June 14, 2022

Takeaway: Federal agencies will need to consider the five-step assessment process to get authorization from CISA before operating with 5G technology.

As the adoption of 5G technology by many private and public organizations approaches, assessments are being put in place to evaluate whether federal agencies can operate with 5G technology. Regulation agencies in cybersecurity teamed up to create a security assessment that grants authorization to agencies in order to use 5G technology.

Specifically, CISA – with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary Defense for Research and Engineering (OUSD R&E) – proposed a five-step assessment process.  This process was derived from scientific research and security analyses.

So, what are the five steps of assessment an agency must meet to acquire authorization?

Step 1: Define the Federal 5G Use Case – this step involves describing what the intended use for the 5G technology is and whether there is a federal use component as well as providing details about the proposed 5G model.

Step 2: Identify the Assessment Boundary – this step involves defining the boundary to identify the security requirements that will be implemented to protect networks.

Step 3: Identify Security Requirements – this is a multi-step that includes conducting a high-level threat analysis of each 5G subsystem and identifying cybersecurity requirements.

Step 4: Map Security Requirements to Federal Guidance – this step involves the creation of a catalog of federal security guidance that corresponds to the technologies included in the assessment boundary and implied security capabilities from Step 3.

Step 5: Assess Security Guidance Gaps & Alternatives – this is an evaluation step that tests the effectiveness of implementation.

The purpose of this five-step assessment is to provide federal agencies with a standardized and comprehensive process to evaluate and address security assessment gaps.  CISA views this assessment process as essential for new federal 5G implementations.  In accordance with this process, the networks of federal agencies reliant on 5G technology will be protected from cybersecurity attacks.

To read CISA’s 5G Security Evaluation Process Investigation in full, visit: https://www.cisa.gov/sites/default/files/publications/5G_Security_Evaluation_Process_Investigation_508c.pdf