Tech-invite  3GPPspecsRELsGlossariesSIP

Top   in Index   Prev   Next

TR 33.805SA3
Study on Security Assurance methodology
for 3GPP Network Products

use "3GPP‑Page" to get the Word version
for a better overview, the Table of Contents (ToC) is reproduced
V12.0.0 (Wzip)  2013/12  106 p.

Rapporteur:  Mr. Habermacher, Loic

The present document studies methodologies for specifying network product security assurance and hardening requirements, with associated test cases when feasible, of 3GPP network products. Network product security assurance and hardening refers to protection against unwanted access to a 3GPP network product, its Operating System, and main running Application(s). The suitability of industry standard methodologies and the potential need for collaboration with bodies such as GSMA, CCRA, ISO and ITU will be assessed. The study will also consider regulatory aspects and the potential need for security certification. The suitability of the candidate methodologies will be assessed with reference to real world examples.
Part of the scope of this work is to conclude which 3GPP network products, if not all, would be subject to 3GPP network product security assurance and hardening requirements. There is likely to be a long list with the result that prioritisation will be required. LTE network product classes will be the first priority. The work will also study exactly what should constitute a 3GPP network product in the context of this study e.g. whether it should be an individual 3GPP functional entity, a group of 3GPP functional entities or some other realisation.
The study will also include assessing the extent to which individual 3GPP network products need to be hardened beyond a common baseline and should take into consideration network vs. environment.

full Table of Contents for  TR 33.805  Word version:   12.0.0

Here   Top
1  ScopeWord-p. 7
2  References
3  Definitions and abbreviationsWord-p. 8
4  3GPP network products and threat modelWord-p. 11
5  Proposed methodologiesWord-p. 25
5.1  Methodology 1: Common Criteria (CC)
5.2  Methodology 2Word-p. 36
5.2.1  Overview
5.2.2  Methodology buildingWord-p. 40
5.2.3  Vendors and third-party laboratories accreditation
5.2.4  Evaluation and evaluation reportWord-p. 58
5.2.5  Self-declarationWord-p. 67
5.2.6  Operator security acceptance decision
5.2.7  Administration of the accreditations and dispute resolution
5.2.8  Summary of SECAM deliverablesWord-p. 68
5.2.9  General considerationsWord-p. 69
6  Criteria for the evaluation of the methodologiesWord-p. 70
7  Comparison of Proposed MethodologiesWord-p. 71
8  ConclusionsWord-p. 72
A  Application of the methodologiesWord-p. 77
B  Common criteria overviewWord-p. 91
C  Self-evaluation and Self-evaluation with Third-party Certification AnalysisWord-p. 94
D  Threat modelling frameworksWord-p. 96
E  Vendor network product development and network product lifecycle management process assurance requirementsWord-p. 104
F  Change historyWord-p. 106

Up   Top