Security Requirements for NGN
|Publication Date:||1 November 2008|
This standard provides security requirements for the Next Generation Network (NGN) against security threats, and to mitigate the effects of security attacks. This standard is aligned with ITU Y.2701, Security Requirements for NGN Release 1
The requirements are to protect the following in a multi-network environment:
Network and service provider infrastructure and its assets (e.g., NGN assets and resources such as network elements, systems, components, interfaces, and data and information), its resources, its communications (i.e., signaling, management and data/bearer traffic) and its services;
NGN services and capabilities (e.g., voice, video and data services);
End user communication and information (e.g., private information).
Adherence to these requirements will provide network-based security of end user communications across multiple-network administrative domains. Security of customer assets and information in the customer domain (e.g., user network), and the use of peerto- peer application capabilities on customer equipment are not within the scope of this standard.
The requirements specified in this standard are applicable to an NGN, including User-to- Network Interfaces (UNIs), Network-to-Network Interfaces (NNIs), and Application-to- Network Interfaces (ANIs) in a multi-network environment.
NGN providers will be deploying "network elements" that support the functional entities described in ATIS-1000018  and ITU-T Recommendation Y.2012 . The bundling of these functional entities to a given network element will vary, depending on the vendor. Therefore, this standard will not attempt to show a strict and fixed bundling of logical functional entities and physical network elements.
The requirements in this standard should be treated as a minimum set of requirements for NGN security and should not be considered to be exhaustive. Therefore, an NGN provider may need to take additional measures beyond those specified in this standard.
In addition, the requirements in this document cover some of the technical aspects of what is generally known as "Identity Management (IdM)." A working definition of IdM is "management by NGN providers of trusted attributes of an entity such as: a subscriber, a device or a provider". This is not intended to indicate positive validation of the identity of a person.
Administrations may require NGN providers to take into account national regulatory and national policy requirements in implementing this standard.
Note: In this document, use of the term "NGN provider" includes all types of providers in an NGN environment such as service providers, network providers, access providers and transport providers.