Industry Standards & Best Practices
• ISO27001 Information security management system: in total 27 certificates held by ZTE and its global subsidiaries
• ISO28000 Supply chain security management system
• ISO22301 Business continuity management system
• ISO27701 privacy information management: 5G NR and UME system, core network products, terminal products, digital prduct, and HR
• Common Criteria: 5G RAN solution for Evaluation Assurance Level (EAL3+), the first EAL3+ certificate for a whole system solution in the industry
• GSMA NESAS
• Process audit: ZTE’s 5G NR & 5GC product lines based on its HPPD process
• Equipment evaluation (3GPP SCAS): 8 5G network functions
• BSIMM assessment: ZTE 5G RAN, 5GC, and Flexhaul
Bug Bounty Program
To facilitate transparency, ZTE launched its new “Bug Bounty Program
,” inviting security researchers and other external parties to identify vulnerabilities in our products and services.
ZTE is an active contributor to standards development and cybersecurity enhancement in the industry. For example, ZTE is active in various industry organizations including:
The Third Generation Partnership Project (3GPP): 3GPP is an organization that seeks to unite mobile telecommunications standard development organizations. ZTE serves as vice chair for the RAN2 (Radio Layer 2 and Radio Layer 3 Radio Resource Control) and chair for RAN3 (UTRAN/E-UTRAN/NG-RAN Architecture and Related Network Interfaces) working groups. ZTE also takes on additional responsibilities in multiple 5G security standards projects like the Security Assurance Specification for the Network Exposure Function (SCAS NEF) and the Security Assurance Specification for Inter-PLMN User Plane Security (SCAS IPUPS).
International Telecommunications Union Telecommunication Standardization Sector (ITU-T): The ITU is the United Nations’ specialized agency for information communication technologies, which aims to develop international standards in the global infrastructure of information and communication technologies (ICTs). ZTE is the vice chair of SG17 (Security) and chair of the WP5 (fundamental security technologies) in SG 17.
Global System for Mobile Communications Association (GSMA): The GSMA seeks to establish industry-recognized security governance standards that optimize product development and lifecycle management processes for mobile operators. ZTE is involved in the GSMA’s Fraud and Security Group, contributes to NESAS development, and has two senior engineers in GSMA’s Coordinated Vulnerability Disclosure (CVD) program panel of experts.
Other Relevant Industry-Recognized Leadership Roles and Participation: ZZTE is the board member of the European Telecommunications Standards Institute (ETSI) and the Global mobile Suppliers Association (GSA), project leader in the Global TD-LTE Initiative (GTI), member of the Forum for Incident Response and Security Teams (FIRST), and a Common Vulnerabilities and Exposures (CVE) Numbering Authority.