enisa-5g-scm-v1.3.yaml

urn: urn:intuitem:risk:library:enisa-5g-scm-v1.3
locale: en
ref_id: ENISA 5G SCM v1.3
name: ENISA 5G Security Control Matrix v1.3
description: "The main goal of the ENISA 5G security controls matrix is to support\
  \ the national authorities in the EU Member States with implementing the technical\
  \ measures of the EU\u2019s 5G Cybersecurity toolbox.\nSource: https://www.enisa.europa.eu/publications/5g-security-controls-matrix\n"
copyright: "The Matrix is provided on an \u2018as is\u2019 basis. ENISA is not responsible\
  \ for the information contained in the Matrix, including the use that might be made\
  \ of this information, or the content of any external sources referenced in the\
  \ Matrix.\n"
version: 2
provider: ENISA
packager: intuitem
objects:
  reference_controls:
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m1
    ref_id: 5G-M1
    category: process
    description: '(L1) Set a high level security policy addressing the security of
      networks and services '
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m2
    ref_id: 5G-M2
    category: process
    description: (L1) Make key personnel aware of the security policy
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m3
    ref_id: 5G-M3
    category: process
    description: (L2) Set detailed information security policies for critical assets
      and business processes
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m4
    ref_id: 5G-M4
    category: process
    description: (L2) Make all personnel aware of the security policy and what it
      implies for their work
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m5
    ref_id: 5G-M5
    category: process
    description: (L2) Review the security policy following incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m6
    ref_id: 5G-M6
    category: process
    description: (L3) Review the information security policies periodically, and take
      into account violations, exceptions, past incidents, past tests/exercises, and
      incidents affecting other (similar) providers in the sector
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m7
    ref_id: 5G-M7
    category: process
    description: (L1) Make a list of the main risks for security of networks and services,
      taking into account main threats for the critical assets
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m8
    ref_id: 5G-M8
    category: process
    description: (L1) Make key personnel aware of the main risks and how they are
      mitigated
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m9
    ref_id: 5G-M9
    category: process
    description: (L2) Set up a risk management methodology and/or tools based on industry
      standards
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m10
    ref_id: 5G-M10
    category: process
    description: (L2) Ensure that key personnel use the risk management methodology
      and tools
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m11
    ref_id: 5G-M11
    category: process
    description: (L2) Review the risk assessments following changes or incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m12
    ref_id: 5G-M12
    category: process
    description: (L2) Ensure residual risks are accepted by management
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m13
    ref_id: 5G-M13
    category: process
    description: (L3) Review the risk management methodology and/or tools, periodically,
      taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m14
    ref_id: 5G-M14
    category: process
    description: (L1) Assign security roles and responsibilities to personnel
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m15
    ref_id: 5G-M15
    category: process
    description: (L1) Make sure the security roles are reachable in case of security
      incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m16
    ref_id: 5G-M16
    category: process
    description: (L2) Personnel is formally appointed in security roles
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m17
    ref_id: 5G-M17
    category: process
    description: (L2) Make personnel aware of the security roles in your organisation
      and when they should be contacted
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m18
    ref_id: 5G-M18
    category: process
    description: (L3) Structure of security roles and responsibilities is regularly
      reviewed and revised, based on changes and/or past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m19
    ref_id: 5G-M19
    category: process
    description: (L1) Include security requirements in contracts with third-parties,
      including confidentiality and secure transfer of information
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m20
    ref_id: 5G-M20
    category: process
    description: (L2) Set a security policy for contracts with third-parties
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m21
    ref_id: 5G-M21
    category: process
    description: (L2) Ensure that all procurement of services/products from third-parties
      follows the policy
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m22
    ref_id: 5G-M22
    category: process
    description: (L2) Review security policy for third parties, following incidents
      or changes
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m23
    ref_id: 5G-M23
    category: process
    description: "(L2) Demand specific security standards in third-party supplier\u2019\
      s processes during procurement"
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m24
    ref_id: 5G-M24
    category: process
    description: (L2) Mitigate residual risks that are not addressed by the third
      party
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m25
    ref_id: 5G-M25
    category: process
    description: (L3) Keep track of security incidents related to or caused by third-parties
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m26
    ref_id: 5G-M26
    category: process
    description: (L3) Periodically review and update security policy for third parties
      at regular intervals, taking into account past incidents, changes, etc.
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m27
    ref_id: 5G-M27
    category: process
    description: '(L1) Check professional references of key personnel (system administrators,
      security officers, guards, etc.) '
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m28
    ref_id: 5G-M28
    category: process
    description: (L2) Perform background checks/screening for key personnel, when
      needed and legally permitted
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m29
    ref_id: 5G-M29
    category: process
    description: (L2) Set up a policy and procedure for background checks
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m30
    ref_id: 5G-M30
    category: process
    description: (L3) Review and update policy/procedures for background checks and
      reference checks at regular intervals, taking into account changes and past
      incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m31
    ref_id: 5G-M31
    category: process
    description: (L1) Provide key personnel with relevant training and material on
      security issues
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m32
    ref_id: 5G-M32
    category: process
    description: (L2) Implement a program for training, making sure that key personnel
      have sufficient and up-to-date security knowledge
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m33
    ref_id: 5G-M33
    category: process
    description: (L2) Organise trainings and awareness sessions for personnel on security
      topics important for your organisation
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m34
    ref_id: 5G-M34
    category: process
    description: (L3) Review and update the training program periodically, taking
      into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m35
    ref_id: 5G-M35
    category: process
    description: (L3) Test the security knowledge of personnel
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m36
    ref_id: 5G-M36
    category: process
    description: (L1) Following changes in personnel revoke access rights, badges,
      equipment, etc., if no longer necessary or permitted
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m37
    ref_id: 5G-M37
    category: process
    description: (L1) Brief and educate new personnel on the policies and procedures
      in place
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m38
    ref_id: 5G-M38
    category: process
    description: (L2) Implement policy/procedures for personnel changes, taking into
      account timely revocation of access rights, badges and equipment
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m39
    ref_id: 5G-M39
    category: process
    description: (L2) Implement policy/procedures for education and training for personnel
      in new roles
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m40
    ref_id: 5G-M40
    category: process
    description: (L3) Periodically check that the policy/procedures are effective
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m41
    ref_id: 5G-M41
    category: process
    description: (L3) Review and evaluate policy/procedures for personnel changes,
      taking into account changes or past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m42
    ref_id: 5G-M42
    category: process
    description: (L1) Hold personnel accountable for security incidents caused by
      violations of policies, for example via the employment contract
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m43
    ref_id: 5G-M43
    category: process
    description: (L2) Set up procedures for violations of policies by personnel
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m44
    ref_id: 5G-M44
    category: process
    description: (L3) Periodically review and update the disciplinary process, based
      on changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m45
    ref_id: 5G-M45
    category: process
    description: "(L1) Prevent unauthorized physical access to facilities and infrastructure\
      \ and set up adequate environmental controls, to protect provider assets (including\
      \ third party assets, where applicable) against unauthorized access, burglary,\
      \ fire, flooding, etc. Security controls should be selected based on the risk\
      \ assessment, which should also take in consideration current and forecasted\
      \ environmental security risks \u2013 e.g. related to climate change"
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m46
    ref_id: 5G-M46
    category: process
    description: (L2) Implement a policy for physical security measures and environmental
      controls
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m47
    ref_id: 5G-M47
    category: process
    description: (L2) Industry standard implementation of physical and environmental
      controls
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m48
    ref_id: 5G-M48
    category: process
    description: (L2) Apply reinforced controls for physical access to critical assets.
      For example, physical access to such assets should only be granted to a limited
      number of security-vetted, trained and qualified personnel. Access by third-parties,
      contractors, and employees of suppliers/vendors, integrators, should be limited
      and monitored
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m49
    ref_id: 5G-M49
    category: process
    description: (L3) Evaluate the effectiveness of physical and environmental controls
      periodically
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m50
    ref_id: 5G-M50
    category: process
    description: (L3) Review and update the policy for physical security measures
      and environmental controls taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m51
    ref_id: 5G-M51
    category: process
    description: (L1) Ensure security of critical supplies
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m52
    ref_id: 5G-M52
    category: process
    description: (L2) Implement a policy for security of critical supplies
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m53
    ref_id: 5G-M53
    category: process
    description: (L2) Implement industry standard security measures to protect critical
      supplies and supporting facilities (e.g. passive cooling, automatic restart
      after power interruption, battery backup power, diesel generators, backup fuel,
      etc.)
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m54
    ref_id: 5G-M54
    category: process
    description: (L3) Implement state of the art security measures to protect critical
      supplies (such as active cooling, UP, hot standby power generators, SLAs with
      fuel delivery companies, redundant cooling and power backup systems)
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m55
    ref_id: 5G-M55
    category: process
    description: (L3) Review and update policy and procedures to secure critical supplies
      regularly, taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m56
    ref_id: 5G-M56
    category: process
    description: "(L1) Users and systems have unique ID\u2019s and are authenticated\
      \ before accessing services or systems"
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m57
    ref_id: 5G-M57
    category: process
    description: (L1) Implement logical access control mechanism for network and information
      systems to allow only authorized use
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m58
    ref_id: 5G-M58
    category: process
    description: (L2) Implement policy for protecting access to network and information
      systems, addressing for example roles, rights, responsibilities and procedures
      for assigning and revoking access rights
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m59
    ref_id: 5G-M59
    category: process
    description: (L2) Choose appropriate authentication mechanisms, depending on the
      type of access
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m60
    ref_id: 5G-M60
    category: process
    description: (L2) Monitor access to network and information systems, have a process
      for approving exceptions and registering access violations
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m61
    ref_id: 5G-M61
    category: process
    description: (L2) Reinforce controls for remote access to critical assets of network
      and information systems by third parties
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m62
    ref_id: 5G-M62
    category: process
    description: (L3) Evaluate the effectiveness of access control policies and procedures
      and implement cross checks on access control mechanisms
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m63
    ref_id: 5G-M63
    category: process
    description: (L3) Access control policy and access control mechanisms are reviewed
      and when needed revised
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m64
    ref_id: 5G-M64
    category: process
    description: (L1) Make sure software of network and information systems is not
      tampered with or altered, for instance by using input controls and firewalls
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m65
    ref_id: 5G-M65
    category: process
    description: (L1) Check for malware on (internal) network and information systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m66
    ref_id: 5G-M66
    category: process
    description: (L2) Implement industry standard security measures, providing defence-in-depth
      against tampering and altering of systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m67
    ref_id: 5G-M67
    category: process
    description: (L2) Apply reinforced software integrity, update and patch management
      controls for critical assets in virtualised networks
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m68
    ref_id: 5G-M68
    category: process
    description: (L3) Set up state of the art controls to protect integrity of systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m69
    ref_id: 5G-M69
    category: process
    description: (L3) Evaluate and review the effectiveness of measures to protect
      integrity of systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m70
    ref_id: 5G-M70
    category: process
    description: (L1) Where appropriate to prevent and/or minimise the impact of security
      incidents on users and on other networks and services, encrypt data during its
      storage in and/or transmission via networks. The type and scope of data to be
      encrypted should be determined based on the risk assessment performed and will
      typically include communication data, customer critical data (e.g. unique identifiers),
      relevant management and signalling traffic and any other data or metadata, the
      disclosure or tampering of which may cause security incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m71
    ref_id: 5G-M71
    category: process
    description: (L2) Implement encryption policy
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m72
    ref_id: 5G-M72
    category: process
    description: (L2) Use industry standard encryption algorithms and the corresponding
      recommended lengths of encryption keys
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m73
    ref_id: 5G-M73
    category: process
    description: (L3) Review and update encryption policy
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m74
    ref_id: 5G-M74
    category: process
    description: (L3) Use state of the art encryption algorithms
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m75
    ref_id: 5G-M75
    category: process
    description: (L1) Make sure that cryptographic key material and secret authentication
      information (including cryptographic key material used for authentication) are
      not disclosed or tampered with
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m76
    ref_id: 5G-M76
    category: process
    description: (L2) Implement policy for management of cryptographic keys
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m77
    ref_id: 5G-M77
    category: process
    description: (L2) Implement policy for management of user passwords
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m78
    ref_id: 5G-M78
    category: process
    description: (L3) Review and update of key management policy
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m79
    ref_id: 5G-M79
    category: process
    description: (L3) Review and update of user password management policy
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m80
    ref_id: 5G-M80
    category: process
    description: (L1) Set up operational procedures and assign responsibilities for
      operation of critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m81
    ref_id: 5G-M81
    category: process
    description: (L2) Implement a policy for operation of systems to make sure all
      critical systems are operated and managed in line with predefined procedures
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m82
    ref_id: 5G-M82
    category: process
    description: (L3) Review and update the policy/procedures for operation of critical
      systems, taking into account incidents and/or changes
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m83
    ref_id: 5G-M83
    category: process
    description: (L1) Follow predefined methods or procedures when making changes
      to critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m84
    ref_id: 5G-M84
    category: process
    description: (L2) Implement policy/procedures for change management, to make sure
      that changes of critical systems are always done following a predefined way
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m85
    ref_id: 5G-M85
    category: process
    description: (L2) Document change management procedures, and record for each change
      the steps of the followed procedure
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m86
    ref_id: 5G-M86
    category: process
    description: (L3) Review and update change management procedures regularly, taking
      into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m87
    ref_id: 5G-M87
    category: process
    description: (L1) Identify critical assets and configurations of critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m88
    ref_id: 5G-M88
    category: process
    description: (L2) Implement policy/procedures for asset management and configuration
      control
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m89
    ref_id: 5G-M89
    category: process
    description: (L3) Review and update the asset management policy regularly, based
      on changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m90
    ref_id: 5G-M90
    category: process
    description: (L1) Make sure personnel is available and prepared to manage and
      handle incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m91
    ref_id: 5G-M91
    category: process
    description: (L1) Keep a record of all major incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m92
    ref_id: 5G-M92
    category: process
    description: (L2) Implement policy/procedures for managing incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m93
    ref_id: 5G-M93
    category: process
    description: (L3) Investigate major incidents and draft final incident reports,
      including actions taken and recommendations to mitigate future occurrence of
      this type of incident
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m94
    ref_id: 5G-M94
    category: process
    description: (L3) Evaluate incident management policy/procedures based on past
      incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m95
    ref_id: 5G-M95
    category: process
    description: (L1) Set up processes or systems for incident detection
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m96
    ref_id: 5G-M96
    category: process
    description: (L2) Implement industry standard systems and procedures for incident
      detection
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m97
    ref_id: 5G-M97
    category: process
    description: (L2) Implement systems and procedures for registering and forwarding
      incidents timely to the appropriate people
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m98
    ref_id: 5G-M98
    category: process
    description: (L3) Review systems and processes for incident detection regularly
      and update them taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m99
    ref_id: 5G-M99
    category: process
    description: (L3) Implement state of the art systems and procedures for incident
      detection
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m100
    ref_id: 5G-M100
    category: process
    description: (L1) Communicate and report about on-going or past incidents to third
      parties, customers, and/or government authorities, when necessary
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m101
    ref_id: 5G-M101
    category: process
    description: (L2) Implement policy and procedures for communicating and reporting
      about incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m102
    ref_id: 5G-M102
    category: process
    description: (L3) Evaluate past communications and reporting about incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m103
    ref_id: 5G-M103
    category: process
    description: (L3) Review and update the reporting and communication plans, based
      on changes or past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m104
    ref_id: 5G-M104
    category: process
    description: (L1) Implement a service continuity strategy for the communications
      networks and/or services provided
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m105
    ref_id: 5G-M105
    category: process
    description: (L2) Implement contingency plans for critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m106
    ref_id: 5G-M106
    category: process
    description: (L2) Monitor activation and execution of contingency plans, registering
      successful and failed recovery times
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m107
    ref_id: 5G-M107
    category: process
    description: (L2) Implement contingency plans for dependent and inter-dependent
      critical sectors and services. When determining dependent critical sectors and
      services, providers may take into account those services that are dependent
      on the continuity of the network and service operation which are essential for
      the maintenance of critical societal and/or economic activities and for which
      an incident would have significant disruptive effects on the provision of that
      service. One possible way for identifying such dependent services may be to
      pass the obligation to service consumers to inform the providers if their service
      is considered critical
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m108
    ref_id: 5G-M108
    category: process
    description: (L3) Review and revise service continuity strategy periodically
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m109
    ref_id: 5G-M109
    category: process
    description: (L3) Review and revise contingency plans, based on past incidents
      and changes
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m110
    ref_id: 5G-M110
    category: process
    description: (L1) Prepare for recovery and restoration of services following disasters
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m111
    ref_id: 5G-M111
    category: process
    description: (L2) Implement policy/procedures for deploying disaster recovery
      capabilities
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m112
    ref_id: 5G-M112
    category: process
    description: (L2) Implement industry standard disaster recovery capabilities,
      or be assured they are available from third parties (such as national emergency
      networks)
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m113
    ref_id: 5G-M113
    category: process
    description: (L3) Set up state of the art disaster recovery capabilities to mitigate
      natural and/major disasters
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m114
    ref_id: 5G-M114
    category: process
    description: (L3) Review and update disaster recovery capabilities regularly,
      taking into account changes, past incidents, and results of tests and exercises
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m115
    ref_id: 5G-M115
    category: process
    description: (L1) Implement monitoring and logging of critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m116
    ref_id: 5G-M116
    category: process
    description: (L2) Implement policy for logging and monitoring of critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m117
    ref_id: 5G-M117
    category: process
    description: '(L2) Set up tools for monitoring critical systems '
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m118
    ref_id: 5G-M118
    category: process
    description: (L2) Set up tools to collect and store logs of critical systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m119
    ref_id: 5G-M119
    category: process
    description: (L3) Set up tools for automated collection and analysis of monitoring
      data and logs
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m120
    ref_id: 5G-M120
    category: process
    description: (L3) Review and update logging and monitoring policy/procedures,
      taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m121
    ref_id: 5G-M121
    category: process
    description: (L1) Exercise and test backup and contingency plans to make sure
      systems and processes work and personnel is prepared for large failures and
      contingencies
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m122
    ref_id: 5G-M122
    category: process
    description: (L2) Implement a program for exercising backup and contingency plans
      regularly, using realistic scenarios covering a range of different scenarios
      over time
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m123
    ref_id: 5G-M123
    category: process
    description: (L2) Make sure that the issues and lessons learnt from exercises
      are addressed by the responsible people and that the relevant processes and
      systems are updated accordingly
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m124
    ref_id: 5G-M124
    category: process
    description: (L3) Review and update the exercise plans, taking into account changes,
      past incidents and contingencies which were not covered by the exercise program
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m125
    ref_id: 5G-M125
    category: process
    description: (L3) Involve suppliers and other third parties in exercises, for
      example business partners and customers
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m126
    ref_id: 5G-M126
    category: process
    description: (L1) Test networks and information systems before using them or connecting
      them to existing systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m127
    ref_id: 5G-M127
    category: process
    description: (L2) Implement policy/procedures for testing network and information
      systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m128
    ref_id: 5G-M128
    category: process
    description: (L2) Implement tools for automated testing
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m129
    ref_id: 5G-M129
    category: process
    description: (L3) Review and update the policy/procedures for testing, taking
      into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m130
    ref_id: 5G-M130
    category: process
    description: (L1) Ensure critical systems undergo security scans and security
      testing regularly, particularly when new systems are introduced and following
      changes
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m131
    ref_id: 5G-M131
    category: process
    description: (L2) Implement policy/procedures for security assessments and security
      testing
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m132
    ref_id: 5G-M132
    category: process
    description: (L3) Evaluate the effectiveness of policy/procedures for security
      assessments and security testing
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m133
    ref_id: 5G-M133
    category: process
    description: (L3) Review and update policy/procedures for security assessments
      and security testing, taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m134
    ref_id: 5G-M134
    category: process
    description: (L1) Monitor compliance to standards and legal requirements
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m135
    ref_id: 5G-M135
    category: process
    description: (L2) Implement policy/procedures for compliance monitoring and auditing
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m136
    ref_id: 5G-M136
    category: process
    description: (L3) Evaluate the policy/procedures for compliance and auditing
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m137
    ref_id: 5G-M137
    category: process
    description: (L3) Review and update the policy/procedures for compliance and auditing,
      taking into account changes and past incidents
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m138
    ref_id: 5G-M138
    category: process
    description: (L1) Perform regular threat monitoring
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m139
    ref_id: 5G-M139
    category: process
    description: (L2) Implement threat intelligence program
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m140
    ref_id: 5G-M140
    category: process
    description: (L3) Review and update the threat intelligence program
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m141
    ref_id: 5G-M141
    category: process
    description: (L3) Threat intelligence program makes use of state of the art threat
      intelligence systems
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m142
    ref_id: 5G-M142
    category: process
    description: (L1) Inform end-users of communication networks and services about
      particular and significant security threats to network or service that may affect
      them
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m143
    ref_id: 5G-M143
    category: process
    description: (L2) Implement policy/procedures for regular update of end-users
      about security threats to network or service that may affect them
  - urn: urn:intuitem:risk:reference_control:enisa-5g-scm:5g-m144
    ref_id: 5G-M144
    category: process
    description: (L3) Review and update the policy/procedures for regular update of
      end-users about security threats to network or service that may affect them
  framework:
    urn: urn:intuitem:risk:framework:enisa-5g-scm-v1.3
    ref_id: ENISA 5G SCM v1.3
    name: ENISA 5G Security Control Matrix v1.3
    description: "The main goal of the ENISA 5G security controls matrix is to support\
      \ the national authorities in the EU Member States with implementing the technical\
      \ measures of the EU\u2019s 5G Cybersecurity toolbox.\nSource: https://www.enisa.europa.eu/publications/5g-security-controls-matrix\n"
    requirement_nodes:
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d1
      assessable: false
      depth: 1
      ref_id: D1
      name: GOVERNANCE AND RISK MANAGEMENT
      description: D1 covers the security objectives related to governance and management
        of network and information security risks
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d1
      ref_id: SO1
      name: Information security policy
      description: Establish and maintain an appropriate information security policy
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so1-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so1
      ref_id: SO1-001
      description: Security policy is defined, followed, and kept updated
      typical_evidence: MNO has well-defined and documented security policies, procedures,
        and best practices. MNO also has a documented audit process to confirm that
        security policy and procedures are followed and are effective
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M1
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M2
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M3
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M4
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M5
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M6
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so1-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so1
      ref_id: SO1-002
      description: Industry trends and best practices related to security management
        should be monitored
      typical_evidence: MNO has documented processes, tools, and responsible personnel
        for monitoring industry trends and best practices related to security management.
        If applicable, MNO has monitoring records, such as reports and lessons learnt
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M1
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M2
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M3
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M4
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M5
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M6
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d1
      ref_id: SO2
      name: Governance and risk management
      description: Establish and maintain an appropriate governance and risk management
        framework, to identify and address risks for the communications networks and
        services
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2
      ref_id: SO2-001
      description: Extensive assessment of virtualization-related vulnerabilities
        for MEC components
      typical_evidence: Documentation of MEC components lists potential vulnerabilities
        relating to using MEC components in virtualized environments, along with appropriate
        measures to ensure their secure deployment/operation
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M7
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M8
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M9
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M10
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M11
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M12
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M13
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2
      ref_id: SO2-002
      description: Insurable risks are identified, assessed, and appropriately mitigated
      typical_evidence: Documented (i) process of identifying insurable risks, (ii)
        list of insurable risks with their owners, (iii) risk assessment and evaluation
        criteria as well as results (documented risk analysis), (iv) selected security
        controls for each of the identified risks, and (v) a list of accepted residual
        risks
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M7
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M8
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M9
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M10
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M11
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M12
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M13
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2
      ref_id: SO2-003
      description: Internal and external sources of risks and threats are identified
        proactively. Threats of particular significance for 5G networks are included.
        Identified risks are aligned with the main risks for 5G networks identified
        in the EU Coordinated Risk Assessment of 5G Network Security.
      typical_evidence: MNO has documented risk analysis policy and procedures, including
        a documented list of threats and risk scenarios with their sources, including
        to 5G networks, which also involves threat information collected from external
        sources. Documented list of external sources for threat and risk monitoring
        includes publications (such as reports from private/public organizations,
        e.g. ENISA 5G Threat Landscape) and/or relevant CTI tools and platforms (commercial
        and open source solutions such as MISP/OpenCTI). The documented list of threats
        and risk scenarios is aligned with the EU Coordinated Risk Assessment of 5G
        Network Security.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M7
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M8
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M9
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M10
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M11
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M12
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M13
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2
      ref_id: SO2-004
      description: A baseline set of security controls should be selected, designed,
        and specified
      typical_evidence: A documented risk management plan with assets and threats.
        Documented processes and, if applicable, other records of using the risk management
        plan as input for specification of security controls. Documented processes
        and, if applicable, other records (such as review comments) showing that the
        preventive measures listed by the security controls have been compared against
        catalogues of best practices such as ISO 27001/ITU x.1051
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M7
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M8
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M9
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M10
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M11
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M12
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M13
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so2
      ref_id: SO2-005
      description: "The MNO should have a mature supply chain risks management (SCRM),\
        \ which should include security assessments of vendor development and product\
        \ lifecycle processes and security assurance specifications. Such risk assessments\
        \ could include 3GPP SCAS or the Common Criteria. \n \nIn 5G, the assessment\
        \ is carried out at the beginning to ensure products/solutions are evaluated\
        \ against known risks. However, this should be automated once the products\
        \ are implemented in the network."
      typical_evidence: "Verification of the evaluation report by the MNO to ensure\
        \ that deployed VNFs conform to security functional and assurance requirements.\
        \ \n \nIn case of a Common Criteria certification, MNO verifies the certificate\
        \ issued by an accredited laboratory and certification body."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M7
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M8
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M9
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M10
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M11
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M12
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M13
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d1
      ref_id: SO3
      name: Security roles and responsibilities
      description: Establish and maintain an appropriate structure of security roles
        and responsibilities
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so3-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so3
      ref_id: SO3-001
      description: Assign security roles and responsibilities to personnel with clear
        segregation of duties
      typical_evidence: List of MNO personnel with documented non-overlapping security
        roles and responsibilities. Documented processes are in place for regularly
        reviewing and revising the structure of roles and responsibilities based on
        changes and/or past incidents
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M14
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M15
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M16
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M17
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M18
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d1
      ref_id: SO4
      name: Security of third party dependencies
      description: Establish and maintain a policy, with security requirements for
        contracts with third parties, to ensure that dependencies on third parties
        do not negatively affect security of networks and/or services
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-001
      description: Equipment installed outside a telecommunications organization's
        own premises should be sited in a protected area
      typical_evidence: Contracts with third parties hosting the equipment contain
        requirements for adhering to security best practices and industry standards.
        Documented security policy for contracts with third parties and a list of
        contracts with third-parties. Verify that residual risks are included in incident
        management plans/processes (for incidents) and business continuity plans/processes
        (for disasters)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-002
      description: Protection against semiconductor doping
      typical_evidence: Product documentation contains information on certification
        of semiconductors and their suppliers for compliance with standards such as
        ISO 26262
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-003
      description: Prevent TPM-Fail vulnerabilities
      typical_evidence: Verify product documentation to ensure that the TPM hardware
        used in the product is certified, for example, by the Trusted Computing Group
        (TCG)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-004
      description: SBOM for software components (including NFV software components)
        is maintained. This makes it possible to quickly scan and search the SBOM
        for any Zero-Day vulnerability once disclosed, allowing the MNO and the cloud
        provider to respond quickly to such vulnerability to mitigate potential attacks.
        SBOM should follow the NTIA guidelines and be in a machine-readable format,
        such as SPDX, or CycloneDX.
      typical_evidence: Verify that the software package includes a SBOM.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-005
      description: Resource development should be coordinated with suppliers
      typical_evidence: MNO has documented processes to ensure that required service
        level agreements and operational level agreements are developed and agreed
        for each resource class deployed, and any supplier/partner operational support
        has been identified and agreed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-006
      description: Sourcing requirements and limitations with necessary non-disclosure
        clauses should be adequately defined. Sourcing requirements and limitations
        should address threats posed by potentially high-risk suppliers or managed
        service providers.
      typical_evidence: MNO has documented policies and processes to determine sourcing
        requirements based on industry standards and regulatory requirements. Documented
        sourcing requirements include technical, operational, training, specific supplier
        support, and clauses to ensure non-disclosure of confidential information
        to third parties, including information originating from or relating to its
        customers. Review of supply-chain policies, related policies and processes
        (e.g. business continuity) and any other relevant documentation indicates
        that threats posed by potentially high-risk suppliers or managed service providers
        are addressed appropriately, and in line with the applicable national requirements.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-007
      description: 'Operational and security clauses should be defined in agreements
        with suppliers and partners '
      typical_evidence: MNO has documented processes to prepare agreements with third
        parties. Such processes could involve the use of templates. Agreements generated
        from MNO processes include relevant up to date security clauses.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-008
      description: Contractual obligations of third parties, including suppliers,
        are monitored and any variations are managed
      typical_evidence: 'MNO has documented processes to monitor that suppliers are
        meeting their contractual obligations, as well as to manage changes in terms/conditions
        of an agreement during its term. MNOs should keep track of such variations.

        '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-009
      description: Support party requisition should be managed
      typical_evidence: MNO has documented processes to i) arrange and manage external
        party access to infrastructure deployment support tools and processes ii)
        oversee roll-out of new infrastructure, iii) track and monitor infrastructure
        deployment undertaken by contractors, and iv) continuously update relevant
        inventories
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-010
      description: Support party performance should be managed to ensure its efficient
        operation
      typical_evidence: MNO has documented processes for performance restoration activity
        with outsourced infrastructure providers
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-011
      description: NFV providers have patches available for vulnerabilities in NFV
        components as soon as possible. Patching shall be controlled via change control
        process with vulnerabilities disclosed along with mitigation recommendations.
        The patch management process must consider the ability to update the cryptographic
        algorithms and to adapt to upcoming 5G security challenges.
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with NFV providers (e.g. maintenance agreements) confirm that the MNO requires\
        \ his NFV providers to have a process to deal with vulnerabilities in network\
        \ products and issue security patches/upgrades.\n\nCheck for presence of patch\
        \ management tools notifying of patch releases. All patches, especially those\
        \ to critical or sensitive NFV components or functions, are reviewed and subjected\
        \ to security testing in controlled environment prior to deployment."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-012
      description: Adequate policies and processes for supplier/partner selection
        should be used. They should manage the potential risk of dependency on a single
        supplier of network equipment.
      typical_evidence: MNO has documented policies and processes to determine potential
        suppliers/partners. MNO processes only shortlist suppliers that meet specific
        enterprise and industry standard requirements including, where available,
        EU certification schemes for 5G network components, customer equipment, and/or
        supplier processes. Documented MNO processes provide for a detailed analysis
        of suppliers/partners, leveraging information from internal and external sources.
        Documented policies and risk analysis address risks associated with dependency
        on a single supplier of network equipment, if such a dependency exists. Documented
        policies and risk management plans also include contingency plans and appropriate
        fallback strategies in case of a loss of critical suppliers
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-013
      description: Adequate tender and purchase process should be in place
      typical_evidence: MNO has documented processes to manage and administer the
        mechanics of tender process. These processes should ensure coordination and
        control of engagement interactions with potential parties, timing of the tender
        process, inclusion of relevant commercial and functional requirements, and
        tender analysis mechanisms/procedures
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-014
      description: Supplier/Partner interface should be managed
      typical_evidence: MNO has documented processes for ensuring effective operation
        of the supplier/partner interface
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-016
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-016
      description: Interaction with external parties should be handled
      typical_evidence: MNO has documented processes in place to fulfill all inbound
        and outbound requests from/to external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-017
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-017
      description: Performance of services, processes, or resources delivered by external
        parties are monitored
      typical_evidence: MNO has documented processes in place to monitor the performance
        of services, processes, and resources delivered by external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-018
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-018
      description: Interaction with external parties should be tracked
      typical_evidence: MNO has documented processes and tools in place to i) track
        and manage timely closure of all interactions with external parties, ii) notify
        when SLAs with external parties are endangered, and iii) communicate KPIs
        to improve efficiency of interactions with external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-019
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-019
      description: 'MNO requires vendors to implement security requirements of relevant
        5G technical specifications (including 3GPP) and industry standards '
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to implement\
        \ security requirements of relevant 5G technical specifications (including\
        \ 3GPP) and industry standards"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-020
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-020
      description: 'MNO requires vendors to apply consistent code review in line with
        best practices. If feasible, the review should use a Source Code Analysis
        tool and be automated where approriate.


        Special review is to be conducted on the code used for automated administration.
        Specifically, changes to the automated administration code should require
        peer review and a two-person sign off.'
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to have processes\
        \ in place for review of new and changed source codes. When possible, automated\
        \ source code analysis tools are used to aid the code review process"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-021
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-021
      description: MNO requires vendors to ensure that no code changes are introduced
        to a network product without appropriate governance
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers i) to have independent\
        \ lines of control for code review within the supplier organization and ii)\
        \ to use governance frameworks such as ITIL, COBIT etc."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-022
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-022
      description: MNO requires vendors to protect component compilation and build
        process from tampering and ensure that builds are reproducible, deterministic,
        and cover security procedures
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to protect component\
        \ compilation and build process from tampering and ensure that builds are\
        \ reproducible, deterministic, and cover security procedures"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-023
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-023
      description: MNO requires vendors to ensure proper testing and/or support for
        periodic testing of network products
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to ensure proper\
        \ testing and/or support for periodic testing of network products"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-024
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-024
      description: MNO requires vendors to implement effective software integrity
        verification methods
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to implement\
        \ effective software integrity verification methods"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-025
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-025
      description: MNO requires vendors to ensure that software versions are uniquely
        identified
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to ensure that\
        \ software versions are uniquely identified"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-026
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-026
      description: MNO requires vendors to ship up-to-date documentation along with
        network products and software upgrades
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to ship up-to-date\
        \ documentation along with network products and software upgrades"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-027
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-027
      description: MNO requires vendors to provide a point of contact for security
        questions/issues
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to provide a\
        \ point of contact for security questions/issues"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-028
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-028
      description: MNO requires vendors to have reliable processes to collect and
        process updated information about vulnerabilities in 3rd party components.
        This may include tracking open vulnerability databases
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to have reliable\
        \ processes to collect and process updated information about vulnerabilities\
        \ in 3rd party components"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-029
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-029
      description: MNO requires vendors to have a process to deal with vulnerabilities
        in network products and issue security patches/upgrades
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers (e.g. maintenance agreements) confirm that the MNO requires\
        \ his suppliers to have a process to deal with vulnerabilities in network\
        \ products and issue security patches/upgrades"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-030
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-030
      description: MNO requires vendors to guarantee that there are no intentionally
        introduced vulnerabilities, as well as, a reliable process for communicating
        any discovered vulnerabilities along with corresponding software fixes in
        a timely manner
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers (e.g. maintenance agreements) confirm that the MNO requires\
        \ his suppliers to guarantee that there are no intentionally introduced vulnerabilities\
        \ and a reliable process is in place for communicating discovered vulnerabilities\
        \ along with corresponding software fixes in a timely manner"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-031
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-031
      description: MNO requires vendors to use a version control system, including
        for hardware, source code, build tools and environment, binary software, and
        3rd party components
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to use a version\
        \ control system"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-032
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-032
      description: MNO requires vendors to have a comprehensive and documented change
        management process for ensuring that all requirements and design changes are
        managed and tracked in a systematic and timely manner
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to have a comprehensive\
        \ and documented change management process"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-033
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-033
      description: MNO requires contractors and vendors that their staff involved
        in network product design, engineering, development, implementation, testing
        and maintenance are security-vetted with background checks and undergo regular
        security education
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers and contractors confirm that the MNO requires that the staff\
        \ of his suppliers and contractors are security-vetted with background checks\
        \ and undergo regular security education"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-034
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-034
      description: MNO requires vendors to have an effective Information Security
        Management System (ISMS), including information classification and handling
        schemes to avoid leakage of sensitive information and processes for security
        flaw root cause analysis to continually improve the development and product
        lifecycle
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to have an effective\
        \ ISMS"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-035
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-035
      description: "MNO requires vendors to comply with relevant EU certification\
        \ schemes for 5G network components, customer equipment and/or suppliers\u2019\
        \ processes or for other non 5G-specific ICT products and services, such as\
        \ end-user devices and/or cloud services (when EU certification schemes are\
        \ not available, other interim solutions, such as reliance on certification\
        \ schemes based on industry standards, could be considered instead), and,\
        \ to the extent they are not covered by such certification schemes, adherence\
        \ to best practices and industry standards throughout the lifetime of the\
        \ component"
      typical_evidence: 'EU and/or industry standards compliance certificates. Audit
        reports certifying vendor compliance with relevant EU and/or industry standards
        certification schemes '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-036
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-036
      description: MNO requires vendors to support in investigating and remedying
        security incidents
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers (e.g. support agreements) confirm that the MNO requires his\
        \ suppliers to provide assistance with investigation and remediation of security\
        \ incidents"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-037
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-037
      description: MNO requires vendors to demonstrate quality level of internal information
        security processes, including having a secure software development lifecycle
        (SDLC) built in the product development process
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to implement\
        \ and demonstrate internal security processes, including an SDLC built in\
        \ the product development process. Documentation explaining rationale for\
        \ architectural decisions based on security principles. Risk analysis identifying\
        \ threats, their likelihood, and mitigation mechanisms"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-038
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-038
      description: NFV vendors and MNOs should ensure that any security critical,
        customer privacy or confidentiality related information is stored securely
        on any shared or local storage using industry standard best practice (e.g.
        encryption).
      typical_evidence: "Documentation provided by the vendor describes how critical\
        \ data that could possibly be revealed in clear text is handled by network\
        \ product\u2019s functions. Information on security mechanisms used to protect\
        \ critical data and instructions on how to enable and execute these mechanisms\
        \ are provided as part of the vendor's documentation. The document demonstrates\
        \ that LI and privacy data are protected to ensure that it cannot be compromised\
        \ or weakened by running the NFV environment.\n\nVerify, for cases where the\
        \ critical data is accessible in clear text, that attempts to access it are\
        \ recorded in a log, that the log includes the identity of the user that has\
        \ attempted to access the data, and that the log does not include the actual\
        \ critical data in clear text. All access attempts to critical data in clear\
        \ text are recorded in the described logs, with the user identity included\
        \ and no personal data visible in the log.\n\nA documented process is in place\
        \ for the protection of security critical, customer privacy and confidentiality-related\
        \ data at rest. Cryptographic operations, key sizes, algorithms and standards\
        \ for encrypting that critical information are described as part of the documented\
        \ process."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-039
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-039
      description: Third party hosting environments that support VNFs should meet
        3GPP virtualisation security requirements.
      typical_evidence: Verification of an appropriate evaluation report or security
        certification of a VNF confirming that the VNF meets 3GPP SCAS specifications.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-040
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-040
      description: "Software developers should maintain an up-to-date inventory of\
        \ third-party components, including\u2014to the extent practicable\u2014an\
        \ inventory of subcomponents and dependencies indirectly incorporated via\
        \ third-party components, as might be listed in a Software Bill of Materials\
        \ (SBOM), for example.\nThird-party components should be subjected to standard\
        \ code review and testing procedures to identify known vulnerabilities and\
        \ ensure seamless integration with the broader code base.\nSoftware developers\
        \ should, where possible, vet suppliers, establish trusted repositories of\
        \ third-party components, and enforce security standards through contracts."
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to provide SBOM\
        \ containing an inventory of components.\n\nMNO\u2019s documented procurement\
        \ policies and contracts with suppliers confirm that the MNO requires his\
        \ suppliers to enforce security standards and ensure proper code review and\
        \ testing procedures to identify known vulnerabilities and ensure seamless\
        \ integration with the broader code base."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-041
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-041
      description: "A datacentre site supporting NFVI and MANO elements should be\
        \ operated and controlled by the MNO and, ideally, not outsourced using a\
        \ third party IaaS supplier. While not recommended, if the MNO chooses to\
        \ use a third party operated datacenter, additional security controls are\
        \ necessary to ensure that this provider complies with the MNO\u2019s physical\
        \ and outsourcing security controls. If the NFVI is deployed on the cloud\
        \ in an IaaS model, then the MNO should be able to attest the root of trust\
        \ on demand."
      typical_evidence: "Documentation on the security controls (such as a statement\
        \ of applicability) implemented at the datacentre site supporting NFVI and\
        \ MANO elements. \n \nResults of security audits documenting correct implementation\
        \ of these controls. \n \nIf a third party operated datacentre is used by\
        \ the MNO, the audit report should include that third party's compliance with\
        \ MNO security controls and applicable regulations. This should include security\
        \ of the systems and data, focusing on mitigating the risks identified in\
        \ the risk assessment and security audit to an acceptable level, as well as\
        \ the outcome of penetration/scanning tests.\n\nThird party IaaS supplier\
        \ should be certified according to a cloud assessment scheme, such as SECNUMCLOUD\
        \ in France, C5 in Germany and EUCS (ongoing). \n \nVerification that the\
        \ third party IaaS supplier uses trusted platforms (e.g. TPM, SGX, HSM, TEE)\
        \ for securing MNO\u2019s cryptographic materials, sensitive data and functions.\
        \ This could be carried out by checking the evaluation/certification report\
        \ of the used trusted platform(s)."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-042
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-042
      description: 'SLAs between MNOs, network product suppliers and cloud service
        providers (in case of public/hybrid cloud models) should cover security, including
        in NFV. This could be done via Security Service Level Agreements (SSLAs),
        with the MNO monitoring their fulfillment.

        MNO should require, among others:

        - network product suppliers to verify whether each new and updated product''s
        characteristics comply with their security obligations (such as those encapsulated
        in the SSLA)

        - cloud service providers to define an effective vulnerability assessment
        and incident response plan to verify that their infrastructure and services
        fulfil their security obligations (such as those encapsulated in the SSLA
        and regulations)


        MNO should require both network product suppliers and cloud service providers
        to offer the MNO recommendations on deployment and configuration of security
        services, optimising risk exposure, costs and performance.'
      typical_evidence: A documented SSLA is established between MNOs, network product
        suppliers and cloud service providers, assigning responsibilities and considering
        security monitoring, incident response, maintenance and risk mitigation.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-043
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-043
      description: MNOs should ensure that their suppliers have a Coordinated Vulnerability
        Disclosure (CVD) program in place. They should also ensure, via contractual
        arrangements, that they receive timely information about newly discovered
        vulnerabilities.
      typical_evidence: "MNO\u2019s documented procurement policies and contracts\
        \ with suppliers confirm that the MNO requires his suppliers to have a CVD\
        \ program to handle vulnerabilities and develop patches."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-044
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-044
      description: Proper management of external party notifications of potential
        security/performance issues
      typical_evidence: MNO has documented processes and tools in place to receive
        information about potential security/performance issues from external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-045
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-045
      description: Security incidents or performance issues caused by external parties
        are assessed
      typical_evidence: MNO has documented processes and tools in place to manage
        security incidents and performance issues caused by external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-046
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-046
      description: Security incidents or performance issues caused by external parties
        are identified
      typical_evidence: MNO has documented processes and tools in place to identify
        security incidents and performance issues caused by external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-047
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-047
      description: Performance of problem resolution (such as performance degradation)
        and restoration of services by external parties is monitored
      typical_evidence: MNO has documented processes in place to monitor the performance
        of problem resolution and restoration of services by external parties
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4-048
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so4
      ref_id: SO4-048
      description: Past security incidents or performance issues, including trends,
        caused by external parties should be analyzed
      typical_evidence: MNO has documented processes in place to analyze past security
        incidents and performance issues caused by external parties and to report
        on the findings of the analysis
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M19
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M20
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M21
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M22
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M23
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M24
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M25
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M26
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d2
      assessable: false
      depth: 1
      ref_id: D2
      name: HUMAN RESOURCES SECURITY
      description: D2 covers the security objectives related to personnel
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d2
      ref_id: SO5
      name: Background checks
      description: Perform appropriate background checks on personnel if required
        for their duties and responsibilities
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so5-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so5
      ref_id: SO5-001
      description: Personnel that have access, either physically or through management
        systems, to critical or sensitive components of 5G networks (e.g. for deployment
        / operations purposes) are security-vetted and qualified
      typical_evidence: "MNO\u2019s documented recruitment process includes measures\
        \ to ensure staff has necessary skills and qualifications. For staff that\
        \ will have access to critical or sensitive components of 5G networks (e.g.\
        \ for deployment / operations purposes), the recruitment process includes\
        \ background checks and other security vetting"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M27
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M28
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M29
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M30
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so6
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d2
      ref_id: SO6
      name: Security knowledge and training
      description: Ensure that personnel have sufficient security knowledge and that
        they are provided with regular security training
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so6-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so6
      ref_id: SO6-001
      description: Training program for staff is updated regularly. Processes are
        in place for ensuring that staff undergoes regular security education with
        up-to-date training material, including on 5G technical topics, where appropriate
      typical_evidence: MNO training material is up-to-date with current 5G security
        trends, vulnerabilities, best practices etc. Records of when staff has last
        completed necessary security courses, training, and certification required
        for their tasks
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M31
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M32
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M33
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M34
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M35
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      assessable: false
      depth: 1
      ref_id: D3
      name: SECURITY OF SYSTEMS AND FACILITIES
      description: D3 covers the physical and logical security of network and information
        systems and facilities
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      ref_id: SO9
      name: Physical and environmental security
      description: Establish and maintain the appropriate physical and environmental
        security of network and information systems and facilities
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-001
      description: Geographical location of any hardware supporting NFV must comply
        with each MNO's local regulatory requirements for operating a telecoms network
        and handling its customers' sensitive data.
      typical_evidence: Verify that documented processes and tools are in place to
        track geographical location of any hardware/software supporting NFV.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-002
      description: Physical security of communication centers, equipment rooms, and
        physically isolated operation areas is designed, developed, and applied. Physical
        security measures cover (multi-vendor) spare part management. Physical security
        policy should allow remote shutdown (or data clearing) for ciritcal stolen
        equipment and/or re-authentication/re-configuration after a physical attack
        or power failure
      typical_evidence: Statement of Applicability (SoA) or equivalent record which
        lists the relevant physical security controls and how they were implemented.
        Documented physical security specific policy/policies, which include physical
        access control, monitoring, continuity of operations, (multi-vendor) spare
        part management. Such policy/policies list critical assets and their respective
        controls. Relevant documented procedures that allow physical access only to
        security-vetted, trained, and qualified staff. Documented procedures contain
        measures allowing vendors access only to equipment sourced from them. Log
        containing records of physical access, especially by third parties and contractors.  On-site
        inspection to verify implementation of the relevant controls.  Visual verification
        of equipment shutdown after issuing test remote shutdown command. Verify memory
        contents via debug interface after issuing a test remote wipe command on equipment.
        Logs on critical equipment confirm re-authentication after simulating power
        failure or physical attack events
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-003
      description: Protection against side-channel vulnerabilities should be deployed
        for critical systems
      typical_evidence: Inspection of critical systems confirms that TEMPEST standard
        guidelines such as equipment distance from walls, amount of shielding in buildings
        and equipment, and distance separating wires carrying classified information
        from those carrying unclassified are followed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-004
      description: Hardware backdoors, when detected, are removed
      typical_evidence: Visual inspection of the equipment does not reveal any suspicious
        peripherals or hardware backdoors. Documented processes are in place for obtaining
        and flashing a BIOS if a hardware backdoor is suspected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-005
      description: No unprotected physical management consoles and interfaces
      typical_evidence: Visual inspection of the product confirms that physical management
        and debugging interfaces such as JTAG have been closed/disabled
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-006
      description: Fiber cable management for protecting cables
      typical_evidence: Inspection confirms the use of raceway/conduit on cables
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-007
      description: Junction boxes and splice closures are located away from high traffic
        areas. Physical controls ensure that only authorized personnel can access
        junction boxes and splice closures
      typical_evidence: Check that junction boxes and splice closures are located
        away from high traffic areas. Documented policies / procedures list physical
        access controls ensuring that only authorized personnel can access junction
        boxes and splice closures
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-008
      description: MNO ensures physical security of equipment in transport
      typical_evidence: Statement of Applicability (SoA) or equivalent record which
        lists the relevant physical security controls and how they are implemented
        to protect equipment in transport. Relevant documented procedures that allow
        physical access during transport only to security-vetted, trained, and qualified
        staff. Log containing records of physical access, especially by third parties
        and contractors
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so9
      ref_id: SO9-009
      description: If local, non-volatile, fixed or removable storage is used to support
        a VNF then it should not store critical security, customer privacy or confidential
        information such that its theft or removal would enable an attacker to gain
        a copy of the stored data.
      typical_evidence: "Check that there is a document listing all supported non-volatile,\
        \ fixed or removable storage and that information on how to enable/disable\
        \ this storage is documented. \n\nCheck that there is a document describing\
        \ how non-volatile, fixed or removable storage is handled.\n\nVerify that\
        \ no local storage described in the product documentation reveals any critical\
        \ data in the clear.\n\nA documented process is in place for the protection\
        \ of security critical, customer privacy and confidentiality-related data\
        \ at rest. Cryptographic operations, key sizes, algorithms and standards for\
        \ encrypting that critical information are described as part of the documented\
        \ process."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M45
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M46
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M47
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M48
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M49
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M50
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so10
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      ref_id: SO10
      name: Security of supplies
      description: Establish and maintain appropriate security of critical supplies
        (for example electric power, fuel, cooling etc.)
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so10-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so10
      ref_id: SO10-001
      description: Power supply continuity strategy that avoids a single point of
        supply failure
      typical_evidence: Check for the presence of multiple power supply sources which
        are capable of withstanding primary power supply failures for the duration
        of likely outages. Where necessary, batteries are augmented with private electric
        generators. Additionally, documented business continuity and incident management
        plans and/or processes with provisions on power supply continuity, including
        responding to outages
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M51
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M52
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M53
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M54
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M55
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      ref_id: SO11
      name: Access control to network and information systems
      description: Establish and maintain appropriate (logical) access controls for
        access to network and information systems
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-001
      description: UPF (or SMF depending on MNO) assigns unique tunnel endpoint IDs
        (TEIDs) for each PDU session while ensuring that TEID is unique within  one
        IP address
      typical_evidence: Packet captures at UPF (or SMF) show unique F-TEIDs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-002
      description: SMF assigns unique charging IDs for each PDU session
      typical_evidence: System logs of the SMF show that it generates a unique charging
        ID for each new PDU session and uses it for all subsequent messages for that
        PDU session
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-003
      description: Users are identified unambiguously by the network product using
        a user name and an authentication attribute (user could be a person, machine,
        application or a system). Network products support individual accounts per
        user and don't enable the use of group accounts, group credentials or sharing
        of accounts between several users
      typical_evidence: Documented user access policy shows that group accounts, credentials,
        and sharing of the same accounts are forbidden. Tests show that the network
        product does not support credentials unrelated to an account
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-004
      description: 'Network functions/products allow signed in users to logout at
        any time. All processes under the logged in user ID are terminated on log
        out. Network function/product is able to continue operation without interactive
        sessions. OAM user interactive session are terminated automatically after
        a specified configurable period

        of inactivity'
      typical_evidence: Verification of successful login and logout with a new account
        or an existing account. Verification that OAM user sessions are terminated
        automatically after a predefined configurable amount of time
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-005
      description: System accounts in UNIX (and derivatives like LINUX) have unique
        UIDs
      typical_evidence: Verify that UIDs in the operating system of the network product
        are all unique and, in particular, only the root account has UID = 0
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-006
      description: 'Session ID is unpredictable. It uniquely identifies the user and
        distinguishes the session from all other active sessions. Session ID does
        not contain sensitive information in clear text '
      typical_evidence: After logging in repeatedly with different user IDs and a
        number of times with the same user ID, the logs of the network product show
        that Session IDs are random and are different between sessions of the same
        and different users
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-007
      description: ' Network product only accepts server generated session IDs and
        does not accept session identifiers from GET/POST variables'
      typical_evidence: 'Verify that retrieving a session ID and using it to access
        an existing session through a POST or GET results in a failure. Generating
        a session ID on the client and attempting to login to a network product results
        in a failure '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-008
      description: Network product automatically terminate sessions after a configurable
        maximum lifetime. When the maximum lifetime expires, the session is closed,
        the session ID is deleted, and the user is forced to (re)authenticate to establish
        a new session. Default value for this maximum lifetime should be set to 8
        hours
      typical_evidence: Verify that it is not possible to keep a session alive for
        longer than the configured maximum lifetime documented in the network product
        documentation (default should be 8 hours)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-009
      description: ' Network product does not use persistent cookies to manage sessions
        and only uses session cookies. In session cookies: neither the "expire" nor
        the "max-age" attribute is set; attribute ''HttpOnly'' is set to true; ''domain''
        attribute is set to ensure that the cookie can only be sent to the

