[{"name":"SP-150292","title":"Revised WID Security Assurance Specification for 3GPP network products (SCAS)","source":"SA WG3","contact":"Maurice Pope","contact-id":648,"tdoctype":"WID revised","for":"Decision","abstract":"The present contribution proposes updating the approved WID to implement the proposal in section S3-151141 'Discussion of way forward for SCAS' about including requirements that are expected to apply to more than one network product class in a 'SECAM Catalogue' TS.  It is further suggested to not include the threats description in any of these TSs and delete corresponding text from the objectives section of the present WID. The major specifications do not contain threats descriptions. E.g. threats for EPS \/ LTE are contained in TR 33.821. It is therefore suggested to leave threats and risks in TR 33.806. Furthermore, the names of the relevant GSMA groups have changed and are corrected here. Finally, the WID update adjusts the completion dates and deletes the name of the co-rapporteur that no longer attends SA WG3.","secretary_remarks":"","agenda_item_sort_order":107,"ainumber":"13.24","ainame":"(SCAS) - Security Assurance Specification for 3GPP network products","tdoc_agenda_sort_order":11070,"status":"approved","reservation_date":"2015-06-11 05:37:16","uploaded":"2015-06-14 11:58:35","revisionof":"","revisedto":"","release":"Rel-13","crspec":"","crspecversion":"","workitem":[{"winame":"SCAS"}],"crnumber":"","crrevision":"","crcategory":"","tsg_crp":"","lsreplyto":"","lsto":"","Cc":"","lsoriginalls":"","lsreply":"","link":"http:\/\/www.3gpp.org\/ftp\/tsg_sa\/TSG_SA\/TSGS_68\/Docs\/SP-150292.zip","group":"SP","meeting":"SP-68","year":2015,"uicc_affected":null,"me_affected":null,"ran_affected":null,"cn_affected":null,"clauses_affected":null,"crsinpack":null,"crsinpacknumber":0},
{"name":"SP-150295","title":"TR 33.916: Security Assurance Methodology for 3GPP network products","source":"SA WG3","contact":"Maurice Pope","contact-id":648,"tdoctype":"TS or TR cover","for":"Decision","abstract":"Abstract of document: TR 33.916 defines the complete Security Assurance Methodology (SECAM) evaluation process (evaluation, relation to SECAM Accreditation Body, roles, etc.) as well as the components of SECAM that are intended to provide the expected security assurance. It will thus describe the general scheme providing an overview of the entire scheme and explaining how to create and apply the Security Assurance Specifications (SCASs). It will detail the different evaluation tasks (vendor network product development and network product lifecycle management process assessment, Security Compliance Testing, Basic Vulnerability Testing and Enhanced Vulnerability Analysis) and the different actors involved. The present document will help all involved parties to have a clear understanding of the overall process and the covered threats. The concrete security requirements will be part of the SCASs for each network product class and not part of this overall process document. Some of","secretary_remarks":"","agenda_item_sort_order":107,"ainumber":"13.24","ainame":"(SCAS) - Security Assurance Specification for 3GPP network products","tdoc_agenda_sort_order":11080,"status":"noted","reservation_date":"2015-06-11 05:37:16","uploaded":"2015-06-14 11:58:38","revisionof":"","revisedto":"","release":"Rel-13","crspec":33.916,"crspecversion":"1.0.0","workitem":[{"winame":"SCAS"}],"crnumber":"","crrevision":"","crcategory":"","tsg_crp":"","lsreplyto":"","lsto":"","Cc":"","lsoriginalls":"","lsreply":"","link":"http:\/\/www.3gpp.org\/ftp\/tsg_sa\/TSG_SA\/TSGS_68\/Docs\/SP-150295.zip","group":"SP","meeting":"SP-68","year":2015,"uicc_affected":null,"me_affected":null,"ran_affected":null,"cn_affected":null,"clauses_affected":null,"crsinpack":null,"crsinpacknumber":0}]