Network Equipment Security Assurance Scheme (NESAS)

Driving continual improvements in network equipment security across the mobile industry.

What is NESAS?

NESAS is a rigorous security framework covering some of the most vital aspects of national critical infrastructure.

Providing a universal industry standard, it highlights the ability of network equipment vendors to meet and maintain security levels – from product development right through lifecycle management processes.

Specifically, it covers equipment that supports functions defined by 3GPP and is deployed by MNOs on their networks.

Why is it important for your business?

Covering everything from product design, through to final delivery and maintenance, NESAS is trusted across the world.

Vendors and their equipment are tested and audited against a security baseline, defined by industry experts through GSMA and 3GPP. So, it reflects the security needs of the entire ecosystem – including regulators, mobile network operators, hyperscalers and equipment vendors. 

Universal industry standard

The standard continually evolves to meet the needs of the whole industry, based on 3GPP + GSMA standards – avoiding security requirements fragmenting regionally.

Robust independent auditing

NESAS is an unbiased, industry-funded scheme. The GSMA works with internationally recognised partners to audit and test equipment, with selection criteria agreed by the GSMA NESAS Oversight Board.

Drives improvement

Audits and evaluations provide an opportunity for experts to give in-depth feedback and analysis – helping vendors improve their processes and products, while enhancing security across the wider industry.

Streamlines vendor selection 

The list of accredited vendors provides near real-time visibility of security status, allowing procurement teams to make informed decisions and comparisons.

Benefits regulators

With one transparent and independent global scheme, reflecting the security needs of the entire ecosystem, regulators have clear guidance and support for national security mitigations.

Practical examples of what it can do 

Whether you’re a network equipment vendor, mobile operator or hyperscaler, the GSMA Network Equipment Security Assurance Scheme improves confidence in your business.

Network equipment vendors

Network equipment vendors

NESAS is designed to help you improve security levels, covering equipment and functions defined by 3GPP and deployed by MNOs on their networks.

  • Demonstrate to customers that your products reach the universal security standards relied on by the global industry.
  • Appear on the vendor list – providing assurance to customers and regulators, while supporting business development.
  • One audit does it all – no need for repeated security testing in multiple markets.
  • Leverage ongoing security improvement with expert feedback from specialist auditors.

Mobile Operators

Mobile Operators

NESAS helps assure the security and resilience of your network. GSMA recommends that operators request their network equipment suppliers to participate in NESAS.

  • Have confidence in your network equipment with vendor certification from the world’s leading mobile connectivity body.
  • The only network security scheme that’s defined by the industry (through the GSMA and 3GPP) – ensuring it keeps pace with threats and mitigations.
  • Streamline procurement and supply chain analysis with instant visibility of vendor security levels.
  • Reduce security testing by outsourcing baseline testing to accredited test laboratories.
  • Conformance tested by independent auditors and accredited laboratories.
Engineer hand using digital tablet testing the communications tower



Demonstrating NESAS conformity enables you to lead by example, advocating for higher security standards and practices within the cloud services and broader tech industry.

  • Participation in NESAS provides evidence-based assurance to customers that security is baked into your network equipment – from development to deployment.
  • Adherence to NESAS standards can serve as a key business differentiator.
  • Make your platforms more attractive for hosting sensitive applications, such as those handling financial transactions or core activity.
  • Encourages security by design culture across the network equipment vendor community.
Data Center IT Specialist and System administrator Talk, Use Tablet Computer, Wearing Safety West. Server Cloud Farm Facility with Two Information Technology Engineers checking Cyber Security.


The latest on our products, including GSMA Working Group PRDs and events.

post image
post image
post image


Register your interest

Please get in touch if you need more information, would like to book a meeting, have a product demo or want to talk to us about your particular use case.