NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Cisco Jabber 11.7 for Android & iPhone/iPad

Certificate Date:  2017.03.14

Validation Report Number:  CCEVS-VR-VID10761-2017

Product Type:    VoIP

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for VOIP Applications Version 1.3

CC Testing Lab:  Acumen Security

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The TOE is a software solution that is installed on the following Common Criteria certified mobile platforms:

·         iPhone 6/6Plus, iPhone 5S, iPad Mini3, iPad Mini2, iPad Air 2, and iPad Air

·         Samsung Galaxy S7/S7 Edge, S6/S6 Edge, Galaxy Note 5, and Galaxy Tab S2

The underlying platform provides some of the security functionality required in the [VoIP PP], which is denoted with the phrase “TOE Platform” in this Security Target.  Refer to the Apple iOS 9 or Samsung Galaxy Security Target[1] for information regarding the evaluated configuration requirements of the mobile device platform.

The TOE also requires support of Cisco Unified Communications Manager (CUCM), release 11.0 or later as the SIP Server.  Cisco CUCM serves as the call-processing component for voice that includes IP telephony, mobility features and calls controls.  As such there are configuration settings that are pushed to Jabber that are required in the evaluated configuration.  These settings cannot be changed.  Refer to the Cisco Unified Communications Manager (CUCM) Security Target[2] for information regarding the evaluated configuration requirements of CUCM 11.0. 

The TOE is a VoIP client application and requires the following to run:

Android

·         Android v5 or 6

·         1.5 GHz dual-core CPU

·         480x800 or higher display 

Apple iOS

·         iOS version 9 and above

The network, on which the TOE platform resides, is considered part of the environment. The TOE guidance documentation that is considered to be part of the TOE can be found listed in the Cisco Jabber Common Criteria Configuration Guide document and are downloadable from the http://cisco.com web site.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Cisco Jabber for Android and iPhone/iPad was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the Cisco Jabber for Android and iPhone/iPad Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in March 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE is comprised of several security features. Each of the security features identified above consists of several security functionalities, as identified below.

·         Cryptographic Support

·         User Data Protection

·         Identification and Authentication

·         Security Management

·         Protection of the TSF

·         Trusted Channels

These features are described in more detail in the subsections below.  In addition, the TOE implements all RFCs of the [VoIP PP], as necessary to satisfy testing/assurance measures prescribed therein.

Cryptographic Support

The TOE provides cryptography in support of SIP connections via Security Real-Time Transport Protocol (SRTP) that has been established using the Session Description Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP.  The TOE also protects communications between itself and the CUCM SIP Server by using a Transport Layer Security (TLS)-protected signaling channel. 

Each algorithm implementation used by the TOE has been validated for CAVP conformance (see Table 14 in TSS for certificate references).   

The TOE Client Device Platform provides cryptography to support digital signature verification of X.509v3 certificates used to authenticate TLS and SDES/SRTP connections.

User Data Protection

The TOE ensures that voice data is not transmitted when a call is placed on hold, call placed on mute and when not connected.

Identification and authentication

The TOE performs authentication using passwords for SIP Register functions.  The passwords must be at least eight (8) characters and include the use of upper and lower case characters, numbers and special characters.

The TOE Client Device Platform provides validates certificates using Online Certificate Status Protocol (OCSP).  The certificates are used to support authentication for SDES/SRTP and TLS connections

Security Management

The TOE provides the capability to manage the following functions:

·         Identify SIP Servers used for communications;

·         Specify the credentials used for connections;

·         Define the password requirements for SIP authentications;

·         Cryptographic functionality; and

·         Update to the TOE. 

The TOE supports the administrative user to perform the above security relevant management functions.

The TOE Client Device Platform provides the capability to manage the following functions:

·         Configure cryptographic algorithms;

·         Load X5.09v3 certificates;

·         Configure certificate revocation check; and

·         Ability to update the TOE, and to verify the updates. 

The TOE Client Device Platform supports the administrative user to perform the above security relevant management functions

Protection of the TSF

The TOE protects against interference and tampering by untrusted subjects by implementing authentication and access controls to limit configuration the administrative user.

The TOE is able to verify any software updates prior to the software updates being installed on the TOE to avoid the installation of unauthorized software.

The TOE Client Device Platform protects against interference and tampering by untrusted subjects by implementing authentication and access controls to limit configuration to the administrative user.

Trusted path/Channels

The TOE allows secure communications between itself and a remote VoIP application using SDES-SRTP. 

The TOE allows secure communications between itself and a remote CUCM SIP Server using TLS.


Vendor Information

Logo
Cisco Systems, Inc.
Rick West
4103094862
4103094862
certteam@cisco.com

www.cisco.com
Site Map              Contact Us              Home