Mobile Network Operators provide the backbone for mobile telecommunication technologies. At enterprise level the industry offers a wide array of services, diversifying from traditional connectivity into content and managed services. At the same time 5.1 billion users depend on Operators to maintain their connectivity; an item considered a basic human right under UN Article 19. This results in a mixed threat landscape of traditional IT, radio and mobile related threats.
Based on this position the industry has a responsibility to secure customer information and services. The GSMA has developed the following baseline security controls to help Operators understand and develop their security posture to a foundation (base) level.
These controls are not binding; this is a voluntary scheme to enable an Operator to assess and understand their own security controls. The GSMA do not require access to the results but are suitably positioned to discuss specific output and identify remedial resources if desired.
The latest changes include the following:
- Provision of a new table in section 1.3 suggesting how completion of an assessment checklist could be assigned across personnel and/or teams
- Recognition that team structures, and the allocation of responsibilities, can vary from one network operator to another
- Change to the solution description, point 9, for control NFVI-VS-002
- Change to the solution description, point 7, for control CC-007
- Promotion of Mobile Edge Computing Platform Controls to section 2.2.10
- Change to the solution description, point 3, for control NO-010
Audience: Technical security practitioner, Senior security professional
Resource technology specifics: Enterprise network, Generic
Resource type: Guideline
Resource enforcement: Voluntary
Resource certification type: Self-assessment
| Key benefits |
|
