cisco jabber 11.8 for windows 10 common criteria ... · network protocols and cryptographic...
TRANSCRIPT
Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2017 Cisco Systems, Inc. All rights reserved.
Cisco Jabber 11.8 for Windows 10
Common Criteria Configuration Guide
Version 1.0
26 May 2017
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 2 of 21
Table of Contents
1 Introduction ............................................................................................................................. 8
Audience ......................................................................................................................... 8
Purpose ............................................................................................................................ 8
Document References ..................................................................................................... 8
TOE Overview ................................................................................................................ 9
Operational Environment .............................................................................................. 10
Required non-TOE Hardware and Software ............................................................. 10
Excluded Functionality ................................................................................................. 10
2 Preparative Procedures and Operational Guidance for IT Environment .............................. 11
Installation and Configuration of Cisco Unified Communications Manager (CUCM) 11
Phone Mode Deployment ............................................................................................. 11
Configure Softphone ................................................................................................. 12
Certificate Validation ................................................................................................ 12
3 TOE Installation .................................................................................................................... 13
OS Platform .................................................................................................................. 13
Supply FIPS Mode Argument ....................................................................................... 14
4 Secure Management .............................................................................................................. 14
Network Protocols and Cryptographic Settings ............................................................ 14
SIP Connections and Protocols ................................................................................. 14
Product Updates ............................................................................................................ 15
Jabber Features and Calls.............................................................................................. 17
Contacts..................................................................................................................... 17
Calls .......................................................................................................................... 18
5 Modes of Operation .............................................................................................................. 18
Phone Mode .................................................................................................................. 19
FIPS Mode .................................................................................................................... 19
Troubleshooting ............................................................................................................ 19
6 Security Measures for the Operational Environment............................................................ 20
7 Related Documentation ......................................................................................................... 20
Documentation Feedback.............................................................................................. 20
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 3 of 21
Obtaining Technical Assistance .................................................................................... 21
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 4 of 21
List of Tables
Table 1: Acronyms ......................................................................................................................... 5
Table 2: Terminology .................................................................................................................... 5
Table 3: Cisco Documentation....................................................................................................... 9
Table 4: Required Operational Environment Components .......................................................... 10
Table 5: Excluded Functionality .................................................................................................. 10
Table 6: Operational Environment Security Measures ................................................................ 20
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 5 of 21
List of Acronyms
The following acronyms and abbreviations may be used in this document:
Table 1: Acronyms
Acronyms /
Abbreviations
Definition
AES Advanced Encryption Standard
CC Common Criteria for Information Technology Security Evaluation
CEM Common Evaluation Methodology for Information Technology Security
CDP Certificate Distribution Point
CM Configuration Management
CRL Certificate Revocation List
DRBG Deterministic Random Bit Generator
EAL Evaluation Assurance Level
EC-DH Elliptic Curve-Diffie-Hellman
ECDSA Elliptic Curve Digital Signature Algorithm
ESP Encapsulating Security Payload
GCM Galois Counter Mode
HMAC Hash Message Authentication Code
IT Information Technology
NGE Next Generation Encryption
OCSP Online Certificate Status Protocol
OS Operating System
PP Protection Profile
PRF Pseudo-Random Functions
RFC Request For Comment
SDES Security Descriptions for Media Streams
SDP Session Description Protocol
SHS Secure Hash Standard
SIP Session Initiation Protocol
SRTP Security Real-Time Transport Protocol
ST Security Target
TCP Transport Control Protocol
TLS Transport Layer Security
TOE Target of Evaluation
TSC TSF Scope of Control
TSF TOE Security Function
TSP TOE Security Policy
UCM Unified Communications Manager
UDP User datagram protocol
VoIP Voice over IP
Terminology
Table 2: Terminology
Term Definition
Authorized
Administrator
Any user which has been assigned to a privilege level that is permitted to perform all
TSF-related functions.
