Amethyst was contracted to review and develop an industry set of security controls that all operators should have in place to be considered secure.

The company’s Cyber Security team tasked Amethyst to review and develop a Permanent Reference Document (PRD) for its membership to review and publish.

The company wanted their membership to comply with the CIS Controls; a prioritised set of actions that collectively form a defence-in-depth set of best practices that mitigate the most common attacks against systems and networks, NIST Cybersecurity Framework and Secure Controls Framework™.

The PRD document was designed to be consistent with its approach to the security controls and covered the following subcategories:

  1. Business controls
  2. SIM Controls
  3. Device Controls
  4. Core
  5. Radio Access Network (RAN)
  6. Network Operations including Operational Suppler Service/Business Support Services

This PRD also provided a set of self-assessment questions for the members to use to assess themselves against the controls and to document against a maturity score to identify areas of weakness. 

Amethyst played a vital role in ensuring that proposed solution complied with CIS Controls, NIST Cybersecurity Framework and Secure Controls Framework™ and meant that the company’s Security team could engage meaningfully with operators to ensure they complied with industry security controls.

The support provided by Amethyst ensured that that the PRD was delivered without delay.