NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Cisco Jabber 12.6 for Android 8 and iOS 12

Certificate Date:  2019.09.16

Validation Report Number:  CCEVS-VR-VID11007-2019

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Extended Package for Voice and Video over IP (VVoIP) Version 1.0
  Protection Profile for Application Software Version 1.2

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is a software-only client application that executes on Android 8 or iOS 12 platforms.


Evaluated Configuration

The evaluated configuration is a single instance of Cisco Jabber operating in FIPS and CC mode.  Refer to the Cisco Jabber Common Criteria Configuration Guide for instructions on placing Cisco Jabber in FIPS and CC mode.

Cisco Unified Communications Manager (CUCM) is the ESC (also referred to as the SIP Server) which serves as the call control component for voice and video.  There are configuration settings the CUCM ‘pushes’ to the Cisco Jabber TOE, a form of management permitted in [VVoIP].

Cisco CUCM is required to be configured in the On-Premise deployment mode for softphones.  Refer to the Cisco Jabber Common Criteria Configuration Guide for specific information regarding configuring CUCM in the On-Premise deployment mode for softphones.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco Jabber 12.6 for Android 8 and iOS 12 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered configured as identified in the Cisco Jabber 12.6 for Android 8 and iOS 12 Common Criteria Configuration Guide, version 0.3, satisfies all the security functional requirements stated in the Cisco Jabber 12.6 for Android 8 and iOS 12 Security Target, version 1.3. The project underwent CCEVS Validator review. The evaluation was completed in August 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Communication

The Cisco Jabber TOE transmits voice media using a constant bitrate (CBR) vocoder.

Cryptographic Support

The Cisco Jabber TOE provides cryptography in support of SIP connections via Secure Real-Time Transport Protocol (SRTP) established using the Session Description Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP.  The TOE also protects communications between itself and the CUCM SIP Server by using a Transport Layer Security (TLS)-protected signaling channel.

The TOE incorporates a CiscoSSL cryptographic module library (v6.2) and the cryptographic algorithm implementation has been validated for CAVP conformance. See Table 17 in section 7 of the Security Target for certificate references.

User Data Protection

The TOE ensures that user data is not transmitted when a call is placed on hold, call placed on mute, or when the TOE is not registered with the SIP server.  Additionally, the TOE restricts access to hardware resources and network communications to only those required.

Identification and Authentication

The TOE performs X.509 certificate authentication of remote components the TOE interacts with for SDES/SRTP and TLS connections.  The Cisco Jabber TOE relies upon the TOE Platform to validate certificates.  

Security Management

The TOE provides the capability to manage the following functions:  1) Configuration of the termination period for idle calls; and 2) Specification of audio codec (vocoder).

Protection of the TSF

The TOE leverages services and APIs provided by the platform in order to support anti-exploitation features and installation of authorized software updates.

Trusted Channels

The TOE’s implementation of SDES-SRTP allows secure voice and video communication between itself and a remote VVoIP application and secure signaling communication between itself and a remote CUCM SIP Server using TLS. 

 

Excluded and Functionality Not Covered

The following functionality is excluded or not covered in the CC evaluation.

Functionality

Rationale

Non-FIPS 140-2 and CC mode of operation

This mode of operation includes non-FIPS allowed operations.

Jabber to Jabber calling.  Jabber to Jabber calling provides basic voice and video calling capabilities between different Cisco Jabber clients without registering to Cisco Unified Communications Manager.

This feature is not compliant to the [VVoIP] protection profile.

SRTP with NULL cipher

SRTP with the NULL cipher does not provide encryption. 

Cisco Instant Message and Presence Service

This feature is not covered in the CC evaluation

Cisco Webex® Meetings Server

This feature is not covered in the CC evaluation

Cisco Unity® Connection

This feature is not covered in the CC evaluation 

 


Vendor Information


Cisco Systems, Inc.
Marty Loy
(410) 309-4862
mloyjr@cisco.com

www.cisco.com
Site Map              Contact Us              Home