TheArtOfService
Back to Frameworks

3GPP 5G Security Architecture (TS 33.501)

Self-Assess
International (3GPP)
vRelease 17 (2022)
23 domains
43 controls

3GPP Technical Specification 33.501 defines the security architecture and procedures for 5G systems, including authentication (5G-AKA and EAP-AKA'), key management, security between network functions, user plane integrity protection, and subscriber privacy through SUPI/SUCI encryption to prevent tracking and IMSI catching.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (23)

Access Security

1 controls
Controls in the Access Security domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-9Security for Non-3GPP Access

Authentication

1 controls
Controls in the Authentication domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-6.1Primary Authentication (5G AKA / EAP-AKA')

Authentication Procedures

4 controls
Controls in the Authentication Procedures domain of 3GPP 5G Security Architecture (TS 33.501)4 controls
CodeTitle
TS33.501-6.1Authentication Framework
TS33.501-6.2Key Hierarchy and Derivation
TS33.501-6.3EAP-AKA' Authentication
TS33.501-6.4NAS Security

Core Network Security

1 controls
Controls in the Core Network Security domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-8Security Aspects of UDM/UDR

Cryptography

1 controls
Controls in the Cryptography domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-Annex-DCryptographic Algorithms

General Security Architecture

4 controls
Controls in the General Security Architecture domain of 3GPP 5G Security Architecture (TS 33.501)4 controls
CodeTitle
TS33.501-4.15G Security Architecture Overview
TS33.501-4.2Security Feature Groups
TS33.501-4.3Security Domains and Stratum
TS33.501-4.4Network Functions in the Security Architecture

Identifiers and Privacy

1 controls
Controls in the Identifiers and Privacy domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-5.1Subscription Permanent Identifier Protection

Interworking

1 controls
Controls in the Interworking domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-10Security for Interworking with EPS

Key Management

1 controls
Controls in the Key Management domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-6.2Key Hierarchy

Management Security

1 controls
Controls in the Management Security domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-OAMManagement Plane Security

Network and Service Security

0 controls

User plane, control plane, and SBA security

Non-3GPP Access Security

3 controls
Controls in the Non-3GPP Access Security domain of 3GPP 5G Security Architecture (TS 33.501)3 controls
CodeTitle
TS33.501-7.1Untrusted Non-3GPP Access Security
TS33.501-7.2Security Visibility and Configurability
TS33.501-7.3Wireline Access Security

Privacy

1 controls
Controls in the Privacy domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-17Privacy and Pseudonymization

Roaming Security

2 controls
Controls in the Roaming Security domain of 3GPP 5G Security Architecture (TS 33.501)2 controls
CodeTitle
33.501-13.4SEPP and Inter-PLMN Security (N32)
33.501-15Steering of Roaming Security

SBA Security

2 controls
Controls in the SBA Security domain of 3GPP 5G Security Architecture (TS 33.501)2 controls
CodeTitle
33.501-13.1Service-Based Architecture Security (TLS)
33.501-13.2Network Function Service Authorization (OAuth 2.0)

Security Architecture

1 controls
Controls in the Security Architecture domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-4.2Security Domains and Trust Model

Security for NAS and AS Protocols

4 controls
Controls in the Security for NAS and AS Protocols domain of 3GPP 5G Security Architecture (TS 33.501)4 controls
CodeTitle
TS33.501-6.5AS Security and PDCP Protection
TS33.501-6.6AS Security
TS33.501-6.7Security Key Hierarchy
TS33.501-6.8Security in Handover

Security for Specific Services

4 controls
Controls in the Security for Specific Services domain of 3GPP 5G Security Architecture (TS 33.501)4 controls
CodeTitle
TS33.501-14.1Security for Network Slicing
TS33.501-14.2Security for Edge Computing
TS33.501-14.3Security for URLLC Services
TS33.501-14.4Security for IAB

Service Based Architecture Security

4 controls
Controls in the Service Based Architecture Security domain of 3GPP 5G Security Architecture (TS 33.501)4 controls
CodeTitle
TS33.501-13.1NF Registration and Discovery Security
TS33.501-13.2NF Service Authorization
TS33.501-13.3N32 Interconnect Security
TS33.501-13.4OAuth 2.0 Authorization Framework

Service Security

1 controls
Controls in the Service Security domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-11Security Aspects of IMS

Signaling Security

3 controls
Controls in the Signaling Security domain of 3GPP 5G Security Architecture (TS 33.501)3 controls
CodeTitle
33.501-6.4NAS Security
33.501-6.5AS Security (RRC and User Plane)
33.501-6.7Security Mode Command Procedures

Slicing

1 controls
Controls in the Slicing domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-14Network Slicing Security

User Plane

1 controls
Controls in the User Plane domain of 3GPP 5G Security Architecture (TS 33.501)1 controls
CodeTitle
33.501-16Security for User Plane Integrity Protection

Your Compliance Coverage

If you comply with 3GPP 5G Security Architecture (TS 33.501), you already cover:

NIST SP 800-53 Rev 5

88%

38 controls mapped

Compare →

NIST SP 800-187

51%

22 controls mapped

Compare →

ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence

12%

5 controls mapped

Compare →

+ 60 more: Azure Security Benchmark (12%), AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) (12%)

