Archived U.S. Government Approved Protection Profile - Network Device Protection Profile (NDPP) Extended Package SIP Server Version 1.0
Short Name: pp_nd_sip_ep_v1.0
Technology Type: SIP Server
CC Version: 3.1
Succeeded By: pp_nd_sip_ep_v1.1
Sunset Date: 2014.11.06
Conformance Claim: NoneProtection Profile
The Voice over IP (VoIP) infrastructure for an enterprise can vary greatly, both in size and complexity. Many kinds of functionality are possible, often desirable, and sometimes necessary – including Session Border Controllers (SBC), gateways, trunking, Network Address Translation (NAT), and firewall traversal. The SIP Server interacts with a VoIP client and provides registrar and proxy capabilities required for call-session management as well as establishing, processing, and terminating VoIP calls. As a registered server, the SIP server accepts REGISTER requests and places the information received into the location service on the server. As a SIP proxy server, the server is a stateful server that manages transactions to route SIP requests and responses.
Note that this EP does not repeat the threats identified in the NDPP, though they all apply given the conformance and hence dependence of this EP on the NDPP. Note also that while the NDPP contains only threats to the ability of the TOE to provide its security functions, this EP addresses only business threats to resources in the operational environment. Together the threats of the NDPP and those defined in this EP define the comprehensive set of security threats addressed by a SIP Server TOE.
SECURITY EVALUATION SUMMARY