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 6 of 21
Term Definition
CUCM Cisco Unified Communications Manager (CUCM) serves as the software-based call-
processing component of the Cisco Unified Communications family of products. The
CUCM extends enterprise telephony features and functions to packet telephony
network devices such as IP phones, media processing devices, voice-over-IP (VoIP)
gateways, and multimedia applications.
Security
Administrator
Synonymous with Authorized Administrator for the purposes of this evaluation.
SIP Server The SIP Server (the CUCM) interacts with a VoIP client (TOE) and provides registrar
and proxy capabilities required for call-session management as well as establishing,
processing, and terminating VoIP calls.
User Any entity (human user or external IT entity) outside the TOE that interacts with the
TOE.
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 7 of 21
DOCUMENT INTRODUCTION
Prepared By:
Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
This document provides supporting evidence for an evaluation of a specific Target of Evaluation
(TOE), the Cisco Jabber for Windows. This Operational User Guidance with Preparative
Procedures addresses the administration of the TOE software and hardware and describes how to
install, configure, and maintain the TOE in the Common Criteria evaluated configuration.
REVISION HISTORY
Rev Date Description
1.0 26-May 2017 Final Version
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 8 of 21
1 Introduction This Operational User Guidance with Preparative Procedures documents the administration of
the Cisco Jabber for Windows, the TOE, as it was certified under Common Criteria. The Cisco
Jabber for Windows may be referenced below as the Cisco Jabber for Windows, Jabber, or
simply TOE.
Audience
This document is written for administrators configuring the TOE, Cisco Jabber for Windows.
This document assumes that you are familiar with Cisco or equivalent call processing and unified
communications products. It is also assumed that you have a general understanding and
knowledge with the basic concepts and terminologies used in enterprise telephony features and
functions to packet telephony network devices such as IP phones, media processing devices,
voice-over-IP (VoIP) gateways, and multimedia applications, that you are a trusted individual,
and that you are trained to use the operating systems on which you are running in your network.
Purpose
This document is the Operational User Guidance with Preparative Procedures for the Common
Criteria evaluation. It was written to highlight the specific TOE configuration and administrator
functions and interfaces that are necessary to configure and maintain the TOE in the evaluated
configuration.
It is recommended that you review the Security Targets for the Common Criteria certified mobile
device platforms for evaluated configuration requirements and settings. It is also recommended
that you review the Common Criteria certified Cisco Unified Communications Manager
(CUCM) Security Target1 for its evaluated configuration requirements and settings as the SIP
Sever that performs secure call-control.
The evaluated configuration is the configuration of the TOE that satisfies the requirements as
defined in the Security Target (ST). This document covers all of the security functional
requirements specified in the ST and as summarized in Section 3 of this document. This
document does not mandate configuration settings for the features of the TOE that are outside
the evaluation scope, which should be set according to your organizational security policies.
This document is not meant to detail specific actions performed by the administrator but rather is
a road map for identifying the appropriate locations within Cisco documentation to get the
specific details for configuring and maintaining Cisco Jabber for Windows operations. It is
recommended that you read all instructions in this document and any references before
performing steps outlined and entering commands. Section 7 Related Documentation of this
document that provides information for obtaining assistance.
Document References
This section lists the Cisco Systems documentation that is also the Common Criteria
Configuration Item (CI) List. The documents used are shown below in Table 3. Throughout this
document, the guides will be referred to by the “#”, such as [1].
