Cybersecurity document library
All cybersecurity documents
Our complete cybersecurity document library is a vital resource for mobile network operators and the broader ecosystem. This library helps organisations boost their cybersecurity risk management and provides frameworks and guidelines to protect infrastructures against evolving threats. For instance, the Mobile Threat Intelligence Framework (MoTIF) offers insights into adversaries’ tactics, techniques, and procedures (TTPs). This information helps operators create effective risk mitigation strategies.
The library features guidelines on securing mobile networks and communication protocols. It also includes information on implementing quantum-safe technology. From protecting mobile devices to ensuring the security of private IP networks, these resources are essential for a strong cybersecurity stance. Operators can learn about SS7, DIAMETER, and GTP protocols, as well as solutions for SMS and signalling fraud. This knowledge helps secure networks from multiple angles.
Additionally, the cybersecurity document library provides best practices for managing vulnerabilities and deploying cryptographic algorithms. By using these resources, operators can stay ahead of cyber threats and maintain compliance. The table below provides a full list of items available within the cybersecurity document library.
| Document | Description | Access |
|---|---|---|
| Device Registry Specification and Access Policy (SG.18) | This document defines the file, record and field interface specification for the GSMA Device Registry, which maintains TAC allocation records and a global Block List of flagged device identifiers. It describes contributor types, eligibility criteria, reporting rules, upload and download file formats, reason codes and naming conventions for authorised users exchanging device status information. | Public  |
| Micro-Segmentation in 5G Core Network Resource Pool (FS.61) | This document provides guidelines for mobile network operators evaluating and deploying micro-segmentation to protect east-west traffic in virtualised 5G core networks. It includes a threat analysis of lateral movement risks across VNF and CNF deployments, recommended functional attributes for micro-segmentation, and a comparison of candidate solutions. | Public |
| SMS Blasters Briefing Paper (FS.67) | This document educates MNOs on the threat posed by SMS Blasters, which are false base stations used by fraudsters to bypass network-side SMS filtering and deliver phishing messages directly to mobile users. It describes how the attack works, assesses the impact on customers and operators, and provides actionable recommendations for detection, mitigation and forensic analysis. | Members only |
| GT Leasing: Central Declaration and Complaints Process (FS.59) | This document specifies the process by which GT lessors, transit carriers and mobile network operators can centrally declare compliance with the GSMA Global Title Leasing Code of Conduct (FS.52). It defines unverified and verified declaration types, eligibility criteria, and the complaints and adjudication process for handling alleged non-compliance. | Public |
| MDSCS: GSMA Security Requirements (FS.56) | This document defines the GSMA security requirements for the Mobile Device Security Certification (MDSCert) Scheme, based on the ETSI Consumer Mobile Device Protection Profile (TS 103 732 series). It also identifies gaps in functional and assurance requirements, including hardware key storage, biometric spoof acceptance rates, OTA client privacy and AT modem command access controls. | Public |
| MDSCS: Evaluation Methodology (FS.55) | This document describes the evaluation methodology used under the GSMA Mobile Device Security Certification (MDSCert) Scheme. It details the procedures for evidence assessment, functional testing, cryptographic validation, biometric testing, and vulnerability analysis and penetration testing of mobile devices against the MDSCert security requirements. | Public |
| MDSCS: Security Test Laboratory Accreditation (FS.54) | This document defines the accreditation requirements and process for security test laboratories operating under the GSMA Mobile Device Security Certification (MDSCert) Scheme. It outlines the steps to achieve ISO/IEC 17025 accreditation with MDSCert-specific competency requirements, including evaluator skills, testing equipment and provisional accreditation procedures. | Public |
| Mobile Device Security Certification Scheme – Overview (FS.53) | This document describes the GSMA Mobile Device Security Certification (MDSCert) Scheme, an industry-wide framework for evaluating the security capabilities of mobile devices such as smartphones and tablets. It defines three security assurance levels, the roles of certification bodies and test laboratories, and the processes for evaluation, certification, maintenance and dispute resolution. | Public |
| Mobile Device Crime Data User Access Policy (FS.44) | This document defines the policy governing third-party access to mobile device crime data held in the GSMA Device Registry Block List. It sets out five tiers of user classification, the nature of data disclosed to each, and the approval, sponsorship and funding requirements for access. | Public |
| SBOM Mobile Industry and Regulatory Landscape Assessment (FS.68) | This document assesses global regulatory requirements and industry initiatives relating to Software Bills of Materials (SBOMs), examining their usefulness and applicability for mobile network operators, device OEMs, and equipment providers. It maps the international regulatory landscape, explores supply chain risk management, and outlines potential next steps for GSMA. | Members only | Security Guidelines for UE and UICC Credential Storage (FS.43) | This document provides MNOs with security guidelines on how to store UE credentials within their networks, covering credential provisioning, generation, storage, and lifecycle management across 2G through to 5G technologies. | Public |
