NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: ep_vvoip_v1.0

Technology Type: VoIP

CC Version: 3.1

Date: 2016.09.28

Transition End Date: 2017.03.28

Preceded By: pp_voip_v1.3

Succeeded By: mod_vvoip_v1.0

Sunset Date: 2021.02.01

Conformance Claim: None

Protection Profile 

Control Mapping 

PP OVERVIEW

The Target of Evaluation that is defined by this Extended Package (EP) and either the Network Device collaborative Protection Profile (NDcPP) or the Software Application Protection Profile (App PP) is a dedicated device or software application that provides the exchange of voice and/or video communication across an Internet Protocol (IP) network. The endpoint is a client (TOE) that communicates with an Enterprise Session Controller (ESC) server. The VVoIP endpoint shall be able to secure file download from a file server to update VVoIP endpoint software and configuration, establish secure communication for call control with the ESC, and secure streaming media to other devices.

The combination of the NDcPP and this EP is a network device, either a dedicated appliance with a non-modifiable operating system, or a general-purpose server running an independent commercially-available operating system, that provides VVoIP endpoint functionality. Regardless of whether the TOE is a standalone appliance or a general-purpose device that is configured to function as a VVoIP endpoint, the TOE must be capable of satisfying all of the mandatory requirements of the NDcPP. The combination of the App PP and this EP is a software application running on a general purpose operating system that provides VVoIP endpoint capabilities in addition to all of the security functionality expected of a software application as mandated by the App PP.

Secure File Download is the exchange of packets between the client and the file server (may be the same server as the ESC). Call Control is the packets exchanged between the ESC and client (VVoIP endpoint) to establish, maintain, and tear down a telephony call. Streaming Media is the voice/video exchanged between the endpoints.

This EP describes the functional requirements and threats specific to the VVoIP endpoint. Any requirements to the VVoIP endpoint not specified in this EP need to follow the ND cPP or App PP. The most notable additions are requirements for the call control protocol (SIP, H.323/H225.0, H.245) and streaming media protocol (SRTP, RTP).

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Archived Related Technical Decisions

• 0488 – Selectable ciphers for FCS_COP.1(5)
• 0428 – FCS_SRTP_EXT.1 Test Activity
• 0406 – FDP_IFF.1.5 Tests 1 and 2
• 0376 – Audit record entry for FMT_SMF.1 in FAU_GEN.1.2/VOIP
• 0372 – Auditing in VVOIP
• 0368 – Audit Generation required in VVOIP
• 0367 – Trusted Updates
• 0279 – Ciphersuites for SRTP
• 0193 – Selection-Based FCS_COP.1 Added to VVoip EP to include AES-CTR Mode
• 0142 – FAU_STG_EXT.1 - Optional Requirement
• 0068 – Addition of SRTP Ciphersuites