First Experience with the Network Equipment Security Assurance Scheme (NESAS) (A11c)
In response to the development of various national security requirements for the telecommunications industry and the associated test or approval procedures, NESAS (Network Equipment Security Assurance Scheme) was developed by representatives of the telecommunications industry such as network operators and manufacturers as an internationally uniform and industry-specific scheme. The following points will be addressed as part of the presentation:
• How much confidence can you have in products that have been developed according to development processes that have been audited according to requirements in NESAS?
• How does SCAS testing (Security Assurance Specifications) work and how much trust does it bring in comparison to other evaluation or test procedures?
• How well this two-part assessment approach with separate execution of process audits and product tests work? How are these two aspects integrated? What are the advantages and disadvantages of this approach?
• What can we learn from NESAS for other assessment schemes and other industries?