provide the backbone for mobile telecommunication technologies.  At enterprise level the industry offers a wide array of services, diversifying from traditional connectivity into content and managed services. ...

FS.21 Interconnect Signalling Security Recommendations

Document

Friday 20 Dec 2019 | Deployment | Operational | Procurement |

This document highlights the key risks associated with interconnect security vulnerabilities and outlines suggested MNO responses to these risks.

FS.19 Diameter Interconnect Security

Document

Friday 20 Dec 2019 | Deployment | Operational |

This document outlines potential operator network specfic Diameter and countermeasures against those attacks. It aims to provide an understanding of potential risks, threats and countermeasures related to LTE and 5G interconnection ...

ANSSI – Safe operation of Critical Information Systems

Data

Friday 13 Dec 2019 | Operational |

Regulations for the operation of systems for 'ELECTRONIC COMMUNICATIONS AND THE INTERNET' that are considered critical to national / economic security and safety. The regulation specifies the security requirements for these "Critical ...

Network Equipment Security Assurance Scheme (NESAS)

Data

Friday 1 Nov 2019 | Build | Design and Development | NESAS | Procurement |

The Network Equipment Security Assurance Scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry. NESAS ...

COBIT 2019

Data

Friday 1 Nov 2019 | Deployment | Design and Development | Operational |

An umbrella framework for governance and management of enterprise information and technology, including audit & assurance, risk management, information security, regulatory and compliance, and governance of enterprise ...

FS.20 GPRS Tunnelling Protocol (GTP) Security

Document

Thursday 17 Oct 2019 | Deployment | Operational |

This document provides a technical background on how the GPRS Tunnelling Protocol (GTP) is used. It outlines potential attacks and exploitation possibilities and assesses the associated risk. It then presents countermeasures for ...

Remote SIM Provisioning

Data

Tuesday 17 Sep 2019 | Build | Concept | Deployment | Design and Development | Operational |

Recognising the need to demonstrate product compliance to technical specifications in a common accessible way, GSMA has developed a compliance framework for eSIM capable Devices, eUICCs and Subscription Management servers. The ...

Security Accreditation Scheme (SAS)

Data

Thursday 25 Jul 2019 | Build |

The GSMA’s Security Accreditation Scheme (SAS) enables mobile operators, regardless of their resources or experience, to assess the security of their UICC and eUICC suppliers, and of their eUICC subscription management service ...

ANSSI IT Good Practice

Data

Tuesday 18 Jun 2019 | Operational |

Provides a number of guides to help protect an organisation from attacks on its IT systems. Audience: Technical security practitioner Resource technology specifics: Generic, Enterprise ...

GSMA Coordinated Vulnerability Disclosure (CVD)

Data

Wednesday 29 May 2019 | Build | Concept | Deployment | Design and Development | Operational |

The GSMA Coordinated Vulnerability Disclosure (CVD) Programme provides a formal structure for security researchers and similar parties to disclose details of security vulnerabilities affecting the mobile industry, and allow the mobile ...

IR.21 GSM Association Roaming Database, Structure and Updating Procedures

Document

Monday 13 May 2019 | Operational |

This document lays out procedures and data formats to be used for updating the GSMA RAEX IR.21 Roaming Database for storing the most important data for each MNO related to International Roaming. Audience:  Technical ...

FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines

Document

Thursday 2 May 2019 | Deployment | Operational |

This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply ...

IMEI Blacklisting

Data

Monday 22 Apr 2019 | Decommissioning | Operational |

If a device is reported as lost or stolen to an operator (using the IMEI), the operator is able to blacklist the device and block access to the mobile network. Blacklisted IMEIs are submitted to the GSMA IMEI Database to allow ...

IR.77 InterOperator IP Backbone Security Req. For Service and Inter-operator IP backbone Providers v5.0

Document

Thursday 4 Apr 2019 | Operational |

In conjunction with IR.34, this document describes a set of common guidelines to enable baseline security level to be achieved on the Internet Protocol Packet Exchange (IPX) Network. It contains detailed security requirements (binding ...

Telecommunication Information Sharing and Analysis Centre (T-ISAC)

Data

Wednesday 27 Feb 2019 | Operational |

The Telecommunication Information Sharing and Analysis Centre (T-ISAC) has been established to act as the point of coordination for the security of the mobile ecosystem. It collects, disseminates information and advice on security ...

ITIL – IT service management v 4.0

Data

Monday 18 Feb 2019 | Delivery | Deployment | Operational |

ITIL supports organizations and individuals to gain optimal value from IT and digital services. It helps define the direction of the service provider with a clear capability model and aligns them to the business strategy and customer ...