Compliant Product - Cisco Jabber 12.6 for Android 8 and iOS 12
Certificate Date: 2019.09.16CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11007-2019
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Extended Package for Voice and Video over IP (VVoIP) Version 1.0
Protection Profile for Application Software Version 1.2
CC Testing Lab: Acumen Security
The TOE is a software-only client application that executes on Android 8 or iOS 12 platforms.
The evaluated configuration is a single instance of Cisco Jabber operating in FIPS and CC mode. Refer to the Cisco Jabber Common Criteria Configuration Guide for instructions on placing Cisco Jabber in FIPS and CC mode.
Cisco Unified Communications Manager (CUCM) is the ESC (also referred to as the SIP Server) which serves as the call control component for voice and video. There are configuration settings the CUCM ‘pushes’ to the Cisco Jabber TOE, a form of management permitted in [VVoIP].
Cisco CUCM is required to be configured in the On-Premise deployment mode for softphones. Refer to the Cisco Jabber Common Criteria Configuration Guide for specific information regarding configuring CUCM in the On-Premise deployment mode for softphones.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco Jabber 12.6 for Android 8 and iOS 12 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered configured as identified in the Cisco Jabber 12.6 for Android 8 and iOS 12 Common Criteria Configuration Guide, version 0.3, satisfies all the security functional requirements stated in the Cisco Jabber 12.6 for Android 8 and iOS 12 Security Target, version 1.3. The project underwent CCEVS Validator review. The evaluation was completed in August 2019. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The Cisco Jabber TOE transmits voice media using a constant bitrate (CBR) vocoder.
The Cisco Jabber TOE provides cryptography in support of SIP connections via Secure Real-Time Transport Protocol (SRTP) established using the Session Description Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP. The TOE also protects communications between itself and the CUCM SIP Server by using a Transport Layer Security (TLS)-protected signaling channel.
The TOE incorporates a CiscoSSL cryptographic module library (v6.2) and the cryptographic algorithm implementation has been validated for CAVP conformance. See Table 17 in section 7 of the Security Target for certificate references.
The TOE ensures that user data is not transmitted when a call is placed on hold, call placed on mute, or when the TOE is not registered with the SIP server. Additionally, the TOE restricts access to hardware resources and network communications to only those required.
The TOE performs X.509 certificate authentication of remote components the TOE interacts with for SDES/SRTP and TLS connections. The Cisco Jabber TOE relies upon the TOE Platform to validate certificates.
The TOE provides the capability to manage the following functions: 1) Configuration of the termination period for idle calls; and 2) Specification of audio codec (vocoder).
The TOE’s implementation of SDES-SRTP allows secure voice and video communication between itself and a remote VVoIP application and secure signaling communication between itself and a remote CUCM SIP Server using TLS.
The following functionality is excluded or not covered in the CC evaluation.
Cisco Systems, Inc.