| MoTIF Framework (FS.57) | The Mobile Threat Intelligence Framework (MoTIF) is a framework to describe how adversaries attack and exploit mobile networks by presenting the tactics, techniques and procedures (TTPs) that are used. | Public |
| Baseline Controls (FS.31) | The GSMA provides a comprehensive set of baseline security controls to help operators understand and establish a strong security posture, helping to improve network security and resilience. | Public |
| 5G Fraud (FS.39) | This guide identifies fraud risks associated with 5G technologies and services and provides recommendations to mitigate them. It is tailored for GSMA members, helping them prepare for and tackle emerging fraud challenges. | Members only |
| Security Manual (FS.30) | For GSMA members, this manual outlines key security threats to mobile networks. By highlighting evidenced risks, it enables operators to protect their infrastructure and customers more effectively. | Members only |
| Fraud Manual (FF.21) | This manual offers a detailed guide to various types of fraud affecting mobile networks. It helps GSMA members identify areas of potential fraudulent exposure and effective preventative actions. | Members only |
| 5G Security (FS.40) | This document provides a comprehensive look at 5G security developments. It provides essential information, references and insights needed to adapt to the rollout of evolving technologies. | Public |
| Coordinated Vulnerability Disclosure (FS.23) | This document describes the GSMA’s CVD programme, which enables security researchers to report security vulnerabilities. This coordinated process drives action to address discovered security weaknesses, improving overall cybersecurity levels. | Public |
| Post Quantum Telco Network Impact Assessment (PQ.01) | This report analyses the dependencies and timelines for the telecom industry’s shift to quantum-safe technologies. In addition, it outlines actionable steps that operators can take to ensure a smooth and secure transition. | Public |
| Guidelines for Quantum Risk Management for Telco (PQ.02) | By focusing on cryptanalytic risks, this document shows how to adapt traditional risk assessment frameworks for the telecom sector. For instance, it uses relevant use cases to offer operators tailored guidance. | Public |
| Post Quantum Cryptography Guidelines for Telecom Use Cases (PQ.03) | For stakeholders planning the transition toward quantum-safe cryptography, this document provides best practice guidelines. Ultimately, it supports long-term cybersecurity strategies within the telecom ecosystem. | Public |
| T-ISAC Service Offering (FS.32) | This document outlines the policy, process and functionality of the GSMA’s Telecommunication Information Sharing and Analysis Centre (T-ISAC) to facilitate the sharing of threat information in a trusted environment. | Public |
| Artificial Intelligence Security Guidelines (FS.49) | This document provides GSMA members with security guidelines that are focussed on risks related to AI technology. It also outlines mitigation measures that operators should implement to securely run AI applications. | Members only |
| Device Anti-Theft (SG.24) | This document defines a set of requirements which can be used by mobile device manufacturers, network operators, and third party service providers, to offer a set of features to device owners to assist in locating lost/stolen devices and to protect data within devices. |
Public
|
| IoT Security (FS.60) | The GSMA IoT Security Guidelines promote a methodology for developing secure IoT services. Additionally, they provide recommendations for mitigating common security threats and vulnerabilities in IoT services. |
Public
|
| Operator Guide to Mobile Malware (SG.19) | This document discusses the impact of malware on both customers and operators. It details attack methods, types of malware, and offers strategies to combat mobile malware. | Members only |
| (e)UICC Profiles (FS.27) | This document provides guidelines for securely configuring UICC profiles to ensure sensitive information is safeguarded. |
Public
|
| Cryptographic Algorithms (FS.35) | The Security Algorithm Deployment Guidance explains the authentication, privacy, and integrity protection algorithms used in GSM, UMTS, LTE, and 5G networks. In addition, it offers deployment recommendations and includes guidelines for proprietary and remote SIM provisioning algorithms, as well as over-the-air algorithms. |
Public
|
| Requirements for Mobile Device Software Updates (FS.25) | This document outlines high-level security requirements for updating software on cellular-connected devices. Specifically, it focuses on critical updates that need to be deployed quickly during significant security incidents. |
Public
|
| Device Blocking and Data Sharing Recommended Practice (FS.45) | This document sets out best practices for operators to block mobile devices that are the subject of device crime and to share details of those devices using the GSMA’s Device Registry. It covers local network blocking policy, data sharing procedures, duplicate IMEI handling and subscriber verification requirements. |
Public
|
| Guidelines for GBA Based Certificate Provisioning (FS.48) | These guidelines advise on how to use the GBA mechanism to practically implement online certificate provisioning for C-V2X, and other IoT and M2M scenarios. |
Public
|
| Voicemail Security Guidelines (SG.20) | The Voicemail Security Guidelines provide guidance for operators on the management of personal identity numbers (PINs) and passwords used to authenticate users to obtain secure access to voicemail services. |
Public
|
