Ericsson Cloud RAN passes GSMA’s NESAS security audit

Ericsson’s Cloud RAN has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit making it fully 3GPP and GSMA compliant

Cloud RAN offered by telecommunications company Ericsson has passed the GSMA’s independent Network Equipment Security Assurance Scheme (NESAS) audit, making it fully compliant with the security requirements defined by global standards organisations 3GPP and the GSMA itself. 

The NESAS audit was successfully completed in November 2021, with Cloud RAN as the latest Ericsson offering to pass it, following earlier compliance by Ericsson Core, Transport and Radio Access Network (RAN) portfolios.

NESAS was introduced in recent years to provide a common security assurance framework for secure product development and product lifecycle processes across the mobile industry. Conformance with NESAS is an integral part of Ericsson’s Security Reliability Model, SRM.

Per Narvinger, Head of Product Area Networks, Ericsson, says: “With 5G rollouts accelerating across the world, 5G network security is rapidly becoming a key topic among regulators, authorities, service providers and their consumer and business customers. 

“Security is a key cornerstone in the design of our products and with the software and hardware disaggregation, it is even more important that security is built in from the start. I am therefore pleased that Cloud RAN is now confirmed NESAS-compliant as it adds another layer of credibility and trustworthiness to our Ericsson radio access network (RAN) portfolio,” Narvinger said. 

Cloud-based deployment key to a more open RAN architecture


Cloud-based RAN deployment is an important step towards a more open RAN architecture. The deployment can provide inherent security advantages such as isolation and geographical redundancy. However, the cloud also introduces new security risks that must be considered, according to an Ericsson technical paper Security Considerations of Cloud RAN.

In addition to traditional attacks against the RAN and Core, vulnerabilities in the cloud infrastructure, including microservices, container engines, host operating systems, and third-party hardware can be exploited in cloud-based RAN and Core deployments.

Further details about Ericsson’s Cloud RAN


Ericsson Cloud RAN complies with the GSMA NESAS – Development and Lifecycle Security Requirement version 2.0. The products in scope for this audit are:

  • Central Unit-Control Plane (CU-CP) – a logical node hosting the Radio Resource Control (RRC) and the control plan part of the Packet Data Convergence Protocol (PDCP)
  • Central Unit-User Plane (CU-UP) – a logical node hosting the user-plane part of the PDCP and the Service Data Adaptation Protocol (SDAP)
  • Distributed Unit (DU) and RAN Service Discovery

Ericsson’s NESAS compliance processes underwent a complete audit by a GSMA-approved, independent auditor.


Image: Ericsson 



Featured Articles

One month to go until Cloud & 5G LIVE on 11 and 12 October

Cloud & 5G LIVE, brought to you by BizClik and Mobile Magazine, kicks off on 11 October and will see thousands of virtual audience members worldwide attend

Mobile Magazine: Celebrations as we mark our 3rd birthday

As we celebrate Mobile Magazine’s birthday this week, we take a look back on our highlights over the last three years

e& and Indosat to offer premium international services

e& and Indosat’s partnership aims to provide premium class international communication services by enhancing cooperation in international voice traffic

EE's 4G/5G small-cell networks Wimbledon tennis move

Mobile Operators

Vodafone merge with Three UK to enact digital transformation

Mobile Operators

Donald Butts of InterDigital on Sensory 6G Insights

5G & IOT