Constituent policy

ZTE security policy guarantees customers secure network products

Communication networks need to be robust, especially as the scope, variety, and complexity of today’s cybersecurity threats increase dramatically. Leader in the telecommunications industry, ZTE Company places great importance on security and has created an effective governance framework that encompasses the entire life of the product. In this way, ZTE The security policy guarantees customers secure network products, contributing to the establishment of a reliable communication network.

ZTE Company is famous as a global superpower in integrated communication systems. Since its foundation, ZTE is dedicated to the security of network infrastructures, designing and producing secure and reliable equipment. Meanwhile, ZTE positively seeks cooperation with other industry leaders, operators, exploring industry safety standardization.

It is well known that third-party buddies are an integral part of the delivery team. However, they may present new security issues. ZTE has expanded its security protection boundaries in conjunction with third-party partners, forming effective partner management.

To ensure the security and reliability of these third-party partners, a complex methodology is required for their security management. Therefore, ZTE established a certification management system with an emphasis on certification assessment and qualification, safety, performance and credit management, which are currently used throughout the lifecycle of the third-party partner, covering the selection, cooperation and even exit phases.

Also, ZTE has developed and implemented a Security Baseline, which specifies baseline security requirements for products and services that third-party partners must adhere to. Before establishing cooperation with potential third-party partners, ZTE will check if they have passed an assessment that includes cybersecurity and other issues. All certified and selected third-party partners are required to sign the Product Safety Pledge, which outlines product safety obligations and responsibilities associated with breaches of contract.

ZTE regularly performs a comprehensive risk assessment on the service performance and security level of its third-party partners, implements level-based management, and then defines future collaboration frequencies and options based on the results of the assessment.

ZTE integrates controls into the HPPD process, which leverages the DevOps toolchain, and performs the entire lifecycle management of open source delivery by third-party components used in production, from its introduction to its end of life.

In order to comply with the company’s open source licensing, export control, data protection and product security redline criteria, ZTE Thoroughly analyzes and checks the functionality and performance of components at the stage of introducing third-party components.

In order to fulfill its service commitment to customers, ZTE also takes into account the replaceability of the components and the life cycle that the supplier has committed to supply. The company’s component management system can only accept third-party components that have passed the security assessment and have been certified. After approval, developers can obtain access rights to components and choose the ones they need for the desired products.

Third-party components chosen for the product must pass security assessment and meet ZTE security requirements. When a security flaw in one of the products is discovered during its life cycle by a customer, supplier, third party or ZTE, ZTE will quickly assess the flaw, suggest solutions or mitigation strategies, and eliminate the risk.

At a time, ZTE updates or discontinues third-party software through the component management system to ensure that the third-party software used in its product is the latest whenever the third-party software version is updated or patches are introduced in because of function, performance, or security needs, or at the end of the life cycle of third-party software.

The HPPD process includes node management and third-party software security risk assessment control throughout the process, from component selection, introduction, testing, delivery and maintenance to ensure that security risks are discovered in time to ZTE provide the necessary security solutions or effective mitigation measures.

In addition, in order to track its use, ZTE considers third-party software as part of the product configuration and incorporates it into the configuration control process. If defects are discovered later, ZTE can determine the extent to which they have been used and resolve any issues with the third-party software.

ZTE continues to track vulnerabilities reported by the community and helps provide fixes for vulnerabilities as an active participant in the open source community.

Build a reliable communication network for the whole society, ZTE aspires to invest more resources in the future to create, study and invent security technologies and methods and optimize security management mechanisms. ZTE will continue to provide customers with reliable products and services.

Media Contact

Company Last name: ZTE

Contact person: Lunitta LU

Email: [email protected]

Country: China