TS 33.517
5G Security Assurance Specification (SCAS) –
Security Edge Protection Proxy (SEPP)

3GPP‑Page ETSI‑search fToC_↓ Partial Content _→

V19.0.0 (PDF) 2025/06 21 p.

V18.0.0 2023/06 24 p.

V17.0.0 2021/06 21 p.

V16.3.0 2021/06 19 p.

Rapporteur:: Mr. Peinado, German
Nokia Germany

full Table of Contents for TS 33.517 Word version: 19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 6

References p. 6

Definitions of terms, symbols and abbreviations p. 6

3.1	Terms p. 6
3.2	Symbols p. 6
3.3	Abbreviations p. 6

SEPP-specific security requirements and related test cases p. 7

4.1

Introduction p. 7

4.2

SEPP-specific adaptations of security functional requirements and related test cases p. 7

4.2.1

Introduction p. 7

4.2.2

Security functional requirements on the SEPP deriving from 3GPP specifications and related test cases p. 7

4.2.2.1	Security functional requirements on the SEPP deriving from 3GPP specifications - general approach p. 7
4.2.2.2	Correct handling of cryptographic material of peer SEPPs and IPX providers p. 7
4.2.2.3	Connection-specific scope of cryptographic material by IPX-providers p. 9
4.2.2.4	Correct handling of serving PLMN ID mismatch p. 10
4.2.2.5	Confidential IEs replacement handling in original N32-f message p. 11
4.2.2.6	Correct handling of protection policy mismatch p. 11
4.2.2.7	JWS profile restriction p. 13
4.2.2.8	No misplacement of encrypted IEs in JSON object by IPX p. 14
4.2.2.9	Correct Handling of Inter-PLMN Routing p. 15
4.2.2.10	Correct Handling of Custom HTTP Header with PRINS Security p. 16

4.2.3

Technical Baseline p. 17

4.2.3.1

Introduction p. 17

4.2.3.2

Protecting data and information p. 17

4.2.3.2.1	Protecting data and information - general p. 17
4.2.3.2.2	Protecting data and information - unauthorized viewing p. 17
4.2.3.2.3	Protecting data and information in storage p. 17
4.2.3.2.4	Protecting data and information in transfer p. 17
4.2.3.2.5	Logging access to personal data p. 17

4.2.3.3

Protecting availability and integrity p. 17

4.2.3.4

Authentication and authorization p. 17

4.2.3.5

Protecting sessions p. 17

4.2.3.6

Logging p. 18

4.2.4

Operating Systems p. 18

4.2.5

Web Servers p. 18

4.2.6

Network Devices p. 19

4.3

SEPP-specific adaptations of hardening requirements and related test cases p. 19

4.3.1	Introduction p. 19
4.3.2	Technical baseline p. 19
4.3.3	Operating systems p. 19
4.3.4	Web servers p. 20
4.3.5	Network devices p. 20
4.3.6	Network functions in service-based architecture p. 20

4.4

SEPP-specific adaptations of basic vulnerability testing requirements and related test cases p. 20

4.4.1	Introduction p. 20
4.4.2	Port Scanning p. 20
4.4.3	Vulnerability scanning p. 20
4.4.4	Robustness and fuzz testing p. 20

Change history p. 21

TS 33.517 5G Security Assurance Specification (SCAS) – Security Edge Protection Proxy (SEPP)

full Table of Contents for TS 33.517 Word version: 19.0.0

TS 33.517
5G Security Assurance Specification (SCAS) –
Security Edge Protection Proxy (SEPP)