All modules
CMVP Validated Module · FIPS 140-3 Security Policy

SBC 5400 Session Border Controller

Certificate#5043StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRibbon Communications, Inc.
High review priority  ·  no TCB surface named  ·  last validated 12 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date7/21/2030
CaveatWhen installed, initialized and configured as specified in Section 11.1 of the Security Policy
VendorRibbon Communications, Inc.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for SBC 5400 Session Border Controller
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Upgrade<br/>firmware load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for SBC 5400 Session Border Controller
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Upgrade<br/>firmware load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Ribbon Communications, Inc. SBC 5400 Session Border Controller Firmware Version: 10.01.06 FIPS Security Level: 2 Document Version: 0.6 Prepared for: Prepared by: Ribbon Communications, Inc. Corsec Security, Inc.

4 Technology Park Drive 12600 Fair Lakes Circle, Suite 210

Westford, MA 01886 Fairfax, VA 22033 United States of America United States of America Phone: +1 855 467 6687 Phone: +1 703 267 6050 www.ribboncommunciations.com www.corsec.com

Page 2
Table of Contents
#SectionPage
Page 3

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware9
Table 3: Modes List and Description11
Table 4: Approved Algorithms13
Table 5: Vendor-Affirmed Algorithms13
Table 6: Security Function Implementations20
Table 7: Entropy Certificates21
Table 8: Entropy Sources21
Table 9: Ports and Interfaces26
Table 10: Authentication Methods27
Table 11: Roles29
Table 12: Approved Services38
Table 13: Mechanisms and Actions Required42
Table 14: Storage Areas46
Table 15: SSP Input-Output Methods46
Table 16: SSP Zeroization Methods47
Table 17: SSP Table 150
Table 18: SSP Table 252
Table 19: Pre-Operational Self-Tests54
Table 20: Conditional Self-Tests57
Table 21: Pre-Operational Periodic Information57
Table 22: Conditional Periodic Information58
Table 23: Error States59
Table 24. Acronyms and Abbreviations67
Figure 1 – SBC 5400 Session Border Controller6
Figure 2 – Typical Deployment of SBC 5400 in a Network8
Figure 3 – Front Bezel LEDs on Bezel24
Figure 4 – Front Panel LEDs Behind Bezel25
Figure 5 – Rear Panel Ports/Interfaces25
Figure 6 – Label Placement (Label 1)42
Figure 7 – Label Placement (Label 2)43
Figure 8 – Label Placement (Label 3)43
Figure 9 – Label Placement (Labels 4 and 5)43
Page 5
1.1 Overview
1.2 Security Levels

The SBC 5400 Session Border Controller is validated at the FIPS 140-3 section levels shown in the table below. Section Title Security Level

1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 3
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A

Overall Level 2 Table 1: Security Levels The module has an overall security level of 2. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 6
2.1 Description
2.1.1 Purpose and Use

Ribbon Communications, Inc. (hereafter referred to as Ribbon) is a leader in IP 1 networking with proven expertise in delivering secure, reliable and scalable next-generation infrastructure and subscriber solutions. The Ribbon line of Session Border Controllers (SBC 5400) help mid-sized and large enterprises take advantage of cost-saving SIP 2 trunking services by securing their network from IP-based attacks, unifying SIP-based communications and controlling traffic in the network. Ribbon’s SBC 5400 Session Border Controller (see Figure 1 below) is a high-performance air-cooled, 2U, IP encryption appliance that features a unique architecture design that differs from other session border controllers on the market today by aggregating all of the session border functionality

1 IP – Internet Protocol

SIP

3 VOIP – Voice Over Internet Protocol

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 7
5 QoS – Quality of Service
6 DoS – Denial of Service
7 DoS/DDoS – Denial-of-Service/Distributed Denial-of-Service

RTP

9 IPsec – Internet Protocol Security
10 TLS – Transport Layer Security
11 NAT – Network Address Translation
12 IKEv1 – Internet Key Exchange version 1
13 RTCP – RTP Control Protocol
14 SSH – Secure Shell
15 SFTP – SSH File Transport Protocol
16 SNMP – Simple Network Management Protocol
17 HTTPS – Hypertext Transfer Protocol Secure
18 UDP – User Datagram Protocol
19 TCP – Transmission Control Protocol

DNS

21 ENUM – E.164 Number Mapping

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 8

Home Users Application SBC 5400 Service Public Internet / ISP or Service Provider’s Optional Metropolitan Backhaul High-Availability/ Core Network Redundancy Application Enterprise SBC 5400 Service Figure 2

23 CDR – Call Detail Records

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 9
2.1.2 Module Type

The SBC 5400 Session Border Controller 10.01.06 is a Hardware module.

2.1.3 Module Embodiment

The SBC 5400 Session Border Controller has a MultiChipStand embodiment.

2.1.4 Module Characteristics

The module does not have any additional characteristics. .

2.1.5 Cryptographic Boundary

The module’s cryptographic boundary is defined by its hard enclosure (shown in Figure 1). The main hardware components contained within the enclosure include integrated circuits, processors, memories, SSD 24, flash, DSP cards, power supplies, and fans. The primary executing components are:

2.2 Tested and Vendor Affirmed Module Version and
2.2.1 Tested Module Identification – Hardware

The module was tested and found to be compliant with FIPS 140-3 requirements on the hardware versions listed in the table below. Model and/or Hardware Firmware Processors Features Part Version Version Number SBC 5400 5400 10.01.06 Intel Xeon CPU E5 v2 (Ivy Bridge EP) and Cavium OCTEON II CN6880 media processor N/A Table 2: Tested Module Identification

24 SSD – Solid-State Drive

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 10
2.2.2 Tested Module Identification – Software, Firmware, Hybrid

(Executable Code Sets) The module does not have any executable code sets. N/A for this module.

2.2.3 Tested Module Identification – Hybrid Disjoint Hardware

The module does not have hybrid disjoint hardware. N/A for this module.

2.2.4 Tested Operational Environments – Software, Firmware,

Hybrid This section is only applicable to software, firmware, and hybrid modules. N/A for this module.

2.2.5 Vendor-Affirmed Operational Environments – Software,

Firmware, Hybrid There are no vendor-affirmed operational environments claimed. N/A for this module.

2.3 Excluded Components

The module also includes components that are excluded from the requirements of this standard:

Page 11
2.4 Modes of Operation
2.4.1 Modes List and Description

When installed, configured, and operated according to this Security Policy, the module supports the Approved mode of operation only; non-Approved operations are not supported. Mode Description Type Status Indicator Name Approved When the module is installed, initialized, and operated as directed in the Security Policy Approved Global FIPS status section 11.1, the module supports an Approved mode of operation only. indicator Table 3: Modes List and Description

2.5 Algorithms
2.5.1 Approved Algorithms

The module employs cryptographic algorithm implementations from the following sources:

26 SRTP – Secure Real-Time Transport Protocol

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 12

Algorithm CAVP Cert Properties Reference AES-GCM A5068 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256 Counter DRBG A5066 Prediction Resistance - No, Yes SP 800-90A Mode - AES-128 Rev. 1 Derivation Function Enabled - No, Yes DSA KeyGen (FIPS186-4) A5066 L - 2048, 3072 FIPS 186-4 N - 224, 256 ECDSA KeyGen (FIPS186-4) A5066 Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- FIPS 186-4 224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates ECDSA KeyGen (FIPS186-5) A5066 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 Secret Generation Mode - testing candidates ECDSA KeyVer (FIPS186-4) A5066 Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- FIPS 186-4 409, K-571, P-224, P-256, P-384, P-521 ECDSA KeyVer (FIPS186-5) A5066 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 ECDSA SigGen (FIPS186-4) A5066 Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- FIPS 186-4 224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 ECDSA SigGen (FIPS186-5) A5066 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 ECDSA SigVer (FIPS186-4) A5066 Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- FIPS 186-4 409, K-571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2ECDSA SigVer (FIPS186-5) A5066 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 HMAC-SHA-1 A5066 Key Length - Key Length: 112-65528 Increment 8 FIPS 198-1 HMAC-SHA-1 A5068 Key Length - Key Length: 8-256 Increment 8 FIPS 198-1 HMAC-SHA2-224 A5066 Key Length - Key Length: 112-65528 Increment 8 FIPS 198-1 HMAC-SHA2-256 A5066 Key Length - Key Length: 112-65528 Increment 8 FIPS 198-1 HMAC-SHA2-384 A5066 Key Length - Key Length: 112-65528 Increment 8 FIPS 198-1 HMAC-SHA2-512 A5066 Key Length - Key Length: 112-65528 Increment 8 FIPS 198-1 KAS-ECC CDH-Component A5066 Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- SP 800-56A SP800-56Ar3 (CVL) 224, P-256, P-384, P-521 Rev. 3 KAS-ECC-SSC Sp800-56Ar3 A5066 Domain Parameter Generation Methods - P-224, P-256, P-384, P- SP 800-56A

521 Rev. 3

Scheme ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC Sp800-56Ar3 A5066 Domain Parameter Generation Methods - FB, FC SP 800-56A Scheme - Rev. 3 dhEphem KAS Role - initiator, responder KDF IKEv1 (CVL) A5067 Authentication Method - Digital Signature, Pre-shared Key, Public SP 800-135 Key Encryption Rev. 1 Preshared Key Length - Preshared Key Length: 64-512 Increment 8 Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 2048 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 KDF IKEv2 (CVL) A5067 Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret SP 800-135 Length: 224-4096 Increment 8 Rev. 1 Derived Keying Material Length - Derived Keying Material Length: 160-4096 Increment 8 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 13

