What’s happening: NIST’s NCCoE has published six guidance documents focused on how organizations can implement 5G security and privacy capabilities in real-world environments. The effort is aimed at helping operators and enterprises move from standards-based theory to practical deployment, particularly as 5G networks increasingly rely on cloud infrastructure.
The guidance underscores that while 3GPP standards define available security features, responsibility for how those controls are configured and managed sits with the organization deploying the network. This becomes more complex as 5G architectures combine telecom systems with cloud platforms that introduce additional security considerations.
The publications focus on areas such as protecting subscriber identity, strengthening platform integrity, and applying core security design principles across the network. Together, they outline how to reduce exposure to common risks tied to identity tracking and infrastructure vulnerabilities.
The broader takeaway is that 5G security is becoming an operational issue rather than just a standards issue. As networks become more software-driven and distributed, organizations need clearer processes and accountability for how security is implemented across both telecom and cloud environments.
The six publications can be found below:
NIST Cybersecurity White Paper (CSWP) 36: Applying 5G Cybersecurity and Privacy Capabilities – An introduction to the series and provides an overview 5G cybersecurity and privacy challenges.
NIST CSWP 36A: Protecting Subscriber Identifiers with SUCI – Guidelines on enabling Subscription Concealed Identifier (SUCI) protection to safeguard subscriber identities.
NIST CSWP 36B: Using Hardware-Enabled Security to Ensure 5G System Platform Integrity – An overview of employing hardware-enabled security capabilities.
NIST CSWP 36C: Reallocation of Temporary Identities – Details how temporary identities can protect subscriber identities (IDs).
NIST CSWP 36D: No SUPI-Based Paging – An overview of “no Subscription Permanent Identifier (SUPI) based paging,” to prevent attackers from identifying and locating users.
NIST CSWP 36E: 5G Network Security Design Principles – Provides network infrastructure design principles for improving cybersecurity and privacy.
—
Want to read more? Uplink delivers breaking news and analysis of the enterprise networking industry, directly to your inbox, for free.
