Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Summary
The Advanced Security Architectures for Next Generation Wireless (ASA-NGW) seeks to enhance emerging security standards and guidance efforts for 5G/6G Open RAN and Core technologies, advance the application of Zero Trust networking principles to 5G networks, and evaluate the status of leading open-source software platforms for 5G.
O-RAN technologies seek to transform radio access networks from single vendor solutions based upon proprietary appliances to a disaggregated network architecture of components and functions, with standardized open interfaces, and designed to be deployed in virtualized and cloud native environments. If successful, O-RAN technologies will create an open market for RAN products and services, reduce barriers to entry and spur innovation by evolving to software-based components operating on commodity hardware, and enable wireless network infrastructure to become distributed and dynamic systems that exploit centralized and edge computing infrastructure dynamically optimize performance, reduce operating expenses, and increase resilience.
While the desire for O-RAN technologies from the USG and the mobile service operator’s community is clear, there are many challenges to developing the consensus standards and testing programs necessary to ensure that multi-vendor O-RAN networks are interoperable, secure, and resilient.
Description
The US Government, and the Department of Commerce in particular, has identified the development and commercialization of Open Radio Access Network (O-RAN) technologies as a strategic priority in the evolution of next-generation wireless networks and a key enabler for the US IT industry to increase its presence in the supply chain of critical infrastructure components of future wireless networks.
The primary goals of the project are to assess, improve, and expedite emerging O-RAN security standards and testing processes to a level suitable for USG use in mission-critical networks. Near-term objectives are to (1) evaluate the O-RAN alliance testing and certification processes, and the current state of O-RAN Test and Interoperability Centers (OTICs), (2) evaluate current O-RAN security requirements and test specifications, (3) develop gap analyses of the suitability of existing O-RAN security requirements and testing processes for use by the USG, and (4) develop contributions to O-RAN specifications to address identified gaps and supplemental USG centric guidance to augment industry standards where necessary.
We will augment our standards research and participation with laboratory experimentation using a 5G Open Testbed developed in FY23. We will evaluate multiple 5G RAN and Core open-source implementations against emerging security specifications and evaluate the implementation of O-RAN test methods against these implementations.
We will work primarily with the O-RAN Alliance, OTIC labs, and ATIS as necessary. We also collaborate within the Government in interagency working groups (IWGs) focused on issues of 5G security and resilience for Federal systems.
Our initial focus is enhancing the security of virtualized, cloud-native, O-RAN functions. We see this area as having both the greatest potential to increase overall network security[1] and the greatest potential risk[2] to the eventual commercial viability of O-RAN technologies. NIST staff will actively engage in the O-RAN alliance working groups on security (WG11), cloud infrastructure (WG11), near-real-time radio intelligent controller (WG3), and testing and integration working groups.
[1] CSRIC VIII Report on How Virtualization Technologies Can be used to Promote 5G Security and Reliability - https://www.fcc.gov/file/24519/download
[2] O-RAN Alliance O-Cloud Security Analysis Report - https://oranalliance.atlassian.net/wiki/download/attachments/2221408283/O-RAN.WG11.O-CLOUD-Security-Analysis-TR.O-R004-v05.00.03.docx
Major Accomplishments
See Additional Technical Details (below) for a complete listing of our contributions.
- NIST in collaboration with AT&T, MITRE, and Rakuten sponsored a O-RAN Alliance approved new work item to develop a Zero Trust Architecture for O-RAN cloud orchestration and management functions.
- The new work item seeks to align O-RAN cloud security with the NIST guidance on zero trust architecture and emerging industry standards (IETF and other) for identity and credentialing of virtualized workloads. If successful, this effort will significantly enhance the security posture of emerging O-RAN standards and resulting product offerings.