        specified domain; and ''path'' attribute is set to ensure that the cookie
        can only be sent to the specified directory or sub-directory'
      typical_evidence: 'Verify that, after logging in repeatedly with different user
        IDs and a number of times with the same user ID, the cookies received in different
        user sessions have the following properties: neither the "expire" nor the
        "max-age" attribute is set; attribute ''HttpOnly'' is set to true; ''domain''
        attribute is set; and ''path'' attribute is set'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-010
      description: Network slice should perform access authentication and authorization
        in addition to primary authentication used for 3GPP access. This additional
        access authentication and authorization should use credentials other than
        those used for the primary authentication
      typical_evidence: Verify that access to a slice and its services is not possible
        without successful slice specific authentication
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-011
      description: MANO components (NFVO, VIM, and VNFM) should verify identity and
        location of the sender before acting on received data
      typical_evidence: Verify that access to MANO components (NFVO, VIM, and VNFM)
        is only possible with correct identity/credentials and from approved locations
        (such as both source and destination being in the same geographic area)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-012
      description: SDN control layer should authenticate and authorize administrators
        and applications. SDN controller should authenticate the switches
      typical_evidence: 'Verify that: (1) attempts to attach new switches without
        appropriate credentials are rejected by the SDN controller; (2) access to
        SDN controller is denied without credentials for an administrator account;
        and (3) unauthorized applications are not executed by the controller'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-013
      description: AKMA reuses the same UE subscription and the same credentials used
        for 5G access
      typical_evidence: Verify that a test UE with 5G credentials can connect to an
        MNO network and an application function (AF) supporting AKMA. Logs at the
        AF, AAnF, and AUSF confirm successful reuse of UE 5G credentials for authenticating
        access to the 5G network and to the AF
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-014
      description: AKMA reuses the 5G primary authentication procedure for implicit
        authentication to AKMA services
      typical_evidence: "Verify that a test UE device with SIM credentials from an\
        \ MNO can successfully authenticate with EAP-AKA\u2019 or 5G AKA. Verify that\
        \ the same procedure is used when authenticating to an AF supporting AKMA.\
        \ Logs at the AF, AAnF, and AUSF confirm reuse of primary authentication during\
        \ AKMA authentication"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-015
      description: A-KID should be globlly unique
      typical_evidence: Logs at the AAnF show unique/non-repeating A-KIDs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-016
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-016
      description: AAnFs should implement Naanf_AKMA_AnchorKey_Register service in
        accordance with 3GPP technical specification 33.535, clause 7.1.2
      typical_evidence: Verify via logs at the AAnF that it stores the AKMA related
        key material associated with a SUPI on sending a request containing the SUPI,
        A-KID, and KAKMA
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-017
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-017
      description: AAnFs should implement Naanf_AKMA_ApplicationKey_Get service in
        accordance with 3GPP technical specification 33.535, clause 7.1.3
      typical_evidence: Verify via packet captures at the AAnF that it responds with
        the KAF, KAF expiration time, and SUPI on sending a request containing the
        A-KID and AF_ID
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-018
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-018
      description: AAnFs should implement Naanf_AKMA_Context_Remove service in accordance
        with 3GPP technical specification 33.535, clause 7.1.4
      typical_evidence: Verify via logs at the AAnF that it removes AKMA related key
        material associated with a SUPI on sending a request containing that SUPI
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-019
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-019
      description: AAnFs should implement Naanf_AKMA_ApplicationKey_ AnonUser_Getservice
        service in accordance with 3GPP technical specification 33.535, clause 7.1.5
      typical_evidence: 'Verify via packet captures at the AAnF that it responds with
        the KAF, KAF expiration time, and optionally the GPSI on sending a request
        for anonymous AF access containing the A-KID and AF_ID '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-020
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-020
      description: NEFs should implement Nnef_AKMA_ApplicationKey_Get service in accordance
        with 3GPP technical specification 33.535, clause 7.1.5
      typical_evidence: Verify via packet captures at the NEF that it responds with
        the KAF, KAF expiration time, and optionally the GPSI on sending a request
        containing the A-KID and AF_ID
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-021
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-021
      description: VAL users authenticated and are provided access tokens with OAuth
        2.0, OpenID Connect 1.0, or ACE-Oauth  for light-weight protocol realizations
      typical_evidence: Verify that a test user can authenticate and obtain an authorization
        token from the SIM-S over the IM-UU interface. Logs at the SIM-S confirm successful
        authentication of the test user
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-022
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-022
      description: AMFs verify that the UE's 5G security capabilities received from
        the target gNB match with locally stored values. If there is a mismatch, the
        AMFs send their locally stored 5G security capabilities of the UE to the target
        gNB for preventing bidding down on Xn-handover
      typical_evidence: When UE sends different security capabilities from the ones
        stored in the AMF, packet captures containing the Path-Switch Acknowledge
        message sent by AMF to target gNB include locally stored security capabilities
        and not the ones sent by UE. The mismatch between locally stored security
        capabilities and those sent by UE is shown in the AMF log
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-023
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-023
      description: SEAF handles failures of primary authentication. Namely, if the
        verification of HRES* fails at SEAF or verification of RES* fails at AUSF,
        then the SEAF either initiates an identification procedure with the UE if
        the 5G-GUTI was used by the UE to retrieve the SUCI, or it sends an authentication
        failure message to the UE
      typical_evidence: Upon receiving an incorrect RES* from UE, logs of the SEAF/AMF
        show that the authentication is rejected with an Authentication Reject message
        to the UE, or logs of the SEAF/AMF show that that the SEAF/AMF has initiated
        an identification procedure with the UE to retrieve the SUCI
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-024
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-024
      description: AUSFs should implement Nausf_UEAuthentication service in accordance
        with 3GPP technical specification 33.501, clause 14.1
      typical_evidence: "Verify that i) sending SUPI or SUCI with serving network\
        \ name to the Nausf_UEAuthentication service results in the service returning\
        \ a 5G AKA authentication vector or an EAP-AKA\u2019 packet. ii) sending 5G\
        \ AKA authentication confirmation message or EAP-AKA\u2019 message to the\
        \ Nausf_UEAuthentication service results in the service returning the authentication\
        \ result and a master key if authentication was successful"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-025
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-025
      description: 'Upon receiving an authentication failure message with synchronization
        failure (AUTS) from the UE, the SEAF sends a synchronization failure

        indication to the AUSF and does not send new authentication requests to the
        UE until it has received a response '
      typical_evidence: Sending unsolicited "synchronization failure indication" messages
        from UE have no effect on the SEAF. If authentication failure with synchronization
        failure message is received by the SEAF, then access logs of the SEAF show
        that it does not send new authentication requests before having received the
        response to its Nausf_UEAuthentication_Authenticate Request message with a
        "synchronization failure indication" from the AUSF (or before it is timed
        out)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-026
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-026
      description: UDMs should implement Nudm_UEAuthentication_Get service in accordance
        with 3GPP technical specification 33.501, clause 14.2
      typical_evidence: Verify that the Nudm_UEAuthentication_Get service responds
        with the authentication method and corresponding data on sending the SUPI/SUCI
        along with the serving network name
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-027
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-027
      description: UDMs should implement Nudm_UEAuthentication_ResultConfirmation
        service in accordance with 3GPP technical specification 33.501, clause 14.2
      typical_evidence: Verify that UDM access logs contain information such as SUPI,
        timestamp of the authentication, the authentication type, and serving network
        name sent to the Nudm_UEAuthentication_ReultConfirmation service of the UDM
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-028
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-028
      description: SMF gives priority to security policy from UDM over locally configured
        policy
      typical_evidence: 'Capture of the Namf_Communication_N1N2MessageTsent from the
        SMF to the AMF includes the user plane security policy configured in the UDM
        and not the one configured locally in the SMF '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-029
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-029
      description: During a handover, the SMF sends locally stored user plane security
        policy to the gNB/ng-eNB when there is a mismatch in the policy received from
        the radio network gNB/ng-eNB
      typical_evidence: Capture of the Nsmf_PDUSession_SMContextUpdate Response message
        sent from the SMF contains the locally stored UE security policy in the n2SmInf
        IE
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-030
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-030
      description: SEPPs are able to identify mismatch between the PLMN-ID contained
        in the incoming N32-f message and the PLMN-ID in the related N32-f context,
        and send appropriate error code on mismatch
      typical_evidence: Packet captures at the SEPP show that an error signaling message
        containing the N32-f Message Id and error code is sent to the peer SEPP if
        the PLMN-ID in the incoming N32 message from the peer SEPP does not match
        the peer PLMN ID in the N32-f peer information in the N32-f context
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-031
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-031
      description: 'SEPP checks that the serving PLMN-ID of subject claim in the access
        token matches the remote PLMN-ID

        corresponding to the N32-f context Id in the N32 message'
      typical_evidence: Packet captures and logs of the SEPP show that an error signaling
        message containing the N32-f Message Id and error code is sent to the peer
        SEPP if the PLMN-ID appended in the subject claim of the access token received
        is different from PLMN-ID of the peer SEPP in the N32-f content Id
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-032
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-032
      description: SEPPs identify a mismatch between the protection policies manually
        configured for a specific roaming partner and an IPX provider and the protection
        policies received on an N32-c connection, and send an error message on mismatch
      typical_evidence: Logs and packet captures of a SEPP show that sending a Security
        Parameter Exchange Request message to a peer SEPP containing a data-type encryption
        policy and modification policy different from what is configured locally on
        the peer SEPP results in an error message on the N32-c connection
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-033
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-033
      description: SEPPs ensure that intermediate IPX don't misplace (move or copy)
        encrypted IE to a different location in a JSON object that would be reflected
        from the producer NF for an IE without encryption
      typical_evidence: Logs and packet captures of a SEPP confirm that an N32-f message
        is discarded if an encrypted IE is moved to a cleartext IE
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-034
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-034
      description: NRFs authorize discovery requests from network functions based
        on the profile of the expected function/service and the type of the service
        consumer. If the expected function/service is deployed in a different network
        slice, NRF authorizes the discovery request according to the configuration
        of that slice. Example of such policy configuration could be that certain
        function/service instances are not discoverable from other network slices
      typical_evidence: NRF access logs and packet captures on the NRF confirm that
        an NRF returns a response with "403 Forbidden" status code if the requested
        NF instance does not allow discovery from other slices
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-035
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-035
      description: NRFs should implement Nnrf_AccessToken_Get service in accordance
        with 3GPP technical specification 33.501, clause 14.3
      typical_evidence: Verify that a test NF service consumer can  receive an access
        token with appropriate claims from the Nnrf_AccessToken_Get service by sending
        it a request with its NF Instance Id, requested "scope", and optional information
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-036
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-036
      description: NEFs authorize requests from application functions using standard
        OAuth as profiled in 3GPP TS 33.501
      typical_evidence: Verification that invocation of NEF northbound APIs with valid
        OAuth tokens is successful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-037
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-037
      description: System functions (such as the Management Plane) are not accessed
        without successful authentication and authorization. Access control policy
        should restrict and/or control remote access by third parties, especially
        by suppliers or managed service providers considered to be high-risk or accessing
        the network from outside of EU. If necessary, only temporary onsite/remote
        access to third parties should be provided and no permanent credentials are
        disclosed
      typical_evidence: Verify that attempts to access a system function are only
        successful when logged in as a user with adequate privileges. Verify access
        logs to confirm that attempts for remote access by third parties are either
        denied, or restricted (e.g. one-time short-lived access grant), according
        to the documented policy (see control description). Access logs confirm that
        onsite/remote access by third parties, if allowed, is based on temporary or
        one-time passwords used only for designated tasks
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-038
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-038
      description: A centralized Privileged Access Management (PAM) solution is in
        place. Authorizations for accounts, files, and applications is reduced to
        the minimum required for the tasks they have to perform. Execution of applications
        and components shall also take place with rights that are as limited as possible.
        Access control policy is reviewed and revised based on 5G risk assessment
      typical_evidence: "Access to critical or sensitive network components is captured\
        \ in logs of the PAM solution. Documentation of the network product describes\
        \ an authorization policy which includes details on the lowest access rights\
        \ assigned to user accounts and applications. Verify that files and applications\
        \ are not accessible without adequate privileges necessitated by the authorization\
        \ policy. MNO has documented access control policy explaining how various\
        \ rights in the network, such as access rights between network functions,\
        \ network administrators\u2019 rights and alike are minimized. Review of policy,\
        \ logs, comments and comparison with prior versions indicate that access control\
        \ policy is reviewed and revised periodically in the context of evolving 5G\
        \ risks."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-039
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-039
      description: Privilege escalation in interactive sessions (CLI or GUI) of a
        network product is not allowed without re-authentication
      typical_evidence: 'Verify that commands such as ''su'' which enable a user or
        function to gain administrator/root privileges from another user account require
        re-authentication '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-040
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-040
      description: 'Network product restricts the reachability of services so that
        they can only be reached on interfaces where their usage is required. On interfaces
        where services are active, the reachability is limited to legitimate peers.
        This limitation shall be realized on the network product itself (without measures,
        e.g. firewall, at network side), or by implementing devices such as a virtual
        firewall, hardware firewall, or a third-party firewall agent. '
      typical_evidence: 'Services can be configured on a per-interface basis. Running
        a network port scanner (e.g. nmap) reveals that services are only active on
        the interface where they are needed.


        Check that the document lists firewall rules.


        Verify that the network product does not reply to messages with types which
        are not permitted: Send samples of malicious messages to the network product
        and verify that the messages are dropped on receipt by the network product
        (e.g. by means of appropriate firewall rules), and that the network product''s
        applicable system configuration remains unchanged upon receipt of the messages.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-041
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-041
      description: "Only users that are authorized to modify files, data, directories\
        \ or file systems have the necessary privileges to do so. In Unix\xAE systems,\
        \ the 'sticky' bit can be set on all directories where all users have write\
        \ permissions"
      typical_evidence: Verify that modifying files and directories for which the
        user has the necessary privileges is successful while attempts to modify the
        files and directories for which the user doesn't have the necessary privileges
        results in failure
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-042
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-042
      description: Mutual authentication between the UE and network using EAP-AKA'
        and 5G AKA should be supported
      typical_evidence: "Verify that a test UE device with SIM credentials from an\
        \ MNO can  successfully authenticate with EAP-AKA\u2019 and 5G AKA. Packet\
        \ captures of core network nodes SEAF, AUSF, UDM confirm successful authentication\
        \ of the test UE device"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-043
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-043
      description: NSSAAF should implement Nnssaaf_NSSAA_Authenticate service in accordance
        with 3GPP technical specification 33.501, clause 14.4.1.2
      typical_evidence: Verify via packet captures that sending an EAP identity response
        or an EAP response together with the GPSI and S-NSSAI to the Nnssaaf_NSSAA_Authenticate
        service results in the service i) forwarding the EAP message to the AAA-S
        handling the network slice specific authentication for the requested S-NSSAI
        and ii) returning the EAP message received from the AAA-S in response to the
        message forwarded earlier
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-044
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-044
      description: NSSAAF should implement Nnssaaf_NSSAA_Re-AuthenticationNotification
        service in accordance with 3GPP technical specification 33.501, clause 14.4.1.3
      typical_evidence: Verify via packet captures on the AMF that a UE is re-authenticated
        when the NSSAAF triggers a network slice specific re-authentication procedure
        via the Nnssaaf_NSSAA_Re-AuthenticationNotification service
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-045
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-045
      description: NSSAAF should implement Nnssaaf_NSSAA_RevocationNotification service
        in accordance with 3GPP technical specification 33.501, clause 14.4.1.4
      typical_evidence: Verify via packet captures on the AMF that a UE cannot access
        an S-NSSAI once the NSSAAF triggers a network slice specific revocation procedure
        via the Nnssaaf_NSSAA_RevocationNotification service
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-046
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-046
      description: Slice management interface is accessed only by authorized communication
        service customers
      typical_evidence: Verification that attempts to access network management slicing
        interfaces are only successful after authenticating with authorized accounts
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-047
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-047
      description: 'Access to the network management

        interface is authorized using

        OAuth 2.0'
      typical_evidence: Verification that the network management interface is accessible
        only with valid OAuth tokens
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-048
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-048
      description: Network functions (NFs) only communicate with other Network functions
        (NFs) for which they are specifically authorized. The rules are applied irrespective
        of whether a NF is a Virtual Network Function (VNF) or a Physical Network
        Function (PNF). By default, NFs should block communication unless specifically
        authorized to communicate.
      typical_evidence: Verify that attempts to access a network function (NF) from
        another NF without explicit authorization are unsuccessful. Verify that, after
        explicit authorization, attempts to access a NF with the correct access token
        are successful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-049
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-049
      description: Protection against hypervisor introspection. Access to state information
        of guest OS from the hypervisor is restricted and privilege is granted based
        on "lowest privilege" principle
      typical_evidence: Verify that attempts to read or modify log files, or perform
        direct memory access from a hypervisor are unsuccessful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-050
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-050
      description: MEC platform provides a mobile edge application only the information
        for which it is authorized
      typical_evidence: Access logs of the MEC platform confirm that attempts of the
        MEC application to access data or resources via CAPIF for which it does not
        have authorization are unsuccessful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-051
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-051
      description: Virtualization platforms or container infrastructure supporting
        role-based access control in MEC are in use
      typical_evidence: Existence of role-based access control is confirmed by inspecting
        access control policies and/or access to resources from accounts with different
        roles
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-052
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-052
      description: 'Network and data separation: Presence of both physical and logical
        isolation of resources that don''t have the same criticality'
      typical_evidence: Verify that physical and logical separation/segregation of
        networks, resources and data is in place, depending on their criticality.
        For example, that user data is stored separately on an encrypted disk while
        system log is integrity protected locally
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-053
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-053
      description: ' VM escape protection: To prevent an attacker from utilising a
        VNF vulnerability to attack the virtualisation layer and gain control over
        it, the virtualisation layer shall reject abnormal access from the VNF (''abnormal''
        is understood as, for example, the VNF accessing memory not allocated to it)
        and log the attack.


        Access filtering rules should be defined in the VNF descriptor to allow enough
        capability for correct execution of the VNF as a permitted list of calls depending
        on the VNF. Access filtering rules shall be included in the VNF Package as
        a descriptor in the MCIOP, or in a separate security file.'
      typical_evidence: ' Documentation of the virtualisation platform confirms that
        VM segregation is supported. Inspection of the virtualisation platform with
        diagnostic tools confirms functional segregation of VMs.


        Test: Attempt abnormal access to the virtualisation layer and check that the
        virtualisation layer rejects the abnormal access from the VNF and logs the
        attack. Verify that the access filtering policies are included either in the
        MCIOP or in a separate security file (descriptor) in the VNF package.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-054
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-054
      description: SEAL servers provide service access only to authorized users
      typical_evidence: Verify via logs at the SEAL server that requests from a SEAL
        client without an access token or with an invalid access token are rejected.
        Verify via logs at the SEAL server that service access is granted when a valid
        access token is presented
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-055
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-055
      description: VAL servers provide service access only to authorized users
      typical_evidence: Verify via logs at the VAL server that requests from a VAL
        client without an access token or with an invalid access token are rejected.
        Verify via logs at the VAL server that service access is granted when a valid
        access token is presented
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-056
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-056
      description: "Administration of the virtualisation fabric : Access to the management\
        \ plane needs to be temporary and time-bound. The MNO needs to constrain the\
        \ number of administrator accounts able to modify the Virtualisation Fabric,\
        \ and the number of administrators, to a minimal manageable number to meet\
        \ their needs. Administrators need to be prevented from being able to grant\
        \ themselves privileged access to the network, and should not have access\
        \ to the host\u2019s hardware or the virtualised workloads running within\
        \ the environment. \nAll administrative access needs to be logged, and the\
        \ activity of the session recorded. Manual administration of the Virtualisation\
        \ Fabric (e.g. access to a command line on host infrastructure) should raise\
        \ a security incident. The devices and locations from which the fabric can\
        \ be modified should be limited.\n\nFunctions that support the administration\
        \ and security of the Virtualisation Fabric should not be run on the fabric\
        \ itself, and should be considered as Security Critical functions running\
        \ on separate dedicated hardware."
      typical_evidence: 'Verify that restrictions are set properly for administrators
        allowed to manage the virtualisation fabric.

        Mount an external file system prepared by a tester with files exploiting privilege
        escalation methods. Subsequently, attempt gaining privileged access by using
        a suitable privilege escalation method with the contents of the mounted file
        system. Confirm that privilege escalation has not occurred.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-057
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-057
      description: "Access control on NFV of admins attempting to gain access to the\
        \ NFV resources (VNF or the NFVI). Two potential solutions:\n\u2022 Ticket-based\
        \ authentication system and Attribute Based Access Control (ABAC) such as\
        \ Kerberos, specified in IETF RFC 4120\n\u2022 Token-based authorization framework\
        \ such as OAuth 2.0, specified in IETF RFC 6749"
      typical_evidence: 'Verify that the access token is based on OAuth 2.0. In case
        of a verification failure, check that NFV resources reject the request based
        on OAuth 2.0 error response defined in RFC 6749.

        Verify that the access ticket based on Kerberos. In case of a verification
        failure, check that NFV resources reject the request based on Kerberos error
        response defined in RFC 4120.


        Examples of tests for the verification failure of the access token/ticket
        integrity:

        1. Compute an access token/ticket correctly, except that the signature or
        the MAC is incorrect, e.g., the signature or the MAC is randomly selected,
        and then includes the access token/ticket in the Request. The integrity verification
        by NFV resources of the access token/ticket fails.

        2. Compute an access token/ticket correctly, except that the expiration time
        has expired against the current data/time, and then includes the access token/ticket
        in the Request sent to NFV resources. NFV verifies that the integrity of the
        access token/ticket, is valid. However, the expiration time in the access
        token/ticket has expired against the current data/time.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-058
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-058
      description: "VNF lifecycle management security: \n1) VNF authenticates VNFM\
        \ when VNFM initiates communication with VNF.\n2) VNF establishes securely\
        \ protected connection with the VNFM.\n3) VNF checks whether VNFM has been\
        \ authorized when VNFM accesses VNF's API.\n4) VNF logs VNFM's management\
        \ operations for auditing."
      typical_evidence: "Trigger the establishment of communication between the VNF\
        \ and the VNFM.\nCapture the communication between the VNF and the VNFM using\
        \ a tool (e.g. wireshark).\nCheck whether the VNF authenticates the VNFM according\
        \ to the mechanism described in the vendor's document. For example, the VNF\
        \ can use HTTPS to communicate with the VNFM, and the VNF uses VNFM's certificate\
        \ for authentication. \nCheck whether the VNF establishes a secure connection\
        \ with the VNFM after successful authentication. For example, a TLS connection\
        \ is established after the VNF successfully authenticates the VNFM. \nCheck\
        \ whether the VNF authorizes the VNFM according to the mechanism described\
        \ in vendor's document. For example, VNF can use OAuth2.0 to authorize the\
        \ VNFM. The VNF uses VNFM's token for authorization. \nCheck whether the VNF\
        \ logs the operations from VNFM by reviewing VNF logs."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-059
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-059
      description: 'The network used for the communication between the VNFCs of a
        VNF (intra-VNF traffic) is separated from the network used for the communication
        between VNFs (inter-VNF traffic) to prevent security threats from spreading
        between different networks. Software defined traffic rules applied directly
        to each virtual function are used to limit both incoming and outgoing traffic
        in an efficient and scalable way. Each VNF has at least two separate (logical)
        interfaces dedicated to different network domains. '
      typical_evidence: "A document containing the definition of trust domains and\
        \ the separation requirements to be implemented and enforced.\n\nA document\
        \ containing the software defined rules. Verification that those rules are\
        \ implemented:\n- Check whether the inter-VNF traffic and intra-VNF traffic\
        \ are separated according to the documentation stating the software defined\
        \ rules, network domains and separation requirements. \n- A VNF has at least\
        \ two separate (logical) interfaces dedicated to different network domains.\
        \ Check whether the VNF refuses traffic intended for one network domain on\
        \ all interfaces meant for the other network domain, and vice versa. Perform\
        \ this check for all pairs of different network domains.\n- Check whether\
        \ a VNFCI refuses inter-VNF traffic on all intra-VNF interfaces. For example,\
        \ by way of sending a ping to all intra-VNF interfaces through an inter-VNF\
        \ interface.\n- Check whether a VNFCI refuses intra-VNF traffic on all inter-VNF\
        \ interfaces. For example, by way of sending a ping to all inter-VNF interfaces\
        \ through an intra-VNF interface."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-060
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-060
      description: When a VNF moves from one host to another or when a VNF is terminated,
        the system should ensure that resources, privacy sensitive data, and/or keys
        are fully and securely cleared. In addition, the hypervisor or the CIS should
        be configured to securely wipe out the virtual volume disks in the event a
        VNF is crashed or intentionally destroyed to prevent its resources from unauthorised
        access.
      typical_evidence: 'A documented privacy impact assessment (PIA) for personally
        identifiable information (PII) identifying privacy risks to data assets and
        appropriate mitigating actions.


        Documented security policies restricting where certain types of data can reside
        and how sensitive data is cleared.


        Verify using testing and analysis tools that hypervisor or CIS is properly
        configured for securely wiping out the virtual volume disks in the event a
        VNF is crashed or intentionally destroyed.

        Such tools for detecting misconfigurations include:

        - In Kubernetes: kubeaudit, kubesec.io, kube-bench

        - In Docker: inspec.io, dev-sec.io, Docker Bench for Security

        - In Openstack: Tempest, Shaker, OS-Faults

        - In VMWARE: ONTAP, Log Insight'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-061
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-061
      description: 'Reduce the hardware platform (computing platform based for example
        on the x86 hardware architecture (32bit or 64bit), such as servers) attack
        surface by disabling unneeded interfaces.

        Example: Wireless interfaces (e.g., WiFi, 4G), if present, should remain optional.'
      typical_evidence: 'Verify that all external interfaces are identified and described
        in the hardware platform documentation.


