Asset Classification Matrix: Is there a detailed inventory of physical assets (Base Stations, Core Nodes)? Are logical assets (License Pools, Network Slices) classified by security impact?

Acceptable Use Policies (AUP): Do employees and vendors have signed AUPs for accessing O&M (Operations & Maintenance) networks?

Return of Assets: Audit the termination process for de-provisioning internal/vendor access to the HSS/UDM.

Management Plane Separation: Is the O&M network logically and/or physically separated from User Plane traffic? Audit the use of Jump Hosts/PAM (Privileged Access Management) for all core node access.

Network Device Hardening: Are all unused ports/services on NEs (Network Elements) disabled? Is there certificate-based authentication for BGP/OSPF peerings?

Incident Response Readiness: Does the organization have a telecom-specific Incident Response Plan (X.1051 Clause 13)? Audit the frequency of "Cyber Drills" for signaling-plane attacks (DDoS, Fraud).

Third-Party / Vendor Security: Are mandatory security requirements (NESAS/SCAS) included in all NE procurement contracts? Is there a "Clean Room" policy for remote vendor maintenance sessions?

ISO/IEC 27001 Alignment: Does the ISMS map to the telecommunication-specific controls in G.1051?

Log Retention & Audit: Are signaling and management logs retained for at least 6 months in a secure SIEM?