Supply Chain Toolbox Resources

You can use the filter menu below using the relevant criteria.


FS.31 GSMA Baseline Security Controls


Friday 1 Sep 2023 | Build | Decommissioning | Design and Development | Operational |

Mobile Network Operators provide the backbone for mobile telecommunication technologies.  At enterprise level the industry offers a wide array of services, diversifying from traditional connectivity into content and managed ...

SG.20 Voicemail Security Guidelines


Thursday 9 Jul 2020 | Operational |

The Voicemail Security Guidelines provide guidance for Operators on the management of Personal Identity Numbers (PINs) used to authenticate a user to obtain secure access to Voicemail. The guideline also includes guidance for mobile ...

FS.33 Network Function Virtualisation (NFV) Threats Analysis


Friday 6 Mar 2020 | Deployment | Design and Development | Operational |

This document aims to provide a comprehensive overview of the threats related to NFV and the underlying infrastructure and platforms hosting the NFV. The virtualization of network functions can be realized in several different ways and ...

FS.37 GTP-U Security


Friday 6 Mar 2020 | Design and Development | Operational |

GPRS Tunnelling Protocol (GTP) is a group of IP-based communication protocols used to carry packet data ...

IR.88 LTE and EPC Roaming Guidelines


Wednesday 19 Feb 2020 | Operational |

This guideline provides a standardised view on how LTE and EPC networks can interwork to support roaming. Audience: Technical security practitioner Resource technology specifics: Radio access network ...

FS.21 Interconnect Signalling Security Recommendations


Friday 20 Dec 2019 | Deployment | Operational | Procurement |

This document highlights the key risks associated with interconnect security vulnerabilities and outlines suggested MNO responses to these risks.

FS.19 Diameter Interconnect Security


Friday 20 Dec 2019 | Deployment | Operational |

This document outlines potential operator network specfic Diameter and countermeasures against those attacks. It aims to provide an understanding of potential risks, threats and countermeasures related to LTE and 5G interconnection ...

ANSSI – Safe operation of Critical Information Systems


Friday 13 Dec 2019 | Operational |

Regulations for the operation of systems for 'ELECTRONIC COMMUNICATIONS AND THE INTERNET' that are considered critical to national / economic security and safety. The regulation specifies the security requirements for these "Critical ...

COBIT 2019


Friday 1 Nov 2019 | Deployment | Design and Development | Operational |

An umbrella framework for governance and management of enterprise information and technology, including audit & assurance, risk management, information security, regulatory and compliance, and governance of enterprise ...

Network Equipment Security Assurance Scheme (NESAS)


Friday 1 Nov 2019 | Build | Design and Development | NESAS | Procurement |

The Network Equipment Security Assurance Scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry. NESAS ...

FS.20 GPRS Tunnelling Protocol (GTP) Security


Thursday 17 Oct 2019 | Deployment | Operational |

This document provides a technical background on how the GPRS Tunnelling Protocol (GTP) is used. It outlines potential attacks and exploitation possibilities and assesses the associated risk. It then presents countermeasures for ...

Remote SIM Provisioning


Tuesday 17 Sep 2019 | Build | Concept | Deployment | Design and Development | Operational |

Recognising the need to demonstrate product compliance to technical specifications in a common accessible way, GSMA has developed a compliance framework for eSIM capable Devices, eUICCs and Subscription Management servers. The ...

Security Accreditation Scheme (SAS)


Thursday 25 Jul 2019 | Build |

The GSMA’s Security Accreditation Scheme (SAS) enables mobile operators, regardless of their resources or experience, to assess the security of their UICC and eUICC suppliers, and of their eUICC subscription management service ...

ANSSI IT Good Practice


Tuesday 18 Jun 2019 | Operational |

Provides a number of guides to help protect an organisation from attacks on its IT systems. Audience: Technical security practitioner Resource technology specifics: Generic, Enterprise ...

GSMA Coordinated Vulnerability Disclosure (CVD)


Wednesday 29 May 2019 | Build | Concept | Deployment | Design and Development | Operational |

The GSMA Coordinated Vulnerability Disclosure (CVD) Programme provides a formal structure for security researchers and similar parties to disclose details of security vulnerabilities affecting the mobile industry, and allow the mobile ...

IR.21 GSM Association Roaming Database, Structure and Updating Procedures


Monday 13 May 2019 | Operational |

This document lays out procedures and data formats to be used for updating the GSMA RAEX IR.21 Roaming Database for storing the most important data for each MNO related to International Roaming. Audience:  Technical ...

FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines


Thursday 2 May 2019 | Deployment | Operational |

This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply ...

IR.77 InterOperator IP Backbone Security Req. For Service and Inter-operator IP backbone Providers v5.0


Thursday 4 Apr 2019 | Operational |

In conjunction with IR.34, this document describes a set of common guidelines to enable baseline security level to be achieved on the Internet Protocol Packet Exchange (IPX) Network. It contains detailed security requirements (binding ...

Telecommunication Information Sharing and Analysis Centre (T-ISAC)


Wednesday 27 Feb 2019 | Operational |

The Telecommunication Information Sharing and Analysis Centre (T-ISAC) has been established to act as the point of coordination for the security of the mobile ecosystem. It collects, disseminates information and advice on security ...

ITIL – IT service management v 4.0


Monday 18 Feb 2019 | Delivery | Deployment | Operational |

ITIL supports organizations and individuals to gain optimal value from IT and digital services. It helps define the direction of the service provider with a clear capability model and aligns them to the business strategy and customer ...