        Verify that the hardware platform drops the message, does not reply, and does
        not change any configuration when it receives commands not listed in the platform
        documentation, or identified as forbidden in the platform configuration.


        Verify that the hardware platform drops the message, does not reply, and does
        not change any configuration when it receives commands through unneeded interfaces.
        This verification can be conducted by the following test steps:

        - The tester sends ping messages to an unneeded interface of the hardware
        platform.

        - The tester verifies, through a network traffic analyser, that the pings
        reach the unneeded interface of the hardware platform, but they are dropped,
        and no response is sent back since the source of the received packet is not
        reachable through the interface it came in.

        - If the dropped packets are logged, the tester verifies that these packets
        are recorded.


        A documented process is in place indicating a list of interfaces to be disabled
        and the steps to be followed for disabling them securely. Hardware platform
        logs confirm the disabled interfaces and conformity with the documented processes.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-062
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-062
      description: The MEC platform should authenticate all MEC application instances,
        and only provide them with the information for which the application is authorized.
        OAuth 2.0 based on X.509 client certificates are used for authorization of
        access to RESTful MEC service APIs defined by ETSI ISG MEC. In case of service-producing
        applications defined by third parties, other mechanisms such as standalone
        use of JWT can be used to secure related APIs.
      typical_evidence: 'Verification that the MEC platform and applications use OAuth
        for authentication and authorization following ETSI ISG MEC and IETF RFC 6749.
        Verification can involve looking at product documentation and establishing
        test OAuth connections.


        Verification that invocation of MEC service APIs with valid OAuth tokens is
        successful.


        Verification that MEC platform rejects malformed access tokens with incorrect
        fields/values and sends an OAuth error response.


        In case of service-producing applications defined by third parties, mechanisms
        for securing related APIs are documented.


        Verification that the MEC platform and applications use JWT or similar protocols
        for securing APIs. Examples of verification activities using a network analyzer
        include an application access token request with valid client certificate
        and parameters, and a token-based service access request with a valid access
        token.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-063
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-063
      description: OSS systems should be consistent with the ETSI NFV architectural
        framework ETSI GS NFV 002 and support the Os-Ma interface between the traditional
        OSS/BSS and the NFV management and orchestration (MANO) framework. Os-Ma interface
        uses OAuth for authentication and authorization.
      typical_evidence: 'Verification that the Os-Ma interface uses OAuth for authentication
        and authorization. Verification can involve looking at product documentation
        and establishing test OAuth connections.


        Verification that the Os-Ma interface is accessible only with valid OAuth
        tokens.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-064
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-064
      description: 'Lock-down of infrastructure: All interfaces on physical hosts
        are locked down to restrict access to trusted hosts, and there is no hard-coded
        configuration (e.g. virtual span ports or hard-coded MAC addresses) in the
        NFVI as these make it significantly harder to update and patch. Virtualisation
        hosts only open the minimum number of ports required and all ports and services
        are locked down and managed.'
      typical_evidence: 'All interfaces are identified in the documentation. Instructions
        of how an administrator user can use all the interfaces are provided in the
        documentation.


        Run a port scanner and verify that the required interfaces are open/reachable.

        Run a port scanner and verify that unneeded ports are not opn/reachable.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-065
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-065
      description: "Protection against container escape:\n- Ensure containers are\
        \ not running as root by default and do not use unnecessary privileges or\
        \ mounted components. In Kubernetes environments, consider defining a Pod\
        \ Security Policy that prevents pods from running privileged containers.\n\
        - Use read-only containers, read-only file systems, and minimal images where\
        \ possible to prevent the running of commands.\n- Monitor deployment of suspicious\
        \ or unknown container images and pods, particularly containers running as\
        \ root.\n- Monitor installation of kernel modules that could be abused to\
        \ escape containers to a host. \n- Monitor unexpected usage of syscalls such\
        \ as mount that may indicate an attempt to escape from a privileged container\
        \ to a host.\n- Monitor process activity (such as unexpected processes spawning\
        \ outside a container and/or on a host) that might indicate an attempt to\
        \ escape from a privileged container to a host. \n- Monitor cluster-level\
        \ (Kubernetes) data and events associated with changing containers' volume\
        \ configurations."
      typical_evidence: ' By way of reviewing (1) test reports, including testing
        plans and results captured therein, (2) documented container and host processes
        and (3) logs associated with container and host activities, verify that during
        onboarding/instantiation/runtime of containers MNOs perform continuous monitoring
        for misconfiguration of runtime workloads, container privileges, host, usage
        of syscalls and container volumes.


        Documentation of secure configuration of the host, privileges to be associated
        with containers and authorized usage of syscalls confirms secure isolation
        between containers, as well as between containers and the host.


        Inspection of the host with diagnostic tools confirms its secure configuration.


        Test: Attempt abnormal access from a container to the host and verify that
        the host rejects such access and logs the attack.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-066
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-066
      description: When not under maintenance, local or remote system functions such
        as OAM CLI/GUI should not reveal confidential system internal data in the
        clear to users and administrators. Confidential system internal data includes
        authentication data (i.e. PINs, cryptographic keys, passwords, cookies) as
        well as other system internal data such as stack traces in error messages
      typical_evidence: Verify that system functions as described in the product documentation
        (e.g. local or remote OAM CLI or GUI, logging messages, alarms, error messages,
        configuration file exports, stack traces) do not reveal any confidential system
        internal data in the clear (for example, passphrases)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-067
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-067
      description: Sensitive data in persistent/temporary storage has restricted access
        and files are protected against manipulation
      typical_evidence: Verification that records of sensitive data such as passwords
        are not stored directly and, instead, they are scrambled with a one-way hash
        function
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-068
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-068
      description: If normal users are allowed to mount external file systems (locally
        or via the network), OS-level restrictions should be set properly to prevent
        privilege escalation or extended access permissions
      typical_evidence: "For Linux\xAE systems: verify that nodev and nosuid options\
        \ are set in /etc/fstab for all filesystems which have the \"user\" option.\
        \ For all operating systems: verify that attempts to gain privileged access\
        \ by using the contents of a mounted file system are unsuccessful"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-069
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-069
      description: 'The hypervisor or CIS is configured to support multiple administration
        roles, and as a minimum there must be an admin role (highest privilege) and
        a separate operational role with minimal privileges.

        All administration login attempts must be logged and audited.'
      typical_evidence: Administration document and system logs confirm the correct
        configuration and the use of administration roles and rules.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-070
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-070
      description: 'Root user isn''t used within VM or Containers except during initialization,

        and privileges are dropped on completion of the runtime.


        Containers or VMs cannot be granted any additional privileges during their
        runtime (for example, ''no-new-privileges'' flag in the Container).'
      typical_evidence: 'A document that describes the interfaces to VMs or Containers
        and how users can login to them.


        Verify that the use of root user within VMs or Containers for operations other
        than initialization is not allowed. The tester tries to login to the VM or
        Container using the credentials of the root or equivalent highest privileged
        user to perform operations other than initialization. The tester is not able
        to perform any such operations using the root credentials.


        Verify that the use of root user within VMs or Containers for initialization
        is allowed. The tester tries to login to the VM or Container using the credentials
        of the root or equivalent highest privileged user for initialization. The
        tester is able to perform initialization using the root credentials.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-071
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-071
      description: 'Sensitive information (e.g., private keys, critical configuration
        files, credentials) should never be published in a production VM/Container
        image. '
      typical_evidence: Verify through scan that no sensitive information is included
        in a VM/Container image before its deployment to NFV.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-072
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-072
      description: "Adhering to zero-trust tenets. For example, as set out in NIST\
        \ SP 800-207: \n1. All data sources and computing services are considered\
        \ resources. \n2. All communication is secured regardless of network location.\n\
        3. Access to a resource is granted on a per-session basis.\n4. Access to resources\
        \ is determined by a dynamic policy. \n5. The integrity and security posture\
        \ of all assets are monitored.\n6. Dynamic authentication and authorization\
        \ govern resource access. \n7. The current state of assets, network infrastructure,\
        \ and network traffic is tracked to improve security policies, context awareness,\
        \ and enforcement. \nFor more information, see NIST SP 800-207. "
      typical_evidence: "Document (such as policy and documented processes) on how\
        \ the MNO is implementing zero-trust, security by design and defence-in-depth\
        \ approaches. \n \nDocumented results of security audits and testing of processes\
        \ and technical measures implementing zero-trust, security by design and defence-in-depth\
        \ approaches."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-073
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-073
      description: Mutual authentication and cipher suite negotiation between SEPPs
        in roaming network
      typical_evidence: Packet captures on the N32-f interface of the SEPP show that
        security parameter exchange request and response messages are used for negotiating
        the ciphersuites
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-074
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-074
      description: Mutual authentication between the NEFs and application functions
        is based on certificates or pre-shared keys. When an application function
        resides outside the 3GPP MNO domain, mutual authentication is only based on
        client and server certificates with TLS. Cryptographic keys/certificates for
        TLS authentication are protected
      typical_evidence: Verification of successful TLS tunnel setup between NEF and
        application functions. Verification with a key management utility that the
        keys/certificates for TLS authentication are protected in the system keystore
        or similar tool (Java KeyStore, AWS KMS, etc.), in secure memory, or protected
        with hardware security tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-075
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-075
      description: 'Access to the Management Plane shall be through a dedicated jump
        server and require Multi Factor Authentication, wherever feasible. Exceptions
        should follow a defined emergency access procedure.


        Mutual authentication of entities for management interfaces is implemented.'
      typical_evidence: "Network product documentation contains the list of management\
        \ protocols with a corresponding list of authentication mechanisms, and access\
        \ control rules used for accessing the management plane and its interfaces.\
        \ \n\nExceptions and emergency access procedure are documented.\n\nPacket\
        \ captures of each management protocol confirm successful mutual authentication\
        \ before allowing access.\n\nManagement plane logs confirm correct use of\
        \ authentication mechanisms and access control rules."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-076
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-076
      description: Extensible Authentication Protocol (EAP) framework is used for
        secondary authentication
      typical_evidence: Authentication attempt to an external data network with an
        EAP authentication method (and the corresponding credentials) is successful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-077
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-077
      description: Authentication via trusted and untrusted non-3GPP access is performed
        with vendor-specific EAP method "EAP-5G" in accordance with 3GPP technical
        specification 33.501, clauses 7.1, 7.2, and 7A
      typical_evidence: Verify that a test UE device with SIM credentials from an
        MNO can successfully authenticate and use MNO services when connecting via
        trusted and untrusted non-3GPP access networks. For untrusted non-3GPP access,
        packet captures at the N3IWF confirm successful authentication with EAP-5G.
        For trusted non-3GPP access, packet captures at the TNAN confirm successful
        authentication with EAP-5G
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-078
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-078
      description: S1-MME interface uses IKEv2 certificate based authentication as
        specified in TS 33.310
      typical_evidence: Verification of successful IKEv2 authentication between eNB
        and MME
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-079
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-079
      description: X2-C interface uses IKEv2 certificate based authentication as specified
        in TS 33.310
      typical_evidence: Verification of successful IKEv2 authentication between eNBs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-080
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-080
      description: HSE performs key agreement with a BEST UE using either i) AKMA
        ii) 5G AKA or EAP-AKA' , or iii) proprietary key agreement protocol
      typical_evidence: 'Verify via logs at the HSE that a test BEST UE can perform
        key agreement and key refresh. Regardless of the key agreement scheme used,
        HSE logs confirm the following keys are derived after key agreement: KE2Menc,
        KE2Mint, KIntermediate, KEAS_PSK'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-081
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-081
      description: 'Remote management services such as SSH or RDP are disabled or
        not even installed within VMs or containers.


        Exposed services (such as etcd for container) are either only available to
        fully trusted systems or require authentication.'
      typical_evidence: 'Documentation stating which security protocols and exposed
        services are implemented provided by vendors.


        Documentation provided by vendors accompanying the VNF if the VNF supports
        the capability to restrict service reachability only to nodes authorized to
        access them. It details how this capability can be configured. It states which
        security protocols and exposed services are implemented. At least the following
        information is included:

        - protocol handlers and services needed for the operation of VNF;

        - their open ports and associated services;

        - the configuration options;

        - and a description of their purposes.


        Verify using a network port scanner (e.g., nmap) that the use SSH, RDP or
        other remote services within VMs or containers is not allowed by sending requests
        and checking that those requests are unsuccessful.

        Verify using a network port scanner that all exposed services by VMs or containers
        requires authentication and authorization.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-082
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-082
      description: Network should support authenticated and unauthenticated IMS Emergency
        Sessions in accordance with 3GPP technical specification 33.501, clause 10.2
      typical_evidence: Verify that a test UE device can obtain emergency bearer services
        with authentication and without authentication. Packet captures on the AMF
        confirm successful emergency bearer service establishment for the test UE
        with or without authentication
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-083
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-083
      description: Network should ensure security for UEs simultaneously connected
        to more than one NG-RAN node in accordance with 3GPP technical specification
        33.501, clause 6.10
      typical_evidence: 'Verify that MN can establish and modify security context
        between a test UE and SN. Packet captures at both the MN and SN confirm confidentiality,
        integrity, and replay protection '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-084
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-084
      description: Internal 5G core information such as SUPI, DNN, S-NSSAI is not
        disclosed by NEF to application functions residing outside the MNO domain
      typical_evidence: Packet captures of interaction between NEF and application
        functions outside MNO domain do not contain any 5G core information
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-085
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-085
      description: Direct login as root or equivalent highest privileged user is limited
        to the system console only. Root user will not be allowed to login to the
        system remotely
      typical_evidence: Verify that attempts to remotely login to the network product
        using the credentials of the root or equivalent highest privileged user results
        in failure. Login to the network product using the credentials of the root
        or equivalent highest privileged user from the physical console is successful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-086
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-086
      description: 'MEC systems comply with regulatory requirements for Lawful Interception
        (LI) data identified in national laws is retained. LI data is retained for
        a duration mandated by national laws. Secure protocols are used for delivery
        of retained data to regulatory agencies. LI data is provided in plaintext.
        LI data can be captured and retained for inbound roamers. Unauthorized parties
        (including employees) cannot detect if  an individual is a target of LI '
      typical_evidence: 'Simulating a user who is a target of LI confirms that LI
        data identified in national laws is retained. The data of the simulated target
        user is deleted after the duration mandated by national laws. Packet captures
        confirm that TLS (or other protocols) are used for transferring the data of
        the simulated target user to regulatory bodies. Employees or target users
        cannot detect any changes during the period of LI targeting '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11-087
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so11
      ref_id: SO11-087
      description: SMF provides a user plane security policy to the ng-eNB/gNB during
        PDU session establishment as specified in 3GPP TS 23.502
      typical_evidence: Capture of the Nsmf_PDUSession_SMContext Response message
        sent from the SMF contains the UP security policy
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M56
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M57
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M58
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M59
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M60
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M61
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M62
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M63
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      ref_id: SO12
      name: Integrity of network and information systems
      description: Establish and maintain integrity of network and information systems
        and protect from viruses, code injections, and other malware that can alter
        the functionality of systems
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-001
      description: Validate all input data before processing
      typical_evidence: Documented fuzz testing results confirm robustness against
        malformed input data
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-002
      description: Processing of ICMPv4 and ICMPv6 packets which are not required
        for operation is disabled on the network product. Certain ICMP types should
        not be used by the network product by default but support can be enabled for
        debugging etc. These ICMP types must be identified in the network product
        documentation. Certain ICMP types are generally permitted and do not need
        separate documentation. Permitted, forbidden, and optional ICMP types are
        identified in TS 33.117, cl. 4.2.4.1.1.2
      typical_evidence: Network product documentation identifies a closed group of
        ICMP message types which are optional or permitted and lead to responses/configuration
        changes on receipt. Verify that the network product drops the message, does
        not reply and does not change any configuration when it receives ICMP messages
        not listed in the closed group in network product documentation, or identified
        as forbidden in the network product configuration
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-003
      description: IPv4 packets with unnecessary options or IPv6 packets with unnecessary
        extension headers are filtered and not processed
      typical_evidence: Packet captures confirm that a network product which is configured
        for dropping certain IPv4 options and certain IPv6 extension headers does
        not generate any ACK responses when packets with those options/extension headers
        are sent
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-004
      description: Network Product validates, filters, escapes, and encodes user controllable
        input before it is used or output
      typical_evidence: Fuzz testing does not reveal attacks such as SQL injection
        caused by lack of input validation
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-005
      description: Network product has mechanisms for filtering incoming IP packets
        at the network and transport layer as defined in RFC 3871 and 3GPP TS 33.117,
        cl. 4.2.6.2.1. The network product provides an option to drop/discard/accept/account
        packets that match a filter rule. Filtering on the basis of any portion of
        the protocol header should be possible. Logging of packets that match a rule
        can be enabled/disabled
      typical_evidence: Verify that after enabling packet filtering and configuring
        a rule to allow ICMP packets, a 'ping' sent to the product is logged and answered
        back
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-006
      description: A network device shall be not affected in its availability or robustness
        by incoming packets that are manipulated or differing from the norm. Robustness
        should be as effective for a large number of invalid packets as it is for
        small number of packets
      typical_evidence: Fuzz testing confirms that the network product is functional
        and robust when faced with a large number of malformed packets
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-007
      description: 'Checking against a whitelist/blacklist of permitted message type/sender
        identity combinations to ensure that the sender of a GTP-C based protocol
        message is authorized to send a message and the possibility to discard/accept/account
        for messages when the check is satisfied. If a network product does not support
        such checks, then it needs to be deployed together with a separate entity
        which provides such checking capability '
      typical_evidence: Verify that, after configuring GTP-C filtering rule to accept
        GTP-C messages from a certain source IP address, messages from that address
        are accepted and accounted, while messages from other source IP address not
        matching the rule are discarded
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-008
      description: 'Checking against a whitelist/blacklist of permitted message type/sender
        identity combinations to ensure that the sender of a GTP-U based protocol
        message is authorized to send a message and the possibility to discard/accept/account
        for messages when the check is satisfied. If a network product does not support
        such checks, then it needs to be deployed together with a separate entity
        which provides such checking capability '
      typical_evidence: Verify that, after configuring GTP-U filtering rule to accept
        GTP-U messages from a certain source IP address, messages from that address
        are accepted and accounted, while messages from other source IP address not
        matching the rule are discarded
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-009
      description: Systems should not process IP packets if their source address is
        not reachable via the incoming interface. Use of "Reverse Path Filter" (RPF)
        provides one option to ensure such reachability checks
      typical_evidence: The logs of the network product show that sending a ping message
        from an IP address which is not reachable through the interface results in
        the ping packet being dropped without any response
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-010
      description: 'Systems should support mechanisms for buffer overflow protection '
      typical_evidence: Documentation which describes buffer overflow mechanisms and
        also how to check that they have been enabled and/or implemented. Tests listed
        in the documentation produce expected results confirming buffer overflow protection
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-011
      description: "Parsers used by Network Functions (NF) should not execute JavaScript\
        \ or any other code contained in JSON objects received on Service Based Interfaces\
        \ (SBI). These parsers should not include any resources external to the received\
        \ JSON object itself, such as files from the NF\u2019s filesystem"
      typical_evidence: Verification that on sending an HTTP message containing JavaScript
        code, the network product does not execute any of the contained actions. A
        traffic analyzer connected to the network product confirms that no external
        resources get loaded during JSON parsing
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-012
      description: 'For data structures where values are accessible using names (sometimes
        referred to as keys), e.g. a JSON object, the name should be unique. The occurrence
        of the same name (or key) twice within such a structure is an error and such
        a message should be rejected. The valid format and range of values for each
        information element (IE), when applicable, should be defined unambiguously.
        API implementation should fulfill the requirements specified in 3GPP TS 29.501,
        cl. 6.2: for each message the number of leaf IEs should not exceed 16000,
        the maximum size of the JSON body of any HTTP request should not exceed 2
        million bytes, and the maximum nesting depth of leaves should not exceed 32'
      typical_evidence: Verify that sending a request to the network product with
        duplicate keys in message IE payload results in an error response. Sending
        a request with out of bounds IEs results in an error response from the network
        product
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-013
      description: Network slice subnet template (NSST) is integrity protected and
        management systems should verify the source and integrity of the subnet template
      typical_evidence: Verify that the integrity of network slice subnet templates
        is ensured with cryptographic tools such as a digital signature or a hash.
        In addition, verify that a slice instance cannot be created with a tampered
        slice subnet template
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-014
      description: Log files must be protected from breaches of their confidentiality
        and integrity
      typical_evidence: Using file inspection tools demonstrates log file integrity
        protection with checksums/digital signatures. Using file inspection tools
        demonstrates log file encryption with tools such as gpg/ccrypt. Verification
        that log files cannot be inspected without supplying necessary credentials
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-015
      description: Protection against application misbehavior and bugs with the use
        of techniques such as sandboxing, application-kernel isolation, and application
        permissions
      typical_evidence: Check configuration files and diagnostic tools to verify that
        sandboxing techniques such as application-kernel isolation identified in product
        documentation are enabled and used
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-016
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-016
      description: Monitoring of edge network nodes such as Signal Transfer Points
        (STPs) and Diameter Edge/Routing Agents (DEAs/DRAs) with firewalls or other
        tools to protect roaming attacks from SS7 and DIAMETER signaling vulnerabilities
      typical_evidence: Check the log files of the firewall or other monitoring tools
        to confirm that a simulated roaming attack launched using SS7/DIAMETER vulnerabilities
        is detected by the firewall rules or other tools used to monitor edge network
        nodes
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-017
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-017
      description: Monitoring of core network elements such as such as Visitor Location
        Register (VLR) and Mobility Management Entity (MME) with firewalls or other
        tools to detect and prevent roaming attacks from SS7 and DIAMETER signaling
        vulnerabilities
      typical_evidence: Check the log files of the firewall or other monitoring tools
        to confirm that a simulated roaming attack launched using SS7/DIAMETER vulnerabilities
        is detected by the firewall rules or other tools used to monitor core network
        nodes
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-018
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-018
      description: "Separate physical infrastructure for critical network functions:\
        \ Hosts are physically separated such that compromise of one physical host\
        \ does not allow an attacker to impact a very large amount of virtualised\
        \ network nodes, and a physical host\u2019s risk profile is used to determine\
        \ which workloads can be deployed on it. A physical host is not able to impact\
        \ hosts in other host pools. For example, among other controls, spoofing VLAN/VXLANs\
        \ of virtual networks is not allowed. \n\nWhere the virtualisation platform\
        \ is used to enforce separation between trust domains (i.e. where discrete\
        \ physical hardware is not used), type-1 hypervisors are used. Virtual workloads\
        \ do not have direct access to the physical hardware. Containers are not used\
        \ to enforce separation between trust domains. Correspondingly, containerised\
        \ hosts only support a single trust domain."
      typical_evidence: "A document containing the definition of trust domains and\
        \ the separation requirements to be implemented and enforced.\n\nDocumented\
        \ risk analysis determining which controls set out in the \u2018control description\u2019\
        \ field are appropriate."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-019
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-019
      description: 'Only containers or VMs with the same data classification level
        run on the same node.

        Only containers or VMs with the same level of exposure (e.g. Internet facing)
        run on the same node.'
      typical_evidence: 'Data classification process is documented.

        Documented risk assessment includes the sensitivity level of VNFs.

