This Annex covers the aspects specific to the PCF network product class.

As part of the PCF network product, it is expected that the PCF to contain PCF application (for data analysis), a set of running processes (typically more than one) executing the software package for the PCF functions and OAM functions that is specific to the PCF network product model. Functionalities specific to the PCF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.528.

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the PCF to be protected are:

• PCF Application;
• PCF context Data: i.e. subscriber's identities (SUPI),
• The interfaces of PCF to be protected and which are within SECAM scope:
  • Service based interface, Npcf, for providing services for AMF, SMF, NWDAF, NEF, CHF, TSCTSF, AF, and 5G DDNM
  • Service based interface for consuming services from UDR
  • Console interface, for local access: local interface on PCF
  • OAM interface, for remote access: interface between PCF and OAM system
• PCF Software: binary code or executable code