GSMA Network Equipment Security Assurance Scheme (NESAS)
The NESAS scheme is a collaboration and jointly led by 3GPP and the GSMA, and is open to all vendors of network equipment products that support 3GPP defined functions. NESAS has been developed to strengthen the level of security in 5G and LTE networks following established best practices and schemes that provide security assurance.
atsec is both a GSMA appointed auditor to provide Network Equipment Security Assurance Scheme (NESAS) security audits and an authorized and accredited laboratory to perform network product evaluations against NESAS Security Assurance Specifications (SCAS).
In the course of the NESAS audit, we provide documentation review of vendor development and product life-cycle processes and conduct interviews to assess compliance to the specified security requirements. The list of mobile network equipment vendors that have undergone an assessment and independent audit of their development and product life-cycle processes is available on GSMA’s website, which you can find here.
In the course of the network product evaluation, we apply test specifications from the relevant SCASes and run detailed tests on the network product. Test results are recorded in an Evaluation Report and provided to GSMA, if the evaluated product is to be listed on the NESAS website. The scope of the atsec accreditation can be found here.
Our NESAS portfolio encompasses the following services:
- Readiness assessments to help you estimate the level of effort that will be necessary to successfully comply with NESAS requirements
- NESAS security audits resulting in the GSMA listing
- Testing of network products according to applicable SCASes
- Education and training for vendors, telecommunication operators on NESAS security audit topics
These services are provided by atsec through our Swedish office.