{"id":7817,"date":"2022-02-22T17:29:54","date_gmt":"2022-02-22T17:29:54","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/"},"modified":"2025-07-09T11:43:26","modified_gmt":"2025-07-09T10:43:26","slug":"fs-46-nesas-audit-guidelines-2","status":"publish","type":"gsma_theme_resources","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/","title":{"rendered":"FS.46 &#8211; NESAS Audit Guidelines v.3.0"},"content":{"rendered":"<p>This document provides guidelines, tips and information on how to prepare for and carry out a Vendor Development and Product Lifecycle Process audit.<\/p>\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Document History<\/td><td>Publish Date<\/td><\/tr><tr><td><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/04\/FS.46-v3.0.pdf\">Version 3.0<\/a><\/td><td>20 February 2025<\/td><\/tr><tr><td><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2023\/09\/FS.46-v2.1-NESAS-Audit-Guidelines.pdf\">Version 2.1<\/a><\/td><td>15 September 2023<\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2022\/02\/FS.46-v2.0.pdf\">Version 2.0<\/a> <\/td><td>20 October 2022 <\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2022\/02\/FS.46-v1.0.pdf\">Version 1.0<\/a> <\/td><td>18 February 2022 <\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>This document provides guidelines, tips and information on how to prepare for and carry out a Vendor Development and Product Lifecycle Process audit. Document History Publish Date Version 3.0 20 February 2025 Version 2.1 15 September 2023 Version 2.0 20 October 2022 Version 1.0 18 February 2022<\/p>\n","protected":false},"author":39,"featured_media":0,"template":"","meta":{"image":null,"json":{"gsma_resources_type":"Document","gsma_resources_thumb":"[]","gsma_resources_file":"[]","gsma_resources_multi":null,"gsma_resources_wgr":null,"gsma_resources_video":"","gsma_resources_image":"[]","gsma_resources_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/04\/FS.46-v3.0.pdf","gsma_resources_date":"","gsma_resources_button":"Download"}},"tags":[],"resource_categories":[1582,1576],"algolia_discover_type":[1553],"class_list":["post-7817","gsma_theme_resources","type-gsma_theme_resources","status-publish","hentry","resource_categories-mobile-cybersecurity-knowledge-base","resource_categories-technical-guidelines","algolia_discover_type-resource"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>FS.46 - NESAS Audit Guidelines v.3.0 - Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FS.46 - NESAS Audit Guidelines v.3.0 - Security\" \/>\n<meta property=\"og:description\" content=\"This document provides guidelines, tips and information on how to prepare for and carry out a Vendor Development and Product Lifecycle Process audit. Document History Publish Date Version 3.0 20 February 2025 Version 2.1 15 September 2023 Version 2.0 20 October 2022 Version 1.0 18 February 2022\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-09T10:43:26+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"FS.46 - NESAS Audit Guidelines v.3.0 - Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/","og_locale":"en_GB","og_type":"article","og_title":"FS.46 - NESAS Audit Guidelines v.3.0 - Security","og_description":"This document provides guidelines, tips and information on how to prepare for and carry out a Vendor Development and Product Lifecycle Process audit. Document History Publish Date Version 3.0 20 February 2025 Version 2.1 15 September 2023 Version 2.0 20 October 2022 Version 1.0 18 February 2022","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/","og_site_name":"Security","article_modified_time":"2025-07-09T10:43:26+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/","name":"FS.46 - NESAS Audit Guidelines v.3.0 - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"datePublished":"2022-02-22T17:29:54+00:00","dateModified":"2025-07-09T10:43:26+00:00","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-46-nesas-audit-guidelines-2\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"}]}},"cats":[{"term_id":1591,"name":"Airtel","slug":"airtel","term_group":0,"term_taxonomy_id":1591,"taxonomy":"resource_categories","description":"","parent":1590,"count":0,"filter":"raw"},{"term_id":1600,"name":"APAC","slug":"apac","term_group":0,"term_taxonomy_id":1600,"taxonomy":"resource_categories","description":"","parent":1599,"count":0,"filter":"raw"},{"term_id":1598,"name":"Branded