Top   in Index   Prev   Next

TR 33.936
Security Assurance Methodology (SECAM) for 3GPP Virtualized Network Products

V18.0.1 (Wzip)  2023/03  19 p.
Mr. Qi, Minpeng
China Mobile Com. Corporation

full Table of Contents for  TR 33.936  Word version:  18.0.1

Here   Top


1  Scopep. 7

The present document defines the complete Security Assurance Methodology (SECAM) evaluation process (evaluation, relation to SECAM Accreditation Body, roles, etc.) as well as the components of SECAM that are intended to provide the expected security assurance for virtualized network product. It will thus describe the general scheme providing an overview of the entire scheme and explaining how to create and apply the Security Assurance Specifications (SCASs). It will detail the different evaluation tasks (vendor network product development and network product lifecycle management process assessment, Security Compliance Testing, Basic Vulnerability Testing and Enhanced Vulnerability Analysis) and the different actors involved. Enhanced Vulnerability Analysis is outside the scope of the present release of SECAM. The present document will help all involved parties to have a clear understanding of the overall process and the covered threats.
In another aspect, compared to [2], present document shows specific methodology to virtualized network product in addition.

2  Referencesp. 7

3  Definitions of terms, symbols and abbreviationsp. 8

3.1  Termsp. 8

3.2  Symbolsp. 8

3.3  Abbreviationsp. 8

4  Overviewp. 8

5  Security Assurance Specification (SCAS) Creationp. 12

6  Vendor development and product lifecycle processes and test laboratory accreditationp. 15

7  Evaluation and SCAS instantiationp. 16

$  Change historyp. 19

Up   Top