Archived U.S. Government Approved Protection Profile - Extended Package for Session Border Controller Version 1.1
Short Name: ep_sbc_v1.1
Technology Type: Network Device
CC Version: 3.1
Transition End Date: 2017.03.28
Preceded By: cpp_nd_sbc_ep_v1.0
Succeeded By: mod_sbc_v1.0
Sunset Date: 2023.06.07
Conformance Claim: NoneProtection Profile
This Extended Package (EP) specifically addresses Session Border Controllers (SBCs) that provide firewalling, interoperability, and security functions for Voice/Video over IP (VVoIP) networks. The SBC also provides protected communication between trusted components of the network infrastructure.
The physical boundary of the SBC is defined by the operating system components storing or providing security functions and all software supplied by the vendor (including vendor modified components to the operating system). All of the security functionality is contained and executed within the physical boundary of the device.
While the functionality that the Target of Evaluation (TOE) is obligated to implement in response to the described threat environment is detailed in later sections, a brief description is provided here. A compliant TOE will provide security functionality that addresses threats to itself. It must also protect communications between itself and an IP PBX or another SBC by using a trusted channel. Some protocols required by this EP make use of certificates; therefore, the SBC must securely store certificates and private keys.
Since this EP builds on the Network Device collaborative Protection Profile (NDcPP), conformant TOEs are obligated to implement the functionality required in the NDcPP along with the additional functionality defined in this EP in response to the threat environment discussed later in this document.
Assigned to the following Validated Products
Archived Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).
Please forward any general questions to our Q&A tool.