Algorithm CAVP Cert Properties Reference KDF SRTP (CVL) A5068 AES Key Length - 128 SP 800-135 Rev. 1 KDF SSH (CVL) A5069 Cipher - AES-128 SP 800-135 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- Rev. 1 KDF TLS (CVL) A5070 TLS Version - v1.2 SP 800-135 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 Rev. 1 KTS-IFC A5066 Modulo - 2048, 3072, 4096 SP 800-56B Key Generation Methods - rsakpg1-basic Rev. 2 Scheme KTS-OAEP-basic KAS Role - initiator, responder Key Transport Method Key Length - 768 PBKDF A5066 Iteration Count - Iteration Count: 10-1000 Increment 1 SP 800-132 Password Length - Password Length: 8-128 Increment 1 RSA KeyGen (FIPS186-4) A5066 Key Generation Mode - B.3.3 FIPS 186-4 Modulo - 2048 Primality Tests - Table C.2 Private Key Format - Standard RSA KeyGen (FIPS186-5) A5066 Key Generation Mode - probable FIPS 186-5 Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard RSA SigGen (FIPS186-4) A5066 Signature Type - PKCS 1.5 FIPS 186-4 Modulo - 2048 RSA SigGen (FIPS186-5) A5066 Modulo - 2048 FIPS 186-5 Signature Type - pkcs1v1.5 RSA SigVer (FIPS186-4) A5066 Signature Type - PKCS 1.5 FIPS 186-4 Modulo - 1024, 2048 RSA SigVer (FIPS186-5) A5066 Modulo - 2048 FIPS 186-5 Signature Type - pkcs1v1.5 SHA-1 A5066 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA-1 A5068 Message Length - Message Length: 8-51200 Increment 8 FIPS 180-4 SHA2-224 A5066 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA2-256 A5066 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA2-384 A5066 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA2-512 A5066 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA3-256 A4087 Message Length - Message Length: 0-65536 Increment 8 FIPS 202 TLS v1.2 KDF RFC7627 (CVL) A5070 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135 Rev. 1 Table 4: Approved Algorithms

2.5.2 Vendor Affirmed Algorithms

The vendor affirms the following cryptographic security methods in the table below: Name Properties Implementation Reference CKG CKG:Symmetric Ribbon Cryptographic Library Per SP 800-133 Rev. 2, section 4. Table 5: Vendor-Affirmed Algorithms SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 14
2.5.3 Non-Approved, Allowed Algorithms

The table below lists the non-Approved algorithms implemented by the module that are allowed for use in the Approved mode of operation. N/A for this module.

2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed

The module does not offer any non-Approved algorithms allowed in the Approved mode of operation with no security claimed. N/A for this module.

2.5.5 Non-Approved, Not Allowed Algorithms

The module does not offer non-Approved algorithms not allowed in the Approved mode of operation. N/A for this module.

2.6 Security Function Implementations

The table below lists the security function implementations for this module. Name Type Description Properties Algorithms DRBG for Random DRBG DRBG for generating Counter DRBG: (A5066) Password Generation random passwords. SHA for Password SHA SHA2-512 for hashing SHA2-512: (A5066) Storage stored password values. RSA SigVer for DigSig-SigVer RSA digital signature SHA2-224: (A5066) Certificate Loading verification, used for SHA2-256: (A5066) certificate loading. SHA2-384: (A5066) SHA2-512: (A5066) RSA SigVer (FIPS186-5): (A5066) RSA SigVer (FIPS186-4): (A5066) RSA SigVer for DigSig-SigVer RSA 2048-bit digital SHA2-224: (A5066) Software/Firmware signature verification, SHA2-256: (A5066) Load Integrity used for integrity tests. SHA2-384: (A5066) SHA2-512: (A5066) RSA SigVer (FIPS186-5): (A5066) RSA SigVer (FIPS186-4): (A5066) SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 15

Name Type Description Properties Algorithms CKG for CDB Key CKG CKG for the Config Generation Database (CDB) Key, which is used for the encryption/decryption of RSA or ECDSA private keys and pre-shared secrets for RADIUS. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 16

Name Type Description Properties Algorithms IPsec IKE AsymKeyPair-KeyGen Key Agreement for IKE. AES-CBC: (A5066) AsymKeyPair-KeyVer Key exchange is AES-CTR: (A5066) BC-Auth performed using ECDH AES-GCM: (A5066) BC-UnAuth or DH. Public/private Counter DRBG: (A5066) DigSig-SigGen keys generation is DSA KeyGen (FIPS186DigSig-SigVer performed using RSA. 4): (A5066) DRBG HMAC-SHA-1: (A5066) KAS-135KDF HMAC-SHA2-224: KAS-Full (A5066) MAC HMAC-SHA2-256: (A5066) HMAC-SHA2-384: (A5066) HMAC-SHA2-512: (A5066) KAS-ECC CDHComponent SP80056Ar3: (A5066) KAS-ECC-SSC Sp80056Ar3: (A5066) KAS-FFC-SSC Sp80056Ar3: (A5066) KDF IKEv1: (A5067) KDF IKEv2: (A5067) SHA-1: (A5066) SHA2-224: (A5066) SHA2-256: (A5066) SHA2-384: (A5066) SHA2-512: (A5066) ECDSA KeyGen (FIPS186-5): (A5066) ECDSA KeyVer (FIPS1865): (A5066) RSA SigGen (FIPS186-5): (A5066) RSA KeyGen (FIPS1865): (A5066) RSA SigVer (FIPS186-5): (A5066) ECDSA KeyGen (FIPS186-4): (A5066) ECDSA KeyVer (FIPS1864): (A5066) ECDSA SigGen (FIPS1864): (A5066) ECDSA SigVer (FIPS1864): (A5066) RSA KeyGen (FIPS1864): (A5066) RSA SigGen (FIPS186-4): (A5066) RSA SigVer (FIPS186-4): (A5066) ECDSA SigGen (FIPS1865): (A5066) ECDSA SigVer (FIPS1865): (A5066) SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 17

Name Type Description Properties Algorithms SRTP AsymKeyPair-KeyGen Key Agreement for AES-CBC: (A5068) AsymKeyPair-KeyVer SRTP. Key exchange is Counter DRBG: (A5066) BC-Auth performed using ECDH DSA KeyGen (FIPS186BC-UnAuth or DH. Public/private 4): (A5066) DRBG keys generation is HMAC-SHA-1: (A5068) KAS-135KDF performed using ECDSA KAS-ECC-SSC Sp800KAS-Full or RSA. 56Ar3: (A5066) MAC KAS-FFC-SSC Sp80056Ar3: (A5066) KAS-ECC CDHComponent SP80056Ar3: (A5066) KDF SRTP: (A5068) SHA-1: (A5068) ECDSA KeyGen (FIPS186-5): (A5066) ECDSA KeyVer (FIPS1865): (A5066) ECDSA KeyGen (FIPS186-4): (A5066) ECDSA KeyVer (FIPS1864): (A5066) AES-GCM: (A5068) AES for SNMPv3 BC-UnAuth AES-CFB for SNMPv3 AES-CFB1: (A5066) packet AES-CFB8: (A5066) encryption/decryption. AES-CFB128: (A5066) HMAC for SNMPv3 MAC HMAC for SNMPv3 HMAC-SHA-1: (A5066) packet authentication. SHA-1: (A5066) SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 18

Name Type Description Properties Algorithms SSH AsymKeyPair-KeyGen Key Agreement for SSH. AES-CBC: (A5066) AsymKeyPair-KeyVer Key exchange is AES-CTR: (A5066) BC-Auth performed using ECDH AES-GCM: (A5066) BC-UnAuth or DH. Public/private Counter DRBG: (A5066) DigSig-SigGen keys generation is DSA KeyGen (FIPS186DigSig-SigVer performed using ECDSA 4): (A5066) DRBG or RSA. HMAC-SHA-1: (A5066) KAS-135KDF KAS-ECC CDHKAS-Full Component SP800MAC 56Ar3: (A5066) KAS-ECC-SSC Sp80056Ar3: (A5066) KAS-FFC-SSC Sp80056Ar3: (A5066) KDF SSH: (A5069) SHA-1: (A5066) ECDSA KeyGen (FIPS186-5): (A5066) ECDSA KeyVer (FIPS1865): (A5066) ECDSA SigGen (FIPS1865): (A5066) ECDSA SigVer (FIPS1865): (A5066) RSA KeyGen (FIPS1865): (A5066) RSA SigVer (FIPS186-5): (A5066) RSA SigGen (FIPS186-5): (A5066) ECDSA KeyGen (FIPS186-4): (A5066) ECDSA KeyVer (FIPS1864): (A5066) ECDSA SigGen (FIPS1864): (A5066) ECDSA SigVer (FIPS1864): (A5066) RSA KeyGen (FIPS1864): (A5066) RSA SigGen (FIPS186-4): (A5066) RSA SigVer (FIPS186-4): (A5066) SHA2-224: (A5066) SHA2-256: (A5066) SHA2-384: (A5066) SHA2-512: (A5066) SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 19

