Content for  TS 33.117  Word version:  16.5.0

Top   Top   None   None   Next
1…   4…


1  ScopeWord‑p. 7
The present document contains objectives, requirements and test cases that are deemed applicable, possibly after adaptation, to several network product classes.
Several network product classes share very similar if not identical security requirements for some aspects. Therefore, these are collected in this "catalogue" document applicable to many network product classes. In addition to this catalogue, requirements specific to different network product classes will be captured in separate documents.

2  References

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]  TR 21.905   "Vocabulary for 3GPP Specifications".
[2]  3GPP TR 41.001: "GSM Specification set".
[3]  RFC 3871:  "Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure".
[4]  TR 33.926   "Security Assurance Specification (SCAS) threats and critical assets in 3GPP network product classes".
[5]  CVE-1999-0511,
[6]   "Practical recommendations for securing Internet-connected Windows NT Systems",;%5BLN%5D;164882.
[7]  X-Force Vulnerability Report,
[8]  RFC 2644:  "Changing the Default for Directed Broadcasts in Routers."
[9]  TS 33.310   "Network Domain Security (NDS); Authentication Framework (AF)".
[10]  TS 33.501  v15: "Security architecture and procedures for 5G system".
[11]  RFC 7540:  "Hypertext Transfer Protocol Version 2 (HTTP/2)".
[12]  RFC 6749:  "OAuth2.0 Authorization Framework".
[13]  TS 29.501   "Principles and Guidelines for Services Definition".

3  Definitions and abbreviations

3.1  Definitions

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Machine Accounts:
These will be used for authentication and authorization from system to system or between applications on a system and cannot be assigned to a single person or a group of persons.
Personal data:
any information relating to an identified or identifiable natural person ('data subject').
Identifiable person:
one who can be identified, directly or indirectly, in particular by reference to an identification number, name or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Sensitive data:
data that may be used for authentication or may help to identify the user, such as user names, passwords, PINs, cryptographic keys, IMSIs, IMEIs, MSISDNs, or IP addresses of the UE, as well as files of a system that are needed for the functionality such as firmware images, patches, drivers or kernel modules.
System group account:
a predefined system account in the network product, usually with special privileges, which has a predefined user id and hence cannot be tied to a single user (individual) in a normal operating environment.
the 'root' account.

3.2  AbbreviationsWord‑p. 8
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
Application Programming Interface
Center for Internet Security
Java Script Object Notation
Network Function
Network Repository Function
Service Based Architecture
Service Based Interfaces
Security Edge Protection Proxy
Uniform Resource Identifier
Web Application Security

Up   Top   ToC