Ericsson Cloud RAN passes GSMA’s NESAS security audit

Share
Ericsson’s Cloud RAN has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit making it fully 3GPP and GSMA compliant

Cloud RAN offered by telecommunications company Ericsson has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit, making it fully compliant with the security requirements defined by global standards organisations 3GPP and the GSMA itself. 

The NESAS audit was successfully completed in November 2021, with Cloud RAN as the latest Ericsson offering to pass it, following earlier compliance by Ericsson Core, Transport and Radio Access Network (RAN) portfolios.

NESAS was introduced in recent years to provide a common security assurance framework for secure product development and product lifecycle processes across the mobile industry. Conformance with NESAS is an integral part of Ericsson’s Security Reliability Model, SRM.

Per Narvinger, Head of Product Area Networks, Ericsson, says: “With 5G rollouts accelerating across the world, 5G network security is rapidly becoming a key topic among regulators, authorities, service providers and their consumer and business customers. 

“Security is a key cornerstone in the design of our products and with the software and hardware disaggregation, it is even more important that security is built in from the start. I am therefore pleased that Cloud RAN is now confirmed NESAS-compliant as it adds another layer of credibility and trustworthiness to our Ericsson radio access network (RAN) portfolio,” Narvinger said. 

Cloud-based deployment key to a more open RAN architecture

 

Cloud-based RAN deployment is an important step towards a more open RAN architecture. The deployment can provide inherent security advantages such as isolation and geographical redundancy. However, the cloud also introduces new security risks that must be considered, according to an Ericsson technical paper Security Considerations of Cloud RAN.

In addition to traditional attacks against the RAN and Core, vulnerabilities in the cloud infrastructure, including microservices, container engines, host operating systems, and third-party hardware can be exploited in cloud-based RAN and Core deployments.

Further details about Ericsson’s Cloud RAN

 

Ericsson Cloud RAN complies with the GSMA NESAS – Development and Lifecycle Security Requirement version 2.0. The products in scope for this audit are:

  • Central Unit-Control Plane (CU-CP) – a logical node hosting the Radio Resource Control (RRC) and the control plan part of the Packet Data Convergence Protocol (PDCP)
  • Central Unit-User Plane (CU-UP) – a logical node hosting the user-plane part of the PDCP and the Service Data Adaptation Protocol (SDAP)
  • Distributed Unit (DU) and RAN Service Discovery

Ericsson’s NESAS compliance processes underwent a complete audit by a GSMA-approved, independent auditor.

 

Image: Ericsson 

 

Share

Featured Articles

Huawei: The Journey to Future 6G Networks Must Embrace AI

At the 6G Conference in Istanbul in September 2024, Huawei Wireless CTO Dr. Wen Tong states that 6G must embrace the ‘AI revolution’ to be successful

NGMN Champions New AI Framework for Autonomous 5G Networks

The guidance outlines principles for AI-driven autonomous networks, aiming to manage complexity and enhance user experience in 5G Advanced ecosystems

Dell Unveils AI Initiative to Revolutionise Telecom Industry

Dell launches AI for Telecom program to accelerate AI adoption in telecoms, partnering with NVIDIA and global operators to enhance network performance

James Gowen: Powering a Sustainable Future for Telecoms

Sustainability

Samsung SmartThings: 10 Years of Developing the Smart Home

Voice & Data

How Nokia Seeks to Enhance Rural Coverage Across Africa

Mobile Operators