Name Type Description Properties Algorithms TLS v1.2 AsymKeyPair-KeyGen Key Agreement for TLS AES-CBC: (A5066) AsymKeyPair-KeyVer v1.2. Key exchange is AES-GCM: (A5066) BC-Auth performed using ECDH Counter DRBG: (A5066) BC-UnAuth or DH. Public/private DSA KeyGen (FIPS186DigSig-SigGen keys generation is 4): (A5066) DigSig-SigVer performed using ECDSA KAS-ECC CDHDRBG or RSA. Component SP800KAS-135KDF 56Ar3: (A5066) KAS-Full KAS-ECC-SSC Sp800KTS-Encap 56Ar3: (A5066) KTS-Wrap KAS-FFC-SSC Sp800MAC 56Ar3: (A5066) KDF TLS: (A5070) KTS-IFC: (A5066) SHA2-256: (A5066) SHA2-384: (A5066) TLS v1.2 KDF RFC7627: (A5070) ECDSA KeyGen (FIPS186-5): (A5066) ECDSA KeyVer (FIPS1865): (A5066) ECDSA SigGen (FIPS1865): (A5066) ECDSA SigVer (FIPS1865): (A5066) RSA KeyGen (FIPS1865): (A5066) RSA SigGen (FIPS186-5): (A5066) RSA SigVer (FIPS186-5): (A5066) ECDSA KeyGen (FIPS186-4): (A5066) ECDSA KeyVer (FIPS1864): (A5066) ECDSA SigGen (FIPS1864): (A5066) ECDSA SigVer (FIPS1864): (A5066) RSA KeyGen (FIPS1864): (A5066) RSA SigGen (FIPS186-4): (A5066) RSA SigVer (FIPS186-4): (A5066) DRBG (Random bits) DRBG Get random bits from Counter DRBG: (A5066) the DBRG. PBKDF PBKDF PBKDF for decrypting PBKDF: (A5066) certificates SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 20

Name Type Description Properties Algorithms ECDSA or RSA SigVer for DigSig-SigVer ECDSA or RSA signature ECDSA SigVer (FIPS186Public Key Certificate verification for public 4): (A5066) Authentication key certificate ECDSA SigVer (FIPS186authentication. 5): (A5066) RSA SigVer (FIPS186-4): (A5066) RSA SigVer (FIPS186-5): (A5066) SHA-1: (A5066) SHA2-224: (A5066) SHA2-256: (A5066) SHA2-384: (A5066) Counter DRBG: (A5066) Entropy Source ENT-Cond SHA3-256 entropy SHA3-256: (A4087) Conditioner source conditioner Table 6: Security Function Implementations

2.7 Algorithm Specific Information

The following is algorithm-specific information related to the module:

8.2.1 of NIST SP 800-38D. In compliance with RFC 7714, the 96-bit IV is formed by first

concatenating 16 bits of zeroes, the 32-bit Synchronization Source identifier, the 32-bit rollover counter, and the 16-octet sequence number. As described in scenario 3 of FIPS 140-3 IG C.H and, the (key, IV) collision probability does not exceed 2-32 for a given key distributed to one or more cryptographic modules. In the event that the module’s power is lost and then restored, the CO shall establish a new key for use with AES-GCM encryption/decryption.

27 IV – Initialization Vector

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 21

The function has an iteration count of 2048. This iteration count allows for user-acceptable key generation times while still doubling the recommended minimum count (1000). The length of the password/passphrase used in the PBKDF shall be at least 20 characters, and shall consist of lowercase, uppercase, and numeric characters. The upper bound for the probability of guessing the value is estimated to be 1/6220 = 10-36, which is less than 2-112. As specified in NIST SP 800-132, keys derived from passwords/passphrases may only be used in storage applications.

2.8 RNG and Entropy

The module uses its Approved DRBG to generate cryptographic keys and seeds used to generate cryptographic keys. The resulting symmetric key or generated seed is an unmodified output from the DRBG. The table below specifies the module’s entropy certificates. Cert Vendor Name Number E101 Ribbon Communications Table 7: Entropy Certificates The table below specifies the module’s entropy sources. Entropy Sample Conditioning Name Type Operational Environment per Size Component Sample Ribbon Entropy Non- Ribbon ConnexIP OS 10 running on Intel Xeon CPU E5 64 Full SHA3-256 Library Physical v2 (Ivy Bridge EP) entropy (A4087) Table 8: Entropy Sources SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 22
2.9 Key Generation

The following is a list of key generation methods that the module implements:

2.10 Key Establishment
2.10.1 Key Agreement Information

The following is a list of key agreement methods that the module implements:

2.10.2 Key Transport Information

Key transport information does not apply to the module.

2.11 Industry Protocols

The module employs the following industry protocols:

Page 23

The KDFs associated with these protocols shall only be used within the context of their respective protocols. No parts of these protocols, other than the Approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 24
3.1 Ports and Interfaces

FIPS 140-3 defines the following logical interfaces for cryptographic modules:

Page 25

Locator LED Alarm LED Fan Control LEDs Active LED Status LED Power LED Figure 4

Page 26

Logical Physical Port Data That Passes Interface(s) Fan Control LED (1 per fan) Status Fan module indicator: GREEN: fan module is working OFF: fan module is not Output working Management Ports Data Input Encrypted management traffic over TLS (GUI) and SSH (CLI) Data Output Control Input Status Output Management Port LED (2 per Status Management port status information port) Output Locator LED Status Module identifier information Output Media Ports 4 x 1 Gbps (2 Data Input Media port status information ports are 10 Gbps-capable) Data Output Media Port LEDs Status Media port link and activity status information Output High Availability Ports Data Input Redundancy synchronization traffic information (2x1Gbps) Data Output Control Input Status Output High Availability Port LEDs Control HA port link status and activity information Input Power LED Status Power supply status Output Front Status LED Status Module status indicator: GREEN: application is running AMBER: application startup Output has not completed, or the application has been shutdown OFF: application is not running Power Ports Power Input power Table 9: Ports and Interfaces Also identified in Figure 5 are the BMC Serial Port (an RS-232 serial port) and the Field Service Port (a 1 Gbps Ethernet port). These ports are used to connect with the BMC (serial for local connections, Ethernet for remote connections), and the CO must use these ports in order to perform the module’s initial setup and configuration as described in section 11.1.2. Beyond this, these external ports shall not be used while the module is operational. Use of these external ports is prohibited while the module is operating in its Approved mode. The module also includes a front-facing USB 28 port that allows for the connection of external devices for firmware image downloads. Use of this port for any purpose is prohibited while the module is operating in its Approved mode. Additionally, the module includes a back panel alarm port. This port is not operational and provides no facility for input or output. Figure 5 shows a populated SSD slot. The module stores SSPs in both plaintext and ciphertext form on the SSD. The CO shall ensure that the SSD is not removed from the SSD slot.

28 USB – Universal Serial Bus

SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 27

4. Roles, Services, and Authentication

4.1 Authentication Methods

Module operators are required to authenticate to the module for assumption of an authorized role. The module supports identity-based authentication. Role assumption is implicit, as module operator roles are assigned to their account. The module can support multiple operator sessions concurrently from multiple client devices. The maximum number of simultaneous sessions allowed per operator can be configured for any number from 1 to 5. Each session remains active (logged in) and secured until the operator logs out or is automatically logged out from inactivity. When the module is powered off, results of any previous authentication will be cleared. Module operators will need to re-authenticate in order to re-assume their respective roles. The table below lists the authentication methods and the strength of the authentication mechanisms. Method Strength Each Description Security Mechanism Strength per Minute Name Attempt Password For the first-time module access by the CO, Username/Password 1:16,889,161,502,720 6:16,889,161,502,720 the module ships with a factory-set default username ("admin") and password ("admin") for the EMA and the CLI. User accounts are assigned randomly generated passwords upon account activation. Following first-time login using default/assigned credentials, module operators are prompted to set new passwords. Public Key The module supports RSA and ECDSA digital ECDSA or RSA SigVer 1:5.19 x 10^33 1:96.92 × 10^23 Certificate certificate authentication of users during for Public Key Web GUI/HTTPS (TLS) access. Certificate Authentication Table 10: Authentication Methods The strength objectives of the authentication mechanisms are as follows:

Page 28
4.2 Roles

The module supports the following vendor-defined groups and capabilities:

Page 29

Security Event logs and management audit logs and cannot execute any commands stopping or starting these audit log services.

4.3 Approved Services

Descriptions of the services available are provided in the table below. The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 30

Name Description Indicator Inputs Outputs Security Functions SSP Access Manage SBC Installs the license to n/a Command Status None Crypto Officer license enable SBC features; output delete or update license; view current license status Configure the Define network n/a Command Command None Crypto Officer SBC system interfaces and and response, settings; set parameter status protocols; configure output authentication information; define policies and profiles Configure Configure IP network n/a Command Command None Crypto Officer routing policy parameters and and response, and control profiles for signaling, parameter status services media, call routing, output call services, zone, IP ACL rules, NTP and DNS servers Configure Select crypto suites n/a Command Command None Crypto Officer Crypto Suite for SRTP, SRTCP, and and response, Profile SIP communication parameter status output Configure Call Configure log file n/a Command Command None Crypto Officer Data Record behavior and response, (CDR) parameter status output Perform Back up the current n/a Command Command TLS v1.2 Crypto Officer backup and system configuration; and response, - SNMPv3 Privacy restore restore the system parameter status Key: R,W services configuration from a output - SNMPv3 backup file; import Authentication and export backup Key: R,W files Manage users Create, edit, and n/a Command Command DRBG for Random Crypto Officer delete users; define and response, Password Generation - User password: user accounts and parameter status SHA for Password R,W assign permissions. output Storage - DRBG Entropy DRBG (Random bits) Input String: G,E Entropy Source - DRBG Seed: G,E Conditioner - DRBG 'V' Value: G,E - DRBG 'Key' Value: G,E Manage user Terminate User n/a Command Command SSH Crypto Officer sessions sessions and response, TLS v1.2 - SSH Session Key: parameter status Z output - TLS Session Key: Z Change Modify existing login n/a Command Command SHA for Password Crypto Officer password passwords and response, Storage - Crypto Officer parameter status password: W output User - User password: W SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 31

