3 Definitions and abbreviations

33.1173GPPCatalogue of general security assurance requirementsRelease 16TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

3.1 Definitions

For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP TR 21.905 [1].

Machine Accounts: These will be used for authentication and authorization from system to system or between applications on a system and cannot be assigned to a single person or a group of persons.

Personal data: any information relating to an identified or identifiable natural person (‘data subject’).

Identifiable person: one who can be identified, directly or indirectly, in particular by reference to an identification number, name or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

NOTE: personal data can be gathered from user data and traffic data.

Sensitive data: data that may be used for authentication or may help to identify the user, such as user names, passwords, PINs, cryptographic keys, IMSIs, IMEIs, MSISDNs, or IP addresses of the UE, as well as files of a system that are needed for the functionality such as firmware images, patches, drivers or kernel modules.

System group account: a predefined system account in the network product, usually with special privileges, which has a predefined user id and hence cannot be tied to a single user (individual) in a normal operating environment.

EXAMPLE: the ‘root’ account.

3.2 Abbreviations

For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in 3GPP TR 21.905 [1].

API Application Programming Interface

CIS Center for Internet Security

JSON Java Script Object Notation

NF Network Function

NRF Network Repository Function

SBA Service Based Architecture

SBI Service Based Interfaces

SEPP Security Edge Protection Proxy

URI Uniform Resource Identifier

WAS Web Application Security