Navigating 5G cybersecurity certification (G20c)
Cybersecurity certification is particularly important for the 5G network as one of the critical infrastructures under the Network and Information Security (NIS) Directive.
As a sector that thrives by employing different technologies such as NFV, MEC and SDN, and services from diverse areas, ranging from ICT systems that are part of the internal information security management system (ISMS) to ICT products, infrastructure and cloud services by external vendors, the existence of a common framework for verifying the security of relevant products helps to achieve security by design and default, which are key for data protection and security compliance of the 5G network. Consequently, and to implement the CSA, ENISA is developing the EU5G certification scheme for the certification of 5G ICT products, processes, and services.
To deal with the complexity of certification in 5G, it is necessary to decompose the 5G infrastructure using a modular approach, with clearly defined security features for each module. This allows maximum reuse of existing certification schemes and security standards and leads to more flexibility in the composition of such tools.
In this presentation, we explore a collection of existing certification schemes and security standards such as those for network equipment, cloud, secure elements, IoT, Cryptography, supply chain security, etc., that are relevant for securing various elements of the 5G infrastructure. We introduce the cartography of 5G infrastructure components and present the mapping with relevant standards and certification schemes.