GSMA FS.38, titled " SIP Network Security ," is a Permanent Reference Document (PRD) released by the GSMA Fraud and Security Group (FASG)
Furthermore, the guideline’s reliance on "best practices" for application-layer security leaves ambiguity. While FS.38 specifies that transport encryption (TLS 1.2+) must be used, it does not prescribe certificate management infrastructure, often leaving implementers to struggle with the "last mile" of PKI (Public Key Infrastructure) integration. Additionally, critics argue that the document has not yet fully evolved to address the complexities of 5G slicing and massive machine-type communication (mMTC) security, though updates are continuous. gsma fs.38
: Techniques to ensure that signaling messages are not tampered with and that only authorized users or peers can initiate sessions. GSMA FS