Gsma Fs.38 Jun 2026

Implementing FS.38 requires a shift toward a more proactive, intelligent security posture. Key steps include:

| Feature | | ETSI MEC (Multi-access Edge Compute) | LF Edge (OpenHorizon) | | :--- | :--- | :--- | :--- | | Primary Focus | Federated trust & roaming | Network integration (UPF, RAN) | Device & software management | | Inter-Provider | Excellent (Built for roaming) | Poor (Single operator only) | Moderate (Requires custom adapters) | | Maturity | Spec v1.0 (2023) | Commercial deployments (v2.x) | Mature (IBM origin) | | Best Use Case | Cross-operator edge roaming | Single operator / on-prem edge | Large-scale device fleets |

The core value of the FS.38 PRD is its , mapping telecom-specific flaws against structural defense layers. It categorizes network vulnerability vectors into three primary domains:

An often-overlooked vector of telephony hacking involves the secondary servers required to run the network. FS.38 details testing regimens for peripheral infrastructure, specifically highlighting . If an attacker compromises a provisioning server, they can silently reconfigure thousands of user devices, hijack credentials, or reroute voice traffic. Key Testing Methodologies Recommended by FS.38 gsma fs.38

Attacks originating from partner networks through the IPX.

: Addressing vulnerabilities in SIP deployments, including those used in VoLTE and VoWiFi.

FS.38 is your standard of choice if your IoT device uses a SIM card (or eSIM) and connects via a mobile network. For purely Wi-Fi devices, ETSI EN 303 645 may be more appropriate. Implementing FS

Implementing the guidelines set out by GSMA FS.38 is no longer optional for forward-thinking communications service providers (CSPs). By adopting these measures, operators achieve several critical business and security objectives:

In the world of modern telecommunications, the Session Initiation Protocol (SIP) has become one of the most widely deployed signaling protocols. It underpins everything from voice and video calls to instant messaging and is the engine behind services such as Voice over LTE (VoLTE), Voice over 5G (Vo5G), and Rich Communication Services (RCS). As the telecoms industry has evolved, so too have the threats targeting this ubiquitous protocol. Recognizing the need for a unified, end-to-end security framework, the GSM Association (GSMA) developed , the "SIP Network Security" Permanent Reference Document (PRD). First published in April 2021, this document represents a major industry milestone, providing a comprehensive guide to securing SIP-based networks and services.

The rise of the internet and, more critically, the darknet, has democratized access to detailed information on all telecom protocols, including SIP. Attackers now have unprecedented access to knowledge, allowing them to devise and execute attacks of increasing volume and sophistication. This evolving threat landscape, combined with the heightened regulatory focus on security from governments and bodies like the European Union, has forced a cultural shift, making a more sophisticated approach to security an absolute necessity. and application developers:

The potential applications of FS.38 are vast and diverse:

: Focuses on protecting the pathways between the user and the core network.

Operators are encouraged to treat their SIP core as a high-security zone. FS.38 outlines how to protect back-end databases that contain sensitive SIP usernames and passwords, ensuring these are not accessible via the public internet. 2. SIP Encryption

The adoption of GSMA FS.38 offers numerous benefits for mobile network operators, device manufacturers, and application developers: