Network Equipment Security Assurance Scheme (NESAS)
Driving continual improvements in network equipment security across the mobile industry.
What is NESAS?
NESAS is a rigorous security framework covering mobile network equipment that is increasingly classified as national critical infrastructure.
Providing a universal industry standard and baseline requirements, NESAS demonstrates the ability of network equipment vendors to meet and maintain security levels – from product development right through product lifecycle management processes.
Specifically, NESAS covers equipment that supports functions defined by 3GPP and ETSI that is deployed by network operators.
Though NESAS Security Requirements were designed for telecommunications, they can apply to any digital element.
Why is NESAS important?
Covering everything from product design, through to final delivery and maintenance, NESAS is trusted across the world.
Vendors and their equipment are tested and audited against a security baseline, defined by industry experts through GSMA and 3GPP. So, NESAS reflects the security needs of the entire ecosystem – including regulators, mobile network operators, hyperscalers and equipment vendors.
Based on Universal industry standard
The standard continually evolves to meet the needs of the whole industry, based on GSMA specifications and standards – avoiding security requirements fragmenting regionally.
Robust independent auditing and testing
NESAS is an unbiased, industry-funded scheme. The GSMA works with internationally recognised partners to audit and test equipment, with selection criteria agreed by the GSMA NESAS Oversight Board.
Drives improvement
Audits and evaluations provide an opportunity for experts to give in-depth feedback and analysis – helping vendors improve their processes and products, while enhancing security across the wider industry.
Streamlines vendor selection
Determine successfully audited vendors and evaluated products allowing procurement teams to make informed decisions and comparisons
Benefits regulators
NESAS is a transparent and independent global scheme, reflecting the security needs of the entire ecosystem, which provides regulators with clear guidance and support for national security mitigations.
Practical examples of what NESAS can do
Whether you’re a network equipment vendor, mobile operator or hyperscaler, the GSMA Network Equipment Security Assurance Scheme improves confidence in your security posture.
Network equipment vendors
Network equipment vendors
NESAS is designed to help you improve security levels, covering equipment and functions defined by 3GPP and deployed by MNOs on their networks.
- Demonstrate to customers that your products reach the universal security standards relied on by the global industry.
- Appear on the vendor list – providing assurance to customers and regulators, while supporting business development.
- NESAS is globally relevant – no need for redundant security audits and tests in multiple markets.
- Leverage ongoing security improvement with expert feedback from recognised auditors and testers.
Mobile Operators
Mobile Operators
NESAS helps assure the security and resilience of your network. GSMA recommends that operators request their network equipment suppliers to participate in NESAS.
- Have confidence in your network equipment with independent security assessments governed by the world’s leading mobile connectivity body.
- The only network security scheme that’s defined by the industry (through the GSMA and 3GPP) – ensuring it keeps pace with threats and mitigations.
- Streamline procurement and supply chain analysis with successfully audited vendors and evaluated products.
- Reduce security testing by recognising testing by accredited test laboratories.
- Compliance to NESAS security requirements evaluated by independent auditors and accredited laboratories.
Hyperscalers
Hyperscalers
Demonstrating NESAS conformity enables you to lead by example, advocating for higher security standards and practices within the cloud services and broader tech industry.
- Participation in NESAS provides evidence-based assurance to customers that security is baked into your network equipment – from development to deployment.
- Adherence to NESAS standards can serve as a key business differentiator.
- Make your platforms more attractive for hosting sensitive applications, such as those handling financial transactions or core activity.
- Encourages security by design culture across the network equipment vendor community.
Resources
NESAS Documents: see the latest NESAS specification and NESAS scheme Documents
Vendors: Find out who is currently a member of the NESAS scheme
Test Labs and Auditors: find out who supports us to maintain the integrity of the NESAS scheme
Test results: see which vendors have demonstrated their conformance
Community Updates
Testimonials and resources of participating stakeholders.
27 September, 2024
NESAS: The vendor perspective
How it’s bringing clarity and confidence for growth In today’s interconnected and rapidly evolving technology ...
Learn more
9 May, 2024
Ericsson and NESAS
Hear from Louise Livijn, Security Strategy and Assurance Lead, Ericsson about how audits can help avoid blind spots in ...
Learn more
1 May, 2024
NCC – NESAS Auditor and Test Lab
Watch the video below to hear from Chris Proctor, Senior Advisor, Associate Director, NCC Group to discover how this ...
Learn more
1 May, 2024
Oracle and NESAS
Watch Matt Beal, Group Vice President, Oracle Communications discuss GSMA Network Equipment Security Assurance Scheme (NESAS) ...
Learn more
7 September, 2022
GSMA Services Showcase Live – #5 Building resilience into network equipment security
Making network equipment more resilient Services Showcase Live is a series of online sessions where we shine a light on the ...
Learn more
11 January, 2022
The GSMA Network Equipment Security Assurance Scheme – Explained
The GSMA Network Equipment Security Assurance Scheme was created to enhance security levels across the mobile industry. ...
Learn more