Advanced Security Architectures for NextGen Wireless
Product | Reference |
|---|---|
| Standards Contribution | Montgomery D., Change Request to Improve the Clarity and Usability of the Security Implementation Conformance Statement., NIST-WG11-CR-0011, March 2025.
|
| Standards Contribution | Montgomery D., NIST Comments on Security ICS Format and Contents, Presentation to O-RAN Alliance TIFG, February 2025. |
| Standards Contribution, Presentation | Montgomery D., Observations on O-RAN Testing: Recommendations to Improve the Utility of O-RAN Certification, Presentation to O-RAN Certification and Badging Task Group, January 2025. |
| NIST Publication | Montgomery D., Open Radio Access Network (ORAN) Testing Ecosystem: Observations and Recommendations, Initial Public Draft NIST Interagency Report (IR XXXX), January 2025. |
| Standards Contribution | Rose S., Updating the ZTA WI Technical Report with the O-DU Gap Analysis, O-RAN ALLIANCE WG11 (Security) Change Request, November 2024.
|
| Standards Contribution | Rose S., Updating the ZTA WI Technical Report with the O-CU Gap Analysis, O-RAN ALLIANCE WG11 (Security) Change Request, November 2024.
|
| Software | Wuthier S., Automation Tool for Deploying 5G O-RAN Testbeds, Open Source Software from the National Institute of Standards and Technology, November 2024. |
| Presentation | Rose S., Zero Trust Perspectives at NIST, Zero Trust Standardization Workshop, O-RAN ALLIANCE Ad-hoc F2F Meeting, Ericsson Canada HQ, October 2024. |
| NIST Publication | Liu P., Lee K., J. Cintrn F., Wuthier S., Savaliya B., Montgomery D., Rouil R., Blueprint for Deploying 5G O-RAN Testbeds: A Guide to Using Diverse O-RAN Software Stacks, NIST Technical Note (NIST-TN-2311), September 2024. |
| Workshop | Montgomery D., International Open RAN Symposia (IORS), Workshop on Testing, September 2024.
|
| Proposal | Rose S., Fernandes C., Continuous Security Monitor Work Item Description, O-RAN ALLIANCE WG11 (Security) Work Item Description, August 2024.
|
| Working Group | Montgomery D., FCC CSRIC IX, Participant in Working Group 6: Preparing for 6G Security and Reliability, June 2024. |
| Presentation | Montgomery D., Towards Verifiable ZTA in O-RAN, Acceleration of Compatibility and Commercalization for Open RAN Deployments (ACCORD) Technical Workshop, April 2024.
|
| Presentation | Rose S., Applicability of NIST Zero Trust Tenets 4, 6 and 7 to O-RAN, Presentation to WG11 Zero Trust Architecture Work Item Team, O-RAN Alliance, March 2024. |
| Presentation | Zwingmann H., Borchert O., Rose S., Stange M., Security Requirements Specifications (SecReqSpec) Insights and proposed way forward, Presentation to WG11 Pleanary during the O-RAN Alliance F2F meeting in Athens, 2024, February 2024.
|
| Standards Contribution | Rose S., Bykampadi N., Shah P., P. Adharapurapu K., NIST ZT Tenet-3 Applicability for O-RAN, O-RAN Alliance WG11 Change Request, February 2024.
|
| Proposal | Rose S., et_al., Zero Trust Architecture (ZTA) for O-RAN, WG11-2023-08 Work Item Description, January 2024.
|
| Standards Contribution | Rose S., Application of the NIST AI Risk Management Framework, O-RAN Change Request, October 2023. |
| Presentation | Rose S., Borchert O., Zero Trust Archtecture, ATIS TOPS Enhanced Zero Trust and 5G Meeting Series, February 2023. |
| Report | Montgomery D., et. al. members of CSRIC 8 Working Group 3, Report on How Virtualization Technology Can Be Used to Promote 5G Security and Reliability, Communications Security, Reliability, and Interoperability Council VIII, December 2022.
|
| Video | Clancy C., Solari C., Rose S., Islam J., Thottan M., TIA QuEST Forum's ICT Summit: 5G Security, Supply Chain and Zero Trust Architectures, Telecommunications Industry Association Webinar Series, October 2020. |
Collaborators (37) = ACCENTURE, ANDRO Computational Solutions, AT&T, Altiostar Networks, CTIA, Cisco, Comtech Telecommunications Corp., Cox Communications, Cybersecurity and Infrastructure Security Agency (CISA ECD), Dell, Dell Technologies, Deutsche Telecom, Deutsche Telekom, Ericsson, FCC, FirstNet, Hewlett Packard Enterprise, Intel Corporation, LLC, MITRE, Mavenir, Microsoft Corporation, Motorola Solutions, NSA, NTIA, NTIA ITS, National Security Agency (NSA), Nokia, O-RAN Alliance, Palo Alto Networks, Qualcomm Incorporated, Rakuten, Rakuten Mobile, Rakuten Symphony, Rural Wireless Association, T-Mobile USA, Verizon