The present document captures the network product class descriptions, threats and critical assets that have been identified in the course of the work on 3GPP security assurance specifications. The main body of the present document contains generic aspects that are believed to apply to more than one network product class, while this clause covers the aspects specific to the MnF network product class. A 5G MnF NP implement 3GPP-defined functions from various releases. As specified in TS 28.533, a 5G MnF may support management services such as for performance management, configuration management or fault supervision services, etc. By comparison to the Figure 4.3-1 (GNP model), a 5G MnF NP includes functions defined by 3GPP, other functions, operating system and hardware. According to clause 5.3 of TS 28.533, there are two types of MnFs: cross domain MnF and domain MnF. These MnF types differ slightly in the types of interfaces they support as explained below. The generic interfaces supported by both MnF NP classes are interfaces for remote management, local console, towards digital portal, to central AAA, to MnF in other domain. The cross domain MnF specific interfaces are interfaces towards external consumer, towards BSS, to TN management system. The domain MnF specific interfaces are interfaces to NF in the same domain.

According to TR 33.916, a network product class is a class of products that all implement a common set of 3GPP-defined functionalities. Therefore, in order to define the MnF network product class, it is necessary to define the common set of 3GPP-defined functionalities that is constitutive for a MnF. As part of the MnF network product, it is expected that the MnF contains MnF application, a set of running processes (typically more than one) executing the software package for the MnF functions and OAM functions that are specific to the MnF network product model. Functionalities specific to the MnF network product introduce additional critical assets and/or threats as described below. Related security requirements and test cases have been captured in TS 33.526.

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the MnF to be protected are:

• MnF Application
• The interfaces of MnF to be protected and which are within SECAM scope: for example,
  • External Client access interface,
  • Interface between MnF and NF,
  • Interface between RAN/CN MnFs and Cross Domain MnFs,
  • Interface between MnF and AAA infrastructure, if any,
  • Service based interfaces, if any.
• Management data: User account data, Performance data, Fault supervision data, Configuration data, Log data, etc.