1 http://www.commoncriteriaportal.org/products/
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 9 of 21
Table 3: Cisco Documentation
# Title Link
[1] Planning Guide for Cisco Jabber
11.8
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_8
/cjab_b_planning-guide-jabber-118.html
[2] On-Premise Deployment for
Cisco Jabber 11.8
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_8
/cjab_b_on-premises-deployment-for-cisco-jabber.html
[3] Feature Configuration for Cisco
Jabber 11.8
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_8
/cjab_b_feature-configuration-cisco-jabber118.html
[4] Parameters Reference Guide for
Cisco Jabber 11.8
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_8
/cjab_b_parameters-reference-guide-jabber-118.html
[5] Release Notes for Cisco Jabber
for Windows 11.8
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Win
dows/11_8/RN/cjab_b_release-notes-for-cisco-jabber-windows-
118.html
[6] Quick Start Guide for Cisco
Jabber for Windows 11.8
https://help.webex.com/servlet/JiveServlet/downloadBody/13493-
102-1-48115/Cisco_Jabber_for_Windows-QSG_Release11-8.pdf
[7] Installation Guide for Cisco
Unified Communications
Manager
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/instal
l/11_5_1/cucm_b_installation-guide-cucm-imp-1151.html
[8] Administration Guide for Cisco
Unified Communications
Manager
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admi
n/11_5_1/CUCM_BK_A09578D7_00_admin-guide-cucm-
imp_1151.html
[9] Security Guide for Cisco Unified
Communications Manager
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/secur
ity/11_5_1/secugd/CUCM_BK_SEE2CFE1_00_cucm-security-
guide-1151.html
TOE Overview
The TOE is Cisco Jabber v11.8 for Windows 10 (herein after referred to as Cisco Jabber, VoIP
Client, or the TOE). Cisco Jabber is an application that provides a single, intuitive interface for
integration of collaborative communications including:
Presence - View real-time availability of co-workers and colleagues within the enterprise
network.
Instant messaging (IM) - Chat in real time using instant messaging to save time and
reduce phone tag.
Voice over Internet Protocol (VoIP), voice messaging, and video calling capabilities with
the ability to escalate calls into a Cisco WebEx meeting.
The focus of the CC evaluation is on the VoIP capabilities of Cisco Jabber. Therefore this
document provides guidance for placing the TOE into the evaluated configuration.
The TOE also requires support of Cisco Unified Communications Manager (CUCM), release
11.0 or later as the SIP Server. Cisco CUCM serves as the call-processing component for voice
that includes IP telephony, mobility features and calls controls. In addition, there are
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 10 of 21
configuration settings pushed to the Cisco Jabber TOE that are required in the evaluated
configuration. This form of management is permitted in [VoIP PP].
Operational Environment
Required non-TOE Hardware and Software
The TOE requires the following IT Environment Components when configured in its evaluated
configuration:
Table 4: Required Operational Environment Components
Component Usage/Purpose Description
Certificate Authority This includes any IT Environment Certification Authority
on the TOE network. This can be used to validate
certificates.
Microsoft Windows 10
Platform
The Microsoft Windows 10 Operating System provides an
execution platform for the TOE to run. The TOE operates
on any of the following versions of Windows 10:
1507
1511
16072
SIP Server The Cisco Unified Communications Manager (CUCM) is
the SIP Server that provides call-control and management.
Remote VoIP Application Peer VoIP Application that the TOE interacts with using
Security Real Time Transport Protocol (SRTP).
Excluded Functionality Table 5: Excluded Functionality
Excluded Functionality Exclusion Rationale
Non-FIPS 140-2 mode of operation on the
router.
This mode of operation includes non-FIPS allowed
operations.
Presence, instant messaging (IM), voice
messaging, and video functionality.
These functions are not covered in the CC evaluation.
SIP connection over TLS using NULL-
SHA encryption
Provides only integrity and authentication without
encryption.
These services will be disabled by configuration. The exclusion of this functionality does not
affect compliance to the Protection Profile for Voice Over IP (VoIP) Applications, version 1.3.
2 Version 1607 was released after the certification of Windows 10
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 11 of 21
2 Preparative Procedures and Operational Guidance for IT Environment
Installation and Configuration of Cisco Unified Communications Manager (CUCM)
The TOE requires Cisco Unified Communications Manager (CUCM), release 11.0 or later as the
SIP Server. Cisco CUCM serves as the call-processing component for voice that includes IP
telephony, mobility features and calls controls. Refer to the following documentation to install
and configure CUCM:
Installation Guide for Cisco Unified Communications Manager [7]
Administration Guide for Cisco Unified Communications Manager [8]
Security Guide for Cisco Unified Communications Manager [9]
Once CUCM is installed and configured, refer to the Planning Guide for Cisco Jabber [1] prior to
installing Jabber. The planning guide provides an overview of the features available in Jabber
for Windows, deployment scenarios, and the requirements for hardware, software, network, and
certificates.
