: Guidelines for securing the underlying hardware and software running SIP services. Network Interconnect
The GSMA's FS.38 is far more than just another document on a shelf. It is a comprehensive and timely response to the evolving threat landscape in telecommunications. By championing a defence-in-depth strategy, moving beyond outdated "trust but verify" models, and providing a detailed guide to threats and countermeasures, FS.38 has become an indispensable tool for mobile network operators, fixed-line providers, and any organisation that relies on SIP. For anyone responsible for securing modern telecoms infrastructure, from the handset to the core network, FS.38 is essential reading and a critical foundation for building a resilient, secure, and trustworthy communications future.
GSMA is a Permanent Reference Document (PRD) titled "SIP Network Security" . It provides a comprehensive framework for securing Session Initiation Protocol (SIP) across fixed, mobile, and converged networks. Key Objectives and Scope gsma fs.38
, documents like FS.38 are being cited in national laws and regulatory guidance (such as the UK's Telecommunications Security Act ) to ensure operators maintain high security standards. www.ofcom.org.uk For more technical details, you can explore the GSMA Cybersecurity Knowledge Base or the lead author's insights on why SIP security needs to change technical summary specifically based on this document's latest version? Interworking Security - GSMA
Published by the GSM Association (GSMA) through its , the FS.38 Permanent Reference Document (PRD) establishes a critical blueprint for securing voice networks. It bridges a historical security gap by providing framework guidelines to defend IP Multimedia Subsystem (IMS) infrastructures, Voice over LTE (VoLTE), and Voice over New Radio (VoNR) from advanced cybersecurity threats, interconnect fraud, and signaling exploits. The Evolution of Mobile Voice and the SIP Security Gap : Guidelines for securing the underlying hardware and
: Before the launch of the GSMA FS.38 PRD , information regarding live SIP exploits and corresponding operator defenses was scattered across disparate IT and networking whitepapers.
"message_id": "fs38-20260410-0001", "timestamp_utc": "2026-04-10T12:34:56Z", "schema_version": "1.0", "sender_id": "operator-a", "event": "event_type": "SIM_SWAP", "msisdn": "+441234567890", "imsi": "234150123456789", "confidence_score": 88, "evidence": "detection_method": "OMA-SDM-signals", "log_refs": ["log-789", "cdr-4521"] , "recommended_action": "action_code": "TEMP_BLOCK", "suggested_ttl_seconds": 3600 It provides a comprehensive framework for securing Session
Traditional Approach: [ Internet / Roaming Interconnect ] ──> [ Session Border Controller (SBC) ] ──> [ Trusted / Unprotected Core ] ❌ GSMA FS.38 Defense-in-Depth Approach: [ Internet / Roaming Interconnect ] ──> [ Edge SBC Hardening ] ──> [ Signaling Firewalls ] ──> [ Hardened & Segregated Core ] │ │ │ ┌───────┴────────────────────────┴────────────────────────┴───────┐ │ Continuous Protocol Correlation & Real-Time Penetration Testing │ └─────────────────────────────────────────────────────────────────┘
Flood stateful SIP servers to drop legitimate user registration and call routing.
is a technical specification published by the GSMA’s Fraud and Security (F&S) team that defines standardized formats, processes, and operational guidance related to the secure exchange of fraud and security-related data between mobile network operators, service providers, and trusted third parties. It focuses on enabling timely detection, sharing, and mitigation of mobile network fraud, SIM fraud, subscription fraud, and related threats through consistent data schemas and interoperable message flows.