Ericsson Cloud RAN passes GSMA’s NESAS security audit

Ericsson’s Cloud RAN has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit making it fully 3GPP and GSMA compliant

Cloud RAN offered by telecommunications company Ericsson has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit, making it fully compliant with the security requirements defined by global standards organisations 3GPP and the GSMA itself. 

The NESAS audit was successfully completed in November 2021, with Cloud RAN as the latest Ericsson offering to pass it, following earlier compliance by Ericsson Core, Transport and Radio Access Network (RAN) portfolios.

NESAS was introduced in recent years to provide a common security assurance framework for secure product development and product lifecycle processes across the mobile industry. Conformance with NESAS is an integral part of Ericsson’s Security Reliability Model, SRM.

Per Narvinger, Head of Product Area Networks, Ericsson, says: “With 5G rollouts accelerating across the world, 5G network security is rapidly becoming a key topic among regulators, authorities, service providers and their consumer and business customers. 

“Security is a key cornerstone in the design of our products and with the software and hardware disaggregation, it is even more important that security is built in from the start. I am therefore pleased that Cloud RAN is now confirmed NESAS-compliant as it adds another layer of credibility and trustworthiness to our Ericsson radio access network (RAN) portfolio,” Narvinger said. 

Cloud-based deployment key to a more open RAN architecture


Cloud-based RAN deployment is an important step towards a more open RAN architecture. The deployment can provide inherent security advantages such as isolation and geographical redundancy. However, the cloud also introduces new security risks that must be considered, according to an Ericsson technical paper Security Considerations of Cloud RAN.

In addition to traditional attacks against the RAN and Core, vulnerabilities in the cloud infrastructure, including microservices, container engines, host operating systems, and third-party hardware can be exploited in cloud-based RAN and Core deployments.

Further details about Ericsson’s Cloud RAN


Ericsson Cloud RAN complies with the GSMA NESAS – Development and Lifecycle Security Requirement version 2.0. The products in scope for this audit are:

  • Central Unit-Control Plane (CU-CP) – a logical node hosting the Radio Resource Control (RRC) and the control plan part of the Packet Data Convergence Protocol (PDCP)
  • Central Unit-User Plane (CU-UP) – a logical node hosting the user-plane part of the PDCP and the Service Data Adaptation Protocol (SDAP)
  • Distributed Unit (DU) and RAN Service Discovery

Ericsson’s NESAS compliance processes underwent a complete audit by a GSMA-approved, independent auditor.


Image: Ericsson 



Featured Articles

DTW24: 2024 Excellence Awards Celebrate Telco Innovation

TM Forum has revealed the winners of its 2024 Excellence Awards at DTW24 Ignite, celebrating groundbreaking initiatives from top telecom and tech companies

Vodafone’s Refurbished Phones & Glastonbury Festival App

Vodafone promotes sustainability with Good Grade refurbished phones, Lifetime Service Promise & offers app for enhanced Glastonbury festival experience

DTW24 - Ignite Summit Paves the Way for the AI-Native Telco

Mobile Magazine is on the ground in Copenhagen at DTW24, highlighting the telecom industry's move into the AI-Native era

What to see and do at GSMA MWC Shanghai 2024

5G & IOT

Canalys: African Smartphone Market Surges 24% in Q1 2024


Cybersecurity Budgets Rise for Telecommunications & Tech