U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 1800-33 (Initial Preliminary Draft)

5G Cybersecurity

Date Published: April 25, 2022
Comments Due: June 27, 2022 (public comment period is CLOSED)
Email Questions to: 5G-security@nist.gov

Planning Note (04/25/2022): The comment period for Volume B: Approach, Architecture, and Security Characteristics, is open through 6/27/22. This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft.

Author(s)

Michael Bartock (NIST), Jeffrey Cichonski (NIST), Murugiah Souppaya (NIST), Surajit Dey (MITRE), Parisa Grayeli (MITRE), Blaine Mulugeta (MITRE), Sanjeev Sharma (MITRE), Chuck Teague (MITRE), Karen Scarfone (Scarfone Cybersecurity), Stefano Righi (AMI), Muthukkumaran Ramalingam (AMI), Paul Rhea (AMI), Madhan Santharam (AMI), Rich Mosley (AT&T), Bogdan Ungureanu (AT&T), Jitendra Patel (AT&T), Tao Wan (CableLabs), Peter Romness (Cisco), Matthew Hyatt (Cisco), Leo Lebel (Cisco), Dan Carroll (Dell Technologies), Steve Orrin (Intel), Leland Brown (Intel), Yong Zhou (Keysight Technologies), Corey Piggott (Keysight Technologies), Michael Jones (Keysight Technologies), Michael Yeh (MiTAC Computing), Gary Atkinson (Nokia/Nokia Bell Labs), Dan Eustace (Nokia/Nokia Bell Labs), Bryan Wenger (Palo Alto Networks), Sean Morgan (Palo Alto Networks), Marouane Balmakhtar (T-Mobile), Gregory Schumacher (T-Mobile)

Announcement

NIST’s National Cybersecurity Center of Excellence (NCCoE) has published portions of a preliminary draft practice guide, “5G Cybersecurity,” and is seeking the public's comments on the contents. Our proposed solution contains approaches that organizations can use to better secure 5G networks through a combination of 5G security features and third-party security controls. We also demonstrate how commercial tools can build a 5G standalone network that operates on—and uses—a trusted, secure, cloud-native hosting infrastructure. We also demonstrate how to strengthen a 5G network’s supporting IT infrastructure to make it more resistant to cyber attacks.

Abstract

Keywords

5G; cybersecurity; cloud security; hardware root of trust (HRoT); network function containerization; network function virtualization); privacy; secure boot; Service Based Architecture (SBA); trusted compute
Control Families

None selected

Documentation

Publication:
SP 1800-33B (Prelim. Draft) (pdf)

Supplemental Material:
Project homepage
SP 1800-33A (Prelim. Draft) (pdf)

Document History:
04/25/22: SP 1800-33 (Draft)