Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.936
Security Assurance Methodology (SECAM) for 3GPP Virtualized Network Products

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.0.0 (PDF)  2025/09  21 p.
V18.0.1  2023/03  21 p.
Rapporteur:
Mr. Qi, Minpeng
China Mobile Com. Corporation

full Table of Contents for  TR 33.936  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 7
2References  p. 7
3Definitions of terms, symbols and abbreviations  p. 8
3.1Terms  p. 8
3.2Symbols  p. 8
3.3Abbreviations  p. 8
4Overview  p. 8
4.1Introduction  p. 8
4.1.1Considerations on network product class when using NFV technology  p. 8
4.1.2Considerations on SECAM of the virtualized network products  p. 9
4.2Scope of a SECAM SCAS for 3GPP virtualized network products  p. 9
4.3Scope of SECAM evaluation for 3GPP virtualized network products  p. 9
4.4Scope of SECAM Accreditation for 3GPP virtualized network products  p. 10
4.5Ultimate Output of SECAM Evaluation for 3GPP virtualized network products  p. 10
4.63GPP virtualized network products evaluation process  p. 11
4.7Roles in SECAM for 3GPP virtualized network products  p. 11
4.8Operator security acceptance decision for 3GPP virtualized network products  p. 11
4.9SECAM Assurance level for 3GPP virtualized network products  p. 12
4.10Security baseline for 3GPP virtualized network products  p. 12
5Security Assurance Specification (SCAS) Creation  p. 12
5.1Introduction  p. 12
5.2SCAS documents structure and content  p. 12
5.2.1General  p. 12
5.2.2Security Problem Definition (SPD)  p. 13
5.2.3Security Requirements  p. 13
5.2.3.1Introduction  p. 13
5.2.3.2Incorporation of security requirements from existing 3GPP and ETSI specifications in current releases  p. 14
5.2.3.3Handling of security requirements  p. 14
5.2.3.4Guidelines for writing test cases  p. 14
5.3Improvement of SCAS and new potential security requirements  p. 14
5.4Basic vulnerability testing requirements for generic virtualized network product  p. 14
6Vendor development and product lifecycle processes and test laboratory accreditation  p. 15
6.1Overview  p. 15
6.2Audit and accreditation of Vendor network product development and network product lifecycle management processes  p. 15
6.3Audit and accreditation of test laboratories  p. 16
6.4Monitoring  p. 16
6.5Dispute resolution  p. 16
7Evaluation and SCAS instantiation  p. 16
7.1Security Assurance Specification (SCAS) instantiation documents creation  p. 16
7.2Evaluation and evaluation report  p. 17
7.2.1Network product development process and network product lifecycle management  p. 17
7.2.2SCAS instantiation evaluation  p. 17
7.2.2.1Overview  p. 17
7.2.2.2Content  p. 17
7.2.2.3Process  p. 18
7.2.3Security Compliance testing  p. 18
7.2.4Basic Vulnerability Testing  p. 18
7.3Self-declaration  p. 18
7.4Partial compliance and use of SECAM requirements in network product development cycle  p. 18
7.5Comparison between two SECAM evaluations  p. 18
7.6The evaluation of a new version  p. 18
$Change history  p. 19

Up   Top