GSMA
GSMA overview
The Global System for Mobile Communications Association (GSMA) is an industry organization that "represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent industry sectors." The GSMA established the Security Accreditation Scheme (SAS) to enable mobile operators to assess the security of their Universal Integrated Circuit Card (UICC) and embedded UICC (eUICC) suppliers, as well as their eUICC subscription management service providers. Two schemes operate under SAS:
- SAS for UICC Production (SAS-UP) is a well-established scheme through which UICC and eUICC manufacturers subject their production sites and processes to a comprehensive security audit.
- SAS for Subscription Management (SAS-SM) is a related security auditing and accreditation scheme for the providers of eUICC subscription management services, intended to ensure industry confidence in the security of remote provisioning for eUICCs.
The GSMA’s established Security Accreditation Scheme (SAS) is the required security accreditation for embedded subscriber identity module (eSIM) entities handling sensitive assets, including mobile network operator (MNO) profile information and digital certificates. SAS-SM audits the robustness of processes for secure data management at the subscription management service location.
Azure and GSMA
Azure has obtained the GSMA SAS-SM accreditation for data center operations and management across the following regions:
- Central US (Iowa)
- East US (Virginia)
- East US 2 (Virginia)
- West US (California)
- France Central (Paris)
- France South (Marseille)
- Japan East (Tokyo, Saitama)
- Japan West (Osaka)
- North Europe (Ireland)
- West Europe (Netherlands)
The GSMA accreditation of Azure regions with more than 200 available Azure and other Microsoft cloud services is the first for any hyper-scale cloud provider. The independent standalone accreditation enables any telecom operator to use the Azure cloud services platform to support a massive global increase in the volume of embedded mobile subscriptions with the right level of security assurance. This capability will be critical to the implementation of 5G networks and the cellular network connectivity of billions of IoT devices worldwide.
Microsoft solutions for telecommunications let you use AI and automation to increase telecommunication network efficiency, scalability, and reliability. These solutions help you capitalize on new service opportunities enabled by 5G. Azure is set to play a key role in helping telecommunications providers build 5G networks with Azure Edge Zones, connecting Azure services directly to 5G networks in the carrier’s data center.
Azure Private 5G Core is available as a part of the Azure private multi-access edge compute (MEC) solution. Azure Private 5G Core enables operators and system integrators to provide a simple, scalable, and secure deployment of private 4G and 5G networks on small-footprint infrastructure at the enterprise edge.
Applicability
- Azure
Services in scope
For a list of Microsoft cloud services in audit scope, see the Azure GSMA SAS-SM certificate or Cloud services in audit scope:
- Azure
- Dynamics 365
- Microsoft 365
- Power Platform
Audit reports and certificates
The Azure GSMA SAS-SM certificate is available directly from the GSMA list of SAS-SM accredited sites where Microsoft Corporation is listed as a supplier.
Resources
- Azure compliance documentation
- Azure enables a world of compliance
- Microsoft 365 compliance offerings
- Compliance on the Microsoft Trust Center
- Global System for Mobile Communications Association (GSMA)
- GSMA Security Accreditation Scheme (SAS)
- Microsoft solutions for telecommunications
- Azure geographies