This annex captures the aspects specific to network product class AUSF.

As part of the AUSF network product, it is expected that the AUSF to contain AUSF application, a set of running processes (typically more than one) executing the software package for the AUSF functions and OAM functions that is specific to the AUSF network product model. Functionalities specific to the AUSF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.516.

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the AUSF to be protected are:

• AUSF Application;
• User Data: e.g. subscriber's identities (e.g. SUPI), authentication parameters (e.g. Serving network name, authentication vectors, AUSF key), Routing indicator etc.
• The interfaces of AUSF to be protected and which are within SECAM scope:
  • Service based interface, Nausf, for providing services for AMF and UDM
  • Service based interface for consuming services from UDM, and NRF
  • Console interface, for local access: local interface on AUSF
  • OAM interface, for remote access: interface between AUSF and OAM system
• AUSF Software: binary code or executable code

No specific threats are identified for AUSF in addition to the generic threats identified in the main body of this document.