There are configuration settings pushed to the Cisco Jabber TOE that are required in the
evaluated configuration. This form of management is permitted in [VoIP PP].
The Cisco CUCM is required to deploy Cisco Jabber in the following manner:
On-Premise: An on-premises deployment is one in which the Administrator set ups, manages,
and maintains all services on the organization’s network.
Phone Mode: In Phone Mode, the user's primary authentication is to Cisco Unified
Communications Manager. In Phone Mode, the user is provisioned with VoIP capabilities
without the functionality of presence or instant messaging (IM).
Refer to Configuration and Installation Workflows (Chapter 2), Phone Mode Deployment in [2].
Phone Mode Deployment
The Phone Mode Deployment is outlined in the following procedures:
1. Create Default Service Profile, Chapter 3 in [2]
2. Configure Voicemail, Chapter 6 in [2]
3. Configure CTI Service, Chapter 8 in [2]
4. Configure Users, Chapter 9 in [2]
5. Configure Softphone, Chapter 10 in [2]
6. Configure Service Discovery, Chapter 13 in [2]
7. Configure Certificate Validation, Chapter 14 in [2]
8. Configure the Clients, Chapter 15 in [2]
9. Deploy Cisco Jabber, Chapter 16 in [2]
Before you install and deploy Cisco Jabber, refer the procedures above. For each step within
Phone Mode deployment, the Administrator needs to ensure Jabber is deployed in a manner that
best suits the organization’s needs.
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 12 of 21
The following subsections describe specific configurations needed for the TOE evaluated
configuration:
Configure Softphone
Follow the "Create Softphones Workflow" in Chapter 10 of [2]. Under the Create and Configure
Cisco Jabber Devices section, you will need to create at least one device for every user that will
access Cisco Jabber. This entails the proper files have been installed, mobility has been enabled
for each user, SIP profiles have been configured, create Phone Security Profiles for secure phone
capabilities and that the Cisco Certificate Authority Proxy Function (CAPF) service parameters
value for Certificate Issuer to Endpoint is Cisco Certificate Authority Proxy Function, as this is
the only option supported by Cisco Jabber for Windows. Refer to Security Guide for Cisco
Unified Communications Manager, Release 11.0(1)3
Additionally, you will need to generate an authentication string to provide to end users.
Log in to the Cisco Unified CM Administration interface.
Select Device > Phone. Find and List Phones window opens.
Select Add New.
From the Phone Type drop-down list, select the Cisco Unified Client Services
Framework and then select Next.
From the Owner User ID drop-down list, ensure User is selected.
In the Device Name field, specify name using a maximum of characters: a–z, A–Z, 0–9.
From the Authentication Mode drop-down list, select By Authentication String
From the Key Size (Bits) drop-down list, select the same key size that you set in the
phone security profile.
Users must specify the authentication string in the client interface to access their devices
and securely register with Cisco Unified Communications Manager. When users enter
the authentication string in the client interface, the CAPF enrollment process begins.
Under the “Configure the Phone Security Profile” section, ensure the following:
For Device Security Mode, “Encrypted” is selected.
For Transport Type, the default value of “TLS” is selected.
For Authentication Mode, “By Authentication String” is selected.
For Key Size (Bits) ensure at least 2048-bit length is selected.
Certificate Validation
Cisco Jabber for Windows uses certificate validation to establish secure connections with CUCM
SIP Servers. When attempting to establish secure connections, CUCM SIP Servers present
Cisco Jabber for Windows with certificates. Certificates are required for each service to which
the Jabber clients connect. The following certificates are required for the on premises server
configurations to establish secure connection with the TOE:
3
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_0_1/secugd/CUCM_BK_C1A78C1D_00_
cucm-security-guide-1101.html
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 13 of 21
Server Certificate
CUCM HTTP (Tomcat) and Call Manager certificate (secure
SIP call signalling for secure phone)
Cisco Jabber for Windows uses the client platform to verify the certificate information and
validation.
