Automating Certificate-Based Identity for T-Mobile’s 5G Standalone Network
As a Tier-1 mobile network operator accelerated deployment of its 5G Standalone (5GSA) network, securing machine and infrastructure identities became mission-critical. The 5G core introduced new trust boundaries, third-party vendor dependencies, and stringent compliance requirements as part of national and cross-border critical infrastructure. Existing identity and certificate solutions lacked the cloud-native automation, flexibility, and protocol support needed to scale securely in a modern 5G environment.
The operator required a standards-based identity lifecycle solution that could integrate with existing PKI investments while supporting 3GPP CMPv2, enabling cloud-native deployment, coordinating security across internal teams and strategic vendors, and maintaining the resilience and compliance demanded of large-scale telecom infrastructure without introducing operational risk or service disruption.
ISS Solution: ILM for Telecoms & Critical Infrastructure
ISS delivered an Identity Lifecycle Management (ILM) solution purpose-built for telecom scale, cloud-native environments.
ILM enabled seamless integration with MS ADCS, extending it with full CMPv2 support, allowing 5G network components to securely request and manage certificates even though ADCS does not natively support CMPv2. Vendors were able to independently integrate with ILM interfaces while adhering to centrally enforced security and compliance policies defined by the operator.
In parallel, the operator expanded ILM beyond 5G identities to include infrastructure web server certificate management using ILM’s ACME implementation, eliminating manual processes and preventing certificate-related outages across critical services.
Key Capabilities Delivered
- First-of-its-kind CMPv2 (3GPP) certificate management with MS ADCS
- Cloud-native identity automation without interoperability issues
- Centralized inventory of cryptographic assets across 5GSA appliances
- Rapid response to compromised devices through immediate certificate revocation and replacement
- Crypto agility, enabling fast replacement of deprecated or vulnerable algorithms
- Automated compliance enforcement via policy-driven approvals and lifecycle controls
Results
- Automated identity lifecycle management across the 5G Standalone network
- Elimination of certificate-related outages in infrastructure services
- Improved security posture for critical telecom infrastructure
- Operational agility through cloud-native certificate and identity automation
- Stronger compliance confidence with centralized visibility and enforcement