Name Description Indicator Inputs Outputs Security Functions SSP Access Load certificate Load new certificates Global FIPS Command Command RSA SigVer for Crypto Officer status response, Certificate Loading - Certificate Load indicator status PBKDF Key: W output - TLS Private Key: W - TLS Public Key: W - CA Public Key: W Run script Run a script file (a Global FIPS Command Command None Crypto Officer text file containing a status response, list of CLI commands indicator status to execute in output sequence) Perform on- Perform self-tests on- n/a Command Command None Crypto Officer demand self- demand using response, tests CLI/EMA command status output Perform Monitor connections n/a Command Command None Crypto Officer network (e.g., ping) response, User diagnostics status output Show system Show the system n/a Command Command None Crypto Officer status status (including response, User Approved mode status status) output Show system Show operational n/a Command Command None Crypto Officer versioning status information response, User about module status components output (including hardware type and application version) View Event Log View event status n/a Command Command None Crypto Officer messages response, status output Zeroize keys Zeroize all SSPs (using Completion Command Command None Crypto Officer CLI/EMA command to indicator response, - Config Database zeroize) (message/log) status (CBD) Key: Z output User - Config Database (CBD) Key: Z Upgrade Load new firmware Global FIPS Command, Command RSA SigVer for Crypto Officer firmware and performs an status firmware response, Software/Firmware - Image Verify integrity test using an indicator image status Load Integrity Key: E RSA digital signature output Perform keying Generate CDB key Global FIPS Command Command CKG for CDB Key Crypto Officer of CDB Key status and response, Generation - Config Database indicator parameters status (CBD) Key: G output Reboot/Reset Reboot or reset the Global FIPS Command Command None Crypto Officer module status response, - Config Database indicator status (CBD) Key: Z output SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 32

Establish IPsec Establish an IPsec Global FIPS Command Command IPsec IKE Crypto Officer connection session using IKE status and response, - ECDH Private indicator parameters status Key: G,E output - ECDH Public Key: G,E - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,E - DH Peer Public Key: W,E - IKE RSA Private Key: G,E - IKE RSA Public Key: G,R - IKE Shared Secret: W,E - IKE SKEYID: G,E - IKE Pre-shared Secret: G,E - IKE Encryption Key: G,E - IKE Authentication Key: G,E - IPsec Shared Secret: G,E - IPsec Encryption Key: G,E - IPsec Authentication Key: G,E - AES GCM IV: G,E - IKE Key Derivation Key: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,E - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,E - DH Peer Public Key: W,E - IKE RSA Private Key: G,E - IKE RSA Public Key: G,R - IKE Shared Secret: W,E - IKE SKEYID: G,E - IKE Pre-shared SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 33

Name Description Indicator Inputs Outputs Security Functions SSP Access Secret: G,E - IKE Encryption Key: G,E - IKE Authentication Key: G,E - IKE Key Derivation Key: G,E - IPsec Shared Secret: G,E - IPsec Encryption Key: G,E - IPsec Authentication Key: G,E - AES GCM IV: G,E Establish SRTP Establish a SRTP Global FIPS Command Command SRTP Crypto Officer connection session using SIP/TLS status and response, - SRTP Master protocols indicator parameters status Key: W,E output - SRTP Authentication Key: G - SRTP Session Key: G - AES GCM IV: G,E User - SRTP Master Key: W,E - SRTP Authentication Key: G - SRTP Session Key: G - AES GCM IV: G,E Manage Manage keys, trap Global FIPS Command Status None Crypto Officer SNMPv3 targets, users, and status and output - SNMPv3 Privacy services traps for SNMPv3 indicator parameters Key: W - SNMPv3 Authentication Key: W User - SNMPv3 Privacy Key: W - SNMPv3 Authentication Key: W SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 34

Name Description Indicator Inputs Outputs Security Functions SSP Access Perform Perform SNMPv3 Global FIPS Command Status AES for SNMPv3 Crypto Officer SNMPv3 services status and output HMAC for SNMPv3 - SNMPv3 Privacy services indicator parameters Key: E - SNMPv3 Authentication Key: W User - SNMPv3 Privacy Key: E - SNMPv3 Authentication Key: W SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 35

Name Description Indicator Inputs Outputs Security Functions SSP Access Establish SSH Establish SSH Global FIPS Command Command SSH Crypto Officer connection connection status and response, - ECDH Private indicator parameters status Key: G,E output - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G - SSH Authentication Key: G - SSH Shared Secret: G,E - AES GCM IV: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G - SSH Authentication Key: G - SSH Shared Secret: G,E - AES GCM IV: G,E SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 36

Establish TLS Establish TLS Global FIPS Command Command TLS v1.2 Crypto Officer connection connection status and response, - ECDH Private indicator parameters status Key: G,E output - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - TLS Private Key: G,W,E - TLS Public Key: G,R,W - TLS Peer Public Key: W,E - TLS Session Key: G - TLS Authentication Key: G - TLS Pre-Master Secret: G,E - TLS Master Secret: G,E - AES GCM IV: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - TLS Private Key: G,W,E - TLS Public Key: G,R,W - TLS Peer Public Key: W,E - TLS Session Key: G - TLS Authentication Key: G - TLS Pre-Master Secret: G,E - TLS Master Secret: G,E - AES GCM IV: G,E SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 37

Perform SFTP Perform FTP Global FIPS Command Command SSH Crypto Officer functions functions over SSH status and response, - ECDH Private indicator parameters status Key: G,E output - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G - SSH Authentication Key: G - SSH Shared Secret: G,E - SFTP Private Key: G,E - SFTP Public Key: G,E - SFTP Peer Public Key: G,E - AES GCM IV: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G,E - SSH Authentication Key: G,E - SSH Shared Secret: G,E SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 38

Name Description Indicator Inputs Outputs Security Functions SSP Access - SFTP Private Key: G,E - SFTP Public Key: G,E - SFTP Peer Public Key: G,E - AES GCM IV: G,E Logout Logout of active n/a Command Command None Crypto Officer session response, User status output Perform Zeroize ephemeral n/a Command Command None Crypto Officer manual SSPs via power-cycle response, zeroization or reboot of host status device output Perform Perform pre- n/a Command Command None Crypto Officer manual on- operational self-tests response, demand self- on demand via status tests power-cycle or output reboot of host device Authenticate Authenticate to the n/a Command Command SHA for Password Crypto Officer via password module by password and response, Storage - Crypto Officer parameters status password: W output - RADIUS Shared Secret: W,E User - User password: W - RADIUS Shared Secret: W,E Authenticate Authenticate to the n/a Command Command ECDSA or RSA SigVer Unauthenticated via public key module by ECDSA or response, for Public Key certificate RSA signature service Certificate verification access. Authentication Table 12: Approved Services

4.4 Non-Approved Services

The module does not offer any non-Approved services. N/A for this module.

4.5 External Software/Firmware Loaded

The cryptographic module has the capability of loading firmware from an external source. Upon load, the module will verify the integrity of the load package with a 2048-bit RSA signature verification (the public key is loaded in write-protected flash at the factory). If the check fails, the new firmware is ignored and the current firmware remains loaded. If successful, the module will force an automatic reboot and will perform the required pre-operational integrity test using HMAC SHA digests. Per FIPS 140-3 IG 10.3.F, the integrity test inherently meets the firmware load test requirement when the load constitutes a full image replacement. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 39

Only validated firmware may be loaded to maintain the module’s validation. The new image shall include updated versioning information to represent the newly loaded image. Any firmware loaded into this module that is not shown on the module certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. Prior to any execution of the new image, module operators shall zeroize all persistent keys using one of the methods described in section 9.3. All ephemeral keys are zeroized on module reboot. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 40
5.1 Integrity Techniques

At module start-up, the integrity of all firmware components within the cryptographic boundary is checked automatically using an approved integrity technique implemented within the cryptographic module itself. The module employs a series of HMAC SHA2-256 digests to test each firmware component; unsuccessful verification of any of the digest values will cause the module to enter a critical error state.

5.2 Initiate on Demand

The CO can initiate the pre-operational integrity tests on demand by issuing a reset/reboot command over the module’s management interfaces. Also, the module can be made to perform pre-operational self-tests by rebooting or power-cycling the module manually. When using this method, the operator is not required to assume an authorized role. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 41
6.1 Operational Environment Type and Requirements

The SBC 5400 Session Border Controller is a hardware cryptographic module with a Limited operational environment and complaint with level 2 physical security requirements. Therefore, per section 7.5 of the CMVP Management Manual, requirements for this section are not applicable. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 42
7.1 Mechanisms and Actions Required

The SBC 5400 is a multi-chip standalone hardware cryptographic module. All SSPs are stored and protected within the module’s production-grade enclosure. All components within the module are production grade with standard passivation. The module’s chassis is opaque within the visible spectrum. The chassis’ front bezel and rear panel provide only a limited set of ventilation holes, obscuring visual access to the module’s internal components. Tamper-evident labels must be applied to the chassis to provide physical evidence of attempts to remove protected components. Inspection Mechanism Inspection Guidance Frequency Tamper-evident labels Every six (6) months Visual inspection of tamper-evident labels to ensure none are compromised Table 13: Mechanisms and Actions Required

7.2 User Placed Tamper Seals
7.2.1 Number

The module ships with six (6) vendor-branded serialized labels. For the module to operate in its Approved mode, the CO shall place five (5) of the labels on the appliance.

