Tech-invite   World Map
3GPP     Specs     Glossaries     UICC       IETF     RFCs     Groups     SIP     ABNFs       T+       Search     Home
Top        in Index        Prev        Next

TR 33.916 (SA3)
Security Assurance Methodology for 3GPP network products

|   ToC   |   3GPP‑Page   |   ETSI‑search   |   Help   |

V14.2.0 (PDF)    2017/06    43 p.

Rapporteur:  Dr. Zugenmaier, Alf
See also:  SECAM-related TS/TR

The present document defines the complete Security Assurance Methodology (SECAM) evaluation process (evaluation, relation to SECAM Accreditation Body, roles, etc.) as well as the components of SECAM that are intended to provide the expected security assurance. It will thus describe the general scheme providing an overview of the entire scheme and explaining how to create and apply the Security Assurance Specifications (SCASs). It will detail the different evaluation tasks (vendor network product development and network product lifecycle management process assessment, Security Compliance Testing, Basic Vulnerability Testing and Enhanced Vulnerability Analysis) and the different actors involved. Enhanced Vulnerability Analysis is outside the scope of the present release of SECAM. The present document will help all involved parties to have a clear understanding of the overall process and the covered threats.

The concrete security requirements will be part of the Security Assurance Specifications (SCASs) for each network product class and not part of this overall process document. Some of the tasks described in the SECAM scheme are meant to be performed by 3GPP, while other tasks are meant to be performed by the SECAM Accreditation Body. This accreditation body has been agreed to be the GSMA. 3GPP maintains the overall responsibility for the SECAM scheme and creates the SCASs. The SECAM Accreditation Body is tasked to develop requirements on vendor network product development, the network product lifecycle management process, and SECAM-accreditation for vendors and test laboratories, and describe these requirements in separate documents that will complement the present document. The SECAM Accreditation Body defines its own scheme that covers all these tasks.


Here        Top


1 Scope    2 References    3 Definitions and abbreviations    3.1 Definitions    3.2 Abbreviations    4 Overview    4.0 Introduction    4.1 Scope of a SECAM SCAS    4.2 Scope of SECAM evaluation    4.3 Scope of SECAM Accreditation    4.4 Ultimate Output of SECAM Evaluation    4.5 Network product evaluation process    4.6 Roles in SECAM    4.7 Operator security acceptance decision    4.8 SECAM Assurance level    4.9 Security baseline    5 Security Assurance Specification (SCAS) Creation    5.1 Writing process overview    5.2 SCAS documents structure and content    5.3 Improvement of SCAS and new security requirements    6 Vendor development and product lifecycle processes and test laboratory accreditation    6.1 Overview    6.2 Audit and accreditation of Vendor network product development and network product lifecycle management processes    6.3 Audit and accreditation of test laboratories    6.4 Monitoring    6.5 Dispute resolution    7 Evaluation and SCAS instantiation    7.1 Security Assurance Specification instantiation documents creation    7.2 Evaluation and evaluation report    7.3 Self-declaration    7.4 Partial compliance and use of SECAM requirements in network product development cycle    7.5 Comparison between two SECAM evaluations    7.6 The evaluation of a new version    A Summary of SECAM documents    B Summary of actors involved in SECAM    C Change history   


1   Scope   PDF-p. 6
2   References
3   Definitions and abbreviations   PDF-p. 7
4   Overview   PDF-p. 9
5   Security Assurance Specification (SCAS) Creation   PDF-p. 16      Up
6   Vendor development and product lifecycle processes and test laboratory accreditation
7   Evaluation and SCAS instantiation   PDF-p. 28
A   Summary of SECAM documents   PDF-p. 37
B   Summary of actors involved in SECAM   PDF-p. 38      Up
C   Change history   PDF-p. 41

Up        Top