GSMA Security Certification
Overview
Amazon Web Services (AWS) EU West (Paris) and US East (Ohio) Regions are certified by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Center Operations and Management (DCOM). This alignment with GSMA requirements demonstrates our continuous commitment to adhere to the heightened expectations for cloud service providers.
The GSM Association (Global System for Mobile Communications, originally Groupe Spécial Mobile) is an industry organization comprised of 1,200 wireless service providers and related companies (handset manufacturers, software providers, internet service providers) focused on standardization and interoperability. The organization established a Security Accreditation Scheme (SAS) with applicability to universal integrated circuit card production (SAS-UP) and remote subscriber identification module (SIM)/universal integrated circuit card (UICC) provisioning subscription management (SAS-SM).
AWS was evaluated by independent third-party auditors selected by GSMA. EU West (Paris) and US (Ohio) was renewed in October 2024. The SAS-SM audits covered:
- Section 1: Policy, Strategy and Documentation
- Section 2: Organisation and Responsibility
- Section 3: Information
- Section 4: Personnel Security
- Section 5: Physical Security
- Section 10: Computer and Network Management
The below domains were omitted from the review:
- Section 6: Certificate and Key Management Result- *Not applicable to Cloud Services Providers and is omitted from this review.
- Section 7: Sensitive Process Data Management - *Not applicable to Cloud Services Providers and is omitted from this review.
- Section 8: SM-DP, SM-SR, SM-DP+ and SM-DS Service Management - *Not applicable to Cloud Services Providers and is omitted from this review.
- Section 9: Logistics and Production Management - *Not applicable to SAS-SM and is omitted from this review.
