| # | Control | Description | |---|---|---| | 12 | | A documented process to wipe all sensitive data (keys, credentials, logs) from the device at end-of-life or repurposing. | | 13 | Vulnerability Disclosure & Response | The vendor must provide a public point of contact for reporting vulnerabilities and a timeline for patching. | | 14 | Software Bill of Materials (SBOM) | Maintain an inventory of all open-source and third-party components to track known vulnerabilities (CVEs). |
The GSMA FS.38 specification offers several benefits to mobile network operators, device manufacturers, and service providers: gsma fs.38
The GSMA FS.38 specification has various applications across the mobile industry: | # | Control | Description | |---|---|---|