The present document captures the network product class descriptions, threats and critical assets that have been identified in the course of the work on 3GPP security assurance specifications. The main body of the present document contains generic aspects that are believed to apply to more than one network product class, while this clause covers the aspects specific to the NRF network product class.
According to
TR 33.916, a network product class is a class of products that all implement a common set of 3GPP-defined functionalities. Therefore, in order to define the NRF network product class, it is necessary to define the common set of 3GPP-defined functionalities that is constitutive for a NRF. As part of the NRF network product, it is expected that the NRF contains NRF application, a set of running processes (typically more than one) executing the software package for the NRF functions and OAM functions that are specific to the NRF network product model. Functionalities specific to the NRF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in
TS 33.518.