Article
5G & IoT

Ericsson Cloud RAN passes GSMA’s NESAS security audit

By Sam Steers
January 11, 2022
undefined mins
Ericsson’s Cloud RAN has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit making it fully 3GPP and GSMA compliant

Cloud RAN offered by telecommunications company Ericsson has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit, making it fully compliant with the security requirements defined by global standards organisations 3GPP and the GSMA itself. 

The NESAS audit was successfully completed in November 2021, with Cloud RAN as the latest Ericsson offering to pass it, following earlier compliance by Ericsson Core, Transport and Radio Access Network (RAN) portfolios.

NESAS was introduced in recent years to provide a common security assurance framework for secure product development and product lifecycle processes across the mobile industry. Conformance with NESAS is an integral part of Ericsson’s Security Reliability Model, SRM.

Per Narvinger, Head of Product Area Networks, Ericsson, says: “With 5G rollouts accelerating across the world, 5G network security is rapidly becoming a key topic among regulators, authorities, service providers and their consumer and business customers. 

“Security is a key cornerstone in the design of our products and with the software and hardware disaggregation, it is even more important that security is built in from the start. I am therefore pleased that Cloud RAN is now confirmed NESAS-compliant as it adds another layer of credibility and trustworthiness to our Ericsson radio access network (RAN) portfolio,” Narvinger said. 

Cloud-based deployment key to a more open RAN architecture

 

Cloud-based RAN deployment is an important step towards a more open RAN architecture. The deployment can provide inherent security advantages such as isolation and geographical redundancy. However, the cloud also introduces new security risks that must be considered, according to an Ericsson technical paper Security Considerations of Cloud RAN.

In addition to traditional attacks against the RAN and Core, vulnerabilities in the cloud infrastructure, including microservices, container engines, host operating systems, and third-party hardware can be exploited in cloud-based RAN and Core deployments.

Further details about Ericsson’s Cloud RAN

 

Ericsson Cloud RAN complies with the GSMA NESAS – Development and Lifecycle Security Requirement version 2.0. The products in scope for this audit are:

  • Central Unit-Control Plane (CU-CP) – a logical node hosting the Radio Resource Control (RRC) and the control plan part of the Packet Data Convergence Protocol (PDCP)
  • Central Unit-User Plane (CU-UP) – a logical node hosting the user-plane part of the PDCP and the Service Data Adaptation Protocol (SDAP)
  • Distributed Unit (DU) and RAN Service Discovery

Ericsson’s NESAS compliance processes underwent a complete audit by a GSMA-approved, independent auditor.

 

Image: Ericsson 

 

CloudRANNESASauditEricssonSecurity
Share
Share

Featured Articles

Roxer Supports Refurbished Devices with Waterproof Testing

Roxer’s innovative Smartrox water resistance testing solution supports durability of new and refurbished smartphones, tablets and smartwatches

MWC24: Harnessing AI to Modernise Telcos with Tech Mahindra

We spoke with Tech Mahindra’s Manish Mangal at MWC Barcelona 2024 about how AI can transform telco network operations and facilitate greater innovation

Xsolla Unveils Web Shop 2.0 for Direct-to-Consumer Sales

Web Shops are white label digital stores where players purchase in-game items, currencies and top up accounts, all from the developers branded website

MWC24: Mimik Hybrid Edge Cloud Drives Cognitive Internet Era

Technology & AI

AMD: Expanding Telco Partnerships and Advancing 5G and 6G

5G & IOT

MWC24: Expect Gen AI Progress, Cloud, Edge & Sustainability

5G & IOT