Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.936
Security Assurance Methodology (SECAM) for 3GPP Virtualized Network Products

3GPP‑Page   ETSI‑search  
V18.0.1 (PDF)  2023/03  19 p.
Rapporteur:
Mr. Qi, Minpeng
China Mobile Com. Corporation

full Table of Contents for  TR 33.936  Word version:  18.0.1

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Overview5 Security Assurance Specification (SCAS) Creation6 Vendor development and product lifecycle processes and test laboratory accreditation7 Evaluation and SCAS instantiation$ Change history

 

1  Scopep. 7

The present document defines the complete Security Assurance Methodology (SECAM) evaluation process (evaluation, relation to SECAM Accreditation Body, roles, etc.) as well as the components of SECAM that are intended to provide the expected security assurance for virtualized network product. It will thus describe the general scheme providing an overview of the entire scheme and explaining how to create and apply the Security Assurance Specifications (SCASs). It will detail the different evaluation tasks (vendor network product development and network product lifecycle management process assessment, Security Compliance Testing, Basic Vulnerability Testing and Enhanced Vulnerability Analysis) and the different actors involved. Enhanced Vulnerability Analysis is outside the scope of the present release of SECAM. The present document will help all involved parties to have a clear understanding of the overall process and the covered threats.
In another aspect, compared to [2], present document shows specific methodology to virtualized network product in addition.
Up

2  Referencesp. 7

3  Definitions of terms, symbols and abbreviationsp. 8

3.1  Termsp. 8

3.2  Symbolsp. 8

3.3  Abbreviationsp. 8

4  Overviewp. 8

4.1  Introductionp. 8

4.1.1  Considerations on network product class when using NFV technologyp. 8

4.1.2  Considerations on SECAM of the virtualized network productsp. 9

4.2  Scope of a SECAM SCAS for 3GPP virtualized network productsp. 9

4.3  Scope of SECAM evaluation for 3GPP virtualized network productsp. 9

4.4  Scope of SECAM Accreditation for 3GPP virtualized network productsp. 10

4.5  Ultimate Output of SECAM Evaluation for 3GPP virtualized network productsp. 10

4.6  3GPP virtualized network products evaluation processp. 11

4.7  Roles in SECAM for 3GPP virtualized network productsp. 11

4.8  Operator security acceptance decision for 3GPP virtualized network productsp. 11

4.9  SECAM Assurance level for 3GPP virtualized network productsp. 12

4.10  Security baseline for 3GPP virtualized network productsp. 12

5  Security Assurance Specification (SCAS) Creationp. 12

5.1  Introductionp. 12

5.2  SCAS documents structure and contentp. 12

5.2.1  Generalp. 12

5.2.2  Security Problem Definition (SPD)p. 13

5.2.3  Security Requirementsp. 13

5.2.3.1  Introductionp. 13

5.2.3.2  Incorporation of security requirements from existing 3GPP and ETSI specifications in current releasesp. 14

5.2.3.3  Handling of security requirementsp. 14

5.2.3.4  Guidelines for writing test casesp. 14

5.3  Improvement of SCAS and new potential security requirementsp. 14

5.4  Basic vulnerability testing requirements for generic virtualized network productp. 14

6  Vendor development and product lifecycle processes and test laboratory accreditationp. 15

6.1  Overviewp. 15

6.2  Audit and accreditation of Vendor network product development and network product lifecycle management processesp. 15

6.3  Audit and accreditation of test laboratoriesp. 16

6.4  Monitoringp. 16

6.5  Dispute resolutionp. 16

7  Evaluation and SCAS instantiationp. 16

7.1  Security Assurance Specification (SCAS) instantiation documents creationp. 16

7.2  Evaluation and evaluation reportp. 17

7.2.1  Network product development process and network product lifecycle managementp. 17

7.2.2  SCAS instantiation evaluationp. 17

7.2.2.1  Overviewp. 17

7.2.2.2  Contentp. 17

7.2.2.3  Processp. 18

7.2.3  Security Compliance testingp. 18

7.2.4  Basic Vulnerability Testingp. 18

7.3  Self-declarationp. 18

7.4  Partial compliance and use of SECAM requirements in network product development cyclep. 18

7.5  Comparison between two SECAM evaluationsp. 18

7.6  The evaluation of a new versionp. 18

$  Change historyp. 19

Up   Top