The present document covers 3 topics: 5GS support for Non-Public Network (NPN), 5G LAN-type services and Time Sensitive Communication. An NPN is a 5GS deployed for non-public use, for details consult TS 22.261. As described in TS 23.501, an NPN may be deployed as a Stand-alone Non-Public Network (SNPN), i.e. a network operated by an NPN operator and not relying on network functions provided by a PLMN, or a Public Network Integrated NPN, i.e. a non-public network deployed with the support of a PLMN. 5G LAN-type services are services that allow a set of UEs (5G LAN Group) to use private communication, i.e. providing services with similar functionalities to Local Area Networks (LANs) and VPN's but improved with 5G capabilities. Time Sensitive Communication (TSC) is a communication service that allows deterministic communication and/or isochronous communication with high reliability and availability by integrating transparently the 5G System as a bridge in an IEEE TSN network.

The present document studies security enhancements to 5GS that are required to fulfil Stage-1 service requirements in vertical domains defined in TS 22.261 and TS 22.104 and addresses the solutions described by TR 23.734 and TR 23.725 studies. Potential security requirements are provided and possible security architecture enhancements to 5GS in vertical domains are proposed that support these security requirements.

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

• References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

A Non-Public Network (NPN) is a 5GS deployed for non-public use, see TS 22.261. An NPN may be deployed as described in TS 23.501 in more detail:

• a Stand-alone Non-Public Network (SNPN), i.e. operated by an NPN operator and not relying on network functions provided by a PLMN, or
• a Public Network integrated NPN (PNiNPN), i.e. a NPN deployed with the support of a PLMN.

SNPN 5GS deployments are based on the architecture depicted in clause 4.2.3 of TS 23.501, and the additional functionality covered in clause 5.30.2 of TS 23.501. PNiNPN can be enabled using network slicing (see Annex D of 23.501 [7]). To prevent unauthorized UEs from trying to access a PNiNPN, the Closed Access Group (CAG) functionality described in clause 5.30.3 of TS 23.501 can be used in addition. Vertical and LAN Services features include:

• Time Sensitive Communication (TSC) service as described in clause 4.4.8 of TS 23.501 and clause 5.27 of TS 23.501, and
• 5GLAN-type service as described in clause 4.4.6 of TS 23.501 and clause 5.25 of TS 23.501 and further defined in clause 4.13.8 of TS 23.502.

In the following clauses, key issues and potential solutions of security aspects of SNPN and PiNPN as well as the Vertical and LAN Services features are addressed. Many aspects of TS 33.501 also apply to NPNs and it was decided to not copy those into the present document, but directly provide the specification text for the related NPN clauses as will be mentioned in the conclusion section.