7.2.2 Placement

The figures Error! Reference source not found. provide the label placement locations. Figure 6

Page 43
3 2

Figure 7 – Label Placement (Label

  1. Figure 8 – Label Placement (Label
  2. Figure 9 – Label Placement (Labels 4 and
  3. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 44
7.2.3 Surface Preparation

Prior to affixing the labels, the front bezel must be attached, and the appliance surfaces must first be cleaned as follows:

7.2.4 Operator Responsible for Securing Unused Seals

The CO is responsible for:

7.2.5 Part Numbers

Additional labels can be requested directly from Ribbon (FIPS Physical Security Kit part no. 550-06508). To request additional labels, the CO can contact Ribbon Customer Service. The CO must be sure to include contact information and the shipping address, as well as the appliance serial number. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 45

8. Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in Annex F of ISO/IEC 19790:2012. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 46

9. Sensitive Security Parameters Management

9.1 Storage Areas

The table below lists sensitive security parameters (SSPs) storage areas for this module. Section 9.4 selects from the storage areas listed and specifies the appropriate parameter in the “Storage” column if applicable to a specific SSP. Storage Area Persistence Description Name Type Flash Memory Persistent storage of SSPs on flash memory Static RAM Dynamic storage of SSPs on RAM Dynamic Spinning Media Persistent storage of SSPs on spinning media Static SSD Persistent storage of SSPs on SSD Static CDB on SSD Persistent storage of SSPs in CDB on SSD Static Table 14: Storage Areas

9.2 SSP Input-Output Methods

The table below lists SSP input and output methods for this module. Section 9.4 selects from the input and output methods listed and specifies the appropriate parameter in the “Inputs/Outputs” column if applicable to a specific SSP. Format Distribution Entry Name From To SFI or Algorithm Type Type Type External to RAM via DER file External RAM Plaintext Manual Electronic format RAM to External via Encrypted RAM External Encrypted Automated Electronic TLS v1.2 Form External to RAM via Plaintext External RAM Plaintext Automated Electronic RSA SigVer for Certificate Certificate Loading RAM to External via Plaintext RAM External Plaintext Automated Electronic TLS v1.2 External to CDB on SSD via CLI External CDB on Encrypted Manual Electronic SSH (SSH) SSD External to CDB on SSD via EMA External CDB on Encrypted Manual Electronic TLS v1.2 (TLS) SSD RAM to External via Plaintext RAM External Plaintext Automated Electronic TLS v1.2 Certificate Backup to External via TLS CDB on External Encrypted Automated Electronic TLS v1.2 SSD Table 15: SSP Input-Output Methods SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 47
9.3 SSP Zeroization Methods

The table below lists SSP zeroization methods for this module. Section 9.4 selects from the zeroization methods listed and specifies the appropriate parameter in the “Zeroization” column if applicable to a specific SSP. Operator Zeroization Method Description Rationale Initiation Command via CLI or Zeroization upon command via CLI or Zeroize all SSPs (using CLI/EMA command to CLI or EMA EMA EMA zeroize) Reboot Zeroization upon rebooting the Reboot to zeroize RAM Reboot module Session Termination Upon Session Termination Upon Session Termination to zeroize session Terminate based SSPs session Table 16: SSP Zeroization Methods

9.4 SSPs

The module supports the keys and other SSPs listed in the tables below. Note that all SSP imports and exports are electronic and performed within the module’s TOEPP. Type - Generated Established Name Description Size - Strength Used By Category By By Config Database Encryption of RSA and 192 - 192 Symmetric DRBG CKG for CDB (CBD) Key ECDSA private keys and pre- Key - CSP (Random Key shared secrets for RADIUS in bits) Generation CDB CA Public Key Verification of Certificate 2048 - 112 bits Public Key - RSA SigVer for Authority signatures PSP Certificate Loading ECDH Private Input to ECDH shared secret Between 224 Private Key - IPsec IKE IPsec IKE Key computation and 512 bits - CSP SRTP SRTP Between 112 SSH SSH and 256 bits TLS v1.2 TLS v1.2 ECDH Public Key Used by peer for ECDH Between 224 Public Key - IPsec IKE IPsec IKE shared secret computation and 512 bits - PSP SRTP SRTP Between 112 SSH SSH and 256 bits TLS v1.2 TLS v1.2 ECDH Peer Input to ECDH shared secret Between 224 Public Key - IPsec IKE IPsec IKE Public Key computation and 512 bits - PSP SRTP SRTP Between 112 SSH SSH and 256 bits TLS v1.2 TLS v1.2 DH Private Key Input to DH shared secret 2048 or 3072 Private Key - IPsec IKE IPsec IKE computation bits - 112 or 128 CSP SRTP SRTP bits SSH SSH TLS v1.2 TLS v1.2 DH Public Key Used by peer for DH shared 2048 or 3072 Public Key - IPsec IKE IPsec IKE secret computation bits - 112 or 128 PSP SRTP SRTP bits SSH SSH TLS v1.2 TLS v1.2 DH Peer Public Input to DH shared secret 2048 or 3072 Public Key - IPsec IKE IPsec IKE Key computation bits - 112 or 128 PSP SRTP SRTP bits SSH SSH TLS v1.2 TLS v1.2 SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 48

Type - Generated Established Name Description Size - Strength Used By Category By By IKE RSA Private The key used in IKE 2048 - 112 bits Private Key - IPsec IKE IPsec IKE Key authentication CSP IKE RSA Public The key used in IKE 2048 - 112 bits Public Key - IPsec IKE IPsec IKE Key authentication PSP IKE Pre-shared Used in the computation of n/a - n/a Shared Secret IPsec IKE Secret the SKEYID during IKEv1 - CSP Phase 1 IKE SKEYID Used as input to IKEv1 KDF 112 minimum - Keying IPsec IKE IPsec IKE to derive IPsec Encryption 112 minimum material - CSP Key and IPsec Authentication Key IKE Shared Used as input to IKEv1 KDF n/a - n/a Shared Secret IPsec IKE IPsec IKE Secret to derive IPsec Encryption - CSP Key and IPsec Authentication Key IKE Encryption Used during IKE Phase 2 to 128, 192, 256 - Secret Key - IPsec IKE IPsec IKE Key encrypt and decrypt its Between 128 CSP messages and 256 bits IKE Used during IKE Phase 2 to 160 bits - 112 Symmetric IPsec IKE IPsec IKE Authentication authenticate its messages minimum Key - CSP Key IKE Key Used by IKE KDFs for 128, 192, 256 - Derivation IPsec IKE IPsec IKE Derivation Key derivation of IPsec Between 128 Key - CSP Encryption Key and IPsec and 256 bits Authentication Key IPsec Shared Used by IKE KDFs for n/a - n/a Shared Secret IPsec IKE IPsec IKE Secret derivation of IPsec - CSP Encryption Key and IPsec Authentication Key IPsec Encryption Used during IPsec for traffic 128, 192, 256 - Secret Key - IPsec IKE IPsec IKE Key protection Between 128 CSP and 256 bits IPsec Used during IPsec for 160 bits - 112 Secret Key - IPsec IKE IPsec IKE Authentication payload traffic verification minimum CSP Key SSH Private Key Authentication during SSH Between 112 Private Key - SSH SSH session negotiation and 256 bits - CSP Between 112 and 256 bits SSH Public Key Authentication by peer Between 112 Public Key - SSH SSH during SSH session and 256 bits - PSP negotiation Between 112 and 256 bits SSH Peer Public Authentication during SSH Between 112 Public Key - SSH Key session negotiation 1024-bit and 256 bits - PSP key is used for signature Between 112 verification only and 256 bits SSH Session Key Encryption and decryption 128 or 256 bits - Secret Key - SSH SSH of SSH session packets 128 or 256 bits CSP SSH Authentication of SSH 160 bits - 112 Secret Key - SSH SSH Authentication session packets minimum CSP Key TLS Private Key RSA/ECDSA certificate-based Between 112 Private Key - TLS v1.2 TLS v1.2 authentication during TLS and 256 bits - CSP key negotiation Between 112 and 256 bits SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 49

Type - Generated Established Name Description Size - Strength Used By Category By By TLS Public Key RSA/ECDSA certificate-based Between 112 Public Key - TLS v1.2 TLS v1.2 authentication during TLS and 256 bits - PSP key negotiation Between 112 and 256 bits TLS Peer Public RSA/ECDSA certificate-based Between 112 Public Key - TLS v1.2 TLS v1.2 Key authentication during TLS and 256 bits - PSP key negotiation Between 112 and 256 bits TLS Session Key Encryption and decryption 128 or 256 bits - Secret Key - TLS v1.2 TLS v1.2 of TLS session packets Between 128 or CSP

256 bits

TLS Authentication of TLS 160 bits Secret Key - TLS v1.2 TLS v1.2 Authentication session packets (minimum) - 112 CSP Key minimum SRTP Session Encryption or decryption of 128 or 256 bits - Secret Key - SRTP SRTP Key SRTP session packets Between 128 or CSP