        Documented definition of trust domains, and their separation requirements
        to be implemented and enforced.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-020
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-020
      description: Threat detection or prevention and response using IDS/IPS should
        be used to effectively defend against or prevent malware and ransomware infections.
        Such threat detection or prevention and response should include NFVI and network
        functions.
      typical_evidence: "Document describing the implemented security products such\
        \ as firewalls, IDS/IPS, including within NFV. Management of those products\
        \ must be described in terms of authentication and access control.\n\nAll\
        \ security filtering rules are documented.\n\nSend samples of malicious messages\
        \ to the security product and verify that \n- messages are dropped, \n- notification\
        \ is sent to the administrator,\n- event is logged, and\n- security filtering\
        \ rules are applied.\n\nVerify that the security product does not change its\
        \ configuration due to receiving malicious messages."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-021
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-021
      description: MNOs should monitor the BGP protocol, have the ability to detect
        potential hijacks, and have a procedure to respond appropriately when hijacks
        are detected. This response should extend to blocking traffic, if necessary,
        from being routed to the hijacked destination. MNOs should also ensure that
        the IP address space they own and relevant contact information are securely
        maintained in appropriate up to date registries.
      typical_evidence: "MNO has a document explaining risks to BGP protocol and hijack\
        \ response procedures.\n\nMNO has a document containing the IP address space\
        \ and relevant contact information to be securely kept up to date. \n\nBGP\
        \ traffic captures show secure use of BGP protocol, and that the traffic is\
        \ properly protected."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-022
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-022
      description: MNOs should implement filtering of Autonomous System (AS) prefixes
        and paths, both received and advertised, to control how traffic is routed
        and to protect against bogus prefixes. This is described in RFC 7454.  MNOs
        could also implement security mechanisms where appropriate, such as a Generalised
        TTL Security Mechanism (GTSM) as described in RFC 5082, as well as Resource
        Public Key Infrastructure (RPKI), which add authentication to the routing
        system using digital signatures.
      typical_evidence: "All filtering rules on Autonomous System (AS) are documented.\n\
        \nAll the implemented Generalized TTL Security Mechanism (GTSM) authentication\
        \ mechanisms are documented.\n\nBGP traffic captures show secure use of BGP\
        \ protocol and proper traffic protection.\n\nSend samples of malicious messages\
        \ to the routing system and verify that \n- messages are dropped, \n- notification\
        \ is sent to the administrator,\n- event is logged, and\n- security filtering\
        \ rules are applied.\n\nVerify that the routing system does not change its\
        \ configuration due to receiving malicious messages."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-023
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-023
      description: 'Service based interfaces (SBIs) of all network functions support
        transport layer security (TLS) (unless other countermeasures are used, such
        as physical security for local services on a single site) as profiled in 3GPP
        technical specifications: 33.210, clause 6.2 and 33.310, clause 6.2a. TLS
        is used for mutual authentication with certificates as well as for integrity
        and confidentiality protection of messages. Cryptographic keys/certificates
        for TLS authentication are protected'
      typical_evidence: 'Verification of each network function for support of TLS
        (unless other countermeasures are used, such as physical security for local
        services on a single site) as profiled in 3GPP technical specifications: 33.210,
        clause 6.2 and 33.310, clause 6.2a. Verification can involve looking at product
        documentation and establishing test TLS connections to ensure that only protocol
        versions and cryptographic algorithms mandated by the profile are supported
        by the network function. Verification with a key management utility that the
        keys/certificates for TLS authentication are protected in the system keystore
        or similar tool (Java KeyStore, AWS KMS, etc.), in secure memory, or protected
        with hardware security tools such as TPMs/TEEs'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-024
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-024
      description: 'SEPP meets end-to-end security requirements listed in 3GPP TS
        33.501 for interconnection between networks '
      typical_evidence: Verification of SEPPs for compliance with 3GPP end-to-end
        security requirements. Verification can involve looking at product documentation
        detailing compliance with security requirements. Verification can also involve
        checking the packet captures on the SEPP to confirm that message elements
        at the application are confidentiality and/or integrity protected and no information
        about the internal network topology is contained in the packets
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-025
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-025
      description: gNB implements IPsec ESP and IKEv2 certificate based authentication.
        When physical security is not provided, DTLS or a similar protection mechanism,
        such as IPSec, is implemented for integrity, confidentiality, and replay protection
        of E1, F1-U, F1-C, N2, N3, and Xn interfaces. Cryptographic keys/certificates
        for IKEv2 authentication are protected
      typical_evidence: Verification that a secure IPsec ESP connection can be established
        after IKEv2 certificate-based authentication. Verification that a secure record
        layer connection can be established. Verification with a key management utility
        that the keys/certificates for IKEv2 authentication are protected in the system
        keystore or similar tool (Java KeyStore, AWS KMS, etc.), in secure memory,
        or protected with hardware security tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-026
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-026
      description: Transmission of data which needs protection uses industry standard
        network protocols with industry accepted algorithms. A protocol version without
        known vulnerabilities or a secure alternative protocol should be used
      typical_evidence: Packet captures show traffic is properly protected and insecure
        options are not accepted by the network products
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-027
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-027
      description: 'Communication between web client and web server is protected using
        TLS (unless other countermeasures, such as physical security for local services
        on a single site, are used) as profiled in Annex E of TS 33.310 with the following
        additional requirement: cipher suites with NULL encryption shall not be supported.
        Cryptographic keys/certificates for TLS authentication are protected'
      typical_evidence: Packet captures between the web client and the web server
        show the use of TLS (unless other countermeasures, such as physical security
        for local services on a single site, are used) and confirm that the protocol
        version/cryptographic algorithms mandated by the security profile are used.
        Verification with a key management utility that the keys/certificates for
        TLS authentication are protected in the system keystore or similar tool (Java
        KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware security
        tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-028
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-028
      description: DNS servers in the 3GPP network should support and use DNS over
        (D)TLS as specified in RFC 7858 and RFC 8310. Cryptographic keys/certificates
        for TLS authentication are protected
      typical_evidence: Packet captures at DNS servers in the core network confirm
        the use of TLS for protection of DNS requests and responses. Verification
        with a key management utility that the keys/certificates for TLS authentication
        are protected in the system keystore or similar tool (Java KeyStore, AWS KMS,
        etc.), in secure memory, or protected with hardware security tools such as
        TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-029
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-029
      description: Non-SBA interfaces internal to the 5G core (such as N4 and N9),
        as well as DIAMETER or GTP-based interfaces between the 5G Core and entities
        not part of the 5G System (such as Rx and N26) are protected with IPsec ESP
        and IKEv2 certificate-based authentication as specified in TS 33.510, cl.
        9.1.2, unless security is provided by other means, such as physical security.
        Cryptographic keys/certificates for IKEv2 authentication in NDS/IP are protected
      typical_evidence: Verification of packet captures on the interface under test
        confirms the use of IPsec for integrity, confidentiality, and replay protection.
        Verification with a key management utility that the keys/certificates for
        TLS authentication are protected in the system keystore or similar tool (Java
        KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware security
        tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-030
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-030
      description: Network should provide a mechanism for steering UEs to a preferred
        roamed-to network indicated by the HPLMN during and after registration in
        accordance with 3GPP technical specification 33.501, clause 6.14
      typical_evidence: Verify that a test UE can be steered to a preferred roamed-to
        network both during and after registration in a VPLMN. Verification can involve
        checking the system logs of the test UE for an updated preferred/forbidden
        PLMN list and checking the packet captures of the HPLMN UDM for Nudm_SDM_Info
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-031
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-031
      description: AMF state machines handling registration over 3GPP and non-3GPP
        access follow 3GPP technical specification 33.501, clause 6.8
      typical_evidence: System logs of the AMF confirm that transitions between RM-DEREGISTERED
        and RM-REGISTERED/CM-CONNECTED states during UE registration follow the guidelines
        listed in 3GPP technical specification 33.501, clause 6.8
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-032
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-032
      description: Network ensures that security is maintained during UE mobility
        in accordance with 3GPP technical specification 33.501, clause 6.9 and 6.11
      typical_evidence: Packet captures on the AMF as well as on the source and target
        gNBs confirm successful UE mobility and handover
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-033
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-033
      description: 'MNOs should ensure that UEs conceal the Subscription Permanent
        Identifier (SUPI) by using the ECIES profile A or B defined in 3GPP technical
        specification 33.501, clause 6.12 and Annex C. A null-scheme may be used in
        the following cases: (1) if the UE is making an unauthenticated emergency
        session and does not have a 5G-GUTI to the chosen PLMN, (2) if the home network
        has configured "null-scheme" to be used, or (3) if the home network has not
        provisioned the public key needed to generate a SUCI'
      typical_evidence: "Verify that the UDM correctly deconceals the Subscription\
        \ Concealed Identifier (SUCI) using the implementer\u2019s test data in Annex\
        \ C of 3GPP technical specification 33.501"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-034
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-034
      description: Isolation of distinct slices in the slice manager and restrictions
        on performing changes to parameters shared among slices belonging to different
        tenants
      typical_evidence: Verify that attempts to modify/change shared parameters from
        a slice are unsuccessful. Verify that attempts to decrypt/modify traffic intended
        for a different slice are unsuccessful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-035
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-035
      description: Each interface of a MANO entity should use TLS for API communication
        to ensure integrity protection, replay protection, and confidentiality. Cryptographic
        keys/certificates for TLS authentication are protected
      typical_evidence: Verification of TLS support for API communication by looking
        at packet captures and setting up test TLS connections. Verification with
        a key management utility that the keys/certificates for TLS authentication
        are protected in the system keystore or similar tool (Java KeyStore, AWS KMS,
        etc.), in secure memory, or protected with hardware security tools such as
        TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-036
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-036
      description: Control plane data between NFV hosts is sent over an authenticated
        and encrypted channel with standard protocols. Cryptographic keys/certificates
        for authentication are protected
      typical_evidence: Packet captures confirm the use of standard security protocols
        such as TLS for authentication and encryption of control plane data exchanged
        between hosts. Verification with a key management utility that the keys/certificates
        for TLS authentication are protected in the system keystore or similar tool
        (Java KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware
        security tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-037
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-037
      description: SDN controller should not allow conflicting flow rules
      typical_evidence: Verify that attempts to add a conflicting flow rule are rejected
        by the SDN controller
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-038
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-038
      description: APIs for the SDN controller and applications should be secured
      typical_evidence: Verify that access to APIs is only possible after authenticating
        with authorized accounts over encrypted channels. Verification involves checking
        the product documentation and executing test API calls
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-039
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-039
      description: Operating systems hardening
      typical_evidence: Diagnostic tools confirm that unused ports and services are
        disabled, firewall is activated, software packages are updated, and system
        monitoring tools have been activated
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-040
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-040
      description: Mutual authentication followed by confidentiality and integrity
        of messages on the Common API Framework (CAPIF) are ensured. Cryptographic
        keys/certificates for authentication are protected
      typical_evidence: Verify that API communication is protected with TLS by looking
        at packet captures and setting up test TLS connections. Verification with
        a key management utility that the keys/certificates for TLS authentication
        are protected in the system keystore or similar tool (Java KeyStore, AWS KMS,
        etc.), in secure memory, or protected with hardware security tools such as
        TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-041
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-041
      description: Virtualization platform or container infrastructure is hardened
        using vendor-provided guidelines
      typical_evidence: Verification of conformance to vendor provided guidelines
        by checking log files, configuration files, and automated tools
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-042
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-042
      description: VMs or containers in MEC are encrypted
      typical_evidence: Inspection of servers and storage containing VMs or containers
        confirm that the VMs or containers are encrypted
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-043
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-043
      description: MEC systems provide a secure environment for services of users,
        MNOs, third-party application providers, application developers, and platform
        vendors
      typical_evidence: Documentation of the MEC system contains a list of service
        isolation techniques implemented. Verify that attempts to access other services
        from within a service instance are unsuccessful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-044
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-044
      description: 'User plane data is integrity-protected '
      typical_evidence: Packet captures of the traffic between the RN and the DeNB
        confirm the use of the PDCP protocol for integrity protection
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-045
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-045
      description: End-to-end signaling security is used for DIAMETER signaling when
        physical security is not provided
      typical_evidence: Packet captures confirm that Diameter End-to-End Signaling
        (DESS), or a similar protection mechanism, is used to provide end-to-end security,
        unless physical security is provided
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-046
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-046
      description: Protections against ReVOLTE attacks are implemented
      typical_evidence: 'Depending on the mitigation implemented: i) packet captures
        at the eNodeB confirm that different radio bearer identities are used for
        subsequent calls even within the same radio connection, and/or ii) system
        logs of the eNB show that it has initiated an intra-cell handover to derive
        fresh keys for subsequent calls on the same radio connection, and/or iii)
        packet captures at the IMS access gateway confirm the use of SRTP for encryption
        and integrity protection of VoLTE calls'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-047
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-047
      description: Bidding down should be prevented by including the replayed security
        capabilities of the UE in the Security Mode Command sent from the MME
      typical_evidence: Verify that eliminating certain UE capabilities on the interface
        between the UE and MME results in a protocol continuation failure and the
        UE responds with a NAS Security Mode Reject message
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-048
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-048
      description: eNBs should have a secure environment for storage of sensitive
        data and execution of sensitive functions
      typical_evidence: Documentation of the eNB contains a list of mechanisms such
        as Trusted Execution Environment (TEE) used to protect storage of sensitive
        data and execution of sensitive functions. Diagnostic tools on the eNB confirm
        that the mechanisms are implemented, enabled, and used
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-049
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-049
      description: Protection against VM sprawl
      typical_evidence: Documentation of the hypervisor has a list of hardening techniques.
        Diagnostic tools confirm that hypervisor hardening techniques described in
        documentation are enabled
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-050
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-050
      description: SEAL-X1 interface between the SEAL key management server and the
        SEAL group management server is protected using HTTPS with TLS usage following
        the profile specified in clause 6.2a of  3GPP TS 33.310. Cryptographic keys/certificates
        for TLS authentication are protected
      typical_evidence: Verification that the SEAL key management server and the SEAL
        group management server support HTTPS with TLS as profiled in clause 6.2a
        of 3GPP TS 33.310. Verification can involve looking at product documentation
        and establishing test TLS connections to ensure that only protocol versions
        and cryptographic algorithms mandated by the profile are supported. Verification
        with a key management utility that the keys/certificates for TLS authentication
        are protected in the system keystore or similar tool (Java KeyStore, AWS KMS,
        etc.), in secure memory, or protected with hardware security tools such as
        TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-051
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-051
      description: SEAL-X2 interface between the SEAL location management server and
        the SEAL group management server is protected using HTTPS with TLS usage following
        the profile specified in clause 6.2a of  3GPP TS 33.310. Cryptographic keys/certificates
        for TLS authentication are protected
      typical_evidence: Verification that the SEAL location management server and
        the SEAL group management server support HTTPS with TLS as profiled in clause
        6.2a of 3GPP TS 33.310. Verification can involve looking at product documentation
        and establishing test TLS connections to ensure that only protocol versions
        and cryptographic algorithms mandated by the profile are supported. Verification
        with a key management utility that the keys/certificates for TLS authentication
        are protected in the system keystore or similar tool (Java KeyStore, AWS KMS,
        etc.), in secure memory, or protected with hardware security tools such as
        TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-052
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-052
      description: i) SEAL-UU interface between the SEAL server and the SEAL client,
        ii) KM-UU interface between SEAL key management server and SEAL key management
        client, and iii) IM-UU interface between SEAL identity management server and
        SEAL identity management client are protected either using i) HTTPS with TLS
        following the profile specified in clause 6.2a of  3GPP TS 33.310, or ii)
        CoAP with OSCORE as profiled in RFC 8613 or iii) CoAP with DTLS/TLS as profiled
        in clause 6.2a of  3GPP TS 33.310. Cryptographic keys/certificates for TLS/DTLS/OSCORE
        authentication are protected
      typical_evidence: Verification that the SEAL client, SEAL server, SEAL key management
        client, SEAL key management server, SEAL identity management client, and the
        SEAL identity management server either i) support HTTPS with TLS as profiled
        in clause 6.2a of 3GPP TS 33.310, or ii) CoAP  with OSCORE as profiled in
        RFC 8613 or iii) CoAP with DTLS/TLS as profiled in clause 6.2a of  3GPP TS
        33.310. Verification can involve looking at product documentation and establishing
        test DTLS, TLS, OSCORE connections to ensure that only protocol versions and
        cryptographic algorithms mandated by the respective profiles are supported.
        Verification with a key management utility that the keys/certificates for
        DTLS, TLS, and OSCORE authentication are protected in the system keystore
        or similar tool (Java KeyStore, AWS KMS, etc.), in secure memory, or protected
        with hardware security tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-053
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-053
      description: 'SEAL server authenticates and authorizes requests from VAL server
        using either i) Certificate based TLS authentication followed OAuth-based
        authorization following profiles in 3GPP technical specifications: 33.210,
        clause 6.2 and 33.310, clause 6.2a, or ii) CAPIF as specified in 3GPP technical
        specifications: 23.434 and TS 33.122, clause 6.5.2. Cryptographic keys/certificates
        for IKEv2, TLS, etc. authentication in NDS/IP are protected'
      typical_evidence: Verification that the SEAL server and the VAL server use TLS
        with OAuth or CAPIF for authentication and authorization following profiles
        in TS 33.210, TS 33.310, and TS 33.122. Verification can involve looking at
        product documentation and establishing test TLS or CAPIF connections to ensure
        that only protocol versions and cryptographic algorithms mandated by the 3GPP
        profiles are supported by the network function. Verification with a key management
        utility that the keys/certificates for IKEv2, TLS, etc. authentication are
        protected in the system keystore or similar tool (Java KeyStore, AWS KMS,
        etc.), in secure memory, or protected with hardware security tools such as
        TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-054
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-054
      description: SEAL-E interface between SEAL servers is protected with NDS/IP
        as specified in TS 33.210. Cryptographic keys/certificates for IKEv2, TLS,
        etc. authentication in NDS/IP are protected
      typical_evidence: Verification of packet captures on the SEAL server confirms
        the use of TLS, IPsec, etc. for integrity, confidentiality, and replay protection.
        Verification with a key management utility that the keys/certificates for
        IKEv2, TLS, etc. authentication are protected in the system keystore or similar
        tool (Java KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware
        security tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-055
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-055
      description: Transfer of key material from SKM server to SKM client over HTTP
        are protected with TLS  as profiled in clause 6.2a of 3GPP TS 33.310
      typical_evidence: Verification that the SKM server supports HTTPS with TLS as
        profiled in clause 6.2a of 3GPP TS 33.310. Verification can involve looking
        at product documentation and establishing test TLS connections to ensure that
        only protocol versions and cryptographic algorithms mandated by the profile
        are supported. Verification with a key management utility that the keys/certificates
        for TLS authentication are protected in the system keystore or similar tool
        (Java KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware
        security tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-056
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-056
      description: "For container: controls to enforce isolation: \n- Namespaces controls\
        \ what resources a container can see. The isolated resources include process\
        \ pids, filesystem mounts, network stack, user UIDs, etc.  \n- Cgroups ensures\
        \ that one container cannot consume more resources (cpu, memory, storage,\
        \ network) than its fair share.\n- Capabilities protects the container from\
        \ any malicious exploits that target services running without root privileges.\n\
        - Seccomp allows administrators to define system call security that must be\
        \ blocked during container runtime. Seccomp policies are defined using JSON\
        \ files."
      typical_evidence: "Use of testing and analysis tools to verify:\n- That containers\
        \ are executed as runtime processes within given namespaces.\n- That Cgroups\
        \ is used to control the different resources.\n- That an application running\
        \ within a container is executed only with the necessary capability.\n- That\
        \ Seccomp policies are defined using JSON files. \n- That the container during\
        \ its execution calls the Seccomp () system to execute a Berckeley Packet\
        \ Filter (bpf) program.\n\nSuch tools include:\n- To detect containers with\
        \ known vulnerabilities: free tools (Clair, ThreatMapper, Trivy), commercial\
        \ (Snyk, anchore, Aqua Security\u2019s MicroScanner, JFrog Xray, Qualys)\n\
        - To detect secrets in images: ggshield, SecretScanner\n- To detect misconfigurations\
        \ in Kubernetes: kubeaudit, kubesec.io, kube-bench\n- To detect misconfigurations\
        \ in Docker: inspec.io, dev-sec.io, Docker Bench for Security"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-057
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-057
      description: MNOs should follow recommendations and best practices from hardening
        guidelines, such as CIS benchmarks. In particular, on OSs, Docker, VMWARE,
        Kubernetes and cloud. They should follow the guidance in the CSA Security
        Guidance for Critical Areas of Focus in Cloud Computing.
      typical_evidence: "Verify that hardening guidelines are applied for the secure\
        \ configuration and deployment of NFV components. This could be achieved by\
        \ verifying a document containing technical description of the hardening controls\
        \ that have been implemented on the NFV. This document contains details of\
        \ whether the hardening controls are implemented by default, or if additional\
        \ actions (e.g. scripts or manually executed commands) are required. \n\n\
        Verify that hardening best practices (e.g. automation) are part of the MNOs\u2019\
        \ testing framework. This could be achieved by verifying a test report which\
        \ demonstrates that the hardening controls described in the technical description\
        \ document have been implemented."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-058
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-058
      description: "Ensure the presence of minimal security features within the firmware\
        \ (Low-level software components shipped with the hardware platform, including\
        \ UEFI and legacy BIOSes or hardware components embedded software).\nExample:\
        \ The firmware configuration interface provides the following features:\n\u2022\
        \tProtecting the access to the firmware configuration interface thanks to\
        \ a dedicated password\n\u2022\tLocking the boot sequence of the platform\
        \ thanks to a dedicated password\n\u2022\tEnabling and disabling input/output\
        \ interfaces (e.g. USB)\n\u2022\tConfiguring the boot order (the ordering\
        \ of the list of devices checked by the BIOS to boot an operating system)\n\
        \u2022\tReplacing default Secure Boot keys with custom keys generated by the\
        \ owner"
      typical_evidence: 'A document which contains all required security features
        provided by the firmware configuration interfaces.


        A tool or any other suitable testing means used to detect the security features
        within the firmware and validate that those features are activated.


        Validation that there are no security features apart from the ones that have
        been mentioned and deemed necessary for the operation of the product in the
        attached documentation.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-059
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-059
      description: "The VIM should be configured to ensure that VNFs of differing\
        \ trust levels are not deployed on the same physical host or blade, and that\
        \ VNFs requiring a \u2018hardware root of trust\u2019 cannot be installed\
        \ on a physical host or blade that does not fully support trusted boot (e.g.\
        \ Intel-TXT) and TPM."
      typical_evidence: "Document describing how to determine the trust level of VNFs.\n\
        \nDocument describing how to configure the VIM for VNFs segregation according\
        \ to trust levels.\n\nVerify that it is impossible to run two VNFs of differing\
        \ trust level on the same physical host.\n\nVerify that VNFs requiring a \u2018\
        hardware root of trust\u2019 cannot be installed on a physical host or blade\
        \ that does not fully support trusted boot (e.g. Intel-TXT) and TPM."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-060
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-060
      description: 'In the event of a VNF being attacked or compromised, it should
        be possible to isolate it from the production environment, and restore it
        to its state prior to the attack.

        It should also be possible to take a snapshot of the affected VNF to allow
        for security investigation and analysis.'
      typical_evidence: "Document describing the recovery mechanisms for NFVI, VNFs\
        \ and MANO in the event of a VNF being attacked/compromised, or of any unauthorized/accidental\
        \ service changes.\n\nDocument describing the configuration rollback mechanism,\
        \ VNF relocation/retirement rule. Operational guide from VNF vendor sets out\
        \ error logs/traps/notifications and troubleshooting.\n\nVerify that controls\
        \ for configuration rollback, recovery, and VNF relocation/retirement are\
        \ implemented within the NFV MANO. The tester can follow the following test\
        \ procedure:\n1. Run a configuration scan towards MANO interfaces using any\
        \ suitable command line tools or any other suitable means for verifying that\
        \ configured services are open/reachable, and comply with the configuration\
        \ documentation.\n2. Verify that configuration rollback, recovery, and VNF\
        \ relocation/retirement features are available in configuration files and\
        \ that they are enabled by default.\n3. Backup/snapshot VNF instance\n4. Inject\
        \ synthetic error such as storage space exhaustion, external network connectivity\
        \ failure, internal platform NFV platform connectivity failure, etc.\n5. For\
        \ each error, document VNF behavior and any error generation \n6. VNF should\
        \ recover from error condition once the cause of failure is removed\n7. Terminate\
        \ the VNF instance. VNF instances termination should release allocated resources\n\
        8. Load backup VNF instance file and spin a new VNF instance\n9. Connect to\
        \ VNF"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-061
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-061
      description: A high availability architecture is implemented for key SDN components
        (e.g. SDN Controllers) to ensure operational service is maintained. The design
        should include primary and secondary IP links with, where possible, diverse
        routing to prevent a single point of network failure.
      typical_evidence: 'Documentation is available containing the default SDN controller
        configuration.


        Verify that SDN controllers are designed and configured to support primary
        and secondary IP links. Verify that this feature is available in a configuration
        file, and that it is activated by default.


        Each interface of the network product is bound to two IP addresses within
        the SDN controller. Block the primary IP at the SDN controller and send a
        packet from the network product 1 to the network product 2 with the primary
        IP. Then, verify that the packet is correctly routed and received by the network
        product 2 (logged by the network traffic analyser) with the secondary IP.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-062
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-062
      description: The orchestration layer and SDN must be architected so that SDN
        networks and NFV environments are not operationally dependent on the orchestration
        or MANO layer to maintain operating services under circumstances that may
        render the orchestration platform unavailable.
      typical_evidence: 'Security architecture documentation confirms that SDN and
        NFV are operationally independent.


        Verify via tests that MANO layer can continue providing services while SDN
        is unavailable and vice versa:

        - Turn off SDN services and verify that requests sent to the MANO layer are
        correctly processed and that any running MANO service does not crash.

        - Turn off MANO services and verify that requests sent to the SDN are correctly
        processed and that any running SDN service does not crash.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-063
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-063
      description: 'For the security protection at the transport layer on NFV interfaces,
        TLS (TLSv1.3 is recommended) shall be supported.


        For the mutual authentication of the NFV components, NFV interfaces shall
        support mTLS via X.509v3 certificates. IETF RFC 5246 (TLS 1.2) and RFC 8446
        (TLS 1.3) shall be used. Both the client (e.g., VIM as API consumer) and the
        server (e.g., NFVI as API producer) require a certificate, and both sides
        authenticate each other using their public/private key pair.


        NFV interfaces shall support authorization using OAuth 2.0.


        For interfaces/APIs, not supporting TLS protocol, should support IPsec with
        IKEv2 certificated-based authentication.

        '
      typical_evidence: "Network product documentation containing information about\
        \ supported TLS, IPsec with IKEv2, OAuth protocols and certificates is provided\
        \ by the vendor. Verification by looking at product documentation to ensure\
        \ that only protocol versions and cryptographic algorithms mandated by the\
        \ profile are supported by the network function. \n\nTLS:\n- Check that compliance\
        \ with the TLS profile (in 3GPP technical specifications: 33.210, clause 6.2\
        \ and 33.310, clause 6.2a) can be inferred from detailed provisions in the\
        \ network product documentation.\n- Establish a secure connection between\
        \ a network product and a peer and verify that all TLS protocol versions and\
        \ combinations of cryptographic algorithms that are mandated by the TLS profile\
        \ are supported by the network product under test.\n- Try to establish a secure\
        \ connection between the network product under test and the peer and verify\
        \ that this is not possible when the peer only offers a feature, including\
        \ protocol version and combination of cryptographic algorithms, that is forbidden\
        \ by the TLS profile.\n\nIPsec:\n- Verify that a secure IPsec ESP connection\
        \ can be established after an IKEv2 certificate-based authentication. The\
        \ tester triggers communication between a network product and a test entity\
        \ that has a legitimate IKEv2 certificate-based authentication credential.\
        \ IPsec ESP connection between the network product and the entity with correct\
        \ credentials can be established.\n\nVerify that TLS or IPsec protocols are\
        \ used for communicating NFV interfaces. This can be confirmed by checking\
        \ packet captures or by setting up test connections.\n\nOAuth 2.0:\n- Verification\
        \ failure of mandatory claims in the access token: the network product under\
        \ the test rejects the NF service consumer\u2019s service request based on\
        \ Oauth 2.0 error response defined in RFC 6749.\n- Verification failure of\
        \ optional claims in the access token: if the network product under the test\
        \ understands these optional claims (list of S-NSSAIs, list of NSIs, NF Set\
        \ ID, additional scope), it rejects the NF service consumer\u2019s service\
        \ request based on Oauth 2.0 error response defined in RFC 6749.\n\nVerification\
        \ with a key management utility that the keys/certificates for TLS or IPsec\
        \ with IKEv2 authentication are protected in the system keystore or similar\
        \ tool (Java KeyStore, AWS KMS, etc.), in secure memory, or protected with\
        \ hardware security tools such as TPMs/TEEs."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-064
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-064
      description: For the security of MEC interfaces, IPsec for the N4 interface
        to protect the confidentiality and integrity of signaling data is implemented.
        The management interface provides a TLS channel for secure transmission, enabling
        data security on the management plane. The security deployment solution is
        provided to comprehensively protect MEC interfaces. For example, an IPsec
        gateway can be deployed on the N4/N3/N6/N9 interface for encrypted transmission
        of user data, and a firewall can be deployed on the MEC to defend against
        DDoS and other traffic attacks.
      typical_evidence: 'Verification of successful IPsec tunnel over N4/N3/N6/N9
        interfaces. Verification of packet captures on the interfaces under the test
        confirms the use of IPsec.


