Device security
Device security documents
Device security is growing more important as mobile handsets and consumer hardware prove integral to daily life. This page contains critical GSMA resources that offer guidance on securing mobile devices and IoT endpoints. Documents such as the Device Anti-Theft (SG.24) requirements and IoT Security Guidelines help manufacturers, network operators, and service providers implement best practices for protecting devices and customer data.
Operators can access guides on combatting mobile malware, configuration of UICC profiles, and deploying cryptographic algorithms that protect data integrity. As mobile devices become the gateway to sensitive information, these resources are vital for ensuring security at the device level. Effective security measures, including software updates and device encryption, help maintain the trust and safety of mobile users. Ensuring device security is critical for reducing vulnerabilities that attackers could exploit.
| Document | Description | Access |
|---|---|---|
| Device Anti-Theft (SG.24) | This document defines a set of requirements which can be used by mobile device manufacturers, network operators, and third party service providers, to offer a set of features to device owners to assist in locating lost/stolen devices and to protect data within devices. |
Public
|
| IoT Security (FS.60) | The GSMA IoT Security Guidelines promote a methodology for developing secure IoT services. Additionally, they provide recommendations for mitigating common security threats and vulnerabilities in IoT services. |
Public
|
| Operator Guide to Mobile Malware (SG.19) | This document discusses the impact of malware on both customers and operators. It details attack methods, types of malware, and offers strategies to combat mobile malware. | Members only |
| (e)UICC Profiles (FS.27) | This document provides guidelines for securely configuring UICC profiles to ensure sensitive information is safeguarded. |
Public
|
| Cryptographic Algorithms (FS.35) | The Security Algorithm Deployment Guidance explains the authentication, privacy, and integrity protection algorithms used in GSM, UMTS, LTE, and 5G networks. In addition, it offers deployment recommendations and includes guidelines for proprietary and remote SIM provisioning algorithms, as well as over-the-air algorithms. |
Public
|
| Requirements for Mobile Device Software Updates (FS.25) | This document outlines high-level security requirements for updating software on cellular-connected devices. Specifically, it focuses on critical updates that need to be deployed quickly during significant security incidents. |
Public
|
| Device Blocking and Data Sharing Recommended Practice (FS.45) | This document sets out best practices for operators to block mobile devices that are the subject of device crime and to share details by using the GSMA’s Device Registry. |
Public
|
| Guidelines for GBA Based Certificate Provisioning (FS.48) | These guidelines advise on how to use the GBA mechanism to practically implement online certificate provisioning for C-V2X, and other IoT and M2M scenarios. |
Public
|
Please note, resources marked ‘Members only’ can only be accessed by GSMA members