256 bits

SRTP Authentication of SRTP 160 bits - 112 Secret Key - SRTP SRTP Authentication session packets minimum CSP Key SFTP Private Key Used for SFTP key 2048 - 112 bits Private Key - SSH SSH negotiation CSP SFTP Public Key Used for SFTP key 1024 or 2048 Public Key - SSH SSH negotiation bits - 112 bits PSP SFTP Peer Public Used for SFTP key 1024 or 2048 Public Key - SSH SSH Key negotiation bits - 80 or 112 PSP bits SNMPv3 Privacy Encrypting SNMPv3 packets 128 bits - 128 Secret Key Key bits CSP SNMPv3 SNMPv3 Authentication Key 160 bits Secret Key Authentication (minimum) - 112 CSP Key minimum Certificate Load Decrypting PKCS #12 128 or 256 bits - Secret Key - PBKDF RSA SigVer for Key certificate files when Between 128 or CSP Certificate imported from an external 256 bits Loading workstation SRTP Master Key Peer Authentication; Input n/a - n/a Secret Key to SRTP KDF for derivation CSP of the SRTP Session Key and SRTP Authentication Key SSH Shared Input to SSH KDF for n/a - n/a Shared Secret SSH SSH Secret derivation of the SSH - CSP Session Key and SSH Authentication Key TLS Pre-Master Input to TLS KDF for n/a - n/a Pre-Master DRBG TLS v1.2 TLS v1.2 Secret derivation of the TLS Master Secret - CSP (Random Secret bits) TLS Master Used by TLS KDF for n/a - n/a Master Secret TLS v1.2 TLS v1.2 Secret derivation of the TLS Session - CSP Key and TLS Authentication Key RADIUS Shared Peer authentication of n/a - n/a Shared Secret Secret RADIUS messages - CSP DRBG Entropy Establishment of seed for 128 - 128 Entropy Input DRBG Input String CTR_DRBG - CSP (Random bits) SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 50

Type - Generated Established Name Description Size - Strength Used By Category By By DRBG Seed Generation of random 256 - 256 Seed - CSP DRBG number (Random bits) DRBG 'V' Value State value for CTR_DRBG 128 - 128 Working state DRBG value - CSP (Random bits) DRBG 'Key' State value for CTR_DRBG 128 - 128 Working state Value value - CSP Crypto Officer Authenticating the Crypto n/a - n/a Password password Officer to the module CSP User password Authenticating the User to n/a - n/a Password the module CSP Image Verify Key Verifying the RSA signature 2048 bits - 112 Public Key - RSA SigVer for of the digest of a new image bits Neither Certificate load package Loading AES GCM IV Initialization vector for the 96 bits - 112 bits Initialization IPsec IKE IPsec IKE AES GCM key Vector - CSP SRTP SRTP SSH SSH TLS v1.2 TLS v1.2 Table 17: SSP Table 1 Related Name Input - Output Storage Storage Duration Zeroization SSPs Config Database SSD:Plaintext Command via CLI (CBD) Key or EMA CA Public Key External to RAM via DER RAM:Plaintext Until reboot Reboot file format ECDH Private Key RAM:Plaintext Session Reboot Session Termination ECDH Public Key RAM to External via RAM:Plaintext Session Reboot Plaintext Certificate Session Termination ECDH Peer Public Key External to RAM via RAM:Plaintext Session Reboot Plaintext Certificate Session Termination DH Private Key RAM:Plaintext Session Reboot Session Termination DH Public Key RAM to External via RAM:Plaintext Session Reboot Plaintext Session Termination DH Peer Public Key External to RAM via RAM:Plaintext Session Reboot Plaintext Certificate Session Termination IKE RSA Private Key SSD:Encrypted Until zeroized Command via CLI or EMA IKE RSA Public Key SSD:Encrypted Until zeroized Command via CLI or EMA IKE Pre-shared Secret External to CDB on SSD RAM:Plaintext Until reboot or session Reboot via CLI (SSH) termination Session External to CDB on SSD Termination via EMA (TLS) IKE SKEYID RAM:Plaintext Until reboot or session Reboot termination Session Termination SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 51

Related Name Input - Output Storage Storage Duration Zeroization SSPs IKE Shared Secret RAM:Plaintext Until reboot or session Reboot termination Session Termination IKE Encryption Key RAM:Plaintext Until reboot or session Reboot termination Session Termination IKE Authentication RAM:Plaintext Until reboot or session Reboot Key termination Session Termination IKE Key Derivation RAM:Plaintext Until reboot or session Reboot Key termination Session Termination IPsec Shared Secret RAM:Plaintext Until reboot or session Reboot termination Session Termination IPsec Encryption Key RAM:Plaintext Until reboot or session Reboot termination Session Termination IPsec Authentication RAM:Plaintext Until reboot or session Reboot Key termination Session Termination SSH Private Key SSD:Plaintext Command via CLI or EMA SSH Public Key SSD:Plaintext Command via CLI or EMA SSH Peer Public Key External to RAM via RAM:Plaintext Until reboot or session Reboot Plaintext Certificate termination Session Termination SSH Session Key RAM:Plaintext Until reboot or session Reboot termination Session Termination SSH Authentication RAM:Plaintext Until reboot or session Reboot Key termination Session Termination TLS Private Key External to RAM via DER SSD:Encrypted Command via CLI file format or EMA TLS Public Key External to RAM via SSD:Encrypted Command via CLI Plaintext Certificate or EMA TLS Peer Public Key External to RAM via RAM:Plaintext Until reboot or session Reboot Plaintext Certificate termination Session Termination TLS Session Key RAM:Plaintext Until reboot or session Reboot termination Session Termination TLS Authentication RAM:Plaintext Until reboot or session Reboot Key termination Session Termination SRTP Session Key RAM:Plaintext Until reboot or session Reboot termination Session Termination SRTP Authentication RAM:Plaintext Until reboot or session Reboot Key termination Session Termination SFTP Private Key SSD:Encrypted Command via CLI or EMA SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 52

Related Name Input - Output Storage Storage Duration Zeroization SSPs SFTP Public Key External to RAM via SSD:Plaintext Command via CLI Plaintext Certificate or EMA SFTP Peer Public Key External to RAM via RAM:Plaintext Until reboot or session Reboot Plaintext Certificate termination Session Termination SNMPv3 Privacy Key External to CDB on SSD SSD:Encrypted Command via CLI via CLI (SSH) or EMA External to CDB on SSD via EMA (TLS) Backup to External via TLS SNMPv3 External to CDB on SSD SSD:Encrypted Command via CLI Authentication Key via CLI (SSH) or EMA External to CDB on SSD via EMA (TLS) Backup to External via TLS Certificate Load Key RAM:Plaintext Until reboot Reboot SRTP Master Key RAM to External via RAM:Plaintext Until reboot or session Reboot Encrypted Form termination Session Termination SSH Shared Secret RAM:Plaintext Until reboot or session Reboot termination Session Termination TLS Pre-Master RAM:Plaintext Until reboot or session Reboot Secret termination Session Termination TLS Master Secret RAM:Plaintext Until reboot or session Reboot termination Session Termination RADIUS Shared External to CDB on SSD SSD:Encrypted Command via CLI Secret via CLI (SSH) or EMA External to CDB on SSD via EMA (TLS) DRBG Entropy Input RAM:Plaintext Until reboot Reboot String DRBG Seed RAM:Plaintext Until reboot Reboot DRBG 'V' Value RAM:Plaintext Until reboot Reboot DRBG 'Key' Value RAM:Plaintext Until reboot Reboot Crypto Officer External to CDB on SSD SSD:Encrypted Command via CLI password via CLI (SSH) or EMA External to CDB on SSD via EMA (TLS) User password External to CDB on SSD SSD:Encrypted Command via CLI via CLI (SSH) or EMA External to CDB on SSD via EMA (TLS) Image Verify Key RAM to External via Flash Command via CLI Encrypted Form Memory:Plaintext or EMA External to RAM via Spinning Plaintext Certificate Media:Plaintext AES GCM IV RAM:Plaintext Until reboot Reboot Table 18: SSP Table 2 SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 53
9.5 Transitions

The following list specifies applicable transition periods or timeframes where an algorithm or key length transitions from Approved to non-Approved:

Page 54

10. Self-Tests The module performs pre-operational self-tests and conditional self-tests. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions.

10.1 Pre-Operational Self-Tests

The module performs the following pre-operational self-tests: Algorithm or Test Test Properties Test Method Test Type Indicator Details HMAC-SHA2-256 (A5066) HMAC-SHA2-256 Firmware integrity test SW/FW Integrity log message Firmware Integrity Test Table 19: Pre-Operational Self-Tests

10.2 Conditional Self-Tests

The module performs the following conditional self-tests: Algorithm or Test Test Test Method Indicator Details Conditions Test Properties Type AES-GCM 256 bits KAT CAST Status can be Encrypt/Decrypt Performed (A5066) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. Counter - instantiate/generate/reseed CAST Status can be DRBG Performed DRBG KAT displayed on CLI during (A5066) terminal of module's initial Web GUI power-up Interface. sequence. DSA KeyGen 2048-bit KAT CAST Status can be Sign/Verify Performed (FIPS186-4) displayed on CLI during (A5066) terminal of module's initial Web GUI power-up Interface. sequence. ECDSA - P-224/K-233, KAT CAST Status can be Signature Performed SigGen SHA2-512 displayed on CLI Generation during (FIPS186-5) terminal of module's initial (A5066) Web GUI power-up Interface. sequence. ECDSA SigVer -P-224/K-233, KAT CAST Status can be Signature Performed (FIPS186-5) SHA2-512 displayed on CLI Verification during (A5066) terminal of module's initial Web GUI power-up Interface. sequence. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 55

Algorithm or Test Test Test Method Indicator Details Conditions Test Properties Type Entropy - Entropy "Stuck" Test CAST Status can be SP800-90B tests Performed "Stuck" Test displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. Entropy - Entropy Repetition Count CAST Status can be SP800-90B tests Performed Repetition Test displayed on CLI during Count Test terminal of module's initial Web GUI power-up Interface. sequence. Entropy - Entropy Adaptive Proportion CAST Status can be SP800-90B tests Performed Adaptive Test displayed on CLI during Proportion terminal of module's initial Test Web GUI power-up Interface. sequence. Entropy Lag - Entropy Lag Test CAST Status can be SP800-90B tests Performed Test displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. HMAC-SHA-1 SHA-1 KAT CAST Status can be Hashed Message Performed (A5066) displayed on CLI Authentication during terminal of module's initial Web GUI power-up Interface. sequence. HMAC-SHA2- SHA2-224 KAT CAST Status can be Hashed Message Performed