        Verification of successful TLS channel on the management plane. Verification
        of packet captures on the interface under the test confirms the use of TLS.


        Verification with a key management utility that the keys/certificates for
        TLS or IPsec authentication are protected in the system keystore or similar
        tool (Java KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware
        security tools such as HSMs.


        Diagnostic tools confirm that firewalls and gateways, if any, are activated.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-065
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-065
      description: 'Network products validate software package integrity during installation/upgrade
        via cryptographic means, e.g. a digital

        signature. A list of public keys or certificates of authorized software sources
        are provisioned to verify software origin. Tampered software is not executed
        or installed '
      typical_evidence: Log files of the update manager/utility (e.g. application/history
        logs) in the network product show that installation/upgrade operation of network
        product fails when using an invalid software package. Log files of the update
        manager/utility (e.g. application/history logs) in the network product show
        that installation/upgrade operation is successful when using a valid software
        package
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-066
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-066
      description: Regular and effective patch management. Ideally, applying patches
        is fully automated.
      typical_evidence: Check for presence of patch management tools notifying of
        patch releases. All patches, especially those to critical or sensitive network
        components or functions, are reviewed and subjected to security testing in
        controlled environment prior to deployment
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-067
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-067
      description: Regular and effective vulnerability management program that includes
        vulnerability assessments on initial deployment and subsequent periodic scans
        for deployed network components. Security scans should cover the whole NFV,
        and not just the network functions layer.
      typical_evidence: 'Verify that documented processes and tools are in place to
        track public and vendor/supplier databases of disclosed vulnerabilities. Verify
        via system logs and scan/test reports that vulnerability scanning tools are
        activated and periodic scans are performed for newly deployed network components,
        in particular for products supplied by suppliers considered to be high-risk.
        Verify that documented processes are in place for addressing vulnerabilities
        with temporary measures such as filtering traffic until a software patch is
        available and applied.


        Verify that all NFV and SDN nodes undergo regular automated security scans,
        which cover among others the whole operating system, virtualization layer,
        MANO and VNFs. Such verification activities include checking the output of
        scan results generated by vulnerability scanners and a list of discovered
        vulnerabilities/identified discrepancies.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-068
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-068
      description: Timely delivery and implementation of security patches to vulnerable
        components in accordance with industry best practices
      typical_evidence: MNO has documented and tested processes for timely delivery
        of security patches following industry best practices, including patch implementation
        according to specific timeframes and testing. There is evidence of these processes
        being reviewed and adjusted, where appropriate, including review logs, comments
        and previous versions.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-069
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-069
      description: Protect the integrity of the firmware code and data stored in flash
        memory. Modification of a firmware code should only result from a legitimate,
        signed update using robust cryptographic protocols. The installation of a
        signed update older than the version currently installed on the hardware platform
        shall be considered illegitimate by default (however, the platform owner should
        be able to disable this protection using the firmware configuration interface).
      typical_evidence: 'A document which contains information on the firmware access
        mechanism supported by the hardware platform, and on the memory devices from
        which the platform can boot.


        Verify that the hardware platform is configured to boot only from memory devices
        declared in the hardware platform document (and, for example, not from external
        memory, such as a USB key).

        Verify that it is not possible to access and modify the firmware of the hardware
        platform without successful authentication.


        A documented configuration process is in place for the hardware boot from
        memory devices, as declared in the hardware platform document.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-070
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-070
      description: MANO is kept in sync about a VNF application software modification.
        Such a modification may be performed without requiring termination of the
        VNF instance with the prior VNF application software version.
      typical_evidence: 'Verify that the information about a VNF instance stored in
        MANO is updated as a result of a VNF application software modification '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-071
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-071
      description: MNOs should implement a Coordinated Vulnerability Disclosure (CVD)
        program, in line with industry good practices, and communicate it clearly
        so that security researchers and ethical hackers know how to inform them about
        potential vulnerabilities.
      typical_evidence: Documentation and processes for vulnerability handling and
        patch management following a CVD program are in place. These processes include
        assessing a discovered vulnerability, developing patches and securely updating
        NFV components (manually or via an OTA).
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-072
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-072
      description: New or modified VNF service templates should be validated through
        a robust risk assessment to ensure that they adhere to specific security policies
        on interface security, security affinity/anti-affinity rules, NFV network
        zoning and application security.
      typical_evidence: 'Documentation of the risk assessment process on new or modified
        VNF service templates indicates that they adhere to security policies on interface
        security, security affinity/anti-affinity rules, NFV network zoning and application
        security.


        Verify via system logs and risk assessment reports that periodic risk assessments
        are performed for new or modified VNF service templates.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-073
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-073
      description: The NFVI should be updated without impacting the network functionality.
        The NFVI is kept up to date (including firmware), to minimise security issues.
        If possible, automatically update the NFVI to minimise the time that the fabric
        is at risk if an issue is found.
      typical_evidence: 'Log files of the update manager in the NFVI show that installation/upgrade
        operation fails when using an invalid software package. Log files of the update
        managerin the NFVI show that installation/upgrade operation is successful
        when using a valid software package.


        Verify using automatic testing tools that NFVI is successfully updated without
        impacting VNFs.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-074
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-074
      description: NF service providers ensure integrity of the access token by verifying
        signature using the NRF's public key or verifying a MAC when using shared
        keys. NF providers further validate the fields in the access token such as
        scope, expiration time, etc.
      typical_evidence: NF service provider rejects malformed access tokens with incorrect
        MACs or incorrect fields/values and sends an OAuth error response
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-075
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-075
      description: AUSFs should implement Nausf_SoRProtection service in accordance
        with 3GPP technical specification 33.501, clause 14.1
      typical_evidence: Verify that sending the SUPI, service name, requester ID etc.
        to the Nausf_SoRProtection service results in the service returning a SoR-MAC-IAUSF
        and CounterSoR or an error
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-076
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-076
      description: AUSFs should implement Nausf_UPUProtection service in accordance
        with 3GPP technical specification 33.501, clause 14.1
      typical_evidence: Verify that sending the SUPI, service name, UE Parameters
        Update Data. etc. to the Nausf_UPUProtection service results in the service
        returning a UPU-MAC-IAUSF and CounterUPU or an error
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-077
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-077
      description: SEPPs correctly replace information elements requiring encryption
        with the value "NULL" and create JSON patches with the encrypted values
      typical_evidence: 'Packet capture at the SEPP shows that information elements
        in the original message that require encryption according to the Data-type
        encryption policy are replaced with the value "NULL" '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-078
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-078
      description: SEPPs ensure that IEs requiring encryption are not inserted at
        a different location in the JSON object
      typical_evidence: Logs and packet captures of a SEPP confirm that an N32-f message
        is discarded if an encrypted IE in the message received has been moved to
        a cleartext IE
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-079
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-079
      description: Network products can boot only from the memory devices intended
        for this purpose
      typical_evidence: Verification with 'bootlist' or similar command line tools
        to confirm that the network product is configured to boot from memory devices
        declared in the network product documentation and it cannot boot from another
        memory device. Verification that access to the firmware is not possible without
        correct authentication
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-080
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-080
      description: Security mechanism to guarantee that only authorized individuals
        can initiate and deploy a software update, and modify the list cryptographic
        credentials used for verifying software sources
      typical_evidence: Verify that attempts to modify the list of cryptographic credentials
        used for verifying software sources are unsuccessful when logged in as a user
        without adequate privileges. Verify that attempts to install software packages
        are unsuccessful when logged in as a user without adequate privileges
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-081
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-081
      description: Integrity protection of data store used for VNF and CNF images.
      typical_evidence: Manual inspection of VNF and CNF images confirms that their
        integrity is protected with cryptographic tools such as a digital signature
        or a hash. Verify that VMs and Containers cannot be created with tampered
        images.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-082
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-082
      description: 'Host systems should implement Hardware-Based Root of Trust (HBRT)
        (e.g. TPM, HSM) which serves as the initial root of trust for sensitive virtualized
        components.


        HBRT ensures boot integrity by computing a measurement of system sensitive
        components such as platform firmware, BIOS, bootloader, OS kernel, and other
        system components that can be securely stored in and verified by HBRT during
        boot.


        To provide a trusted hardware platform, the hardware (blade servers) should
        support Intel TXT, SGX, AMD SEV or ARM Trustzone silicon-based security functionality
        implemented with a TPM that stores measurements of the entire hypervisor or
        CIS stack and boot process.'
      typical_evidence: 'Verify that documentation of the host system describes support
        for HBRT. Verify via a guest OS that HBRT can be used for attestation.


        Verify whether blade servers support a trusted HW platform (e.g. Intel TXT,
        SGX, AMD SEV or ARM Trustzone). For example, using any suitable command line
        tools.

        Tamper a BIOS or a file in the host OS kernel and restart the host. Then,
        check that the boot operation is verified by a trusted HW platform and fails
        when using a tampered BIOS or a file in the host OS kernel.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-083
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-083
      description: 'VNF package integrity is validated by NFVO upon its reception
        using the signature generated and provided by the VNF Provider.


        VNF package artifacts/configuration files that are separate from the VNF/CNF
        package itself containing sensitive information (e.g., LI VNFs, keys, PII,
        passwords or other critical configuration data) are protected from unauthorized
        disclosure.


        VNF package is to be successfully authenticated and verified during instantiation
        to the NFVI from the trust packages repository.'
      typical_evidence: "Verify that integrity of VNF packages is ensured with cryptographic\
        \ tools such as a digital signature or a hash during onboarding. \nVerify\
        \ that confidentiality of sensitive VNF package artifacts/configuration files\
        \ is ensured with cryptographic tools such as an encryption during onboarding.\
        \ \nVerify that VNF manager does not accept VNF packages if the integrity\
        \ checks fail during insanitation.\nVerify that sensitive VNF package artifacts/configuration\
        \ files can be decrypted before instantiation with the provided keys.\n\n\
        Verification (tests) steps:\n1. Review the documentation provided by the vendor\
        \ describing how VNF package integrity is verified;\n2. During VNF package\
        \ onboarding, the tester uploads a valid VNF package into a NFVO. The NFVO\
        \ verifies the integrity of the VNF package by validating the digital signature\
        \ of the VNF package using the certificate of VNF vendor according to the\
        \ documentation. During VNF instantiation, the VIM selects a VNF image with\
        \ a correct integrity protection value from the image repository to instantiate\
        \ the VNF image;\n3. During VNF package onboarding, the tester uploads an\
        \ invalid VNF package into an NFVO. The NFVO validates the digital signature\
        \ of the VNF package using the certificate of VNF vendor. During VNF instantiation,\
        \ the VIM selects a VNF image with an incorrect integrity protection value\
        \ from the image repository to instantiate the VNF image."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-084
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-084
      description: Integrity and confidentiality protection of configuration interfaces
        and configuration data stored in SDN controller
      typical_evidence: Verify that integrity of configuration data is ensured with
        cryptographic tools such as a digital signature or a hash. Verify that SDN
        controller does not accept configuration data from SDN applications over the
        application-control interface if the integrity checks fail. Verify via packet
        captures at the SDN controller that the communication between the SDN applications
        and the SDN controller is encrypted
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-085
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-085
      description: The MME protects the Security Mode Command message with the integrity
        algorithm which has the highest priority according to the ordered lists
      typical_evidence: MME system logs confirm that the MME has selected the integrity
        algorithm which has the highest priority according to the locally configured
        ordered lists and is also contained in the UE security capabilities
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-086
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-086
      description: MME releases any established non-emergency bearers when the authentication
        of UE fails
      typical_evidence: Check the system logs of the MME to confirm that when the
        UE sends a request for EPS emergency bearer services and UE authentication
        fails, the established non-emergency bearers are released by the MME
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-087
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-087
      description: NWDAF always determines a recent NF instance serving a UE before
        retrieving data related to it, unless, the NWDAF has already obtained this
        information due to recent operations related to this UE
      typical_evidence: Upon subscribing to analytics results for a test UE, the data
        retrieved from the NWDAF is from an NF which served the UE most recently.
        Verification includes inspecting timestams in the logs at various NFs that
        have served the test UE recently
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-088
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-088
      description: 'The HMEE (e.g. Intel TXT, Trusted Execution Environments (TEE)
        like GlobalPlatform TEE, Intel SGX) is to be used for executing sensitive
        functions within the VNF, such as LI and information elements marked as private
        (e.g., the SIDF de-concealing the SUPI from the SUCI). Utilizing an HMEE within
        the NFVI may solve the issue of Virtual Network Function (VNF) isolation,
        memory introspection, and confidentiality of data-in-use in both virtualized
        and containerized environments. '
      typical_evidence: Document describing the deployed hardware resources that have
        an HMEE enabled, and how they can be used.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-089
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-089
      description: 'A chain of trust (CoT) is established during the boot process
        of the NFVI. The chain is extended to include attestation of the VNF when
        it is first instantiated on top of the NFVI. After each step, the results
        of attestation and corresponding measurements are maintained by a verifier
        for subsequent access:

        1. Attestation of the Server / Hardware Resource, which will act as the attester
        for the OS

        2. Attestation of the OS

        3. Attestation of the Virtualisation Layer software

        4. The virtualisation layer software (e.g., hypervisor or container engine)
        measures the virtual instance and VNF software, and reports the results to
        the verifier

        5. The verifier validates the measurements against the attestation results
        from steps 1-4

        6. The NFVI begins to run the VNF

        If any step in the attestation process fails, the CoT cannot be expanded further
        and a recovery procedure should be activated to handle the failure.'
      typical_evidence: 'Document describing the attestation process to enable the
        software integrity state to be reported and verified in order to determine
        its trustworthiness.


        Verification of attestation evidence from NFVI is performed by a verifier
        external to NFVI to support remote attestation.


        Documented process on how to verify the attestation evidence by an external
        verifier. Further, the process includes the recovery process to handle attestation
        process failures.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12-090
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so12
      ref_id: SO12-090
      description: Critical MEC components (e.g. security end points and crypto functions)
        need to be implemented in HMEEs (Hardware Mediated Execution Environments)
        e.g. Intel SGX or ARM TrustZone.
      typical_evidence: 'Check a document describing secure services provided by trusted
        HW platforms, and how to use them to verify whether blade servers support
        a trusted HW platform (e.g. Intel TXT, SGX, AMD SEV or ARM Trustzone) for
        secure storage, root of trust and secure boot.


        Identification of tamper resistant modules installed in the system using any
        suitable command line tools, or any other suitable means of determination.


        Verify that the execution of cryptographic operations is configured to be
        based on a tamper resistant module, and that those operations use crypto materials
        provided by the tamper resistant module (e.g., random number, session keys,
        etc.). This verification can be carried out by the following test, among others:
        Establish a TLS/DTLS (profile defined in TS 33.310 and TS 33.210) or IPsec/IKE
        (profile defined in TS 33.210) secure connection and verify that all protocol
        versions and combinations of cryptographic algorithms that are mandated by
        the security profile are provided by the tamper resistant module.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M64
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M65
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M66
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M67
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M68
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M69
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      ref_id: SO13
      name: Use of encryption
      description: Ensure adequate use of encryption to prevent and/or minimise the
        impact of security incidents on users and on other networks and services
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-001
      description: 'NAS signaling should be confidentiality protected by the MME '
      typical_evidence: Packet captures confirm the encryption of the NAS signaling
        messages
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-002
      description: All NAS signaling messages except those explicitly listed in TS
        24.301 as exceptions should be integrity-protected
      typical_evidence: 'Packet captures confirm the integrity protection of the NAS
        signaling messages with one of the following algorithms: 128-NIA1, 128-NIA2,
        or 128-NIA3'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-003
      description: NAS NULL integrity with EIA0 is only used for emergency calls
      typical_evidence: Packet captures at the MME confirm that that the SECURITY
        MODE COMMAND message sent by the MME after successful UE authentication contains
        an algorithm different from EIA0 (except for emergency calls)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-004
      description: eNB ensures confidentiality and integrity protection of control
        plane data on X2-C and S1-MME interfaces
      typical_evidence: Packet captures confirm the use of IPsec on X2-C and S1-MME
        interfaces
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-005
      description: eNB ensures confidentiality and integrity protection of user plane
        packets between the Uu reference point and the S1/X2 reference points
      typical_evidence: Packet captures confirm that the transport of user data over
        S1-U and X2-U interfaces is integrity, confidentially and replay-protected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-006
      description: eNB protects the Security Mode Command message with the integrity
        and ciphering algorithms which have the highest priority according to the
        ordered lists
      typical_evidence: System logs of the eNB confirm that it has selected the integrity
        and ciphering algorithms which have the highest priority according to the
        locally configured ordered lists and which are also contained in the UE security
        capabilities
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-007
      description: eNBs verify RRC integrity
      typical_evidence: Verify that eNB rejects a RRC message sent with faulty or
        missing MAC-I
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-008
      description: AS NULL integrity with EIA0 is only used for emergency calls
      typical_evidence: Confirmation that the SECURITY MODE COMMAND message sent by
        the eNB after successful UE authentication contains an algorithm different
        from EIA0 (except for emergency calls)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-009
      description: NWDAF applies data masking on integration analysis of personal
        data
      typical_evidence: Verify that retrieving analytics results from the NWDAF after
        creating an account does not contain any personal data of UE's users such
        as the subscriber permanent identifier (SUPI)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-010
      description: 'The hypervisor and/or CIS supports the encryption granularity
        down to per VM or per Container.


        After the hypervisor/CIS has used the key to decrypt the workload, it shall
        delete any local copy of the key.'
      typical_evidence: 'A document describing the encryption/decryption mechanisms
        of VM or container workload and the secure destruction of cryptographic materials.


        Verify using testing tools that the workload is encrypted according to the
        documentation.


        Verify that the decryption process has been performed according to the documentation.


        Verify that the destruction process of the used cryptographic key(s) for encryption
        or decryption is applied. Verify that the used key is unavailable (e.g. zeroed).'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-011
      description: VM or container swap encryption (e.g. dm-crypt linux based tool)
      typical_evidence: 'A document containing the tools used for encrypting swapped
        VM or container and their configuration.


        Verification through a test machine (e.g. network traffic analyser) that a
        swapped VM or container to a hard disk is encrypted.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-012
      description: SIDF uses protection scheme indicator in the concealed identifier
        (SUCI) for determining which ECIES profile should be used for resolving the
        SUCI to the SUPI
      typical_evidence: SUPI available from SUCI resolution at the SIDF matches the
        SUPI of the UE
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-013
      description: 'Certificates for mutual authentication of network functions follow
        the profiles given in 3GPP technical specifications: 33.310 and 33.501'
      typical_evidence: Verification of all client and server certificates indicates
        their compliance with the 3GPP profiles given in TS 33.310 and 33.501. Verification
        can involve manual inspection of certificates or automated tools, if available
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-014
      description: AMFs protect signaling messages with ciphering and integrity protection
        of NAS signaling messages using appropriate algorithms such as 128-NEA1 128-NIA1
        standardized in 3GPP TS 33.501
      typical_evidence: Packet captures of NAS SMC procedure taking place between
        UE and AMF demonstrate integrity protection, replay protection, and encryption
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-015
      description: 'AMFs reject registration request messages containing invalid or
        unacceptable UE security capabilities. For example: UE security capabilities
        message containing no integrity algorithms'
      typical_evidence: Sending invalid/unacceptable UE security capabilities such
        as those with no 5GS encryption algorithms (all bits zero), no 5GS integrity
        algorithms (all bits zero), mandatory 5GS encryption algorithms not supported
        or mandatory 5GS integrity algorithms not supported are rejected by the AMF
        and their rejection is captured in its access logs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-016
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-016
      description: Protect application layer messages on the N32 interface of SEPPs
        in different PLMN
      typical_evidence: SEPP documentation and system logs confirm the use of PRINS
        (PRotocol for N32 Interconnect Security) for protecting application layer
        messages on the N32 interface of SEPPs when there are IPX entities between
        SEPPs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-017
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-017
      description: SEPPs follow the JWS profile defined in 3GPP TS 33.210
      typical_evidence: Logs of the SEPP show that sending an N32-f message with a
        JWS not following the 3GPP TS 33.210 profile is rejected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-018
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-018
      description: SEPPs only use the ES256 algorithm with IPX entities
      typical_evidence: Review of the network product documentation shows that SEPP
        only supports the JWS ES256 algorithm for use with IPX entities
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-019
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-019
      description: gNB implements ciphering algorithms NEA0, 128-NEA1, 128-NEA2, 128-NEA3
        for ciphering of RRC signaling
      typical_evidence: Packet captures show that control plane packets sent to the
        UE after the gNB sends AS Security Mode Command (SMC) are ciphered
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-020
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-020
      description: gNB implements NIA0, 128-NIA1, 128-NIA2, 128-NIA3 algorithms with
        NIA0 disabled unless necessary by regulatory requirements for integrity and
        replay protection of RRC signaling
      typical_evidence: Packet captures show that control plane packets sent/received
        to/from the UE are integrity protected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-021
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-021
      description: gNBs refresh keys KgNB, KRRC-enc, KRRC-int, KUP-int, and KUP-enc
        when the PDCP COUNT value is about to be re-used with the same Radio Bearer
        identity and with the same KgNB
      typical_evidence: 'gNB system logs and packet captures on the gNB confirm that
        it performs KgNB refresh when PDCP COUNTs are about to wrap around because
        of RRC or UP messages with increasing PDCP COUNT from the UE '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-022
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-022
      description: 'In dual connectivity, a secondary node (SN) asks the master node
        (MN) to derive a fresh KSN when PDCP COUNT values are about to wrap around.
        While adding subsequent radio bearer(s) to the same SN, the MN assigns a new
        radio bearer identity that has not previously been used for the current KSN.
        If the MN cannot allocate an unused identity due to radio bearer identity
        space exhaustion, the MN shall increment the SN Counter and compute a fresh
        KSN which it then updates with SN modification procedure '
      typical_evidence: 'gNB system logs and packet captures on a gNB acting as an
        MN show that it performs KSN update and sends it to the SN via the SN Modification
        Request when DRB-IDs are about to be reused '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-023
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-023
      description: IAB donor should support confidentiality, integrity, and replay
        protection of RRC-signalling between the IAB donor and the IAB-node (IAB-UE)
      typical_evidence: Packet captures at the IAB donor confirm integrity, confidentiality,
        and replay protection of RRC-signalling
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-024
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-024
      description: Slice management interface messages have replay protection, integrity
        protection, and confidentiality
      typical_evidence: Verify that standard security protocols such as TLS which
        provide integrity, confidentiality, and replay protection are used for communicating
        with the slice management interfaces. This can be confirmed by checking packet
        captures or by setting up test connections
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-025
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-025
      description: Supervision and performance reporting of a Network Slice Instance
        (NSI) should at least be integrity protected and may additionally be confidentiality
        protected
      typical_evidence: Verify that standard security protocols such as TLS which
        provide integrity, confidentiality, and replay protection are used for communicating
        supervising and performance reporting of NSIs. This can be confirmed by checking
        packet captures or by setting up test connections
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-026
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-026
      description: Network slice subnet template (NSST) should be confidentiality
        protected
      typical_evidence: Inspection of the encrypted network slice subnet template
        does not reveal configuration and topology information. Verification that
        network slice subnet template can only be used after decryption with appropriate
        credentials
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-027
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-027
      description: Negotiation of slice characteristics such as bandwidth, latency,
        and reliability between a communication service customer and an MNO should
        have replay, integrity, and confidentiality protection with TLS. Version 1.2
        or 1.3 of TLS are recommended. Cryptographic keys/certificates for TLS authentication
        are protected
      typical_evidence: Verify by successfully setting up test connections with slice
        management interface and negotiating different slice characteristics via TLS.
        Verification with a key management utility that the keys/certificates for
        TLS authentication are protected in the system keystore or similar tool (Java
        KeyStore, AWS KMS, etc.), in secure memory, or protected with hardware security
        tools such as TPMs/TEEs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-028
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-028
      description: Interconnect traffic between data centers should be authenticated
        and encrypted
      typical_evidence: Check documentation of SDN controller/switches, business agreements,
        and packet captures for use of L1 and/or L2 encryption techniques such as
        MACsec
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-029
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-029
      description: Configuration and user profile data sent from the VAL server in
        the network to a VAL UE is integrity, confidentiality, and replay protected
      typical_evidence: Packet captures at the VAL server confirm that protocol such
        as TLS which provide encryption, integrity protection, and replay protection
        are used from sending configuration and user profile data
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-030
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-030
      description: Control and user plane EMSDP messages between the HSE and BEST
        UE are integrity protected protected with algorithms such as 128-NIA1, 128-NIA2
        or 128-NIA3
      typical_evidence: Packet captures at the HSE show that control and user plane
        packets between HSE and BEST UE are integrity protected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-031
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-031
      description: Control and user plane EMSDP messages between the HSE and BEST
        UE are confidentiality protected protected with algorithms such as 128-NEA1,
        128-NEA2 or 128-NEA3
      typical_evidence: Packet captures at the HSE show that control and user plane
        packets between HSE and BEST UE are ciphered
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-032
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-032
      description: Support for NIA0 integrity protection is disabled in AMF unless
        support for unauthenticated emergency session is a regulatory requirement
      typical_evidence: 'NAS Security Mode Command message to the UE containing the
        selected NAS algorithms does not include NIA0 if it is disabled '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-033
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-033
      description: During the handover, if the AMF changes, the target AMF selects
        the NAS algorithm with the highest priority in the ordered list of the UE
        security capabilities
      typical_evidence: Packet capture of the NGAP HANDOVER REQUEST message sent by
        the target AMF to the gNB includes the algorithm with the highest priority
        of the target AMF and not the highest priority in the ordered list received
        from the source AMF
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-034
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-034
      description: gNB verify RRC and user plane integrity
      typical_evidence: gNB system logs show that gNB rejects a RRC message or a PDCP
        PDU sent with faulty or missing MAC-I
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-035
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-035
      description: gNB activates ciphering of user data based on security policy sent
        by the SMF
      typical_evidence: Packet captures show that user plane packets sent to the UE
        after the gNB sends RRCConnectionReconfiguration are confidentiality protected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-036
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-036
      description: gNB ensures integrity of user data based on security policy sent
        by the SMF
      typical_evidence: Packet captures show that user plane packets sent between
        UE and gNB over the NG RAN air interface after gNB sends RRCConnectionReconfiguration
        are integrity protected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13-037
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so13
      ref_id: SO13-037
      description: gNB selects the ciphering and integrity algorithm with the highest
        priority from the UE's 5G security capabilities and locally configured list
        of algorithms
      typical_evidence: Packet captures at the gNB show that the AS Security Mode
        Command message includes the chosen algorithm with the highest priority according
        to the ordered lists locally configured and contained in the UE 5G security
        capabilities
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M70
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M71
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M72
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M73
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M74
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d3
      ref_id: SO14
      name: Protection of security critical data
      description: Ensure that cryptographic key material and secret authentication
        information are adequately protected
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-001
      description: Protect the Home Network private key from physical attacks in the
        UDM
      typical_evidence: UDM documentation lists mechanisms for protection of private
        key from physical attacks. Verification with a key management utility that
        the home network private key in the UDM is protected in the system keystore.
        If hardware security tools such as TEEs are used, then the system logs of
        the UDM show that sending a test SUCI to the TEE inside the UDM results in
        the correct mapping to SUPI
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-002
      description: The algorithm for subscriber privacy (SUCI to SUPI mapping) is
        executed in the secure environment of the UDM
      typical_evidence: UDM documentation lists mechanisms for protection of the algorithm
        for mapping concealed identity to permanent identity. If hardware security
        tools such as TEEs are used, then the system logs of the UDM show that sending
        a test SUCI to the TEE inside UDM results in the correct mapping to SUPI
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-003
      description: UDM logs the authentication status and timestamp of subscriber
        authentication, in particular when the subscriber is in a visited network
      typical_evidence: Logs of the UDM show the status and timestamp of subscriber
        authentication
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-004
      description: 'Subscription permanent identifier (SUPI) is encrypted to derive
        the Subscription Concealed Identifier (SUCI) using a non-null protection scheme
        by default. A null-scheme may be used in the following cases: (1) if the UE
        is making an unauthenticated emergency session and does not have a 5G-GUTI
        to the chosen PLMN, (2) if the home network has configured "null-scheme" to
        be used, or (3) if the home network has not provisioned the public key needed
        to generate a SUCI'
      typical_evidence: Verification of UE authentication confirms that SUPI is not
        transmitted in clear text. Inspection of the protection scheme in the SUCI
        confirms a non-null protection scheme was used or one of the special conditions
        for using a null-scheme is met
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-005
      description: 'Key hierarchy defined in technical specification 33.501, clause
        6.2 and Annex A is followed for deriving and distributing keys KAUSF, KSEAF,
        KAMF, KgNB, and KN3IWF '
      typical_evidence: After a test UE device has successfully authenticated and
        registered, debug tools on the test UE and network nodes AUSF/SEAF/AMF/gNB/N3IWF
        confirm that the keys in the network nodes are identical to the ones derived
        by the UE
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-006
      description: Security of the User ID and credentials used for slice specific
        authorization and authentication is ensured during transfer and network storage
      typical_evidence: 'Verification that User ID and credentials used for slice
        specific authorization and authentication are protected with the use of password
        salting, database encryption, etc. Packet captures show that secure protocols
        such as TLS are used for slice specific authorization and authentication. '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-007
      description: Secure transfer of UICC (or eUICC) credentials from the UICC manufacturer
      typical_evidence: MNO has documented processes and tools in place to manage
        the security of UICC credentials transferred from the UICC manufacturer to
        the MNO. Process documentation confirms adherence to industry best practices
        such as those defined in GSMA FS.28
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-008
      description: SEPPs clearly differentiate between certificates used for authentication
        of peer SEPPs and certificates used for authentication of intermediates performing
        message modifications
      typical_evidence: Verification that the SEPPs don't accept N32-c TLS connections
        if raw public keys/certificates are used. Verification that SEPPs don't accept
        N32-f JSON patches signed with raw public keys/certificates of peer SEPPs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-009
      description: AKMA Application Key (KAF) has a maximum lifetime
      typical_evidence: Verify that the Naanf_AKMA_ApplicationKey_Get response message
        from the AAnF to the AF contains the KAF lifetime. Verify via AF logs that
        a KAF cannot be used for AKMA authentication after its lifetime has expired
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-010
      description: 'SDN controller and NFV Security Manager (NSM) should have a key
        and certificate management system which includes key generation, storage,
        deletion and cryptographic processing.  '
      typical_evidence: Verify that system documentation outlines an API for key management.
        Making API calls to create, store, delete keys/certificates confirms support
        for key management
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-011
      description: 'The hypervisor and/or CIS supports an external key management.
        Interface with the key management system is done through a standardized protocol.
        At least Key Management Interoperability Protocol (KMIP) as defined by OASIS
        KMIP SPEC should be supported. The key management system uses a tamper resistant
        module, such as HSM. The tamper-resistant module storing the key(s) shall
        be certified e.g. Common Criteria, FIPS 140-2 Level 3.   '
      typical_evidence: 'A document describing the supported KMIP and how to use it
        securely.

