NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
U.S. Government Approved Protection Profile - Extended Package for Enterprise Session Controller (ESC) Version 1.0
Transition End Date:
An Enterprise Session Controller (ESC) is a logical component of a physical hardware appliance that is responsible for establishing connectivity between Voice/Video over IP (VVoIP) endpoints. The ESC is an advanced version of a legacy IP-PBX system. As a specific type of network device, an ESC Target of Evaluation (TOE) will be evaluated against both the Network Device collaborative Protection Profile (NDcPP) and this Extended Package (EP). All functionality described by the SFRs are within the TOE boundary, as is the ability for the TOE Security Functionality (TSF) to establish secure remote connections with trusted entities in the Operational Environment.
The ESC’s purpose is to provide an interface between VVoIP networks in order to connect calls. The ESC depends on or communicates with a number of services that are located within the internal network such as voicemail, conferencing, NTP, DNS, and software updates that are downloaded from VVoIP endpoint manufacturers and stored on the ESC for distribution to the clients. Certain storage capabilities may be implemented exclusively within the TOE or within both the TOE and its operational environment (such as the TOE maintaining an internal audit log that is also written to an external audit server).
For connecting networks, the ESC relies on edge routing to handle lower-level communications between the networks and on a Session Border Controller (SBC) to filter out potentially malicious activity.
The ESC provides the following logical capabilities:
• Operations, Administration, and Management Application (OA&M) – responsible for providing a management interface to the ESC’s configuration.
• Call Processing – responsible for setting up and tearing down calls between VVoIP endpoints using one or more call control protocols.
• Call Detail Records – responsible for storage of call activity for auditing purposes.
• Voice/Video Media Conferencing, Controls, and Storage – responsible for establishing multi-way conference calls and storage of call recordings.
Different ESCs may implement these capabilities in different ways. This EP defines a minimum baseline of capabilities that all conformant ESCs must provide.
Assigned to the following Validated Products
Active Related Technical Decisions
Archived Related Technical Decisions