To ensure that certificate validation occurs without users receiving a prompt to accept or decline
CA certificates, it’s recommended that you deploy certificates to the local certificate store of the
endpoint clients. Refer to Chapter 14 in [2] to Manually Deploy CA Certificates to Cisco Jabber
for Windows Clients.
In addition, to determine the revocation status of certificates issued by the organization’s
certificate authority, the Windows platform needs the appropriate network connectivity to the
OCSP responder.
3 TOE Installation This section provides instructions for securely accepting the TOE and any subsequent TOE
updates. “Updates” are a new version of the TOE.
Cisco Jabber for Windows is installed on the Common Criteria certified Microsoft Windows 10
32 bit and 64 bit (supported in desktop mode only). Before beginning refer to the Microsoft
Windows 10 Security Target4 certified on 2016-04-05 for information regarding the evaluated
configuration requirements of Windows 10.
Download the “Cisco Jabber for Windows Install.zip” file for version 11.8 from the Cisco
Software Center into a directory on the TOE platform.
For installation options select the “Use the Command Line” option to Install Cisco Jabber for
Windows as described in the Deploy Cisco Jabber Application (Chapter 16) of [2]. The client
device platform automatically verifies the digital signature of the TOE software to ensure it has
not been modified since distribution from Cisco Systems, Inc.
When using the Command Line option, installation arguments can be supplied.
The evaluated configuration requires Cisco Jabber for Windows to be installed in FIPS mode.
FIPS mode results in the client managing certificates more strictly. Users in FIPS mode may see
certificate errors in the client if a certificate for a service expires and users do not reenter their
credentials before they expire.
Installing Jabber in FIPS mode may be accomplished in one of two methods:
OS Platform
If the Windows 10 platform is operating in FIPS mode, then the TOE will automatically install in
FIPS mode.
4 http://www.commoncriteriaportal.org/products/
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 14 of 21
Supply FIPS Mode Argument
The TOE can also be placed into FIPS mode manually by supplying a FIPS_MODE=true
argument during installation:
msiexec.exe /i CiscoJabberSetup.msi FIPS_MODE=true
When the setup is completed, secure TLS connections between the TOE and the CUCM SIP
Server are established. For the secure SIP connections required for calls, the connection is
established when the user initiates a call.
4 Secure Management
Network Protocols and Cryptographic Settings
Cisco Jabber for Windows provides cryptography in support of SIP connections via Security
Real-Time Transport Protocol (SRTP) that has been established using the Session Description
Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP. The TOE
also protects communications between itself and the CUCM SIP Server by using a Transport
Layer Security (TLS)-protected signaling channel.
SIP Connections and Protocols
Users must specify the authentication string in the client interface to access their devices and
securely register with Cisco Unified Communications Manager. When users enter the
authentication string in the client interface, the Certificate Authority Proxy Function (CAPF)
enrollment process begins. The CAPF process will issues an X.509 certificate for use by the
TOE.
There is no direct admin or user interaction on the TOE to configure or set the SRTP channel.
The CUCM SIP Server administrator configures the required settings appropriately and then
each time a call is made the TOE automatically starts SRTP streams are negotiated. There is no
user or admin interaction per-SRTP-channel. The CUCM SIP Server administrator can also
configure the port ranges for the voice and video streams.
If network loss on the SRTP sessions occurs, the TOE automatically attempts to recover. If the
user remains dissatisfied with the result, they can end the call and redial. The communication is
initiated on the TOE by the user dialing a number.
