Industry Standards & Best Practices
• ISO27001 Information security management system - covering ZTE headquarters and 23 subsidiaries globally
• Common Criteria: 5G RAN solution for Evaluation Assurance Level (EAL3+), the first EAL3+ certificate for a system solution with the best 5G product coverage; other 12 product families also certified before
• ISO28000 Supply chain security management system
• ISO22301 Business continuity management system
• ISO27701 Privacy information management
• GSMA NESAS
• Process audit: ZTE’s 5G NR & 5GC product lines based on its HPPD process
• Equipment testing (3GPP SCAS): 8 5G network functions
• BSIMM assessment: ZTE 5G RAN and 5GC products
Bug Bounty Program
To faciliate transparency, ZTE launched its new “Bug Bounty Program
,” inviting security researchers and other external parties to identify vulnerabilities in our products and services.
ZTE is an active contributor to standards development and cybersecurity enhancement in the industry. For example, ZTE is active in various industry organizations including:
The Third Generation Partnership Project (3GPP): 3GPP is an organization that seeks to unite mobile telecommunications standard development organizations. ZTE serves as vice chair for the RAN2 (Radio Layer 2 and Radio Layer 3 Radio Resource Control) and chair for RAN3 (UTRAN/E-UTRAN/NG-RAN Architecture and Related Network Interfaces) working groups. ZTE also takes on additional responsibilities in multiple 5G security standards projects like the Security Assurance Specification for the Network Exposure Function (SCAS NEF) and the Security Assurance Specification for Inter-PLMN User Plane Security (SCAS IPUPS).
International Telecommunications Union Telecommunication Standardization Sector (ITU-T): The ITU is the United Nation’s specialized agency for information communication technologies, which aims to develop international standards in the global infrastructure of information and communication technologies (ICTs). ZTE is vice president and chair of the WP5 (fundamental security technologies) in Study Group 17 (security), and chair of the WP3 (transport network characteristics) in Study Group 15 (transmission, access and home network).
Global System for Mobile Communications Association (GSMA): The GSMA seeks to establish industry-recognized security governance standards that optimize product development and lifecycle management process for mobile operators. ZTE is involved in the GSMA’s Fraud and Security Group, contributes to NESAS development, and has two senior engineers in GSMA’s Coordinated Vulnerability Disclosure (CVD) program panel of experts.
Other Relevant Industry-Recognized Leadership Roles and Participation: ZTE is the board member of the European Telecommunications Standards Institute (ETSI) and the Global mobile Suppliers Association (GSA), project leader in the Global TD-LTE Initiative (GTI), member of the Forum for Incident Response and Security Teams (FIRST), and a Common Vulnerabilities and Exposures (CVE) Numbering Authority.