Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.517
5G Security Assurance Specification (SCAS) –
Security Edge Protection Proxy (SEPP)

3GPP‑Page   ETSI‑search  
V18.0.0 (PDF)  2023/06  24 p.
V17.0.0  2021/06  21 p.
V16.3.0  2021/06  19 p.
Rapporteur:
Mr. Peinado, German
Nokia Germany

Content for  TS 33.517  Word version:  18.0.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 SEPP-specific security requirements and related test cases$ Change history

 

1  Scopep. 6

The present document contains objectives, requirements and test cases that are specific to the SEPP network product class. It refers to the Catalogue of General Security Assurance Requirements and formulates specific adaptions of the requirements and test cases given there, as well as specifying requirements and test cases unique to the SEPP network product class.

2  Referencesp. 6

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

3.2  Symbolsp. 6

3.3  Abbreviationsp. 6

4  SEPP-specific security requirements and related test casesp. 7

4.1  Introductionp. 7

4.2  SEPP-specific adaptations of security functional requirements and related test casesp. 7

4.2.1  Introductionp. 7

4.2.2  Security functional requirements on the SEPP deriving from 3GPP specifications and related test casesp. 7

4.2.2.1  Security functional requirements on the SEPP deriving from 3GPP specifications - general approachp. 7

4.2.2.2  Correct handling of cryptographic material of peer SEPPs and IPX providersp. 7

4.2.2.3  Connection-specific scope of cryptographic material by IPX-providersp. 9

4.2.2.4  Correct handling of serving PLMN ID mismatchp. 10

4.2.2.5  Confidential IEs replacement handling in original N32-f messagep. 11

4.2.2.6  Correct handling of protection policy mismatchp. 11

4.2.2.7  JWS profile restrictionp. 13

4.2.2.8  No misplacement of encrypted IEs in JSON object by IPXp. 14

4.2.2.9  Correct Handling of Inter-PLMN Routingp. 15

4.2.2.10  Correct Handling of Custom HTTP Header with PRINS Securityp. 16

4.2.3  Technical Baselinep. 17

4.2.3.1  Introductionp. 17

4.2.3.2  Protecting data and informationp. 17

4.2.3.2.1  Protecting data and information - generalp. 17
4.2.3.2.2  Protecting data and information - unauthorized viewingp. 17
4.2.3.2.3  Protecting data and information in storagep. 17
4.2.3.2.4  Protecting data and information in transferp. 17
4.2.3.2.5  Logging access to personal datap. 17

4.2.3.3  Protecting availability and integrityp. 17

4.2.3.4  Authentication and authorizationp. 17

4.2.3.5  Protecting sessionsp. 17

4.2.3.6  Loggingp. 18

4.2.4  Operating Systemsp. 18

4.2.5  Web Serversp. 18

4.2.6  Network Devicesp. 19

4.3  SEPP-specific adaptations of hardening requirements and related test casesp. 19

4.3.1  Introductionp. 19

4.3.2  Technical baselinep. 19

4.3.3  Operating systemsp. 19

4.3.4  Web serversp. 20

4.3.5  Network devicesp. 20

4.3.6  Network functions in service-based architecturep. 20

4.4  SEPP-specific adaptations of basic vulnerability testing requirements and related test casesp. 20

4.4.1  Introductionp. 20

4.4.2  Port Scanningp. 20

4.4.3  Vulnerability scanningp. 20

4.4.4  Robustness and fuzz testingp. 20

$  Change historyp. 21

Up   Top