NIAP: U.S. Government Approved Protection Profile - PP-Module for Session Border Controller (SBC) Version 1.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - PP-Module for Session Border Controller (SBC) Version 1.0

Short Name: mod_sbc_v1.0

Technology Type: Network Device

CC Version: 3.1

Date: 2022.12.07

Transition End Date: 2022.06.07

Preceded By: ep_sbc_v1.1

Conformance Claim: None

Protection Profile [PDF]

Supporting Docs [PDF]

Control Mapping [PDF]



This PP-Module specifically addresses Session Border Controllers (SBCs) that provide firewalling, interoperability, and security functions for Voice/Video over IP (VVoIP) networks. The SBC also provides protected communication between trusted components of the network infrastructure.

The physical boundary of the SBC is defined by the operating system components storing or providing security functions and all software supplied by the vendor (including vendor modified components to the operating system). All of the security functionality is contained and executed within the physical boundary of the device.

While the functionality that the Target of Evaluation (TOE) is obligated to implement in response to the described threat environment is detailed in later sections, a brief description is provided here. A compliant TOE will provide security functionality that addresses threats to itself. It must also protect communications between itself and an IP PBX or another SBC by using a trusted channel. Some protocols required by this PP-Module make use of certificates; therefore, the SBC must securely store certificates and private keys.

Since this PP-Module builds on the Network Device collaborative Protection Profile (NDcPP), conformant TOEs are obligated to implement the functionality required in the NDcPP along with the additional functionality defined in this PP-Module in response to the threat environment discussed later in this document.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Active Related Technical Decision

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home