        Verify that the implemented protocol is robust against unexpected input.

        Verify that the execution of this protocol is based on tamper resistant modules
        such as HSMs. Verify that the protocol is using crypto materials provided
        by the tamper resistant module (e.g. random number, session keys, etc.)'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-012
      description: "In NFV, the components to employ certificates include:\n\u2022\
        \tNFV should employ certificates which can be used for images signing and\
        \ verification during onboarding and registration.\n\u2022\tMANO and VNFs\
        \ should employ certificates which can be used in order to establish secure\
        \ connections between them.\n\u2022\tNFVO employs certificates in order to\
        \ establish secure management connections with VIM and VNFM. \n\u2022\tNFVI\
        \ employs certificate(s) in order to establish secure connections with MANO\
        \ interfaces.\n\nThe certificate policy should be consistent with the Internet\
        \ X.509 Certificate Policy and Certification Practices Framework as defined\
        \ in IETF RFC 3647.\n\nCertificates are continuously monitored, with the ability\
        \ to generate audits and keep on top of expirations and renewals to avoid\
        \ any disruption in NFV services."
      typical_evidence: "MNO has a documented certification management process for\
        \ distributing Public Key Certificates (PKC) to authenticate, authorize, and\
        \ encrypt links between NFV components.\n\nVerify that a Certificate Policy\
        \ is developed and documented by MNOs in accordance with their regional and\
        \ national requirements. \n\nVerify that a documented renewal procedure (preferably\
        \ automatic) of certificates prior to their expiration is in place. "
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-013
      description: 'Any vendor default (e.g. self-signed) certificates should be removed
        and replaced with MNO generated certificates for NFV.

        Each MNO should develop a certificate policy in accordance with their regional
        and national requirements as described in ETSI GR NFV-SEC 005.

        Certificate Management Protocol version 2 (CMPv2) as specified in IETF RFC
        4210 and 4211 could be used by NFV to obtain MNO-signed certificates.

        The handling of certificates, including certificate profiles, may follow the
        rules defined in 3GPP TS 33.310.'
      typical_evidence: "Documented certificate management policy shows how vendor\
        \ default certificates are removed and replaced by those of MNO. \n\nCertificate\
        \ management policy contains rules on management of the life cycle of a certificate.\n\
        \nDocumentation containing CMP profiles that specifies clearly which options\
        \ and features of CMP are used and how.\n\nTests via auditing tools show that\
        \ the network product does not support vendor default certificates during\
        \ deployment.\n\nEstablish a CMPv2 connection between network products and\
        \ certificate authority (CA) / registration authority (RA) by sending to the\
        \ tester machine requests for generating, renewing, revoking and removing\
        \ certificates as specified in 3GPP TS 33.310, IETF RFC 4210 and 4211. Verify\
        \ that CMP protocol versions and combinations of algorithms that are mandated\
        \ by the CMP profile are supported.\n\nVerification with a key management\
        \ utility that the keys/certificates are protected with hardware security\
        \ devices, such as hardware security modules (HSMs)."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-014
      description: Predefined or default accounts are deleted or disabled
      typical_evidence: Access logs of the network product confirm that login attempts
        with predefined accounts are unsuccessful
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so14
      ref_id: SO14-015
      description: 'Password change is only possible if documented password complexity
        criteria is met. Password change is enforced after initial login. Users can
        change password at any time. Captcha''s and timers are used to prevent repeated
        login attempts. Accounts are blocked after a certain number of failed attempts.
        Passwords are hidden, for example, by replacing individual characters with
        *


        Before deploying any new network functions, all default passwords must be
        changed to have values consistent with administrative level accounts. '
      typical_evidence: Documented password policy with requirements on complexity
        and change frequency, means of protection against brute force/dictionary attacks,
        and means for hiding password display in clear
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M75
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M76
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M77
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M78
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M79
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d4
      assessable: false
      depth: 1
      ref_id: D4
      name: OPERATIONS MANAGEMENT
      description: D4 covers operational procedures, change management and asset management
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d4
      ref_id: SO15
      name: Operational procedures
      description: Establish and maintain operational procedures for the operation
        of critical network and information systems by personnel
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-001
      description: Map and analyze resource requirements for end-to-end 5G network
        lifecycle. Such analysis should identify critical dependencies that may impact
        availability or continuity of 5G network service as well as corresponding
        mitigation measures
      typical_evidence: Documented evidence of detailed mapping and analysis of resource
        infrastructure requirements and associated performance requirements. This
        mapping and analysis exercise is based on the requirements in standards such
        as 3GPP 33.501 and 23.501 as well as other corporate/service-level security
        requirements. MNO has documented up-to-date operational procedures which are
        proactively tested for mitigating or reducing service disruption when critical
        dependencies have outages. Test results are documented.
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-002
      description: Adequate resource capability delivery management process should
        be ensured
      typical_evidence: MNO has documented processes in place to manage the provisioning,
        implementation, commissioning, and roll-out of new resource capabilities.
        These documented processes include management of suppliers/partners
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-003
      description: Adequate processes to support resource trouble management
      typical_evidence: MNO has documented processes for resource trouble management,
        such as statistically driven preventive maintenance
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-004
      description: Security management processes should be used for operational deployment
        considerations
      typical_evidence: Verify that documented operational procedures across the company,
        including division of responsibilities and monitoring capabilities, are guided
        by security management principles of prevention, monitoring, detection, analysis
        and incident management
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-005
      description: 'Network product only runs protocols and services which are needed
        for its operation, and which do not have any known security vulnerabilities.
        By default: FTP, TFTP, telnet, SNMP v1 and v2, rlogin, RCP, RSH, SSHv1, finger,
        HTTP, BOOTP,  discovery protocols (LLDP, CDP), Identd, PAD, MOP, and TCP/UDP
        small servers (Echo, Chargen, Discard and Daytime) are disabled except if
        services are needed during deployment (in which case, those services are disabled
        after deployment)'
      typical_evidence: List of protocols/services in the network product documentation
        that are necessary for correct operation of the network product. Verifying
        that the list of protocols/services in the network product documentation match
        with the list of protocols/services returned by tools for enumerating protocols/services
        (such as nmap)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-006
      description: 'Kernel based network functions not needed for the operation of
        the network element should be deactivated. Kernel functions such as IP packet
        forwarding, proxy ARP, gratuitous ARP, IPv4 multicast handling, and directed
        broadcast are deactivated unless needed in certain deployments '
      typical_evidence: 'Verification method: After connecting two hosts to the two
        interfaces of the network product, it is confirmed that i) an IP packet from
        Host 1 on subnet A destined for Host 2 on subnet B with the network product
        configured as a default gateway is logged but not forwarded by the network
        product, ii) an ARP request from Host 1 on subnet A to discover the MAC of
        Host 2 on subnet B does not result in an ARP reply from the network product
        to Host 1 with its own MAC address, iii) an IP packet from Host 1 whose IP
        destination address is a valid broadcast address belonging to the subnet B
        is dropped by the network product rather than being broadcast, iv) system
        commands confirm that none of the network product''s interface is running
        multicast, v) a gratuitous ARP request from Host 1 is received by the network
        product but discarded without updating the ARP cache (unless gratuitous ARP
        is necessary for a deployment scenario). The fact that kernel based network
        functions are disabled is also confirmed in the configuration files'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-007
      description: Network products should not automatically launch any application
        when removable media device such as CD-, DVD-, USB-Sticks or USB-storage drives
        are connected. If the operating system of the network product supports an
        automatic launch, it should be deactivated unless it is needed for availability
        requirements
      typical_evidence: 'Verify that after logging in to a network product and inserting
        removable media devices (CD-, DVD-, USB-Sticks and/or USB-Storage drives)
        no applications open the contents of the removable media device '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-008
      description: Directory listings (indexing)/Directory browsing is deactivated
        in all web server components
      typical_evidence: Using automated tools demonstrates that directory listing/browsing
        has been deactivated in all web server components
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-009
      description: HTTP header does not include information about the version of the
        web server and the modules/add-ons used
      typical_evidence: Automatic assessment tool shows that HTTP headers do not include
        information on the version of the web server or the modules/add-ons used
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-010
      description: User-defined error pages should not include version information
        about the web server and the modules/add-ons used. Error messages should not
        information such as internal server names, error codes, etc. Default error
        pages of the web server should be replaced by error pages defined by the vendor
      typical_evidence: Automatic assessment tools show that generated error pages
        and error messages do not include information about the web server
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-011
      description: File type- or script-mappings that are not required should be deleted,
        e.g. php, phtml, js, sh, csh, bin, exe, pl, vbe, vbs
      typical_evidence: Automatic assessment tools confirm that file type- or script-mappings
        which are not required have been deleted
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-012
      description: Restrictive access rights are assigned to all files which are directly
        or indirectly (e.g. via links or in virtual directories) in the web server's
        document directory. A web server should not have access to files which are
        not meant to be delivered
      typical_evidence: Verification that the servable content of a web server is
        owned by the user that runs the web server and the files are not writable
        for others. Verification that the user running the web server is an unprivileged
        account and, in case of operating systems that have chrooted environments,
        the web server runs inside a jail/chrooted environment
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-013
      description: If CGI or other scripting technology is used, only the scripting
        directory should have execute rights. Other directories used or meant for
        web content should not have execute rights
      typical_evidence: Verification that only the scripting directory has execute
        permissions in the web server. Verification of only operating system permissions
        may not be sufficient and may require also examining the configuration files
        of the web server
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-014
      description: Web server process should not run with system privileges. Even
        if the web server process is started by a user with system privileges, execution
        should be transferred to a different user without system privileges after
        the start
      typical_evidence: Automatic assessment tools confirm that no web server processes
        run with system privileges, even if these processes have been started by a
        user with system privileges
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-015
      description: HTTP methods not required should be deactivated. Standard requests
        to web servers should only use GET, HEAD, and POST. If other methods are required,
        they should not introduce security leaks such as TRACK or TRACE
      typical_evidence: Verification of system settings and configurations of all
        web components confirms that unneeded HTTP methods are deactivated
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-016
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-016
      description: All optional add-ons and components of the web server which are
        not needed should be deactivated. In particular, components such as CGI or
        other scripting components, Server Side Includes (SSI), and WebDAV shall be
        deactivated if they are not required
      typical_evidence: ' Verification with automated tools and/or manual inspection
        of configuration files confirms that, firstly, the web server is only running
        and listening on known ports and, secondly, that CGI or other scripting components,
        Server Side Includes (SSI), and WebDAV are deactivated unless they are required'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-017
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-017
      description: If CGI (Common Gateway Interface) or other scripting technologies
        (including PERL, PHP, and others) are used, the scripting directory should
        not include compilers or interpreters
      typical_evidence: Inspection of the directory/directories used for CGI or other
        scripting tools confirms that the scripting directory/directories include
        no compilers or interpreters (e.g., PERL interpreter, PHP interpreter/compiler,
        Tcl interpreter/compiler or operating system shells)
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-018
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-018
      description: If CGI or other scripting technology is used, the associated CGI/script
        directory shall not be used for uploads
      typical_evidence: Verification of the web server configuration files confirms
        that the upload directory is configured to be different from the CGI/scripting
        directory
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-019
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-019
      description: If Server Side Includes (SSI) is active, the execution of system
        commands should be deactivated
      typical_evidence: Verification of the web server configuration shows that parameters
        such as NOEXEC (APACHE) or ssiExecDisable (IIS) are set to ensure that system
        command execution is deactivated
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-020
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-020
      description: Access rights for web server configuration files are only granted
        to the owner of the web server process or to a user with system privileges
      typical_evidence: Verification of the access rights settings for web server
        system configuration files  confirms that access is only granted to the owner
        of the web server process or to a user with system privileges
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-021
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-021
      description: Default content (examples, help files, documentation, aliases)
        provided with the standard installation of the web server should be removed
      typical_evidence: Verification that all default content (examples, help files,
        documentation, aliases) provided with the standard installation of the web
        server have been removed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-022
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-022
      description: Network products should support physical or logical separation
        of traffic belonging to different network domains. For example, O&M traffic
        and control plane traffic belong to different network domains and must be
        separated
      typical_evidence: If a network product handles traffic from different network
        domains, then packet-forwarding tests confirm that the network product refuses
        traffic intended for one network domain on all interfaces meant for other
        network domains, and vice versa
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-023
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-023
      description: "VNFs should synchronize with trusted time sources. \n\nThe hardware\
        \ layer shall maintain a suitably accurate clock within the NIC for timestamping\
        \ to be read as a time source by VNFs, either directly or through a function\
        \ abstracted in the hypervisor.\n\nWhere supported, at least two different\
        \ time sources are used from which all servers and network functions retrieve\
        \ time information on a regular basis, so that the timestamps in logs are\
        \ consistent. \n\nNetwork Providers shall install NICs that support time distribution\
        \ using an appropriate technology such as PTP. If PTP is used, then the NICs\
        \ shall utilize technology based on IEEE 1588TM Precision Time Protocol (PTP)\
        \ or the derivative IEEE 802.1ASTM (gPTP)."
      typical_evidence: 'Check that time synchronization sources such as NTP servers
        used by VNFs are reliable and trusted. This can be verified by checking documentation
        and configuration.


        Verify that at least two synchronized time sources across the hardware layer
        of NFV are configured, where supported. Verification could be carried out
        by:

        - Using the network traffic analyser, the tester verifies that the timestamp
        is received by the VNF from the configured synchronized time sources.

        - Reading and analysing the logged recorded timestamps by the VNF.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-024
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-024
      description: Proper maintenance of equipment in data centers
      typical_evidence: Documented policy / processes for carrying out periodic maintenance
        at supplier recommended intervals show that only authorized personnel are
        allowed to perform repairs/maintenance
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-025
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-025
      description: Network products should use secure firmware images
      typical_evidence: Verification of the firmware images confirms that they are
        secured with cryptographic tools such as digital signatures. Verification
        of the network product confirms that automated tools for downloading, scheduling,
        and installing firmware images are installed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-026
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-026
      description: MNO correctly manages the design of any improvements or changes
        to the operational support processes for new resource capabilities and infrastructure
      typical_evidence: 'Documented evidence that a network product and its compliance
        reports and accreditation status are evaluated in light of internal policies
        when improving or changing operational support processes '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-027
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-027
      description: Ensure that relevant requirements are met and prerequisites are
        in place before new resource infrastructure is deployed and handed over to
        operations
      typical_evidence: MNO has documented processes in place to take into use new
        resource infrastructure. These documented processes include checks to ensure
        that the resource requirements are met and other prerequisites are satisfied
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-028
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-028
      description: Resource specifications for 5G components should be developed
      typical_evidence: MNO has documented processes to define and document technical,
        performance, and operational specifications for components
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-029
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-029
      description: Adequate processes for resource provisioning should be in place
      typical_evidence: MNO has documented processes for i) creation and deployment
        of support tools for resource deployment, ii) scheduling, management, and
        monitoring of the new infrastructure roll-out, and iii) monitoring of newly
        deployed infrastructure to provide early detection of potential shortfalls
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-030
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-030
      description: Adequate processes to support resource performance management
      typical_evidence: MNO has documented processes to monitor and assess resource
        infrastructure performance
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15-031
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so15
      ref_id: SO15-031
      description: "The number of allowed processes and resources within a VM or container\
        \ is precisely defined and limited to the value stipulated in the VNF descriptor.\n\
        \nVNF vendors should define the CPU and Memory requirements of their VNFs,\
        \ ie, the CPU and memory requirements to perform its functions under normal\
        \ operating scenarios and the threshold limit value of CPU & memory requirements\
        \ beyond which the NF should not be allowed to use. \n\nThe virtualization\
        \ layer should consider the CPU & Memory resource requirements & limits associated\
        \ to each VNF provided by VNF vendors during onboarding and running of the\
        \ VNF."
      typical_evidence: "Verify that virtualization layer alerts the MANO in case\
        \ the number of allowed processes and resources within a VM or container is\
        \ exceeded. \n\nRegular verification whether VNF requirements are met by NFVI\
        \ and MANO as required in the VNF descriptor.\n\nVerify that VNF vendors define\
        \ the CPU and Memory requirements of their VNFs. Verify that those requirements\
        \ are included within the VNF package."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M80
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M81
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M82
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d4
      ref_id: SO16
      name: Change management
      description: Establish change management procedures for critical network and
        information systems in order to minimise the likelihood of incidents resulting
        from changes
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16
      ref_id: SO16-001
      description: Integration process of existing legacy infrastructure with the
        new resource infrastructure should be robust
      typical_evidence: Documented migration policies/processes and/or project logs
        which indicate upon review that the migration project is based on standards
        and best practices
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M83
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M84
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M85
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M86
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16
      ref_id: SO16-002
      description: Use of software development lifecycle best practices such as Agile,
        Continuous Integration/Continuous Development (CI/CD), and DevSecOps by MNO
      typical_evidence: MNO has documented processes for software development which
        follow best practices such as DevSecOps. Tools for Continuous Integration/Continuous
        Development (such as Jenkins, Travis CI, etc.) are in use
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M83
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M84
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M85
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M86
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so16
      ref_id: SO16-003
      description: Resource deployment, upgrade, and change should be managed. Impact
        assessments before system changes are made. Changes implemented are recorded,
        irregularities encountered are investigated and reported to competent authorities
      typical_evidence: MNO has a documented policy and processes for coordinated
        deployment, upgrade, and change of virtual or physical resources. Documented
        system change impact assessments. Records listing changes made and, if applicable,
        any irregularities encountered during the change process. If applicable, internal
        reports of any irregularities encountered during system change and incident
        reports to competent authorities based on incident reporting rules
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M83
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M84
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M85
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M86
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d4
      ref_id: SO17
      name: Asset management
      description: Establish and maintain asset management procedures and configuration
        controls in order to manage availability of critical assets and configurations
        of critical network and information systems
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-001
      description: 'Unused software components/libraries which are not needed for
        operation or functionality of the network product are not installed or are
        deleted after installation. This includes also parts of a software, which
        will be

        installed as examples but typically not be used (e.g. default web pages, example
        databases, test data)'
      typical_evidence: 'Identification of software components/libraries installed
        on a network product with command line tools matches the list of software
        components/libraries in product documentation that are necessary for the correct
        operation of the network product '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-002
      description: 'Unused software should be deleted or deinstalled. If that is not
        possible, such functions should be permanently deactivated in the configuration
        and they should not be reactivated after reboot. Hardware functions which
        are not required for operation or function of the system (e.g. unused interfaces)
        should be deactivated permanently '
      typical_evidence: Identification of hardware and software functions which are
        installed in the system or might have been disabled using any suitable command
        line tools or other suitable means of determination matches with the hardware
        and software functions listed in the product documentation that are necessary
        for the correct operation of the network product
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-003
      description: Network product does not contain software and hardware components
        that are no longer supported by their vendor, producer, or developer
      typical_evidence: 'Verify that there is no entry in the list of hardware and
        software installed which is not supported by the vendor, producer, or developer
        of the network product '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-004
      description: Configuration management including careful planning, detailed documentation,
        configuration review, testing before production, and periodic security configuration
        checks
      typical_evidence: 'Detailed documentation of various configuration options.
        Presence of tools to allow testing of configuration before production as well
        as checks and notifications of configuration during operation.


        Security configuration documentation indicates reviews and updates taking
        place annually, or when significant changes occur. '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-005
      description: Instantiation of MANO components and managed entities is only possible
        in explicit geographic locations. Support for attribute-based access control
        and multi-factor authentication where location is one of the attributes/factors
      typical_evidence: ' Verification method: attempts to instantiate MANO components
        in unauthorized locations are unsuccessful '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-006
      description: Storage media should be sanitized
      typical_evidence: Documented resource exit processes of the MNO include clear
        risk-based rules for media sanitization upon decommissioning of network elements
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-007
      description: Resource exit should be managed
      typical_evidence: MNO has documented processes to ensure controlled resource
        exit. These processes ensure that specific exit, migration, resource infrastructure
        transition and/or replacement strategies are developed. The processes also
        ensure that needs of all stakeholders in the MNO are identified and managed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-008
      description: Adequate processes for resource inventory and physical/virtual
        asset management
      typical_evidence: 'MNO has documented policies and processes for i) resource
        inventory and asset management, ii) management of registration and access
        control processes, and iii) accuracy, completeness, and validation of resource
        inventory: Up to date repositories/registries containing details about deployed
        technologies and components. Documented asset criticality assessment is aligned
        with the list of critical assets identified in the EU coordinated risk assessment.
        List of physical assets with risk assessment categorization (e.g. core network
        assets, transmission hubs, exchanges, base-stations, interconnection and transport
        links). Asset management processes handle virtualized assets (such as VNFs)
        with tools which provide a good understanding of the virtual network including
        data flows, trust domains and the location and status of the physical hosts
        on which the virtual network resides '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-009
      description: Adequate processes for resource allocation and installation should
        be used
      typical_evidence: MNO has documented processes for allocating and delivering
        specific resources required for new services. MNO has documented processes
        to ensure that sufficient information is supplied with resource requisition
        orders regarding resource installation and configuration
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-010
      description: Adequate processes for configuring and activating resources should
        be used
      typical_evidence: MNO has documented processes for i) configuration and activation
        approach planning, and ii) resource inventory update with the configuration
        of new resources and their status
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-011
      description: Resource provisioning should be tracked and managed
      typical_evidence: MNO has documented processes for i) resource provisioning
        scheduling, allocation and coordination, ii) tracking of execution process,
        iii) including all relevant information to resource orders, iv) monitoring
        orders status and escalating orders when necessary, and v) engaging external
        suppliers when necessary
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-012
      description: Proper management of supplier inventory should be ensured
      typical_evidence: MNO has an asset management system for managing supplier inventory,
        including documented i) procedures for asset management, ii) roles and responsibilities,
        iii) the assets and configurations which are subject to the policy, and iv)
        the dependencies between them
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-013
      description: "Only currently supported software (applications, host OSs; hypervisors\
        \ or CISs) is designated as authorized in the software inventory for NFV.\
        \ Any unsupported software is designated as unauthorized. \nOnly software\
        \ currently supported by the software's vendor is added to the NFV's authorized\
        \ software inventory. Unsupported software should be tagged as unsupported\
        \ in the inventory system. "
      typical_evidence: "Review of the software list to verify that the software in\
        \ question is supported. \n\nIf the software is unsupported, yet necessary\
        \ for the operation of NFV, verify that the exception is documented, including\
        \ a description of mitigating controls and residual risk acceptance. "
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so17
      ref_id: SO17-014
      description: 'Containers or VMs that are no longer needed are deleted.

