The present document captures the network product class descriptions, threats and critical assets that have been identified in the course of the work on 3GPP security assurance specifications. The main body of the present document contains generic aspects that are believed to apply to more than one network product class, while Annexes cover the aspects specific to one network product class.
According to TR 33.916
, a network product class is a class of products that all implement a common set of 3GPP-defined functionalities. Therefore, in order to define the MME network product class it is necessary to define the common set of 3GPP-defined functionalities that is constitutive for an MME. As part of the MME network product, it is expected that the MME contains MME application, a set of running processes (typically more than one) executing the software package for the MME functions and OAM functions that are specific to the MME network product model. Functionalities specific to the MME network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.116