TS 33.528
5G Security Assurance Specification (SCAS)
for the Policy Control Function (PCF)
V18.0.0 (PDF)
2024/03 10 p.
- Rapporteur:
- Mr. Andreas, Joerg
BSI (DE)
Content for TS 33.528 Word version: 18.0.0
1 Scope
2 References
3 Definitions of terms, symbols and abbreviations
4 PCF-specific security requirements and related test cases
4.1 Introduction
4.2 PCF-specific adaptations of security functional requirements and related test cases
4.3 PCF-specific adaptations of hardening requirements and related test cases.
4.4 PCF-specific adaptations of basic vulnerability testing requirements and related test cases
$ Change history
1 Scope p. 6
The present document contains requirements and test cases that are specific to the PCF network product class. It refers to the Catalogue of General Security Assurance Requirements [2] and formulates specific adaptions of the requirements and test cases given there, as well as specifying requirements and test cases unique to the PCF network product class.
2 References p. 6
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
3 Definitions of terms, symbols and abbreviations p. 6
3.1 Terms p. 6
For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
3.2 Symbols p. 6
Void.
3.3 Abbreviations p. 6
4 PCF-specific security requirements and related test cases p. 7
4.1 Introduction p. 7
The present document contains objectives, requirements and test cases that are specific to the PCF network product class. It refers to the Catalogue of General Security Assurance Requirements and formulates specific adaptions of the requirements and test cases given there, as well as specifying requirements and test cases unique to the PCF network product class.
4.2 PCF-specific adaptations of security functional requirements and related test cases p. 7
There are no PCF-specific additions to clause 4.2 of TS 33.117.
4.3 PCF-specific adaptations of hardening requirements and related test cases. p. 7
There are no PCF-specific additions to clause 4.3 of TS 33.117.
4.4 PCF-specific adaptations of basic vulnerability testing requirements and related test cases p. 7
4.4.1 Introduction p. 7
There are no PCF specific additions to clause 4.4.1 of TS 33.117.
4.4.2 Port Scanning p. 7
There are no PCF specific additions to clause 4.4.2 of TS 33.117.
4.4.3 Vulnerability scanning p. 7
There are no PCF specific additions to clause 4.4.3 of TS 33.117.
4.4.4 Robustness and fuzz testing p. 7
The test cases under clause 4.4.4 of TS 33.117 are applicable to PCF.
According to clause 4.4.4 of TS 33.117, the transport protocols available on the interfaces providing IP-based protocols need to be robustness tested. The interface defined for the PCF in clause 4.2.3 of TS 23.501 is Npcf.
Following TCP/IP layer model and considering all the protocols over transport layer, for PCF, the following interface and protocols are under testing:
- For Npcf: The TCP, HTTP2 and JSON protocols.
$ Change history p. 8
