GSMA

Huawei 5G Passes GSMA’s Network Equipment Security Assurance Scheme

NESAS is a standardized cybersecurity assessment mechanism jointly defined by GSMA and 3GPP

Last updated:

Huawei’s 5G wireless and core network equipment (5G RAN gNodeB, 5G Core UDG,UDM,UNC,UPCF) and LTE eNodeB has passed the GSMA’s Network Equipment Security Assurance Scheme (NESAS).

NESAS is a standardised cybersecurity assessment mechanism jointly defined by GSMA and 3GPP, together with major global operators, vendors, industry partners and regulators. It provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry.

It is a voluntary scheme through which network equipment vendors subject their product development and lifecycle processes to a comprehensive security audit against the currently active NESAS release and its security requirements. The summary independent audit reports of the NESAS assessment can be found here.

NESAS provides a security baseline to evidence that network equipment satisfies a list of security requirements and has been developed in accordance with vendor development and product lifecycle processes that provide security assurance. NESAS is intended to be used alongside other mechanisms to ensure a network is secure, in particular an appropriate set of security policies covering the whole lifecycle of a network.

The scheme should be used globally as a common baseline, on top of which individual operators or national IT security agencies may want to put additional security requirements.

NESAS covers 20 assessment categories, defining security requirements and an assessment framework for 5G product development and product lifecycle processes. Additionally it uses security test cases defined by 3GPP to assess the security of network equipment.

NESAS development and product lifecycle assessments are conducted against security requirements that cover the following areas:

  • Security by design
  • Version control systems
  • Change tracking
  • Source code review
  • Security testing
  • Staff education
  • Vulnerability remedy processes
  • Vulnerability remedy independence
  • Information security management
  • Automated build process
  • Build environment control
  • Vulnerability information management
  • Software integrity protection
  • Unique software release identifier
  • Security fix communication
  • Documentation accuracy
  • Security point of contact
  • Source code governance
  • Continual improvement
  • Security documentation

“GSMA NESAS is the latest approach in assessing the network security of mobile communications. In the 5G era, NESAS provides a standardized and effective cyber security assessment, which allows the communications industry to ensure fairness. The Assessment is also a valuable reference for stakeholders, such as operators, equipment vendors, government regulators, and application service providers. Huawei has always focused on technology-driven cyber security. We welcome NESAS with full support and collaboration. We also invite the entire industry to jointly promote the development of a more aligned mobile communications market.” – said Devin Duan, Head of 5G E2E Cybersecurity Marketing, Huawei.

For Huawei, cybersecurity assurance is a shared goal between Huawei, customers, supervisory authorities, and other stakeholders. Trust in cybersecurity has become a major global concern as the world becomes more digital. Huawei says that it believes that trust must be based on verifiable facts, which should in turn be based on shared standards.

We believe that this is an effective way to build trust in the digital era. Huawei supports GSMA and 3GPP in developing a global standardised security assessment, an idea that has largely been accepted as an industry consensus. NESAS promotes this concept, and as such, Huawei urges the industry to widely adopt NESAS.

Prior to passing GSMA NESAS, Huawei also passed the 5G cyber security test by China’s IMT-2020 (5G) Promotion Group. These test specifications are based on the 3GPP international standards for 5G security assurance.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services