The SIP connections between the TOE and the CUCM SIP Server are over TLS. The evaluated
configuration requires the CUCM SIP Server configured to Encrypted as the value for the Device
Security Mode field on the phone security profile, the SIP connection is over TLS using AES
128/SHA or AES 256/SHA-256 encryption. In the evaluated configuration the Device Security
Mode must be set to Encrypted.
The mutual TLS ensures that only Client Services Framework (CSF) devices (i.e. the TOE) with
the correct certificates can register to CUCM SIP Server. Likewise, CSF devices can register
only to CUCM SIP Server instances that provide the correct certificate.
In the evaluated configuration, secure phone capabilities are required. This is to ensure that
connections to the CUCM SIP Server are secure. The CUCM SIP Server pushes secure
configuration settings to the TOE that cannot be changed or modified in the evaluated
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 15 of 21
configuration. Refer to Security Guide for Cisco Unified Communications Manager, Release
11.0(1)5
In the evaluated configuration when the TOE is configured for secure connections with CUCM
SIP Server, the SIP connections are secured with TLS 1.0 (RFC 2246) or TLS 1.2 (RFC 5246)
with the following ciphersuites:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
TLS_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246
The evaluated configuration requires that Jabber operate in FIPS mode. Jabber manages
certificates more strictly when in FIPS mode. For example users may see certificate errors in the
client if a certificate for a service expires and users do not reenter their credentials before they
expire.
If certificate validation fails the following notification will be displayed and the user will not
have the option to accept the invalid cert.
Product Updates
To check the current version, on the TOE click on the menu button and select Help and then
select About Cisco Jabber.
5
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_0_1/secugd/CUCM_BK_C1A78C1D_00_
cucm-security-guide-1101.html
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 16 of 21
To check for updates, on the TOE click on the menu button and select Help and then select
Check for Updates.
When software updates are made available by Cisco, an administrator can obtain, verify the
integrity of, and install those updates. The updates are a new version of the TOE and can be
downloaded from Cisco.com.
Refer to the “Configure Automatic Updates for Windows” section of [2].
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 17 of 21
The client device platform automatically verifies the digital signature of the TOE software to
ensure it has not been modified from the originals distributed by Cisco Systems, Inc.
Jabber Features and Calls
The following diagram is an example for the Cisco Jabber for Windows ‘hub window’.
For more details and information related to the TOE features refer to [3], [5], and [6]. Note,
some options may not be available depending on the deployment options that were configured or
covered by this certification.
Contacts
Directory groups are maintained by Authorized Administrator of the Client Platform for your
enterprise. When a directory group to your Contacts list is added the list of people assigned to
that directory group are automatically added to the group in your contacts. You do not have to
maintain the list because it synchronizes automatically with the directory for your enterprise,
meaning that people are added and removed from the group in your Contacts whenever the
administrator adds or removes them from the enterprise directory. You can remove a directory
group from your contacts list at any time.
You can also add contacts that are external to the organization if the Authorized Administrator of
the Client Platform has enabled this feature.
Procedure:
Step 1 - Select File > New and select the type of contact that you want to add.
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 18 of 21
Step 2 - Enter the email address of your contact. For custom contacts without an IM
address, enter the contact details that you want to use.
Step 3 Select a contact group.
Step 4 Select Add.
Calls
Procedure:
Step 1 Access the phone number options for your contact.
For example, right-click on a contact in your contact list and choose Call, or from a chat window,
click on the phone numbers/address list drop-down list.
Step 2 Choose Jabber Call.
There are several features that suspend or stop voice media on a call; such as setting the call on
hold, transfer, or end call. In addition, entering/leaving a conference can also interrupt voice
data briefly.
When a call is placed on voice mute (silence), the connections is not ended or stopped, simply
voice data from the microphone is no longer being sent.
Using the Jabber call screen, selecting the ‘Mute’ icon will mute the voice audio. Selecting the
‘Mute’ icon again will unmute.
You can also place a call on ‘Hold’. By using the Jabber call screen, selecting the ‘More’ icon
and then selecting ‘Hold” will place the call on hold or resume the call.
