scope:

This document defines a flexible supply chain flow model and a comprehensive set of requirements that can be applied to any 5G supply chain (5G/SC) ecosystem. These requirements, associated controls, and metrics are applicable to a broad range of network use cases and can be utilized in most risk-management regimes associated with the selection and implementation of controls. The network is defined as the interconnecting fabric that enables endpoints (devices and clients) to exchange information with other endpoints or servers. The supply chain aspects associated with the endpoint (devices, clients, and servers) are not within the scope of this document.

This approach leverages the output of numerous Supply Chain Risk Management (SCRM) best practices, guidelines, and recommendations developed by other collaborative efforts between government and industry, which are referenced throughout this document.

Purpose

Although other standards venues have explored supply chain requirements, 5G mobile technology introduces an increasingly complex set of challenges due to the diverse application space and 5G's expanding global supply chain model. The goal of this standard is to provide entities operating networks and their suppliers with a flexible approach for assuring a 5G/SC at any level of component integration or product type. By applying these requirements and controls across the 5G/SC, customers can achieve a greater level of assurance that the 5G/SC is secure in light of a constantly changing and evolving threat environment.