9 June 2021, Shenzhen, China – ZTE Corporation (0763.HK / 000063.SZ), a major international provider of telecommunications, enterprise and consumer technology solutions for the mobile internet, has successfully passed the Common Criteria (CC) EAL3+ certification for its 5G RAN solution.
The certification makes ZTE the first telecommunications vendor in the world that has obtained the CC EAL3+ certificate for a whole system solution consisting of a series of 5G RAN products. Also, the certificate verifies that the security of ZTE 5G RAN products has achieved a leading level in the industry.
The Common Criteria for Information Technology Security Evaluation is an authoritative widely-recognized international standard based on the IEC/ISO15408. By now, there are 31 nations participating in mutual recognition of the CC certification, and mainstream international telecoms operators value the CC certification in their procurement projects considering its high quality and impartiality.
The CC certification defines seven evaluation assurance levels (EAL) for a target of evaluation (TOE) upon completion of certification, among which EAL3 (methodically tested and checked) is so far the highest level achieved by a system-level product in the telecommunications field. The EAL3+ means that the TOE meets the EAL3 and other augmented requirements for the evaluated security functionality.
The certificate obtained by ZTE is the first CC EAL3+ certificate in the industry for a system solution, which comprises 15 5G RAN products, such as AAU/RRU, BBU, Unified Management Expert (UME) and so on. The solution interfaces with User Equipment (UE) and implements such functions as radio resource management, data stream IP header compression and encryption, user plane data routing, data scheduling and transmission, and mobility management. The UME is used to manage the system via web interface.
The accredited CC evaluation lab SGS Brightsight from the Netherlands performed the evaluation, which covers security in the full product lifecycle, including product design, development, testing, production, and delivery. The certification body TÜV Rheinland Nederland B.V., under the Netherlands Scheme for Certification in the Area of IT Security (NSCIB), issued the certificate to ZTE and declared that the evaluation meets all the conditions for international recognition of the CC Certificate.
With the advent of the 5G era, ZTE regards the cybersecurity as the top priority for its product R&D and delivery, and the company continuously enhances security practices in both security technology and security governance.
Moving forward, ZTE will be committed to providing global customers with secure and trustworthy products and services to jointly build reliable telecommunications networks.
For the CC certificate, please visit the CC portal:
https://www.commoncriteriaportal.org/products/ (Under the category of Network and Network-Related Devices and Systems)