NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_nd_sip_ep_v1.1

Technology Type: SIP Server

CC Version: 3.1

Date: 2014.11.06

Preceded By: pp_nd_sip_ep_v1.0

Succeeded By: pp_ndcpp_sip_ep_v2.0

Sunset Date: 2016.02.27

Conformance Claim: None

Protection Profile 

PP OVERVIEW

The Voice over IP (VoIP) infrastructure for an enterprise can vary greatly, both in size and complexity. Many kinds of functionality are possible, often desirable, and sometimes necessary – including Session Border Controllers (SBC), gateways, trunking, Network Address Translation (NAT), and firewall traversal. The SIP Server interacts with a VoIP client and provides registrar and proxy capabilities required for call-session management as well as establishing, processing, and terminating VoIP calls. As a registered server, the SIP server accepts REGISTER requests and places the information received into the location service on the server. As a SIP proxy server, the server is a stateful server that manages transactions to route SIP requests and responses.

Note that this EP does not repeat the threats identified in the NDPP, though they all apply given the conformance and hence dependence of this EP on the NDPP. Note also that while the NDPP contains only threats to the ability of the TOE to provide its security functions, this EP addresses only business threats to resources in the operational environment. Together the threats of the NDPP and those defined in this EP define the comprehensive set of security threats addressed by a SIP Server TOE.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions