{"id":7870,"date":"2019-05-03T07:40:18","date_gmt":"2019-05-03T07:40:18","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/"},"modified":"2025-07-09T11:52:11","modified_gmt":"2025-07-09T10:52:11","slug":"fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2","status":"publish","type":"gsma_theme_resources","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/","title":{"rendered":"FS.16 \u2013 NESAS &#8211; Security requirements for Vendor Development and Product Lifecycle Processes v.3.0"},"content":{"rendered":"<p>This document defines security requirements for an Equipment Vendor\u2019s Development and Product Lifecycle Processes.<\/p>\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td> <strong>Document History<\/strong> <\/td><td> &nbsp;<strong>Publish Date<\/strong> <\/td><\/tr><tr><td><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/04\/FS.16-v3.0.pdf\">Version 3.0<\/a><\/td><td>20 February 2025<\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2023\/09\/FS.16-v2.3-NESAS-Development-and-Lifecycle-Security-Requirements.pdf\">Version 2.3<\/a><\/td><td>15 September 2023<\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2019\/05\/FS.16-v2.2.pdf\">Version 2.2<\/a> <\/td><td> 20 October 2022 <\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2022\/02\/FS.16-v2.1.pdf\">Version 2.1<\/a> <\/td><td> 28 January 2022 <\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2021\/02\/FS.16-NESAS-Development-and-Lifecycle-Security-Requirements-v2.0.pdf\">Version 2.0<\/a> <\/td><td> 05 February 2021 <\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2020\/09\/FS.16-NESAS-Development-and-Lifecycle-Security-Requirements-v1.1.pdf\">Version 1.1<\/a> <\/td><td> 20 July 2020 <\/td><\/tr><tr><td> <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2019\/11\/FS.16-NESAS-Development-and-Lifecycle-Security-Requirements-v1.0.pdf\">Version 1.0<\/a> <\/td><td> 07 October 2019 <\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>This document defines security requirements for an Equipment Vendor\u2019s Development and Product Lifecycle Processes. Document History &nbsp;Publish Date Version 3.0 20 February 2025 Version 2.3 15 September 2023 Version 2.2 20 October 2022 Version 2.1 28 January 2022 Version 2.0 05 February 2021 Version 1.1 20 July 2020 Version 1.0 07 October 2019<\/p>\n","protected":false},"author":39,"featured_media":0,"template":"","meta":{"image":null,"json":{"gsma_resources_type":"Document","gsma_resources_thumb":"[]","gsma_resources_file":"[]","gsma_resources_multi":null,"gsma_resources_wgr":null,"gsma_resources_video":"","gsma_resources_image":"[]","gsma_resources_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/04\/FS.16-v3.0.pdf","gsma_resources_date":"","gsma_resources_button":"Download"}},"tags":[],"resource_categories":[1582,322,1585,1576],"algolia_discover_type":[1553],"class_list":["post-7870","gsma_theme_resources","type-gsma_theme_resources","status-publish","hentry","resource_categories-mobile-cybersecurity-knowledge-base","resource_categories-nesas","resource_categories-supply-chain-toolbox","resource_categories-technical-guidelines","algolia_discover_type-resource"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>FS.16 \u2013 NESAS - Security requirements for Vendor Development and Product Lifecycle Processes v.3.0 - Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FS.16 \u2013 NESAS - Security requirements for Vendor Development and Product Lifecycle Processes v.3.0 - Security\" \/>\n<meta property=\"og:description\" content=\"This document defines security requirements for an Equipment Vendor\u2019s Development and Product Lifecycle Processes. Document History &nbsp;Publish Date Version 3.0 20 February 2025 Version 2.3 15 September 2023 Version 2.2 20 October 2022 Version 2.1 28 January 2022 Version 2.0 05 February 2021 Version 1.1 20 July 2020 Version 1.0 07 October 2019\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-09T10:52:11+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"FS.16 \u2013 NESAS - Security requirements for Vendor Development and Product Lifecycle Processes v.3.0 - Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/","og_locale":"en_GB","og_type":"article","og_title":"FS.16 \u2013 NESAS - Security requirements for Vendor Development and Product Lifecycle Processes v.3.0 - Security","og_description":"This document defines security requirements for an Equipment Vendor\u2019s Development and Product Lifecycle Processes. Document History &nbsp;Publish Date Version 3.0 20 February 2025 Version 2.3 15 September 2023 Version 2.2 20 October 2022 Version 2.1 28 January 2022 Version 2.0 05 February 2021 Version 1.1 20 July 2020 Version 1.0 07 October 2019","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/","og_site_name":"Security","article_modified_time":"2025-07-09T10:52:11+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/","name":"FS.16 \u2013 NESAS - Security requirements for Vendor Development and Product Lifecycle Processes v.3.0 - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"datePublished":"2019-05-03T07:40:18+00:00","dateModified":"2025-07-09T10:52:11+00:00","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-16-network-equipment-security-assurance-scheme-development-and-lifecycle-security-requirements-2\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"}]}},"cats":[{"term_id":1591,"name":"Airtel","slug":"airtel","term_group":0,"term_taxonomy_id":1591,"taxonomy":"resource_categories","description":"","parent":1590,"count":0,"filter":"raw"},{"term_id":1600,"name":"APAC","slug":"apac","term_group":0,"term_taxonomy_id":1600,"taxonomy":"resource_categories","description":"","parent":1599,"count":0,"filter":"raw"},{"term_id":1598,"name":"Branded Calling","slug":"branded-calling","term_group":0,"term_taxonomy_id":1598,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":498,"name":"Build","slug":"build-phase","term_group":0,"term_taxonomy_id":498,"taxonomy":"resource_categories","description":"","parent":507,"count":7,"filter":"raw"},{"term_id":1590,"name":"Company name","slug":"company-name","term_group":0,"term_taxonomy_id":1590,"taxonomy":"resource_categories","description":"","parent":1589,"count":0,"filter":"raw"},{"term_id":499,"name":"Concept","slug":"concept-phase","term_group":0,"term_taxonomy_id":499,"taxonomy":"resource_categories","description":"","parent":507,"count":4,"filter":"raw"},{"term_id":1584,"name":"Coordinated Vulnerability Disclosure","slug":"coordinated-vulnerability-disclosure","term_group":0,"term_taxonomy_id":1584,"taxonomy":"resource_categories","description":"","parent":1576,"count":1,"filter":"raw"},{"term_id":1597,"name":"Customer Education and Awareness Campaigns","slug":"customer-education-and-awareness-campaigns","term_group":0,"term_taxonomy_id":1597,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":200,"name":"cvd","slug":"cvd","term_group":0,"term_taxonomy_id":200,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":177,"name":"CVD Programme","slug":"cvd-programme","term_group":0,"term_taxonomy_id":177,"taxonomy":"resource_categories","description":"","parent":0,"count":3,"filter":"raw"},{"term_id":500,"name":"Decommissioning","slug":"decommissioning-phase","term_group":0,"term_taxonomy_id":500,"taxonomy":"resource_categories","description":"","parent":507,"count":3,"filter":"raw"},{"term_id":501,"name":"Delivery","slug":"delivery-phase","term_group":0,"term_taxonomy_id":501,"taxonomy":"resource_categories","description":"","parent":507,"count":3,"filter":"raw"},{"term_id":502,"name":"Deployment","slug":"deployment-phase","term_group":0,"term_taxonomy_id":502,"taxonomy":"resource_categories","description":"","parent":507,"count":8,"filter":"raw"},{"term_id":503,"name":"Design and Development","slug":"design-and-development-phase","term_group":0,"term_taxonomy_id":503,"taxonomy":"resource_categories","description":"","parent":507,"count":9,"filter":"raw"},{"term_id":1556,"name":"M360 APAC","slug":"m360-apac","term_group":0,"term_taxonomy_id":1556,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1557,"name":"M360 APAC","slug":"m360-apac-publications","term_group":0,"term_taxonomy_id":1557,"taxonomy":"resource_categories","description":"","parent":1517,"count":0,"filter":"raw"},{"term_id":1518,"name":"m360 Latam 2024","slug":"m360-latam-2024","term_group":0,"term_taxonomy_id":1518,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1509,"name":"M360 UK 2023","slug":"m360-uk-2023","term_group":0,"term_taxonomy_id":1509,"taxonomy":"resource_categories","description":"","parent":0,"count":6,"filter":"raw"},{"term_id":1582,"name":"Mobile Cybersecurity Knowledge Base","slug":"mobile-cybersecurity-knowledge-base","term_group":0,"term_taxonomy_id":1582,"taxonomy":"resource_categories","description":"","parent":1576,"count":45,"filter":"raw"},{"term_id":1503,"name":"MWC22 Barcelona","slug":"mwc22-barcelona","term_group":0,"term_taxonomy_id":1503,"taxonomy":"resource_categories","description":"","parent":0,"count":6,"filter":"raw"},{"term_id":1508,"name":"MWC23 Barcelona","slug":"mwc23-barcelona","term_group":0,"term_taxonomy_id":1508,"taxonomy":"resource_categories","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":1511,"name":"MWC23 Las Vegas","slug":"mwc23-las-vegas","term_group":0,"term_taxonomy_id":1511,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1516,"name":"MWC24 Barcelona","slug":"mwc24-barcelona","term_group":0,"term_taxonomy_id":1516,"taxonomy":"resource_categories","description":"","parent":0,"count":3,"filter":"raw"},{"term_id":1575,"name":"MWC25 Barcelona","slug":"mwc25-barcelona","term_group":0,"term_taxonomy_id":1575,"taxonomy":"resource_categories","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":322,"name":"NESAS","slug":"nesas","term_group":0,"term_taxonomy_id":322,"taxonomy":"resource_categories","description":"","parent":0,"count":5,"filter":"raw"},{"term_id":504,"name":"Operational","slug":"operational-phase","term_group":0,"term_taxonomy_id":504,"taxonomy":"resource_categories","description":"","parent":507,"count":23,"filter":"raw"},{"term_id":1578,"name":"Post