Tech-invite   World Map
3GPPspecs     Glossaries     IETF     RFCs     Groups     SIP     ABNFs
Top        in Index        Prev        Next

TR 33.916 (SA3)
Security Assurance Methodology for 3GPP network products

ToC      3GPP‑Page      ETSI‑search      Help       
V14.3.0 (PDF)    2018/03    42 p.

Rapporteur:  Dr. Zugenmaier, Alf
See also:  SECAM-related TS/TR

The present document defines the complete Security Assurance Methodology (SECAM) evaluation process (evaluation, relation to SECAM Accreditation Body, roles, etc.) as well as the components of SECAM that are intended to provide the expected security assurance. It will thus describe the general scheme providing an overview of the entire scheme and explaining how to create and apply the Security Assurance Specifications (SCASs). It will detail the different evaluation tasks (vendor network product development and network product lifecycle management process assessment, Security Compliance Testing, Basic Vulnerability Testing and Enhanced Vulnerability Analysis) and the different actors involved. Enhanced Vulnerability Analysis is outside the scope of the present release of SECAM. The present document will help all involved parties to have a clear understanding of the overall process and the covered threats.

The concrete security requirements will be part of the Security Assurance Specifications (SCASs) for each network product class and not part of this overall process document. Some of the tasks described in the SECAM scheme are meant to be performed by 3GPP, while other tasks are meant to be performed by the SECAM Accreditation Body. This accreditation body has been agreed to be the GSMA. 3GPP maintains the overall responsibility for the SECAM scheme and creates the SCASs. The SECAM Accreditation Body is tasked to develop requirements on vendor network product development, the network product lifecycle management process, and SECAM-accreditation for vendors and test laboratories, and describe these requirements in separate documents that will complement the present document. The SECAM Accreditation Body defines its own scheme that covers all these tasks.


Here        Top        None        None        Next
1…      6…     



1   Scope   PDF-p. 6
2   References
3   Definitions and abbreviations   PDF-p. 7
4   Overview   PDF-p. 9
5   Security Assurance Specification (SCAS) Creation   PDF-p. 16      Up

Up        Top        ToC