GSMA NESAS - discovered, expla

GSMA NESAS

The Network Equipment Security Assurance Scheme, NESAS for short, is a cross-industry scheme defined jointly by the 3rd Generation Partnership Project (3GPP) and the GSM Association (GSMA) to strengthen confidence in the IT security of mobile phone components. Network devices are tested by independent testing service providers such as TÜVIT.

What is NESAS?

The Network Equipment Security Assurance Scheme (NESAS) is a cross-industry, international security framework developed by the 3rd Generation Partnership Project (3GPP) and GSM Association (GSMA) with the participation of globally operating telecommunications network operators, manufacturers, providers and industry partners.

As a common basis, NESAS, together with other mechanisms, is intended to help raise the IT security level across the entire mobile communications industry by evaluating the security requirements of network components through independent, accredited testing service providers.

The security framework is divided into two sub-areas that build on each other. Based on the security requirements and an assessment framework of the GSMA, the entire product development and product life cycle process of a network component as well as the manufacturer sites involved are audited. In a second stage, the security assessment of network devices is carried out using 3GPP-defined security test cases.

Special features of GSMA NESAS

Framework developed by the 3rd Generation Partnership Project (3GPP) and the GSM Association (GSMA) to verify, guarantee and improve security in the mobile communications industry
Enables the objective assessment of defined, internationally standardised security features of mobile radio components
Supports manufacturers in documenting the development, maintenance and product security functions of their components
Takes security into account over the entire product life cycle

We will support you – no matter what

Get started at last!

We advise you

TÜV NORD IT Secure Communication I Berlin

To the consulting services Contact us

Goal achieved?

We check that

TÜV Informationstechnik I Essen

To the test offers Contact us

Frequently Asked Questions (FAQ)

What you need to know about GSMA NESAS

No, the NESAS programme does not certify network products. Once the test has been completed, manufacturers receive a transparent test report stating whether the test was successful. Companies interested in certification can request support from TÜVIT's testing centre during the certification process based on other schemes (e.g. Common Criteria, Trusted Product).

Yes, the auditing of the product life cycle and the safety testing of the product can be carried out by different laboratories. The NESAS auditors appointed by the GSMA carry out the evaluation of the product life cycle. The NESAS laboratories focus on the evaluation of network products based on the SCAS test case catalogues. TÜVIT offers both services from a single source.

The audit report of the life cycle audit is required as input for the test laboratory for product testing. During product testing, the points identified in the audit report are verified and the result is documented together with the test results in a product test report.