Supply Chain Toolbox Resources

You can use the filter menu below using the relevant criteria.

Filter

FS.33 Network Function Virtualisation (NFV) Threats Analysis

Document

Friday 6 Mar 2020 | Deployment | Design and Development | Operational |

This document aims to provide a comprehensive overview of the threats related to NFV and the underlying infrastructure and platforms hosting the NFV. The virtualization of network functions can be realized in several different ways and ...

FS.21 Interconnect Signalling Security Recommendations

Document

Friday 20 Dec 2019 | Deployment | Operational | Procurement |

This document highlights the key risks associated with interconnect security vulnerabilities and outlines suggested MNO responses to these risks.

FS.19 Diameter Interconnect Security

Document

Friday 20 Dec 2019 | Deployment | Operational |

This document outlines potential operator network specfic Diameter and countermeasures against those attacks. It aims to provide an understanding of potential risks, threats and countermeasures related to LTE and 5G interconnection ...

COBIT 2019

Data

Friday 1 Nov 2019 | Deployment | Design and Development | Operational |

An umbrella framework for governance and management of enterprise information and technology, including audit & assurance, risk management, information security, regulatory and compliance, and governance of enterprise ...

FS.20 GPRS Tunnelling Protocol (GTP) Security

Document

Thursday 17 Oct 2019 | Deployment | Operational |

This document provides a technical background on how the GPRS Tunnelling Protocol (GTP) is used. It outlines potential attacks and exploitation possibilities and assesses the associated risk. It then presents countermeasures for ...

Remote SIM Provisioning

Data

Tuesday 17 Sep 2019 | Build | Concept | Deployment | Design and Development | Operational |

Recognising the need to demonstrate product compliance to technical specifications in a common accessible way, GSMA has developed a compliance framework for eSIM capable Devices, eUICCs and Subscription Management servers. The ...

GSMA Coordinated Vulnerability Disclosure (CVD)

Data

Wednesday 29 May 2019 | Build | Concept | Deployment | Design and Development | Operational |

The GSMA Coordinated Vulnerability Disclosure (CVD) Programme provides a formal structure for security researchers and similar parties to disclose details of security vulnerabilities affecting the mobile industry, and allow the mobile ...

FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines

Document

Thursday 2 May 2019 | Deployment | Operational |

This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply ...

ITIL – IT service management v 4.0

Data

Monday 18 Feb 2019 | Delivery | Deployment | Operational |

ITIL supports organizations and individuals to gain optimal value from IT and digital services. It helps define the direction of the service provider with a clear capability model and aligns them to the business strategy and customer ...

European Electronic Communications Code (EECC)

Data

Tuesday 11 Dec 2018 | Build | Concept | Deployment | Design and Development |

The European Electronic Communications Code Directive (EECC) updates the regulatory framework to reflect evolving technologies and developments in the way people communicate. The EECC introduces a renewed focus on increasing regulatory ...

NCSC Supply chain security guidance

Data

Friday 16 Nov 2018 | Build | Decommissioning | Delivery | Deployment | Design and Development | Operational | Procurement |

This guidance outlines a series of 12 principles designed to help establish effective control and oversight of a supply chain. It recognises that most organisations are reliant upon suppliers to deliver products, systems and services ...

GSMA IoT Security Assessment Checklist

Data

Sunday 30 Sep 2018 | Build | Concept | Decommissioning | Delivery | Deployment | Design and Development | Operational | Procurement |

Without security, the Internet of Things will cease to exist. To enable a secure market, companies have to take responsibility to embed security from the beginning and at every stage of the IoT value chain. The GSMA, together with ...

FS.07 SS7 and SIGTRAN Network Security

Document

Thursday 9 Nov 2017 | Deployment | Operational |

This document provides an overview of SS7 and SIGTRAN and how to handle SS7 messages on the edge of the network. It includes an SS7 and SIGTRAN security analysis and provides a set of countermeasures that can be deployed e.g. filtering ...

IR.82 SS7 Security Network Implementation Guidelines

Document

Thursday 3 Nov 2016 | Deployment | Operational |

This document outlines general SS7 security measures (MAP and CAP signalling), including measures specific to SMS security, and the possible enforcement point for each measure. For maximum benefit, It should be read in conjunction with ...