24 August 2020, Shenzhen, China - ZTE Corporation (0763.HK / 000063.SZ), a major international provider of telecommunications, enterprise and consumer technology solutions for the Mobile Internet, has passed GSMA's Network Equipment Security Assurance Scheme (NESAS) audit for its development and product lifecycle processes. With the focus on network products of ZTE 5G New Radio (NR) and 5G Common Core (5GC), the security assessment is implemented by ATSEC, a Swedish independent information security company designated by GSMA.
The final report results show that ZTE's development and lifecycle processes are fully compliant with the security requirements defined in the GSMA NESAS FS.13 and FS.16 specifications, and have been applied in practice, thereby demonstrating the security of ZTE's 5G development and lifecycle processes.
NESAS, jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvement in security levels across the mobile industry. NESAS defines security requirements and an assessment framework for secure product development and product life-cycle processes, using 3GPP defined security test cases for the security evaluation of network equipment.
NESAS focuses on two aspects of security assessment: the security assessment of the vendor development and product lifecycle processes, as well as the security evaluation of network equipment.
ZTE's High Performance Product Development (HPPD) process has been proved to be in full compliance with the first aspect of security assessment with respect to the requirements defined in NESAS.
ZTE 5G NR products lay a solid foundation for accelerating large-scale commercial deployments of 5G networks while ZTE 5GC is a fully-converged core network solution meeting full access requirements of 2G/3G/4G/5G/Fixed networks. Based on the two ZTE product categories, ATSEC auditors have conducted a comprehensive security assessment of ZTE product development and life-cycle, covering specific aspects that potentially impact the security of manufactured network equipment over its lifetime, including design, development, implementation and maintenance processes.
The evidence and practical cases demonstrate that ZTE has fully integrated the security requirements into its day-to-day work routine, showcasing a comprehensive understanding of the security development with well-defined processes.
Moreover, ZTE is continuously assessing and improving the product development lifecycle by incorporating NESAS requirements and the industry’s best practices into processes and technical specifications.
ZTE insists on creating value for customers through technological innovations, and maintains R&D investment in core areas of 5G. As an important contributor to global 5G technology research and standard setting, ZTE has been actively engaging in industry collaborations with the adherence to transparency and openness.
With the vision of "Security in DNA, Trust through Transparency", ZTE has been committed to providing secure products and services to the industry and customers. Moving forward, the company will work together with industry partners, customers and regulators to build secured 5G networks, so as to enable communication and trust everywhere.
ZTE is a provider of advanced telecommunications systems, mobile devices and enterprise technology solutions to consumers, operators, companies and public sector customers. The company has been committed to providing customers with integrated end-to-end innovations to deliver excellence and value as the telecommunications and information technology sectors converge. Listed in the stock exchanges of Hong Kong and Shenzhen (H share stock code: 0763.HK / A share stock code: 000063.SZ), ZTE sells its products and services in more than 160 countries.
For further details, please check the GSMA website.