Nokia’s RAN Solutions Pass GSMA’s NESAS Security Audit
Nokia’s Single RAN Base Station portfolio as well as its 5G Cloud RAN solution have passed the GSMA’s bi-annual Network Equipment Security Assurance Scheme (NESAS) audit. The company’s portfolio is fully compliant with all security requirements defined by the GSMA and standards organization, 3GPP.
The NESAS audit ensured Nokia’s products and compliance processes underwent a complete audit by a GSMA-approved independent auditor. Nokia complies with NESAS’ – Development and Lifecycle Security Requirement version 2.1. Nokia’s ‘Design for Security’ process, which enables product security features and controls to identify, mitigate and manage security vulnerabilities, was utilized to enforce NESAS requirements. This process is a mandatory and integral part of Nokia’s product development, security testing, and software life cycle management.
The NESAS audit also covered Nokia’s Cloud RAN solutions, which are also created with Nokia’s ‘Design for Security’ process. Operators are increasingly interested in exploring the capabilities of Cloud RAN in the 5G world and trialing a hybrid approach where it co-exists in the network with Classic RAN with purpose-built baseband. Cloud RAN solution comes with feature-richness and full feature parity with Classic RAN including seamless continuity and the same carrier-grade high performance.
NESAS audits and tests network equipment across the telecommunications industry to ensure it conforms to a security benchmark, reflecting the security requirements of regulators, governments, and mobile operators. It provides a universal and global security framework that provides confidence to mobile operators purchasing equipment from suppliers. The scheme also means that operators do not have to duplicate work such as security testing on multi-vendor products, it also increases the transparency and comparability of products from different suppliers.
“We are pleased to see our Single RAN and Cloud RAN portfolio confirmed as NESAS-compliant in this audit. We place a premium on ensuring our products are intrinsically secure and our rigorous ‘Design for Security’ process ensures we identify and mitigate any potential security threats before they happen. As 5G networks roll out around the world, it has never been more important to provide our customers and the wider industry with the assurance that our technology is secure, and this accreditation gives us another layer of credibility supporting that aim,” said Ari Kynäslahti, Head of Strategy and Technology at Nokia Mobile Networks.