Archived
TD0102: Removing SIP Registration Requirement
Publication Date
2016.09.16
Protection Profiles
CPP_ND_SBC_EP_V1.0
Other References
CPP_ND_SBC_EP_V1.0, FIA_SIPS_EXT.1.2
Issue Description
The FIA_SIPS_EXT.1.2 has requirements that the TOE, which is an SBC, shall require password authentication for SIP register events. However, SBCs are generally a "pass-through" device, with the client authentication/register action being performed by the SIP server, not the SBC. Resolution
The SIP Registration requirement (FIA_SIPS_EXT.1.2) and associated Application Note within the SBC EP Version 1.1 has been removed, therefore this change is being reflected in the current SBC EP Version 1.0. Justification
Although some SBCs support registering directly to the SBC (registrar), it is determined this is not something a majority of SBC vendors continue to support. The original intent of this SFR was to ensure that if the SBC vendor supported this function, it would only register endpoints after it verified they used strong passwords for authentication. |