Calling","slug":"branded-calling","term_group":0,"term_taxonomy_id":1598,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":498,"name":"Build","slug":"build-phase","term_group":0,"term_taxonomy_id":498,"taxonomy":"resource_categories","description":"","parent":507,"count":7,"filter":"raw"},{"term_id":1590,"name":"Company name","slug":"company-name","term_group":0,"term_taxonomy_id":1590,"taxonomy":"resource_categories","description":"","parent":1589,"count":0,"filter":"raw"},{"term_id":499,"name":"Concept","slug":"concept-phase","term_group":0,"term_taxonomy_id":499,"taxonomy":"resource_categories","description":"","parent":507,"count":4,"filter":"raw"},{"term_id":1584,"name":"Coordinated Vulnerability Disclosure","slug":"coordinated-vulnerability-disclosure","term_group":0,"term_taxonomy_id":1584,"taxonomy":"resource_categories","description":"","parent":1576,"count":1,"filter":"raw"},{"term_id":1597,"name":"Customer Education and Awareness Campaigns","slug":"customer-education-and-awareness-campaigns","term_group":0,"term_taxonomy_id":1597,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":200,"name":"cvd","slug":"cvd","term_group":0,"term_taxonomy_id":200,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":177,"name":"CVD Programme","slug":"cvd-programme","term_group":0,"term_taxonomy_id":177,"taxonomy":"resource_categories","description":"","parent":0,"count":3,"filter":"raw"},{"term_id":500,"name":"Decommissioning","slug":"decommissioning-phase","term_group":0,"term_taxonomy_id":500,"taxonomy":"resource_categories","description":"","parent":507,"count":3,"filter":"raw"},{"term_id":501,"name":"Delivery","slug":"delivery-phase","term_group":0,"term_taxonomy_id":501,"taxonomy":"resource_categories","description":"","parent":507,"count":3,"filter":"raw"},{"term_id":502,"name":"Deployment","slug":"deployment-phase","term_group":0,"term_taxonomy_id":502,"taxonomy":"resource_categories","description":"","parent":507,"count":8,"filter":"raw"},{"term_id":503,"name":"Design and Development","slug":"design-and-development-phase","term_group":0,"term_taxonomy_id":503,"taxonomy":"resource_categories","description":"","parent":507,"count":9,"filter":"raw"},{"term_id":1556,"name":"M360 APAC","slug":"m360-apac","term_group":0,"term_taxonomy_id":1556,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1557,"name":"M360 APAC","slug":"m360-apac-publications","term_group":0,"term_taxonomy_id":1557,"taxonomy":"resource_categories","description":"","parent":1517,"count":0,"filter":"raw"},{"term_id":1518,"name":"m360 Latam 2024","slug":"m360-latam-2024","term_group":0,"term_taxonomy_id":1518,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1509,"name":"M360 UK 2023","slug":"m360-uk-2023","term_group":0,"term_taxonomy_id":1509,"taxonomy":"resource_categories","description":"","parent":0,"count":6,"filter":"raw"},{"term_id":1582,"name":"Mobile Cybersecurity Knowledge Base","slug":"mobile-cybersecurity-knowledge-base","term_group":0,"term_taxonomy_id":1582,"taxonomy":"resource_categories","description":"","parent":1576,"count":45,"filter":"raw"},{"term_id":1503,"name":"MWC22 Barcelona","slug":"mwc22-barcelona","term_group":0,"term_taxonomy_id":1503,"taxonomy":"resource_categories","description":"","parent":0,"count":6,"filter":"raw"},{"term_id":1508,"name":"MWC23 Barcelona","slug":"mwc23-barcelona","term_group":0,"term_taxonomy_id":1508,"taxonomy":"resource_categories","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":1511,"name":"MWC23 Las Vegas","slug":"mwc23-las-vegas","term_group":0,"term_taxonomy_id":1511,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1516,"name":"MWC24 Barcelona","slug":"mwc24-barcelona","term_group":0,"term_taxonomy_id":1516,"taxonomy":"resource_categories","description":"","parent":0,"count":3,"filter":"raw"},{"term_id":1575,"name":"MWC25 Barcelona","slug":"mwc25-barcelona","term_group":0,"term_taxonomy_id":1575,"taxonomy":"resource_categories","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":322,"name":"NESAS","slug":"nesas","term_group":0,"term_taxonomy_id":322,"taxonomy":"resource_categories","description":"","parent":0,"count":5,"filter":"raw"},{"term_id":504,"name":"Operational","slug":"operational-phase","term_group":0,"term_taxonomy_id":504,"taxonomy":"resource_categories","description":"","parent":507,"count":23,"filter":"raw"},{"term_id":1578,"name":"Post quantum use case