Certification according to BSI NESAS

Future-proof Certification for secure 5G Mobile Equipment

Häkchen aus dem etwas versetzt drei horizontal angeordnete Bögen entspringen. Das Häkchen ist schwarz und die drei Bögen analog zur Bundesflagge gefärbt.

The "Network Equipment Security Assurance Scheme" (NESAS) is a framework developed by the Groupe Speciale Mobile Association (GSMA) and the 3rd Generation Partnership Project (3GPP) to review, assure and improve security in the mobile communications industry. NESAS describes a common global basis for the creation of national and international requirements that is used to evaluate defined security features of mobile radio equipment.

Since July 2022, the German Federal Office for Information Security (BSI) has been operating a national product certification program for highly specialized components in the 5G core network, based on the NESAS evaluation scheme of the GSMA: BSI NESAS, formerly NESAS CCS-GI. It allows equipment vendors to demonstrate compliance with required security features through an IT cybersecurity certification.

Extended Version 2.0 of the Certification Program

Bunte Scrabble-Würfel bilden das Wort "Update".

On July 1, 2025, the BSI published the completely revised version 2.0 of its certification program for 5G mobile network equipment. It is now called BSI NESAS and implements the innovations of the also completely revised version 3.0 of the underlying NESAS scheme of the GSMA.

Furthermore, important practical mechanisms have been introduced, making the certification process more efficient and flexible, and enabling better integration into modern product development processes. Key additions include systematic vulnerability assessment, the consideration of existing test environments, and the adaption of the testing scope to the security features provided by the product.

The new documents for BSI NESAS are now available for download.

Obligation to certify critical components

Hand und Stempel mit dem Aufdruck "Regulations".

TR-03163 Security in Telecommunications Infrastructure lists all approved programs for the certification of critical components in telecommunications networks with an increased threat potential and provides instructions for selecting an appropriate program. The Technical Guideline designates BSI-NESAS as the only permitted certification program for components that implement functions in the 3GPP core network and NFV MANO classes.