        When a VM or container is deleted, the virtual disk should be cleaned up (e.g.,
        zeroed) to prevent an attacker from reconstructing the contents of the VM
        or container.'
      typical_evidence: "Identify and report what VNFs and associated VMs or containers\
        \ are running in the NFVI.\n\nValidate that there are no VMs or containers\
        \ unused or unneeded for the operation of VNFs in the NFVI.\n\nCheck that\
        \ unused/not needed VMs or containers have been removed (this removal should\
        \ be automatic). \n\nA documented process is in place for ensuring that no\
        \ unused or unneeded VMs/containers are running in the NFVI. A documented\
        \ process is in place for removing unused or unneeded VMs/containers."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M87
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M88
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M89
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d5
      assessable: false
      depth: 1
      ref_id: D5
      name: INCIDENT MANAGEMENT
      description: "D5 covers detection of, response to, incident reporting, and communication\
        \ about incidents. Art.2 (42) of EECC defines \u2018Security Incident\u2019\
        \ as an event having an actual adverse effect on the security of electronic\
        \ communications networks or services. "
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so18
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d5
      ref_id: SO18
      name: Incident management procedures
      description: Establish and maintain procedures for managing incidents, and forwarding
        them to the appropriate personnel (triage)
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so18-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so18
      ref_id: SO18-001
      description: Incident management planning should be undertaken, including to
        ensure reporting in accordance with the legal / regulatory framework
      typical_evidence: MNO has established documented procedures for incident management
        including roles and responsibilities, operational procedures, and escalation
        criteria. Compliance reports indicate that incident reporting policies and
        processes fulfill the requirements of the applicable legal / regulatory framework.
        If applicable, examples of incident reports submitted on time and with the
        requisite information
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M90
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M91
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M92
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M93
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M94
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so18-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so18
      ref_id: SO18-002
      description: Incident management processes should be adapted to take into account
        changed technologies and processes
      typical_evidence: 'Documented policy/procedures for incident management, including,
        types of incidents that could occur, objectives, roles and responsibilities,
        detailed description, per incident type, how to manage the incident, when
        to escalate to senior management (e.g. CISO) etc. '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M90
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M91
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M92
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M93
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M94
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d5
      ref_id: SO19
      name: Incident detection capability
      description: Establish and maintain an incident detection capability that detects
        incidents. Measures to detect incidents should be understood in a broader
        sense as to be able to also detect serious events that may lead to incidents
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      ref_id: SO19-001
      description: 'Survey and analysis of resource trouble should be performed '
      typical_evidence: MNO has documented processes and tools to i) detect, collect,
        record, and manage resource alarm events, ii) perform alarm event notification
        analysis, correlation, filtering, anomaly detection, etc. iii) report alarm
        events to relevant processes. If relevant, MNO has records of alarm events
        and their analysis
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M95
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M96
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M97
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M98
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M99
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      ref_id: SO19-002
      description: Root-cause analysis should be performed to localize resource trouble
      typical_evidence: MNO has documented processes and tools to diagnose, test,
        and audit resources so that resource trouble events can be localized efficiently
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M95
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M96
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M97
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M98
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M99
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      ref_id: SO19-003
      description: ' Monitoring infrastructure for timely detection of significant
        events or incidents including adequate resources to monitor, understand, and
        analyze security-related network activity'
      typical_evidence: Periodic/annual reports of the Network Operation Centres (NOC)
        and/or Security Operation Centres (SOC) containing incidents analyzed, trends,
        etc. MNO has documented processes for ensuring that adequate staff and tools/resources
        are allocated for monitoring, understanding, and analyzing security-related
        network activity. Monitoring infrastructure such as a Network Operations Centre
        (NOC)/Security Operations Centre (SOC) are run on premise, inside the country
        and/or inside the EU
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M95
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M96
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M97
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M98
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M99
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      ref_id: SO19-004
      description: Tools for detecting security threats and violations in operational
        data collected should be used
      typical_evidence: Verify that MNO uses correlation tools and rulesets for detecting
        potential threats, violations, fraud, or other security-relevant events. Documented
        and updated i) processes and tools for incident detection and forwarding,
        ii) incident reports, iii) policy/processes/capabilities (including tools)
        review comments, and vi) change logs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M95
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M96
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M97
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M98
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M99
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      ref_id: SO19-005
      description: Tools and procedures to identify trends and events of interest
        from collected data should be used, updated, and maintained
      typical_evidence: Documentation of processes and tools for statistical modeling
        and analysis of collected data. Documented review processes, review comments,
        and/or change logs relating to these processes and tools
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M95
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M96
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M97
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M98
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M99
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so19
      ref_id: SO19-006
      description: Policies and procedures for incident detection should be regularly
        updated and maintained
      typical_evidence: Documentation of up to date incident detection policies, procedures,
        and tools in line with industry best practices and newly implemented technologies.
        Documented review processes, review comments, and/or change logs relating
        to incident detection policies, procedures, and tools
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M95
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M96
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M97
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M98
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M99
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d6
      assessable: false
      depth: 1
      ref_id: D6
      name: BUSINESS CONTINUITY MANAGEMENT
      description: D6 covers continuity strategies and contingency plans to mitigate
        major failures and natural or man-made disasters
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d6
      ref_id: SO21
      name: Service continuity strategy and contingency plans
      description: Establish and maintain contingency plans and a strategy for ensuring
        continuity of networks and communication services provided
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-001
      description: Security measures such as firewalls and backup network/computational
        capacity to deal with overload situations which may occur as a result of a
        denial of service attack or during periods of increased traffic. System shall
        act in a controlled and predictable way if an overload situation cannot be
        prevented. If security measures are no longer sufficient, the system should
        not reach an undefined and potentially insecure state
      typical_evidence: 'Network products have detailed technical description of the
        overload control mechanisms. Test results verifying the operation of the overload
        control mechanisms. '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-002
      description: System is protected from growing or dynamic content (e.g. log files,
        uploads) with countermeasures such as use of a dedicated filesystem separated
        from main system functions, quotas, or system monitoring tools to ensure that
        the scenario of a file system reaching its maximum capacity is avoided
      typical_evidence: Network product documentation contains a list of resources
        that are susceptible to being exhausted with countermeasures in place. Verify
        that initiating traffic that causes increase in log files or file uploading
        to exhaust the file system does not negatively affect the system operation
        because of countermeasures in place
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-003
      description: Network product should support a mechanism to prevent Syn Flood
        attacks and should enable this feature by default. Such mechanisms can include
        using the TCP Syn Cookie technique in the TCP stack
      typical_evidence: 'Verification method: Use a tool to send a large amount of
        TCP Syn packets to a network product listening on a TCP port to verify that
        this does not affect its services or availability. Verify that the memory
        of the network product is not exhausted and there is no crash, despite the
        large number of the TCP Syn packets'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-004
      description: Mobility and handover between 5GS to EPS and vice-versa are handled
        in accordance with 3GPP technical specification 33.501, clauses 8.2, 8.3,
        8.4, 8.5, and 8.6
      typical_evidence: Verify that a test UE device can continue receiving service
        during mobility between 5GS to EPS and vice-versa. Packet captures on the
        N26 interface confirm successful handover for the test UE
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-005
      description: Security of 5G Single Radio Voice Call Continuity (SRVCC) should
        be ensured during handover from 5G to UTRAN in accordance with Annex J of
        3GPP technical specification 33.501.
      typical_evidence: Packet captures on the AMF and MME_SRVCC confirm that SRVCC
        handover for a test UE is completed successfully
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-006
      description: SDN control layer should support hardware management to discover
        hardware failure automatically and recover
      typical_evidence: Check configuration files and diagnostic tools to verify that
        techniques such as watch ports, liveness checks, and fast-failover are supported
        by the SDN controller and are used in deployments
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-007
      description: MEC system is able to flexibly choose UPF(s) and the corresponding
        DN according to MEC operators' and/or MEC application providers' operation
        policy or physical conditions
      typical_evidence: Verification via system logs of source and target MEC host
        that the u-plane traffic between a UE and MEC host is successfully steered
        to another target MEC host during mobility
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-008
      description: Denial of service (DoS) protection mitigation is used in distributed
        edge deployments
      typical_evidence: Verification that tools such as 'ufw' are available for filtering
        packets headed for a target site. Confirmation that tools for blocking open
        ports and suspending facilities under attack are available and functional
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-009
      description: Adequate capacity for mission-critical and time-critical applications
        of 5G services such as URLLC. Higher network availability is provisioned for
        areas with deployments of time-critical and mission-critical services
      typical_evidence: Logs showing that resource usage is monitored. Documented
        processes are in place for evaluating resource usage at regular intervals
        to make future projections. Documented processes and contingency plans indicate
        higher network availability in areas with deployments of time-critical and
        mission-critical services. Resource usage logs confirm the additional available
        resources
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-010
      description: Security measures to deal with overload situations which may occur
        as a result of a denial of service attack or during periods of increased traffic.
        System should react on an overload situation in a controlled way
      typical_evidence: Verify that hypervisor tools to detect and counter overload
        are enabled for monitoring VM backbone traffic
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-011
      description: MNO should capture resource capability shortfalls
      typical_evidence: MNO has a documented list of resources with capacity or performance
        shortfalls
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-012
      description: 'Correction and resolution of troubled resources '
      typical_evidence: 'MNO has documented processes and tools to restore or replace
        resources that have failed as efficiently as possible '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-013
      description: VAL service should take measures to detect and mitigate DoS attacks
        to minimize the impact on the network and on VAL users.
      typical_evidence: Verification that tools such as 'ufw' are available on the
        VAL server for filtering packets headed for a target site. Confirmation that
        tools for blocking open ports and suspending facilities under attack are available
        and functional
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-014
      description: Resource performance should be optimized
      typical_evidence: MNO has documented processes and tools for timely and effective
        restoration of failed resource instances
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so21
      ref_id: SO21-015
      description: Business continuity planning should be undertaken. Contingency
        plans take into account dependent critical sectors
      typical_evidence: MNO has documented up-to-date operational procedures which
        are proactively tested for ensuring business continuity, including in case
        of disasters. Records of carried out tests and their results, procedure review
        comments, and change logs. Documented contingency plans map and manage the
        risks caused to dependent critical sectors
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M104
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M105
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M106
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M107
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M108
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M109
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d7
      assessable: false
      depth: 1
      ref_id: D7
      name: MONITORING, AUDITING AND TESTING
      description: D7 covers monitoring, testing and auditing of network and information
        systems and facilities
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d7
      ref_id: SO23
      name: Monitoring and logging policies
      description: Establish and maintain systems and functions for monitoring and
        logging of relevant security events in critical network and communication
        systems
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-001
      description: If access to personal data in clear text is required, any access
        to this data is logged and the log information includes the user identity
        that has accessed the data
      typical_evidence: Access logs of the network product show that all access attempts
        to personal data (in clear text) are recorded in the relevant logs, with the
        user identity of the person accessing included and no personal data visible
        in the log
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-002
      description: 'Security events are logged together with a unique system reference
        (e.g. host name, IP or MAC address) along with the exact time of the incident.
        Network product documentation should provide a list of security events and
        event data (such as username, length of session etc.) the product logs and
        where they are stored '
      typical_evidence: ' Review security event log files of the network product to
        check (1) that they are indeed triggered by security events described in the
        network product documentation and (2) that they contain the relevant event
        data'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-003
      description: Network Products support forwarding of security event logging data
        to an external central system with secure transport protocols
      typical_evidence: Check that the network product documentation contains a list
        of standard security protocols for transferring event logging data. Confirm
        that successful test sessions using the standard protocols listed by the manufacturer
        in the documentation can be setup between the product and the central system
        where event logging data is sent. Packet captures confirm that the protocol
        used for transferring logs provides encryption, integrity protection, and
        replay protection
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-004
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-004
      description: Security event log has appropriate access control mechanism allowing
        only privileged users with the necessary rights to have access to the log
        files
      typical_evidence: ' Verify that security event log files of the network product
        are accessible when signed in with a user account with appropriate authorization.
        Verify that security event log files are not accessible when singed in as
        a user without the correct permissions'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-005
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-005
      description: 'Access to the webserver is logged and the webserver access logs
        contain at least the following information: access timestamp, source IP address,
        account/login name if known, requested URL, and status code of response'
      typical_evidence: "Checking the webserver access logs confirms that all webserver\
        \ events are logged along with the required log information listed in the\
        \ \u2018Control\u2019 section"
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-006
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-006
      description: Appropriate logging and auditing mechanisms should be implemented
        throughout the slice life cycle. Real-time analysis of security events in
        the logs should be performed to immediately detect any attempted attacks
      typical_evidence: 'System logs of the network slice instance contain event information
        and timestamps of the following slice life-cycle stages: 1) Preparation phase;
        2) Installation, Configuration, and Activation phase; 3) Run-time phase; 4)
        Decommissioning phase'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-007
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-007
      description: All resources and network functions consumed by a slice are monitored
      typical_evidence: Log files of a slice contain detailed information of the resources
        and network functions consumed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-008
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-008
      description: Appropriate logging and auditing mechanisms should be implemented
        in the SDN control layer
      typical_evidence: Check that log files containing event information and timestamps
        are present in the SDN controller. Check that tools for auditing log files
        at regular intervals are installed
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-009
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-009
      description: MEC system collects charging related data, logs it securely, and
        makes it available for further processing
      typical_evidence: Log files in MEC components include information such as traffic
        usage, application instantiation, access, usage duration, resource usage,
        etc. Log files are accessible only to authorized users. Packet captures confirm
        that the transport protocol used for making the log files available to other
        components is secure
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-010
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-010
      description: Event logs containing user activities, exceptions, faults, and
        information security events are generated, stored, and reviewed. These logs
        are integrated and corelated with service provider monitoring mechanisms
      typical_evidence: Verify that event logs are integrated and corelated with service
        provider monitoring mechanisms and that they contain user activities, exceptions,
        faults, and information security events, as appropriate
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-011
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-011
      description: 'MNO has a logging policy which ensures that security and management
        data is accurate, timely, complete, and includes VPN/remote access '
      typical_evidence: 'MNO has documented processes and tools to collect performance,
        management and security data from networks, systems and security sensors,
        as well as distribute the information to other processes/services. Presence
        of performance and security data in logs includes any remote access '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-012
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-012
      description: "The VNF supports comparing the owned resource state with the parsed\
        \ resource state from VNFD (VNF Description) by the VNFM. \nThe VNF sends\
        \ an alarm to the OAM if the two resource states are inconsistent. "
      typical_evidence: 'Verify whether the VNF compares the owned resource state
        with the parsed resource state.

        Verify whether the VNF sends an alarm to the OAM if the two resource states
        are inconsistent:

        1. Use the virtualisation layer to change the resource state of VNF (e.g.
        change vCPU size of the VNF).

        2. Use the VNF to query the parsed resource state from the OAM.

        3. Use the OAM to query the parsed resource state of the VNF from the VNFM
        and send the received resource state to the VNF.

        4. Verify that the alarm is received by the OAM.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-013
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-013
      description: "The VNF alerts the OAM upon finding an abnormal situation, e.g.\
        \ a VNFCI is deleted by a VIM. \nVNF logs the access from the VIM."
      typical_evidence: "Log to the VIM and delete a VM of a VNF.\nCheck that VNF\
        \ alerts the OAM. The alert from the VNF is found in the OAM. \nCheck that\
        \ VNF logs the alert."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-014
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-014
      description: "When the VIM is compromised to change the hardware resource configuration,\
        \ an alert is triggered by the hardware. \nWhen a compromised virtualisation\
        \ layer tampers the hardware resource configuration which is received from\
        \ the VIM to result in the configuration error of the hardware, the hardware\
        \ triggers an alert.\nThe administrator can check the alert and determine\
        \ the potential attack reported by that alert."
      typical_evidence: 'Use the VIM to make an error in hardware resource configuration
        (e.g. error firmware upgrade) and check whether an alert is triggered.

        Tamper the hardware resource configuration the virtualisation layer received
        from the VIM.

        Check whether the hardware alerts when the tampered hardware resource configuration
        is implemented.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-015
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-015
      description: 'Monitoring of the presence or loading of known vulnerable software.

        Monitoring of the deployment of suspicious or unknown container or VM images
        in the NFV environment.

        Monitoring of account activity logs to see actions performed and activity
        associated with NFV components.'
      typical_evidence: 'Verify that monitoring processes are documented and in place
        within the MNO security policies covering the different NFV components and
        interfaces.


        Verify that testing tools (e.g. vulnerability scanners), which should operate
        automatically, are in place within the MNO testing framework.


        Verify that security testing is applied during onboarding, instantiation and
        running phases of VNFs.


        Verify that administration account activities are logged by performing events
        and verifying the audit logs for their presence.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-016
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-016
      description: Adequate monitoring of hardware parameters
      typical_evidence: Check that (1) hardware resources are monitored with both
        physical and virtual sensors; (2) alarms and alerts are in place to notify
        of impending hardware failures and (3) that documented processes are in place
        for responding to alarms and alerts to ensure preventive maintenance
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-017
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-017
      description: Security and management data should be properly processed and regularly
        reviewed according to predefined procedures
      typical_evidence: 'MNO has documented processes and tools to process for regular
        review of security and management data. Verify that tools for detecting anomalies
        and threats in logged data, including but not limited to threats to 5G core
        coming from compromised end-user devices are installed and used. Review of
        security and management data shows processing according to intended recipient
        processes, resource instances, or service instances (e.g.: privacy sensitive
        identifiers are removed from logged data). '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-018
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-018
      description: Resource performance should be monitored
      typical_evidence: MNO has documented processes and tools for monitoring performance
        information and for detecting performance degradation/threshold violations.
        Recent monitoring records (e.g. reports).
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-019
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-019
      description: The virtualisation layer alerts the driver error to the administrator.
      typical_evidence: 'Tamper a driver on the server and implement the executive
        environment creation.

        Check whether the virtualisation layer alerts the driver error.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-020
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-020
      description: 'All the NFV  elements should submit security events (e.g. authentication,
        authorisation and accounting, login attempts, administration functions and
        configurations) to a centralised platform, which shall monitor and analyse
        in real time the messages for possible attempts at intrusion.

        It is also recommended that all audit logs are transferred to a log management
        platform outside the NFV to maintain their integrity and remove the risk of
        tampering.'
      typical_evidence: 'Check that there is a documented audit log management process.


        Check in log registries that local logging has been enabled on all systems
        and networking devices.


        Check in system logs that system logging is enabled to include detailed information
        such as an event source, date, user, timestamp, and other useful elements.


        Check that appropriate logs are being aggregated to a central log management
        system for analysis and review. '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-021
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-021
      description: Tools for capturing relevant operational data should be used and
        regularly updated
      typical_evidence: Verify that MNO has tools and infrastructure for data collection
        of operational activity. Documented and updated i) monitoring policy, ii)
        processes, iii) monitoring logs, iv) monitoring reports, v) policy/processes/capabilities
        (including tools) review comments, and vi) change logs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23-022
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so23
      ref_id: SO23-022
      description: Policy-based processes and tools for collection, filtering, aggregation,
        distribution, and retention of data should be used and regularly updated
      typical_evidence: MNO has documented policy-based security monitoring procedures/tools
        for data collection and storage. MNO has records of reviews of these procedures
        and tools, including review comments, and/or change logs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M115
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M116
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M117
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M118
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M119
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M120
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so24
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d7
      ref_id: SO24
      name: Exercise contingency plans
      description: Establish and maintain policies for testing and exercising backup
        and contingency plans, where needed in collaboration with third parties
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so24-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so24
      ref_id: SO24-001
      description: MANO and NFVI nodes are set up with redundancy, and ready to support
        high availability. They are distributed across multiple data centers and availability
        zones.
      typical_evidence: 'A documented recovery plan explaining how the NFV system
        is deployed so as to provide isolation and redundancy.

        Verify that the MNO recovery plan considers redundancy (network, power and
        geographic).

        Verify that the MNO recovery plan identifies a fail-over location for the
        NFV system in the event current location is inoperable.'
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M121
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M122
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M123
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M124
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M125
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so24-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so24
      ref_id: SO24-002
      description: Infrastructure recovery planning should be undertaken
      typical_evidence: MNO has documented up-to-date recovery procedures and backup
        planning which are proactively and regularly tested for ensuring business
        continuity. Reports of tests/exercises showing execution of recovery procedures
        and lessons learnt
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M121
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M122
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M123
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M124
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M125
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so25
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d7
      ref_id: SO25
      name: Network and information systems testing
      description: Establish and maintain policies for testing network and information
        systems, particularly when connecting to new networks or systems. Testing
        refers primarily to testing of security related functionality, rather than
        to general ICT functionality testing
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so25-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so25
      ref_id: SO25-001
      description: MNOs and suppliers employ tools and resources for secure use of
        software in development projects. The tools include software composition analysis
        (SCA) that identifies all package dependencies (including versions, vulnerabilities,
        and licensing information) in a code base, static application security testing
        (SAST) which identifies vulnerabilities in the code base (excluding packages),
        and dynamic application security testing (DAST) which can be tuned and trained
        to detect run-time vulnerabilities.
      typical_evidence: "By way of reviewing test reports, including testing plans\
        \ and results captured therein: \n\nVerification that there is frequent testing\
        \ throughout lifecycles of NFV components.\n\nVerification that vendors during\
        \ the development phase conduct regular vulnerability scanning, SAST, DAST,\
        \ penetration testing and software composition analysis.\n\nVerification that\
        \ MNOs during onboarding/instantiation/runtime of VNFs perform continuous\
        \ scanning/monitoring for known vulnerabilities or misconfiguration on runtime\
        \ workloads, scanning for any open ports, VM/Container escape, etc."
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M126
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M127
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M128
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M129
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so25-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so25
      ref_id: SO25-002
      description: A regular security testing program is used for identifying and
        mitigating vulnerabilities in MEC applications in a timely manner
      typical_evidence: A documented policy for regular testing of MEC applications
        exits. Check for testing reports, logs from testing tools, review comments,
        and change logs. Verify that tools are available for isolating applications
        until remedial updates are available once vulnerabilities are detected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M126
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M127
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M128
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M129
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d7
      ref_id: SO27
      name: Compliance monitoring
      description: Establish and maintain a policy for monitoring compliance to standards
        and legal requirements
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27
      ref_id: SO27-001
      description: Security data collection and distribution should be audited
      typical_evidence: MNO has documented processes and tools to audit information
        and data collection activities. Reports of audit results and follow-up actions
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M134
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M135
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M136
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M137
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27
      ref_id: SO27-002
      description: Fraud prevention and management policy should be implemented
      typical_evidence: 'MNO has documented processes and tools for detecting and
        investigating frauds '
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M134
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M135
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M136
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M137
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so27
      ref_id: SO27-003
      description: Tools, processes and rulesets for forensic investigation of incidents
        should be used and regularly updated
      typical_evidence: MNO has up to date documented policies, processes, tools,
        and rulesets for forensic investigation of incidents. MNO has records of reviews
        of these policies, processes, tools, and rulesets, including review comments,
        and/or change logs
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M134
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M135
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M136
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M137
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d8
      assessable: false
      depth: 1
      ref_id: D8
      name: THREAT AWARENESS
      description: D8 covers security objectives related to threat intelligence and
        to outreach to end-users for the purpose of sharing the information about
        major threats to the security of networks and services
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:d8
      ref_id: SO29
      name: Informing users about threats
      description: Inform users of particular and significant security threats to
        network or service that may affect the end-user and of the measures they can
        take to protect the security of their communications
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29-001
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29
      ref_id: SO29-001
      description: Visibility of the operation of AS confidentiality and integrity,
        as well as, NAS confidentiality and integrity should be provided to the user/application.
        The serving network identifier information should be available to applications
        in the UE
      typical_evidence: Verify that the status of AS confidentiality and integrity,
        as well as NAS confidentiality and integrity shown in a test application on
        the UE matches with the use of confidentiality and integrity reflected in
        the packet captures on the gNB/eNB/AMF/MME/. Verify that the serving network
        identifier shown by a test application on the UE is the serving network identifier
        for the MNO network to which the UE is connected
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M142
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M143
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M144
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29-002
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29
      ref_id: SO29-002
      description: To the extent feasible, detect and notify users about vulnerable
        devices, including IoT and UE supporting eSIM/iSIM
      typical_evidence: MNO has documented policies and processes on informing users
        about vulnerable devices, including details on communication channels (email,
        SMS, etc.). List of users with vulnerable devices and notifications sent
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M142
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M143
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M144
    - urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29-003
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:enisa-5g-scm-v1.3:so29
      ref_id: SO29-003
      description: Inform enterprises and users about signaling threats in legacy
        network environments, countermeasures deployed, and provide precautionary
        guidance to prevent adverse events
      typical_evidence: MNO has documented policies and processes, including details
        on communication channels (web pages, brochures, etc.), explaining risks of
        legacy SS7, GTP and Diameter signaling protocols such as location tracking,
        interception of data, call, e-mail and SMS messages, financial fraud, theft
        or digital identity theft. These policies and processes include provision
        of timely guidance (via blog posts etc.), e.g. highlighting the risk of using
        SMS as a multi-factor authentication mechanism and suggesting alternative
        authentication
      reference_controls:
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M142
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M143
      - urn:intuitem:risk:reference_control:enisa-5g-scm:5G-M144