224 (A5066) displayed on CLI Authentication during

terminal of module's initial Web GUI power-up Interface. sequence. HMAC-SHA2- SHA2-256 KAT CAST Status can be Hashed Message Performed

256 (A5066) displayed on CLI Authentication during

terminal of module's initial Web GUI power-up Interface. sequence. HMAC-SHA2- SHA2-384 KAT CAST Status can be Hashed Message Performed

384 (A5066) displayed on CLI Authentication during

terminal of module's initial Web GUI power-up Interface. sequence. HMAC-SHA2- SHA2-512 KAT CAST Status can be Hashed Message Performed

512 (A5066) displayed on CLI Authentication during

terminal of module's initial Web GUI power-up Interface. sequence. KAS-FFC-SSC "Z" KAT CAST Status can be Primitive "Z" Performed Sp800-56Ar3 computation displayed on CLI Computation during (A5066) terminal of module's initial Web GUI power-up Interface. sequence. KAS-ECC-SSC "Z" KAT CAST Status can be Primitive 'Z' Performed Sp800-56Ar3 computation displayed on CLI Computation during (A5066) terminal of module's initial Web GUI power-up Interface. sequence. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 56

Algorithm or Test Test Test Method Indicator Details Conditions Test Properties Type RSA SigGen 2048-bit, KAT CAST Status can be Signature Performed (FIPS186-5) SHA2-256, displayed on CLI Generation during (A5066) PKCS #1 terminal of module's initial Web GUI power-up Interface. sequence. RSA SigVer 2048-bit, KAT CAST Status can be Signature Performed (FIPS186-4) SHA2-256, displayed on CLI Verification during (A5066) PKCS #1 terminal of module's initial Web GUI power-up Interface. sequence. SHA3-256 256 bits KAT CAST Status can be Hashed Message Performed (A4087) displayed on CLI Authentication during terminal of module's initial Web GUI power-up Interface. sequence KDF SRTP -128-bit STRP KDF KAT CAST Status can be STRP KDF Test Performed (A5068) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. HMAC-SHA-1 128 bits KAT CAST Status can be Hashed Message Performed (A5068) displayed on CLI Authentication during terminal of module's initial Web GUI power-up Interface. sequence. AES-CBC 128 bits KAT CAST Status can be AES CBC Encryption Performed (A5068) displayed on CLI / AES CBC during terminal of Decryption module's initial Web GUI power-up Interface. sequence. AES-GCM 256 bits KAT CAST Status can be Encrypt/Decrypt Performed (A5068) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. KDF IKEv1 - KAT CAST Status can be Key Derivation Performed (A5067) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. KDF SSH - KAT CAST Status can be Key Derivation Performed (A5069) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. KDF TLS - KAT CAST Status can be Key Derivation Performed (A5070) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. ECDSA P-256 PCT PCT Status can be Sign/Verify Performed KeyGen displayed on CLI during (FIPS186-5) terminal of module's initial (A5066) Web GUI power-up Interface. sequence. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 57

Algorithm or Test Test Test Method Indicator Details Conditions Test Properties Type RSA KeyGen 2048-bit, PCT PCT Status can be Sign/Verify and Performed (FIPS186-5) SHA2-256 displayed on CLI Encrypt/Decrypt during (A5066) terminal of module's initial Web GUI power-up Interface. sequence. DH Key - PCT PCT Status can be Key Generation Conditional Generation displayed on CLI before first terminal of use. Web GUI Interface. ECDH Key - PCT PCT Status can be Key Generation Conditional Generation displayed on CLI before first terminal of use. Web GUI Interface. RSA SigVer 2048-bit RSA KAT SW/FW "Package RSA signature Upon loading (FIPS186-5) signature Load Verification verification for firmware from (A5066) verification Failed" message firmware load an external upon soft error integrity source RSA KeyGen - KAT CAST Status can be Encrypt/Decrypt Performed (FIPS186-4) displayed on CLI during (A5066) terminal of module's initial Web GUI power-up Interface sequence. PBKDF KAT CAST Status can be Key Derivation Performed (A5066) displayed on CLI during terminal of module's initial Web GUI power-up Interface. sequence. Table 20: Conditional Self-Tests

10.3 Periodic Self-Test Information

The operator may perform pre-operational and conditional self-tests on demand by issuing a reset/reboot command over the management interfaces of the module; rebooting the module; or power-cycling the module. On-demand self-test information for pre-operational and conditional self-tests are shown in the tables below. Algorithm or Test Test Method Test Type Period Periodic Method HMAC-SHA2-256 Firmware integrity test SW/FW Integrity On Demand Manually (A5066) (Reboot/reload) Table 21: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-GCM (A5066) KAT CAST On Demand Manual Counter DRBG (A5066) instantiate/generate/reseed CAST On Demand Manual KAT DSA KeyGen (FIPS186- KAT CAST On Demand Manual

  1. (A5066) ECDSA SigGen KAT CAST On Demand Manual (FIPS186-5) (A5066) ECDSA SigVer (FIPS186- KAT CAST On Demand Manual
  2. (A5066) SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 58

Algorithm or Test Test Method Test Type Period Periodic Method Entropy "Stuck" Test Entropy "Stuck" Test CAST On Demand Manual Entropy Repetition Entropy Repetition Count CAST On Demand Manual Count Test Test Entropy Adaptive Entropy Adaptive CAST On Demand Manual Proportion Test Proportion Test Entropy Lag Test Entropy Lag Test CAST On Demand Manual HMAC-SHA-1 (A5066) KAT CAST On Demand Manual HMAC-SHA2-224 KAT CAST On Demand Manual (A5066) HMAC-SHA2-256 KAT CAST On Demand Manual (A5066) HMAC-SHA2-384 KAT CAST On Demand Manual (A5066) HMAC-SHA2-512 KAT CAST On Demand Manual (A5066) KAS-FFC-SSC Sp800- KAT CAST On Demand Manual 56Ar3 (A5066) KAS-ECC-SSC Sp800- KAT CAST On Demand Manual 56Ar3 (A5066) RSA SigGen (FIPS186-5) KAT CAST On Demand Manual (A5066) RSA SigVer (FIPS186-4) KAT CAST On Demand Manual (A5066) SHA3-256 (A4087) KAT CAST On Demand Manual KDF SRTP (A5068) STRP KDF KAT CAST On Demand Manual HMAC-SHA-1 (A5068) KAT CAST On Demand Manual AES-CBC (A5068) KAT CAST On Demand Manual AES-GCM (A5068) KAT CAST On Demand Manual KDF IKEv1 (A5067) KAT CAST On Demand Manual KDF SSH (A5069) KAT CAST On Demand Manual KDF TLS (A5070) KAT CAST On Demand Manual ECDSA KeyGen PCT PCT On Demand Manual (FIPS186-5) (A5066) RSA KeyGen (FIPS186- PCT PCT On Demand Manual

  1. (A5066) DH Key Generation PCT PCT On Demand Manual ECDH Key Generation PCT PCT On Demand Manual RSA SigVer (FIPS186-5) KAT SW/FW Load On Demand Manual (A5066) RSA KeyGen (FIPS186- KAT CAST On Demand Manual
  2. (A5066) PBKDF (A5066) KAT CAST On Demand Manual Table 22: Conditional Periodic Information
10.4 Error States

The table below describes the error states and status indicators of the module. Name Description Conditions Recovery Method Indicator Soft Upon failure of the conditional Failure of the conditional firmware Reject firmware log file entry / Error firmware load test load test load operation. console message SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 59

Name Description Conditions Recovery Method Indicator Critical Upon failure of any other pre- Failure of any other pre-operational Reboot or reload log file entry / Error operational self-test or conditional self-test or conditional self-test module console message self-test Table 23: Error States

10.5 Operator Initiation of Self-Tests

The operator may initiate self-tests on demand by issuing a reset/reboot command over the management interfaces of the module; rebooting the module; or power-cycling the module. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 60
11.1 Installation, Initialization, and Startup Procedures
11.1.1 Secure Installation

The SBC 5400 Session Border Controller is delivered in an uninitialized factory state. The CO shall be responsible for performing all initial setup activities, including configuring the platform and installing the SBC application firmware. For detailed guidance regarding these activities, please see the SBC Core 10.1.x Documentation webpage on Ribbon’s online Documentation and Support Portal and refer to the following document entries:

5400 Hardware”, which provides detailed guidance for installing rack mount kits, mounting the SBC chassis,

attaching the front bezel, connecting cables (for media, high availability, and power), and powering on the SBC. Once these steps have been completed, the Crypto Officer must then perform the FIPS-specific activities required to initialize the module into Approved mode.