See all 63 mapped frameworks ↓

Maps to 63 other frameworks

43 total controls
NIST SP 800-53 Rev 5
38 source controls mapped|17 target controls covered
88%
NIST SP 800-187
22 source controls mapped|7 target controls covered
51%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
5 source controls mapped|5 target controls covered
12%
Azure Security Benchmark
5 source controls mapped|3 target controls covered
12%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
5 source controls mapped|5 target controls covered
12%
BSI IT-Grundschutz
5 source controls mapped|3 target controls covered
12%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
5 source controls mapped|9 target controls covered
12%
ISO 27018
5 source controls mapped|3 target controls covered
12%
ISO 27017
5 source controls mapped|3 target controls covered
12%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
5 source controls mapped|5 target controls covered
12%
ISO/SAE 21434
5 source controls mapped|6 target controls covered
12%
ASD Strategies to Mitigate Cyber Security Incidents
5 source controls mapped|4 target controls covered
12%
ISO 13485
5 source controls mapped|5 target controls covered
12%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
5 source controls mapped|6 target controls covered
12%
ISO/IEC 27400:2022
5 source controls mapped|2 target controls covered
12%
AWS Well-Architected Security Pillar
5 source controls mapped|3 target controls covered
12%
ISO 27799
5 source controls mapped|4 target controls covered
12%
ISO 27043
5 source controls mapped|6 target controls covered
12%
NIST SP 800-190
5 source controls mapped|3 target controls covered
12%
IEC 62351 - Power Systems Communication Security
4 source controls mapped|2 target controls covered
9%
ISO/IEC 27011:2024
3 source controls mapped|2 target controls covered
7%
SSAE 18 - Attestation Standards (SOC Reporting)
3 source controls mapped|2 target controls covered
7%
ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary
3 source controls mapped|4 target controls covered
7%
DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)
3 source controls mapped|1 target controls covered
7%
NIST Cybersecurity Framework 2.0
3 source controls mapped|3 target controls covered
7%
NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices
3 source controls mapped|4 target controls covered
7%
ISO 19011
3 source controls mapped|4 target controls covered
7%
MARS-E - Minimum Acceptable Risk Standards for Exchanges
3 source controls mapped|2 target controls covered
7%
ISO/IEC 27006:2024
2 source controls mapped|1 target controls covered
5%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
2 source controls mapped|1 target controls covered
5%
SOC 2
2 source controls mapped|2 target controls covered
5%
FFIEC Cybersecurity Assessment Tool (CAT)
2 source controls mapped|1 target controls covered
5%
ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)
2 source controls mapped|1 target controls covered
5%
Authorised Economic Operator (AEO) Programmes - Global Standards
2 source controls mapped|1 target controls covered
5%
Virginia CDPA
2 source controls mapped|1 target controls covered
5%
Uruguay DPL
2 source controls mapped|1 target controls covered
5%
Texas Data Privacy Act
2 source controls mapped|1 target controls covered
5%
Taiwan PDPA
2 source controls mapped|1 target controls covered
5%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
2 source controls mapped|1 target controls covered
5%
APRA CPS 234
2 source controls mapped|1 target controls covered
5%
PCI SSF
2 source controls mapped|1 target controls covered
5%
APPI
2 source controls mapped|1 target controls covered
5%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
2 source controls mapped|4 target controls covered
5%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
2 source controls mapped|4 target controls covered
5%
FFIEC IT Examination Handbook
2 source controls mapped|1 target controls covered
5%
FBI CJIS Security Policy
2 source controls mapped|2 target controls covered
5%
PCI PIN Security
2 source controls mapped|1 target controls covered
5%
PCI P2PE
2 source controls mapped|1 target controls covered
5%
ISO 31000:2018
2 source controls mapped|2 target controls covered
5%
Bahrain PDPL
2 source controls mapped|1 target controls covered
5%
NSA Guidance for Transition to Quantum-Resistant Cryptography
1 source controls mapped|3 target controls covered
2%
NIST AI Risk Management Framework (AI RMF 1.0)
1 source controls mapped|1 target controls covered
2%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
1 source controls mapped|1 target controls covered
2%
ISO 27005
1 source controls mapped|1 target controls covered
2%
ISO 20000-1
1 source controls mapped|1 target controls covered
2%
ISO/IEC 27010:2015
1 source controls mapped|1 target controls covered
2%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
1 source controls mapped|1 target controls covered
2%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|1 target controls covered
2%
WCAG 2.2
1 source controls mapped|1 target controls covered
2%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|2 target controls covered
2%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|1 target controls covered
2%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
2%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|1 target controls covered
2%
Compare 3GPP 5G Security Architecture (TS 33.501) with NIST SP 800-53 Rev 5

Frequently Asked Questions

What is 3GPP 5G Security Architecture (TS 33.501)?

3GPP 5G Security Architecture (TS 33.501) is a compliance framework from International (3GPP) with 23 domains and 43 controls. 3GPP Technical Specification 33.501 defines the security architecture and procedures for 5G systems, including authentication (5G-AKA and EAP-AKA'), key management, security between network functions, user plane integrity protection, and subscriber privacy through SUPI/SUCI encryption to prevent tracking and IMSI catching. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does 3GPP 5G Security Architecture (TS 33.501) have?

3GPP 5G Security Architecture (TS 33.501) has 43 controls organised across 23 domains. The largest domains are Authentication Procedures (4 controls), General Security Architecture (4 controls), Security for NAS and AS Protocols (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does 3GPP 5G Security Architecture (TS 33.501) map to?

3GPP 5G Security Architecture (TS 33.501) maps to 63 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (88% coverage), NIST SP 800-187 (51% coverage), ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence (12% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with 3GPP 5G Security Architecture (TS 33.501) compliance?

Start your 3GPP 5G Security Architecture (TS 33.501) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about 3GPP 5G Security Architecture (TS 33.501) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 43 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required