The Cybersecurity and Infrastructure Security Agency (CISA) is soliciting comments on a proposed five-step process for evaluating the cybersecurity of 5G systems.
CISA worked with the Department of Homeland Security’s science and technology directorate and the office of the undersecretary for research and engineering at the Department of Defense on the proposed 5G Security Evaluation Process Investigation, Eric Goldstein, executive assistant director for cybersecurity at CISA, wrote in a blog post published Thursday.
Goldstein said the process seeks to address gaps in security assessment standards and guidance that emerge driven by the launch of new 5G-related tech features and services and outlines 5G system security considerations, key threat frameworks, federal security guidance documents, industry security specifications and related methods for conducting 5G cybersecurity assessments.
The five steps in the proposed evaluation process are defining the federal 5G use case; identifying the assessment boundary; identifying security requirements; mapping security requirements to federal guidance; and assessing security guidance gaps and alternatives.
The process also allows agencies to perform for system authorization the Prepare step in the National Institute of Standards and Technology’s Risk Management Framework.
“CISA views that repeatable process agencies can use during the RMF Prepare step as an essential tool for new federal 5G implementations,” Golstein wrote. “Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology.”
Comments on the proposed process are due June 27.
CISA will use public insights to determine whether to issue additional security guidance and recommendations for federal 5G adoption.