11.1.2 Initialization

Prior to initializing the module for operation in the Approved mode, SNMPv3 must be reconfigured. All trap targets with securityLevel set for authPriv and authNoPriv must be disabled. The following steps using the CLI provide an example: % show oam snmp trapTarget EMS_-10.54.71.176 ipAddress 10.54.71.176; port 162; trapType v3; targetUsername emstrapuser; targetSecurityLevel authPriv; state enabled; % set oam snmp trapTarget EMS_-10.54.71.176 state disabled % commit To initialize the module for operation in the Approved mode, the CO may use the CLI or the EMA. The sections below describe these initialization methods. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 61
11.1.2.1 Initialization using CLI

When using the CLI, the CO shall complete the following procedure:

  1. Log in to the CLI using the default username “admin” and password “admin”.
  2. Switch to “configure private” mode using the following command: > configure private
  3. Execute the following commands: % set profiles security tlsProfile defaultTlsProfile v1_0 disabled v1_1 disabled v1_2 enabled % set profiles security EmaTlsProfile defaultEmaTlsProfile v1_0 disabled v1_1 disabled v1_2 enabled % set profiles security ikeProtectionProfile AesSha1IkeProfile algorithms dhGroup modp2048 % set oam snmp version v3only % set system admin <system_name> fips-140-3 mode enabled % commit NOTE: Once the “fips-140-3 mode” is set to ‘enabled’, it cannot be disabled through the configuration. A fresh software installation is required to set the operational mode back to ‘disabled’. Setting “fips-140-3 mode” to ‘enabled’ accomplishes the following: • regenerates all SSH keys. • regenerates encryption keys used by the system configuration database. • zeroizes all persistent CSPs from the system and causes the server to reboot after confirmation.
11.1.2.2 Initialization using EMA + CLI

The EMA does not include all of the commands necessary to enable/disable the Approved mode. The user must use the CLI to complete the procedure. When using the EMA and CLI, the CO shall complete the following procedure:

  1. Log in to the EMA using the default username “admin” and password “admin”.
  2. Navigate to All -> Profiles -> Security -> TLS Profile. The TLS Profile window is displayed, with the TLS Profile List pane.
  3. Select the radio button corresponding to the defaultTlsProfile. The Edit Selected TLS Profile pane is displayed.
  4. Set the fields V1_0 and V1_1 to “Disabled”. Set the field V1_2 to “Enabled”. Click Save to save the changes.
  5. Navigate to All -> Profiles -> Security -> EMA TLS Profile. The EMA TLS Profile window is displayed, with the EMA TLS Profile List pane.
  6. Select the radio button corresponding to the defaultEmaTlsProfile. The Edit Selected EMA TLS Profile pane is displayed.
  7. Set the fields V1_0 and V1_1 to “Disabled”. Set the field V1_2 to “Enabled”. Click Save to save the changes.
  8. Navigate to All -> OAM -> Snmp. The Snmp window is displayed, with the Edit Snmp pane.
  9. Set the Version field to “V3only”. Click Save to save the changes.
  10. Log in to the CLI and execute the following commands: % set system admin <system_name> fips-140-3 mode enabled % commit Setting “fips-140-3 mode” to ‘enabled’ accomplishes the following: SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 62
11.1.3 Startup

After completion and confirmation of the above steps, the system will reboot. After this reboot, and on all subsequent reboots, the module will be in its Approved mode. The following steps are required for module startup.

11.1.3.1 Restoring EMA in Platform Mode

To restore service to the EMA in Platform Mode after “fips-140-3 mode” is set to ‘enabled’, CA certificates and newly-generated SBC certificates must be imported using the CLI. • Import CA Certificates – Use the following procedure to import up to twenty CA certificates and associate them with the EmaTlsProfile named "defaultEmaTlsProfile." > configure private % set system security pki certificate intermediateCaCert fileName intCaCert.der state enabled type remote % set system security pki certificate rootCaCert fileName rootCaCert.der state enabled type remote % commit % set profiles security EmaTlsProfile defaultEmaTlsProfile ClientCaCert intermediateCaCert % set profiles security EmaTlsProfile defaultEmaTlsProfile ClientCaCert rootCaCert % commit • Import SBC Certificates – The SBC enables importing SBC server certificates generated with either of two different methods: those generated externally and those generated locally in the SBC. Use the following procedure to import an externally-generated SBC key and certificate in PKCS#12 format:

  1. Transfer the PKCS#12 formatted key/certificate file to the SBC and save it as opt/sonus/external/<filename>.p12.
  2. Install the certificate using the following steps (the following example uses a certificate named "sbxCert.p12" with a passPhrase "sonus"): > configure private % set system security pki certificate sbxCert fileName sbxCert.p12 passPhrase sonus state enabled type local % commit % set profiles security EmaTlsProfile defaultEmaTlsProfile serverCertName sbxCert % commit Use the following procedure to generate an SBC key and CSR locally in the SBC, and then import as a PEM externally-signed certificate: The CO shall ensure that only keys providing at least 112 bits of encryption strength are used for signing certificate requests.
  3. Generate a CSR: SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 63

> configure private % set system security pki certificate sbxCert type local-internal % commit % exit > request system security pki certificate sbxCert generateCSR keySize keySize2K csrSub "/C=US/ST=MA/L=Westford/O=Sonus Networks Inc./CN=www.sonusnet.com"

  1. Copy the CSR output from the request in step 1 and obtain a signed certificate in a PEM formatted file from the appropriate Certificate Authority.
  2. Transfer the certificate to the SBC and save it as /opt/sonus/external/<filename>.pem.
  3. Install the certificate using the following steps (the following example uses the certificate file name "sbxCert.pem"): > configure private % set system security pki certificate sbxCert fileName sbxCert.pem % commit % set profiles security EmaTlsProfile defaultEmaTlsProfile serverCertName sbxCert % commit
11.1.3.2 Reconfiguring SNMP Keys

After “fips-140-3 mode” is set to ‘enabled’, the SNMP Authentication Keys and SNMPv3 Privacy Keys must be reconfigured for all SNMPv3 users (this applies to all SNMPv3 users for authPriv/authNoPriv security level trap targets).

  1. Use the following CLI commands to reconfigure the keys: % set oam snmp users <username> authKey <colon separated hex string> % set oam snmp users <username> privKey <colon separated hex string> % commit
  2. Enable the authPriv/authNoPriv trap targets: % set oam snmp trapTarget <trap_target_name> state enabled % commit
11.2 Administrator Guidance

The Crypto Officer shall receive the module from Ribbon via trusted couriers (e.g., United Parcel Service, Federal Express, and Roadway). On receipt, the Crypto Officer must check the package for any irregular tears or openings. If any such damage exists, the CO shall indicate that on the shipping document of the carrier and contact Ribbon Communications, Inc. immediately for instructions. The CO shall retain the packing list, making sure all items on the list are present (including all the components of the universal rack mount kit that is shipped with the module). The Crypto Officer is responsible for initialization and security-relevant configuration and management of the module. Once installed, commissioned, and configured, the Crypto Officer is responsible for maintaining and monitoring the status of the module to ensure that it is running in its Approved mode. For additional details regarding the general management of the module, please refer to the appropriate entries on Ribbon’s SBC Core 10.1.x Documentation webpage. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 64
11.2.1 Status Information

Operational mode status of the module can be viewed by navigating to Administration -> Users and Application Management -> Fips-140-3 from the SBC main screen via the EMA and selecting the desired SBC system from the dropdown menu. When running in Approved mode, the radio button marked “Enabled” will be selected. The Crypto Officer shall monitor the module’s status regularly. If any irregular activity is noticed, or the module is consistently reporting errors, customers should contact Ribbon Customer Support.

11.2.2 Versioning Information

The module’s versioning information can be viewed by navigating to Monitoring -> Dashboard -> System Status from the SBC main screen via the EMA. The System Status window display will include the hardware type and SBC application version, which can be correlated with the module name and firmware version (respectively) on the module’s validation record.

11.2.3 Firmware Loading

Procedures for loading a new module image can be found under the appropriate entries on Ribbon’s Upgrading SBC Core Software webpage.

11.2.4 High Availability Configuration

When configuring the module for high availability, the active instance and the standby instance must be directly connected with no intervening systems for operation in the Approved mode. For connection details, refer to the instructions found under the online document entry “Setting Up Physical Connection Between High Availability Nodes”.

11.2.5 Additional Administrator Policies and Guidance

This section notes additional policies below that must be followed by the CO:

Page 65
11.3 Non-Administrator Guidance

With the exception of the User password, User role operators do not have the ability to configure sensitive information on the module. The User must be diligent to select strong passwords in adherence to the password complexity policies set by the CO from section 4.1 and must not reveal their password to anyone. Additionally, the User should be careful to protect any secret or private keys in their possession.

11.4 Design and Rules

By design, the module follows or enforces the following rules of operation:

Page 66

12. Mitigation of Other Attacks The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 2 requirements for this validation. Therefore, per ISO/IEC 19790:2012 section 7.12, requirements for this section are not applicable. SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 67

Appendix A. Acronyms and Abbreviations Table 24 provides definitions for the acronyms and abbreviations used in this document. Table 24. Acronyms and Abbreviations Term Definition AES Advanced Encryption Standard CBC Cipher Block Chaining CCCS Canadian Centre for Cyber Security CMVP Cryptographic Module Validation Program CO Cryptographic Officer CPU Central Processing Unit CSP Critical Security Parameter CTR Counter CVL Component Validation List DES Data Encryption Standard DH Diffie-Hellman DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC CDH Elliptic Curve Cryptography Cofactor Diffie-Hellman ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm EMI/EMC Electromagnetic Interference /Electromagnetic Compatibility FIPS Federal Information Processing Standard GCM Galois/Counter Mode GMAC Galois Message Authentication Code GPC General-Purpose Computer HMAC (keyed-) Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test KTS Key Transport Scheme KW Key Wrap KWP Key Wrap with Padding NIST National Institute of Standards and Technology OS Operating System PCT Pairwise Consistency Test SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 68

Term Definition PKCS Public Key Cryptography Standard PSS Probabilistic Signature Scheme RNG Random Number Generator RSA Rivest, Shamir, and Adleman SHA Secure Hash Algorithm SHS Secure Hash Standard SP Special Publication SBC 5400 Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 69

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com