5G NR Physical Layer Security: AS (Access Stratum) Security: Verify that radio link encryption (NEA1/NEA2/NEA3) and integrity protection (NIA1/NIA2/NIA3) are active. SUPI/SUCI Obfuscation: Confirm the air-interface uses Concealed Identifiers (SUCI) to prevent IMSI-catching.

Frequency Arrangement Security: Inter-Cell Interference: Is the cell configured to mitigate interference from neighboring cells (PCI conflict check)? Guard-Band Verification: Confirm that the 5G spectral emissions do not bleed into adjacent critical bands (e.g., GPS/Aeronautical).

Beamforming Security: MIMO Leakage: Verify that beamforming is optimized to minimize signal leakage outside the intended user's area (spatial security). Direction Finding Verification: Audit cell-level configurations to prevent unauthorized geolocation tracking.

Front-haul Security: Verify that the interface between the DU (Distributed Unit) and RU (Radio Unit) is authenticated and encrypted (eCPRI security).

DU/CU Isolation: Confirm that the Distributed Unit and Centralized Unit are logically separated if co-located.

TR-069 / NETCONF Management: Is the gNodeB's O&M plane protected by mutual certificate-based authentication?

Jamming Resilience: Test the radio link stability under simulated narrow-band jamming.

Unauthorized gNodeB Detection: Use SDR tools to verify that the target cell's broadcast parameters (SIB1/SIB2) are valid and signed.

Resource Exhaustion (PRACH Flood): Confirm the gNodeB has protection against PRACH (Physical Random Access Channel) signaling floods (DoS).