Which core-network devices are non-compliant with the PFCP encryption baseline, and how bad is it?
9 UPF nodes in the Packet Core are non-compliant — PFCP on the N4 interface (SMF↔UPF) is running in cleartext, so session-management signalling can be intercepted or modified.
This is finding
📌 AUD-2198 (Critical, confidence 0.95), mapped to
3GPP TS 33.513 and
ENISA #NET-04. Detected in the 06:00 scheduled sweep
run-8830.
Sources — findings: AUD-2198 · devices: UPF-CORE-01…09 · baseline: 3GPP SCAS TS 33.513 v Rel-16.3
Show the 9 devicesSee a config diffOnly Jakarta DC-1
Just the ones in Jakarta DC-1 — and has this drift been seen before?
4 of the 9 are in Jakarta DC-1: UPF-CORE-01, -02, -03, -07.
Yes — the same N4 cleartext condition was flagged in
March (AUD-1904) and remediated, then
regressed after a UPF software upgrade on 12 Jun that reset the IPsec profile. This is a recurrence, which is why the drift-regression rate ticked up to 4%.
Sources — findings: AUD-2198, AUD-1904 (Mar) · change record: CR-8612 (UPF upgrade, 12 Jun)
Open remediation ticketDraft note for Core teamExport as report section
Do we have any findings mapped to the new BSSN 2025 control set that aren't in the June report yet?
No evidence found for that exact query. The BSSN 2025 control set is loaded as a
draft baseline, but no open finding is currently tagged to it outside the June report. I can't confirm coverage is complete — the draft mapping is only 81% applied. Want me to run a targeted gap scan?
Checked — findings DB (23 open) · baseline: BSSN/Kominfo 2025 draft · report: June 2026. Nothing matched.
Run BSSN gap scanOpen BSSN baseline