quantum use case library","slug":"post-quantum-use-case-library","term_group":0,"term_taxonomy_id":1578,"taxonomy":"resource_categories","description":"","parent":1522,"count":6,"filter":"raw"},{"term_id":1522,"name":"Post-quantum","slug":"post-quantum","term_group":0,"term_taxonomy_id":1522,"taxonomy":"resource_categories","description":"","parent":0,"count":15,"filter":"raw"},{"term_id":1581,"name":"Post-Quantum Cryptography","slug":"post-quantum-cryptography","term_group":0,"term_taxonomy_id":1581,"taxonomy":"resource_categories","description":"","parent":1576,"count":11,"filter":"raw"},{"term_id":505,"name":"Procurement","slug":"procurement-phase","term_group":0,"term_taxonomy_id":505,"taxonomy":"resource_categories","description":"","parent":507,"count":3,"filter":"raw"},{"term_id":1517,"name":"Publications","slug":"publications","term_group":0,"term_taxonomy_id":1517,"taxonomy":"resource_categories","description":"","parent":0,"count":46,"filter":"raw"},{"term_id":1599,"name":"Region","slug":"region","term_group":0,"term_taxonomy_id":1599,"taxonomy":"resource_categories","description":"","parent":1589,"count":0,"filter":"raw"},{"term_id":368,"name":"SAS","slug":"sas","term_group":0,"term_taxonomy_id":368,"taxonomy":"resource_categories","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1593,"name":"Scam Call Detection and Blocking","slug":"scam-call-detection-and-blocking","term_group":0,"term_taxonomy_id":1593,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1580,"name":"Securing the 5G era","slug":"securing-the-5g-era","term_group":0,"term_taxonomy_id":1580,"taxonomy":"resource_categories","description":"","parent":1576,"count":5,"filter":"raw"},{"term_id":1595,"name":"SIM Swap Fraud Prevention","slug":"sim-swap-fraud-prevention","term_group":0,"term_taxonomy_id":1595,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1594,"name":"SMS Phishing (Smishing) Detection","slug":"sms-phishing-smishing-detection","term_group":0,"term_taxonomy_id":1594,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1596,"name":"Subscription Fraud Prevention","slug":"subscription-fraud-prevention","term_group":0,"term_taxonomy_id":1596,"taxonomy":"resource_categories","description":"","parent":1592,"count":0,"filter":"raw"},{"term_id":1563,"name":"Supply Chain Publications","slug":"supply-chain-publications","term_group":0,"term_taxonomy_id":1563,"taxonomy":"resource_categories","description":"","parent":1517,"count":1,"filter":"raw"},{"term_id":1585,"name":"Supply Chain Toolbox","slug":"supply-chain-toolbox","term_group":0,"term_taxonomy_id":1585,"taxonomy":"resource_categories","description":"","parent":1576,"count":8,"filter":"raw"},{"term_id":1583,"name":"T-ISAC","slug":"t-isac","term_group":0,"term_taxonomy_id":1583,"taxonomy":"resource_categories","description":"","parent":1576,"count":0,"filter":"raw"},{"term_id":1579,"name":"T-Isac Blog","slug":"t-isac-blog","term_group":0,"term_taxonomy_id":1579,"taxonomy":"resource_categories","description":"","parent":1501,"count":0,"filter":"raw"},{"term_id":1501,"name":"T-ISAC Resources","slug":"t-isac-resources","term_group":0,"term_taxonomy_id":1501,"taxonomy":"resource_categories","description":"","parent":0,"count":5,"filter":"raw"},{"term_id":1576,"name":"Technical Guidelines","slug":"technical-guidelines","term_group":0,"term_taxonomy_id":1576,"taxonomy":"resource_categories","description":"","parent":0,"count":52,"filter":"raw"},{"term_id":1592,"name":"Theme","slug":"theme","term_group":0,"term_taxonomy_id":1592,"taxonomy":"resource_categories","description":"","parent":1589,"count":0,"filter":"raw"},{"term_id":507,"name":"Topic","slug":"topic","term_group":0,"term_taxonomy_id":507,"taxonomy":"resource_categories","description":"","parent":0,"count":0,"filter":"raw"},{"term_id":1589,"name":"Use case","slug":"use-case","term_group":0,"term_taxonomy_id":1589,"taxonomy":"resource_categories","description":"","parent":0,"count":0,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources\/7870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/gsma_theme_resources"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/39"}],"version-history":[{"count":2,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources\/7870\/revisions"}],"predecessor-version":[{"id":12085,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/gsma_theme_resources\/7870\/revisions\/12085"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=7870"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=7870"},{"taxonomy":"resource_categories","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/resource_categories?post=7870"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=7870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}