NIST White Paper on 5G Temporary Identity Reallocation for User Protection

NIST Publications

Published March 19th, 2026

Detected March 21st, 2026

Summary

NIST has published a white paper detailing how 5G networks reallocate temporary identities to protect subscriber privacy and security. The paper emphasizes that 5G standards explicitly require refreshing temporary IDs to prevent attackers from identifying and locating users, urging network operators to ensure their technologies comply with these standards.

View original document View source feed page

What changed

NIST has released a white paper, part of its 'Applying 5G Cybersecurity and Privacy Capabilities' series, focusing on the reallocation of temporary identities in 5G networks. The document, published on March 19, 2026, details how 5G's explicit requirements for refreshing temporary IDs (like GUTI) protect subscriber privacy by making it harder for attackers to identify and locate users, unlike previous cellular generations. It highlights the Subscription Concealed Identifier (SUCI) and Subscription Permanent Identifier (SUPI) in relation to this capability.

5G network operators are advised to be aware of this standards-defined security feature and ensure their technologies are implementing the required refreshing of temporary identities. While this is a guidance document and not a rule, adherence to these standards is crucial for maintaining user privacy and cybersecurity in 5G networks. No specific compliance deadlines or penalties are mentioned, as this is an informational publication.

What to do next

Review NIST Cybersecurity White Paper (CSWP) 36C regarding 5G temporary identity reallocation.
Ensure 5G network technologies are refreshing temporary identities as described in 5G standards.

Source document (simplified)

PUBLICATIONS

Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities

Published

March 19, 2026

Author(s)

Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Karen Kent, Parisa Grayeli, Sanjeev Sharma

Abstract

This white paper is part of a series called Applying 5G Cybersecurity and Privacy Capabilities, which covers 5G cybersecurity- and privacy-supporting capabilities that were implemented as part of the 5G Cybersecurity project at the National Cybersecurity Center of Excellence (NCCoE). This white paper provides additional details regarding how 5G protects subscriber identities (IDs). It focuses on how the network reallocates temporary IDs to protect users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G explicitly define when the temporary ID must be reallocated (refreshed). 5G network operators should be aware of how this standards-defined security capability protects their users and subscribers. Operators should ensure that their 5G technologies are refreshing temporary identities as described in the 5G standards. Citation NIST Cybersecurity White Papers (CSWP) - 36C Report Number 36C Pub Type NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.CSWP.36C Local Download

Keywords

3GPP, 5G, cybersecurity, privacy, reallocation of temporary identities (IDs), Subscription Concealed Identifier (SUCI), Subscription Permanent Identifier (SUPI), Globally Unique Temporary user equipment Identity (GUTI) Information technology, Cybersecurity and privacy and Advanced communications

Citation

Bartock, M.
, Cichonski, J.
, Souppaya, M.
, Kent, K.
, Grayeli, P.
and Sharma, S.

(2026),
Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.36C, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=961424       
  (Accessed March 20, 2026)