MIL OSI Translation. Region: Germany / Deutschland –
Source: Federal Office for Information Security, Place Bonn, Date 11.08.2020 The Federal Network Agency today published the current draft of the catalog of security requirements for the operation of telecommunications and data processing systems as well as for the processing of personal data. The catalog was created in agreement with the Federal Office for Information Security (BSI) and the Federal Commissioner for Data Protection and Freedom of Information. At the same time, the Federal Network Agency is launching a consultation to draft a list of critical functions: “The 5G mobile communications standard is an essential technological basis for successful digitization. A prerequisite for this is a balanced level of information security as part of comprehensive risk management. For this purpose, as the federal cyber security authority, we have created the new security catalog together with the Federal Network Agency and the Federal Data Protection Commissioner and ensured that modern, powerful and secure 5G networks can be set up and operated, ”says Arne Schönbohm, President of the BSI It is important to protect the integrity of information and communication systems against threats and to establish the highest security standards. To this end, critical functions for telecommunications networks and services should have a particularly high level of protection, ”says Dr. Wilhelm Eschweiler, Vice President of the Federal Network Agency. Catalog of security requirements The catalog of security requirements applies to operators of telecommunications and data processing systems as well as to the processing of personal data. It is the basis for the security concept and for the technical precautions and other measures to be taken to increase the security of the networks and services. In particular, the catalog provides that: critical components are certified, trustworthiness declarations are obtained from manufacturers and system suppliers, product integrity is ensured, safety monitoring is introduced, only trained specialists are used in safety-relevant areas, sufficient redundancies are available and monocultures are avoided will now be submitted for notification to the European Commission. Changes may occur until this process is completed. After notification, the catalog will also be available in English. Consultation on the list of critical functions In this context, the Federal Network Agency is today launching a consultation on the drafting of a list of critical functions. The catalog contains additional security requirements for public telecommunications networks and services with a higher risk potential. In this context, a list of the critical functions for infrastructures with an increased risk potential is to be drawn up. These critical functions are listed in a document drawn up jointly with the Federal Office for Information Security. The list of critical functions is to be continuously updated and updated in the future. Results of international analyzes, for example by the European Union Agency for Cybersecurity or the Committee of European Regulators for Electronic Communications, have been and will be taken into account. The following functions are currently viewed as critical: Subscriber management and cryptographic mechanisms (if part of the network) Cross-network interfacesNetwork servicesNetwork functions Virtualization management and network orchestration (MANO) and virtualizationManagement and other support systemsTransport and information flow controlLawful interceptionThe catalog of security requirements (Version 2.0) and the preliminary A list of critical functions is published as a draft on the website of the Federal Network Agency. Press contact: Federal Office for Information SecurityPostfach 20036353133 BonnTelephone: +49 228 99 9582-5777Telefax: +49 228 99 9582-5455E-Mail: firstname.lastname@example.org
EDITOR’S NOTE: This article is a translation. Apologies should the grammar and / or sentence structure not be perfect.