Ericsson’s Cloud RAN offering — including its central unit-control plane (CU-CP), central unit-user plane (CU-UP), distributed unit (DU), and RAN service discovery — has passed the independent Network Equipment Security Assurance Scheme (NESAS) audit.
The NESAS audit for the Cloud RAN was successfully completed in November 2021, making it the latest Ericsson offering to be fully compliant with the security requirements defined by 3GPP and GSMA.
This follows earlier compliance by Ericsson core, transport, and RAN portfolios. NESAS provides a common security assurance framework for secure product development and product lifecycle processes across the mobile industry. Hence, conformance with NESAS is an integral part of Ericsson’s security reliability model (SRM).
Per Narvinger, head of product area networks, Ericsson, says, “With 5G rollouts accelerating across the world, 5G network security is rapidly becoming a key topic among regulators, authorities, service providers and their consumer and business customers. Security is a key cornerstone in the design of our products and with the software and hardware disaggregation, it is even more important that security is built in from the start. I am therefore pleased that Cloud RAN is now confirmed NESAS-compliant as it adds another layer of credibility and trustworthiness to our Ericsson radio access network (RAN) portfolio.”
Cloud-based RAN deployment can provide inherent security advantages such as isolation and geographical redundancy. However, the cloud also introduces new security risks that must be considered, according to an Ericsson technical paper.