You can also ‘Transfer’ a call to another person. Using the Jabber call screen, selecting ‘More’
icon, then selecting ‘Transfer’ , then enter the number you wish to transfer the call too, will
transfer the call.
End the call by selecting the ‘telephone icon’.
For all these functions, the implementation is via SIP and SDP messaging, and the SDP
messaging includes the necessary crypto options for secure connections. Any change of
participant results in re-keying (unless they are connected to a conference bridge and each
endpoint has a unique set of keys applied only to the call leg between it and the bridge).
5 Modes of Operation The Jabber has the following modes of operation:
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 19 of 21
Phone Mode
The TOE is required to operate In Phone Mode. In Phone Mode, the user's primary
authentication is to Cisco Unified Communications Manager. In Phone Mode, the user is
provisioned with VoIP capabilities without the functionality of presence or instant messaging
(IM). Refer to section 2.2 of this document for additional information.
FIPS Mode
FIPS mode results in the client managing certificates more strictly. For example users in FIPS
mode may see certificate errors in the client if a certificate for a service expires and users do not
reenter their credentials before they expire. Users also see a FIPS icon in their hub window to
indicate that self-tests during start-up passed and the client is running in FIPS mode:
If the self-tests failed the user would be presented with an error message:
Refer to [2] for more information on FIPS mode.
Troubleshooting
When there is an issue with a feature, for example, if a call is unexpectedly interrupted or
disconnected, you should examine the connection status. In the TOE ‘hub window’ click on the
menu button and select Help and then "Show Connection Status". For each server listed, verify
that the status displayed is connected. For more information refer to [7].
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 20 of 21
6 Security Measures for the Operational Environment
Proper operation of the TOE requires functionality from the environment. It is the responsibility
of the authorized administrator of the TOE to ensure that the Operational Environment provides
the necessary functions, and adheres to the environment security objectives listed below. The
environment security objective identifiers map to the environment security objectives as defined
in the Security Target.
Table 6: Operational Environment Security Measures
Environment Security
Objective
IT Environment Security Objective Definition
OE.AUTHORIZED_USER
The user of the TOE is non-hostile and follows all user guidance.
OE.OPER_ENV
The operational environment will provide a SIP infrastructure to establish a
VoIP connection; a PKI to provide certificates; and an execution domain to
support correct operation of the TOE.
OE.TRUSTED_ADMIN
TOE Administrators are trusted to follow and apply all administrator guidance
in a trusted manner.
7 Related Documentation For information on obtaining documentation, submitting a service request, and gathering
additional information, see the monthly What's New in Cisco Product Documentation, which
also lists all new and revised Cisco technical documentation at:
With CCO login:
http://www.cisco.com/en/US/partner/docs/general/whatsnew/whatsnew.html
Without CCO login: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication
(RSS) feed and set content to be delivered directly to your desktop using a reader application.
The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
You can access the most current Cisco documentation on the World Wide Web at the following
sites:
http://www.cisco.com
http://www-china.cisco.com
http://www-europe.cisco.com
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit
technical comments electronically. Click Feedback in the toolbar and select Documentation.
After you complete the form, click Submit to send it to Cisco.
Cisco Jabber 11.8 for Windows 10 Common Criteria Guidance
Page 21 of 21
You can e-mail your comments to [email protected].
To submit your comments by mail, for your convenience many documents contain a response
card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc., Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners
can obtain documentation, troubleshooting tips, and sample configurations from online tools. For
Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides
immediate, open access to Cisco information and resources at anytime, from anywhere in the
world. This highly integrated Internet application is a powerful, easy-to-use tool for doing
business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners
streamline business processes and improve productivity. Through Cisco.com, you can find
information about Cisco and our networking solutions, services, and programs. In addition, you
can resolve technical issues with online technical support, download and test software packages,
and order Cisco learning materials and merchandise. Valuable online skill assessment, training,
and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized
information and services. Registered users can order products, check on the status of an order,
access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
http://www.cisco.com