library","slug":"post-quantum-use-case-library","term_group":0,"term_taxonomy_id":1578,"taxonomy":"resource_categories","description":"","parent":1522,"count":6,"filter":"raw"},{"term_id":1522,"name":"Post-quantum","slug":"post-quantum","term_group":0,"term_taxonomy_id":1522,"taxonomy":"resource_categories","description":"","parent":0,"count":15,"filter":"raw"},{"term_id":1581,"name":"Post-Quantum Cryptography","slug":"post-quantum-cryptography","term_group":0,"term_taxonomy_id":1581,"taxonomy":"resource_categories","description":"","parent":1576,"count":11,"filter":"raw"},{"term_id":505,"name":"Procurement","slug":"procurement-phase","term_group":0,"term_taxonomy_id":505,"taxonomy":"resource_categories","description":"","parent":507,"count":3,"filter":"raw"},{"term_id":1517,"name":"Publications","slug":"publications","term_group":0,"term_taxonomy_id":1517,"taxonomy":"resource_categories","description":"","parent":0,"count":46,"filter":"raw"},{"term_id":1599,"name":"Region","slug":"region","term_group":0,"term_taxonomy_id":1599,"taxonomy":"resource_categories","description":"","parent":1589,"count":0,"filter":"raw"},{"term_id":368,"name":"SAS","slug":"sas","term_group":0,"term_taxonomy_id":368,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1593,"name":"Scam Call Detection and Blocking","slug":"scam-call-detection-and-blocking","term_group":0,"term_taxonomy_id":1593,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1580,"name":"Securing the 5G era","slug":"securing-the-5g-era","term_group":0,"term_taxonomy_id":1580,"taxonomy":"resource_categories","description":"","parent":1576,"count":5,"filter":"raw"},{"term_id":1595,"name":"SIM Swap Fraud Prevention","slug":"sim-swap-fraud-prevention","term_group":0,"term_taxonomy_id":1595,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1594,"name":"SMS Phishing (Smishing) Detection","slug":"sms-phishing-smishing-detection","term_group":0,"term_taxonomy_id":1594,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1596,"name":"Subscription Fraud Prevention","slug":"subscription-fraud-prevention","term_group":0,"term_taxonomy_id":1596,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1563,"name":"Supply Chain Publications","slug":"supply-chain-publications","term_group":0,"term_taxonomy_id":1563,"taxonomy":"resource_categories","description":"","parent":1517,"count":1,"filter":"raw"},{"term_id":1585,"name":"Supply Chain Toolbox","slug":"supply-chain-toolbox","term_group":0,"term_taxonomy_id":1585,"taxonomy":"resource_categories","description":"","parent":1576,"count":8,"filter":"raw"},{"term_id":1583,"name":"T-ISAC","slug":"t-isac","term_group":0,"term_taxonomy_id":1583,"taxonomy":"resource_categories","description":"","parent":1576,"count":0,"filter":"raw"},{"term_id":1579,"name":"T-Isac Blog","slug":"t-isac-blog","term_group":0,"term_taxonomy_id":1579,"taxonomy":"resource_categories","description":"","parent":1501,"count":0,"filter":"raw"},{"term_id":1501,"name":"T-ISAC Resources","slug":"t-isac-resources","term_group":0,"term_taxonomy_id":1501,"taxonomy":"resource_categories","description":"","parent":0,"count":5,"filter":"raw"},{"term_id":1576,"name":"Technical Guidelines","slug":"technical-guidelines","term_group":0,"term_taxonomy_id":1576,"taxonomy":"resource_categories","description":"","parent":0,"count":52,"filter":"raw"},{"term_id":1592,"name":"Theme","slug":"theme","term_group":0,"term_taxonomy_id":1592,"taxonomy":"resource_categories","description":"","parent":1589,"count":0,"filter":"raw"},{"term_id":507,"name":"Topic","slug":"topic","term_group":0,"term_taxonomy_id":507,"taxonomy":"resource_categories","description":"","parent":0,"count":0,"filter":"raw"},{"term_id":1589,"name":"Use case","slug":"use-case","term_group":0,"term_taxonomy_id":1589,"taxonomy":"resource_categories","description":"","parent":0,"count":0,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources\/7817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/gsma_theme_resources"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/39"}],"version-history":[{"count":1,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources\/7817\/revisions"}],"predecessor-version":[{"id":12081,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources\/7817\/revisions\/12081"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=7817"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=7817"},{"taxonomy":"resource_categories","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/resource_categories?post=7817"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=7817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}