| Voice over LTE (VoLTE) Security Analysis and Recommendations (FS.22) | This document explains known VoLTE threats and the types of attacks that may target mobile networks. It also outlines mitigation strategies and countermeasures to prevent these attacks, while describing a range of testing scenarios. | Members only |
| Exchange of Subscriber Credentials (FS.28) | This document provides security guidelines for the protection of UICC credentials exchanged between network operators and UICC vendors. |
Public
|
| Network Function Virtualisation (FS.33) | This document provides a comprehensive overview of threats related to NFV, including the underlying infrastructure and platforms. |
Public
|
| DNS Encryption (IG.10) | The paper explains DNS, its security and privacy vulnerabilities, and protection techniques. It also explains the motivations for DNS encryption using DoT, DoH, and plans for DoQ (DNS over QUIC) protocols from the IETF. | Members only |
| Guidelines for IPX Provider networks (IR.34) | The document provides guidelines and technical information on how GPRS roaming exchange (GRX) networks are set up. It also explains how these networks interconnect and how service providers connect to IPX provider networks. | Members only |
| Inter-Operator IP Backbone Security Requirements For Service and Inter-operator IP backbone Providers (IR.77) | This document, along with IR.34, describes guidelines to achieve adequate security on the IPX network. | Members only |
| Use of SIM Boxes to Bypass Interconnect Communications (FS.01.1) | This document defines various types of SIM box bypass, including on-net, off-net, international off-net and leaky PBX scenarios, and their impact on traffic flows, network planning and customer experience. It also outlines the mechanisms used to detect SIM boxes and describes how bypass techniques have evolved to evade detection. | Public |
| SMS Fraud (FF.09) | This document introduces different types of SMS. It illustrates how normal SMS traffic flows through the network and explains how fraud scenarios arise. | Members only |
| A2P SMS Bypass and Fraud – Methods, Detection and Mitigation (FS.12) | This document describes the risks associated with application-to-person SMS bypass, SMS artificial inflation of traffic and unauthorised HLR lookups. It also provides mitigation recommendations. | Members only |
| SMS Firewall Best Practices and Policies (SG.22) | This guide offers high-level guidelines to help operators implement and manage SMS firewall policies. It also suggests corrective actions when necessary. | Members only |
| Binary SMS Filtering Guidelines (FS.42) | This document describes exploitations of binary SMS. It outlines where controls can be applied across network control points for each binary SMS type. | Members only |
| SS7 and SIGTRAN Network Security (FS.07) | This document analyses SS7 and SIGTRAN stack layer security. It identifies threats, describes attack methods, and proposes best practice countermeasures. | Members only |
| SS7 Interconnect Security Monitoring and Firewall Guidelines (FS.11) | This guide helps mobile operators monitor SS7 traffic and set firewall rules. It also supports establishing data-sharing capabilities to improve security. | Members only |
| Global Title Leasing Code of Conduct (FS.52) | This document addresses the leasing of global titles (GTs) within SS7 networks. It explains GT usage motivations and introduces a code of conduct to prevent abuse. |
Public
|
| Diameter Interconnect Security (FS.19) | This guide outlines potential diameter-based attacks on mobile networks and customers. It also offers countermeasures to enhance LTE and 5G interconnection security. | Members only |
| GPRS Tunneling Protocol (GTP) Security (FS.20) | This document describes attacks on the mobile core network performed through the general packet radio service (GPRS) exchange (GRX), the internet protocol exchange (IPX) network or the internet. It also addresses mitigation strategies and countermeasures. | Members only |
| GTP-U (FS.37) | This document provides recommendations for mobile network operators to detect and prevent attacks using GPRS tunnelling protocol user (GTP-U) plane data. | Members only |
| 5G Interconnect Security (FS.36) | This guide outlines potential 5G interconnect attacks on mobile networks and customers. It also provides countermeasures to address threats and risks related to 5G interconnection security. | Members only |
| Interconnect Signalling Security Recommendations (FS.21) | This document introduces interconnect signalling security with a risk-based approach. It also includes technical recommendations on packet categorisation, protocol correlation, firewall implementation. | Members only |
| Interconnect Testing (FS.26) | This document outlines the security roles and responsibilities of testers and signalling interconnect partners. It is relevant when performing remote interconnect signalling security testing. |
Public
|
| Key Management (FS.34) | This document details key management processes, including the exchange of certificates and key materials, between interconnect parties to secure signalling communications. |
Public
|
| SIP (FS.38) | This guide outlines potential SIP-based security, privacy, and fraud attacks on fixed, mobile, and converged networks. It also describes countermeasures to mitigate these risks. | Members only |
| RCS Fraud and Security Assessment (FS.41) | This document provides an overview of the fraud and security risks related to the implementation and deployment of RCS. It also provides guidance on how to mitigate those risks. | Members only |
| Flash Calls Fraud and Security Assessment (FS.66) | This document describes flash and voice OTP TTS calling fraud and security risks to a range of stakeholders. | Members only |
Please note, resources marked ‘Members only’ can only be accessed by GSMA members