NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0102:  Removing SIP Registration Requirement

Publication Date

Protection Profiles

Other References

Issue Description

The FIA_SIPS_EXT.1.2 has requirements that the TOE, which is an SBC, shall require password authentication for SIP register events.  However, SBCs are generally a "pass-through" device, with the client authentication/register action being performed by the SIP server, not the SBC.


The SIP Registration requirement (FIA_SIPS_EXT.1.2) and associated Application Note within the SBC EP Version 1.1 has been removed, therefore this change is being reflected in the current SBC EP  Version 1.0.


Although some SBCs support registering directly to the SBC (registrar), it is determined this is not something a majority of SBC vendors continue to support. The original intent of this SFR was to ensure that if the SBC vendor supported this function, it would only register endpoints after it verified they used strong passwords for authentication.

Site Map              Contact Us              Home