NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0665:  Corrections to MOD_ESC_v1.0 SFRs

Publication Date

Protection Profiles

Other References

Issue Description

MOD_ESC_v1.0 has formatting issues as well as minor wording changes needed to correspond to NDcPP within multiple SFRs.


PP-Module for Enterprise Session Controller v1.0 is modified as below, with the first 4 SFRs below being formatting changes only (i.e., adding bold, italics and brackets).  FPT_TUD_EXT.1.1/VVoIP includes an update to the selection from the ECD in the NDcPP.  FPT_TUD_EXT.1.3/VVoIP has removed one word (see strikethrough) to correspond with NDcPP.

FAU_GEN.1.2/CDR is modified as follows, with bullets italicized to indicate a completed assignment.

The TSF shall record within each CDR at least the following information: [

• calling party number (i.e. call originator)

• called party number (i.e. call receiver or terminating number)

• unique transaction sequence number

• call disposition (e.g. call connected, call terminated, call transferred)

• call type (e.g. voice only, voice and video, text)

• call start time

• call end time

• call duration

• unique identifier of the TOE

• call routing into TOE

• call routing out of TOE

• time zone

• call release cause, if applicable (i.e. reason for termination of call)

• fault condition(s), if applicable].


FAU_GEN.1.2/Log is modified as follows, with bold denoting refinement.

The TSF shall record within each system log record at least the following information:

a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure of the event); and

b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [event details described in System Log Events table].


FAU_STG.1.2/CDR is modified as follows with italics and brackets indicating selections.

The TSF shall be able to [prevent] unauthorized modifications to the stored call detail records.


FMT_SMF.1.1/ESC is modified as follows, with italics and brackets indicating completion of an assignment.

The TSF shall be capable of performing the following management functions: [

• Ability to display the real-time connection status of all VVoIP endpoints (hardware and software) and telecommunications devices;

• Ability to clear all TSF data stored on disk;

• [selection:

o Ability to configure the password policy;

o Ability to specify the set of audited events;

o Ability to configure the behavior of the TOE in response to a self-test failure;

o Ability to enable/disable voice and video recordings for any registered VVoIP endpoint;

o Ability to specify criteria for retention of voice and video recordings;

o No other capabilities]



FPT_TUD_EXT.1.1/VVoIP is modified as follows with an update to the VVoiP selection to align with the ECD in the NDcPP.

The TSF shall provide [Security Administrators] the ability to query the currently executing version of the registered VVoIP endpoint firmware/software and [the most recently installed version of the registered VVoIP endpoint firmware/software]. 


FPT_TUD_EXT.1.3/VVoIP is modified to align with NDcPP as follows, with strikethroughs denoting deletions:

The TSF shall provide means to authenticate firmware/software updates to the registered VVoIP endpoint using a [selection: X.509 certificate, digital signature mechanism, published hash] prior to installing those updates.



See issue description.

Site Map              Contact Us              Home