The Network Interpretations Team (NIT) has issued a technical interpretation regarding NDcPP and SIP Server with virtualization.

To align with the NIT interpretation #23, NIAP supports the interpretation written below.  For further information, please see the NIT interpretation at:

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI23.pdf.

vNDs are software implementations of network device functionality that run inside virtual machines. NDcPP v1 expressly excludes evaluation of vNDs, but our position is that vNDs can be evaluated against NDcPPv1 if the product meets all the requirements and assumptions of a physical ND as required in NDcPPv1.

This means:
-- The virtualization layer (or hypervisor or VMM) is considered part of the ND's software stack, and thus is part of the TOE. vNDs that can run on multiple VMMs must be tested on each claimed VMM unless the vendor can successfully argue equivalence.
-- The physical hardware is likewise included in the TOE (like in the example included above). vNDs must be tested for each claimed hardware platform unless the vendor can successfully argue equivalence.
-- There is only one vND instance for each physical hardware platform.
-- There are no other guest VMs on the physical platform providing non-network device functionality.

See issue description.