Compliant Product - Cisco Jabber 14.0 for Windows 10
Certificate Date: 2022.09.09CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11251-2022
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for Voice and Video over IP (VVoIP) Version 1.0
Functional Package for TLS Version 1.1
Protection Profile for Application Software Version 1.3
CC Testing Lab: Acumen Security
The TOE is a software-only client application that executes on a Windows 10 platform.
The evaluated configuration is a single instance of Cisco Jabber operating in FIPS and CC mode. Refer to the Cisco Jabber 14.0 for Windows 10 Common Criteria Configuration Guide for instructions on placing Cisco Jabber in FIPS and CC mode.
CUCM, release 12.0 or later, is the ESC (also referred to as the SIP Server) that serves as the call control component for voice and video. There are configuration settings the CUCM ‘pushes’ to the Cisco Jabber TOE, a form of management permitted in [VVoIP].
CUCM is required to be configured in the On-Premises deployment mode for softphones. Refer to the Cisco Jabber 14.0 for Windows 10 Common Criteria Configuration Guide for specific information regarding configuring CUCM in the On-Premises deployment mode for softphones.
Cisco Jabber allows users of an organization to securely make, receive, and control phone calls through Cisco Unified Communications Manager (CUCM). Users have a variety of call-control options including mute, call transfer, call forwarding, and impromptu conferencing.
In the test environment, only one instance of Jabber is considered the TOE (outlined in red above). The TOE is limited by the Protection Profile regarding what TLS version and ciphers may be claimed. However, the TOE only exchanges SIP messaging with the ESC (CUCM), and there is nothing requiring other endpoints use TLS 1.2 exclusively, so for non-TOE endpoints, there is no limitation placed on the TLS version.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco Jabber 14.0 for Windows 10 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when delivered configured as identified in the Cisco Jabber 14.0 for Windows 10 Common Criteria Configuration Guide, version 0.4, August 17, 2022 [AGD], satisfies all of the security functional requirements stated in the Cisco Jabber 14.0 for Windows 10 Security Target v1.4, August 29, 2022. The project underwent CCEVS Validator review. The evaluation was completed in September 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE is comprised of several security features. Each of the security features consists of several security functionalities, as identified below.
· Cryptographic Support
· User Data Protection
· Identification and Authentication
· Security Management
· Protection of the TSF
· Trusted Channels
These features are described in more detail in the subsections below.
The Cisco Jabber TOE transmits voice media using a constant bitrate (CBR) vocoder.
The Cisco Jabber TOE provides cryptography in support of SIP connections via Security Real-Time Transport Protocol (SRTP) established using the Session Description Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP. The TOE also protects communications between itself and the CUCM SIP Server by using a Transport Layer Security (TLS)-protected signaling channel.
The TOE incorporates a CiscoSSL cryptographic module library (v7.2), and the algorithm implementation has been validated for CAVP conformance.
The TOE ensures that user data is not transmitted when a call is placed on hold, a call is placed on mute, or when the TOE is not registered with the SIP server. Additionally, the TOE restricts access to hardware resources and network communications to only those required.
The TOE performs X.509 certificate authentication of remote components the TOE interacts with for SDES/SRTP and TLS connections. The Cisco Jabber TOE relies upon the TOE Platform to validate certificates.
The TOE is capable of registering with an Enterprise Session Controller (ESC) and specifying the termination period for idle calls.
The TOE leverages services and APIs provided by the platform in order to support anti-exploitation features and installation of authorized software updates.
The TOE’s implementation of SDES-SRTP allows secure voice and video communication between itself and a remote VVoIP application and secure signaling communication between itself and a remote CUCM SIP Server using TLS.
The following functionality is not included in the CC evaluation:
Table 1. Excluded Functionality and Rationale
The functionality listed above is disabled in the TOE evaluated configuration (after following the guidance as specified in the Cisco Jabber 14.0 for Windows 10 Common Criteria Configuration Guide).
Cisco Systems, Inc.