4.2.1.2.6 Protecting data and information -- Data masking on integration analysis |
Home → NWDAF → 18.0.0 |
| 33521-h00 → 33521-h10 33521-h20 33521-i00 | |
| Test Name | TC_DATA_MASKING | |
| Threat Reference | TR 33.926 [ 4], clause 5.3.6.7, Personal Identification Information Violation |
|
| Requirement Name | Data masking on integration analysis about personal data |
|
| Requirement Reference | TBA. |
|
| Requirement Description | NWDAF can collect data from UE, NF, OAM, etc. used for analytics. Personal data of the UE's user are involved also. When NWDAF uses such personal data in analytics with other information together, such data correlation operation could bind more personal information with the user's identity. Thus, privacy information about that specific user could be revealed to the person who is allowed to operate data correlation for analytics but not allowed to know the privacy information as the result of data correlation. Therefore, applicable measures (e.g. data masking) shall be applied to mitigate such privacy violation risk. |
|
| Test Purpose | Verify that no privacy information of operators' users is revealed to the party who is not allowed to have. |
|
| Pre-Conditions | The vendor shall provide the documentation describing how to create an account for accessing the analytics results. Privacy information list (should be specified based on local policy, regulation and others). |
|
| Execution Steps |
|
|
| Expected Results | The tester can create the account, and the account does not reveal subscriber permanent identifier. |
|
| Expected Format of Evidence | Evidence suitable for the interface, e.g. screenshot containing the results. |
|
| PDFs | 1f729942c1f97dbd71af40a0084ba1ef | |
4.2.1.2.6 Protecting data and information -- Data masking on integration analysis |
Home → NWDAF → 17.2.0 |
| 33521-h00 → 33521-h10 33521-h20 33521-i00 | |
| Test Name | TC_DATA_MASKING | |
| Threat Reference | TR 33.926 [ 4], clause 5.3.6.7, Personal Identification Information Violation |
|
| Requirement Name | Data masking on integration analysis about personal data |
|
| Requirement Reference | TBA. |
|
| Requirement Description | NWDAF can collect data from UE, NF, OAM, etc. used for analytics. Personal data of the UE's user are involved also. When NWDAF uses such personal data in analytics with other information together, such data correlation operation could bind more personal information with the user's identity. Thus, privacy information about that specific user could be revealed to the person who is allowed to operate data correlation for analytics but not allowed to know the privacy information as the result of data correlation. Therefore, applicable measures (e.g. data masking) shall be applied to mitigate such privacy violation risk. |
|
| Test Purpose | Verify that no privacy information of operators' users is revealed to the party who is not allowed to have. |
|
| Pre-Conditions | The vendor shall provide the documentation describing how to create an account for accessing the analytics results. Privacy information list (should be specified based on local policy, regulation and others). |
|
| Execution Steps |
|
|
| Expected Results | The tester can create the account, and the account does not reveal subscriber permanent identifier. |
|
| Expected Format of Evidence | Evidence suitable for the interface, e.g. screenshot containing the results. |
|
| PDFs | 1f729942c1f97dbd71af40a0084ba1ef | |