All modules
CMVP Validated Module · FIPS 140-3 Security Policy

SBC SWe Session Border Controller

Certificate#5051StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRibbon Communications, Inc.
High review priority  ·  no TCB surface named  ·  last validated 11 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date8/4/2030
CaveatWhen installed, initialized and configured as specified in Section 11.1 of the Security Policy
VendorRibbon Communications, Inc.

Approved Algorithms (45)

AlgorithmACVP Cert
AES-CBCA5061
AES-CFB1A5061
AES-CFB128A5061
AES-CFB8A5061
AES-CTRA5061
AES-GCMA5061
Counter DRBGA5061
DSA KeyGen (FIPS186-4)A5061
ECDSA KeyGen (FIPS186-5)A5061
ECDSA KeyVer (FIPS186-5)A5061
ECDSA SigGen (FIPS186-5)A5061
ECDSA SigVer (FIPS186-5)A5061
HMAC-SHA-1A5061
HMAC-SHA2-224A5061
HMAC-SHA2-256A5061
HMAC-SHA2-384A5061
HMAC-SHA2-512A5061
KAS-ECC CDH-Component SP800-56Ar3 (CVL)A5061
KAS-ECC-SSC Sp800-56Ar3A5061
KAS-FFC-SSC Sp800-56Ar3A5061
KTS-IFCA5061
PBKDFA5061
RSA KeyGen (FIPS186-5)A5061
RSA SigGen (FIPS186-5)A5061
RSA SigVer (FIPS186-5)A5061
SHA-1A5061
SHA2-224A5061
SHA2-256A5061
SHA2-384A5061
SHA2-512A5061
AES-ECBA5063
KDF SRTP (CVL)A5063
ECDSA KeyGen (FIPS186-4)A5061
ECDSA KeyVer (FIPS186-4)A5061
ECDSA SigGen (FIPS186-4)A5061
ECDSA SigVer (FIPS186-4)A5061
RSA KeyGen (FIPS186- 4)A5061
RSA SigGen (FIPS186- 4)A5061
RSA SigVer (FIPS186- 4)A5061
TLS v1.2 KDF RFC7627 (CVL)A5065
KDF IKEv1 (CVL)A5062
KDF IKEv2 (CVL)A5062
KDF SSH (CVL)A5064
KDF TLS (CVL)A5065
SHA3-256A4087

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for SBC SWe Session Border Controller
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Manage SBC license<br/>Upgrade firmware<br/>Soft Error</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>AES for SNMPv3<br/>Manage SBC license<br/>Configure the SBC system</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for SBC SWe Session Border Controller
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Manage SBC license<br/>Upgrade firmware<br/>Soft Error</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>AES for SNMPv3<br/>Manage SBC license<br/>Configure the SBC system</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Ribbon Communications, Inc. SBC SWe Session Border Controller Version: 10.01.06 FIPS Security Level: 1 Document Version: 0.6 Prepared for: Prepared by: Ribbon Communications, Inc.

4 Technology Park Drive

Westford, MA 01886 United States of America Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 855 467 6687 www.ribboncommunications.com Phone: +1 703 267 6050 www.corsec.com

Page 2

July 8, 2025 Table of Contents 1. 1.1 1.2 2. 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 3. 3.1 4. 4.1 4.2 4.3 4.4 4.5 5. 5.1 5.2 6. 6.1 7. 8. 9. 9.1 9.2 9.3 9.4 9.5 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 3

10.3 10.4 10.5 July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 4

July 8, 2025 List of Tables List of Figures SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 5

SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc. July 8, 2025

Page 6
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication3
55Software/Firmware security1
66Operational environment1
77Physical securityN/A
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A
Overall LevelOverall Level1
1.1.1 References

This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

1.1.2 Document Organization

ISO/IEC 19790 Annex B uses the same section naming convention as ISO/IEC 19790 section 7 - Security requirements. For example, Annex B section B.2.1 is named “General” and B.2.2 is named “Cryptographic module specification,” which is the same as ISO/IEC 19790 section 7.1 and section 7.2, respectively. Therefore, the format of this Security Policy is presented in the same order as indicated in Annex B, starting with “General” and ending with “Mitigation of other attacks.” If sections are not applicable, they have been marked as such in this document. 1.2 Security Levels The SBC SWe Session Border Controller is validated at the FIPS 140-3 section levels shown in the table below. Table 1: Security Levels N/A N/A N/A SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 7

The module has an overall security level of 1. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc. July 8, 2025

Page 8

2. Cryptographic Module Specification 2.1 Description July 8, 2025

2.1.1 Purpose and Use

Ribbon Communications, Inc. (hereafter referred to as Ribbon) is a leader in IP 1 networking with proven expertise in delivering secure, reliable and scalable next-generation infrastructure and subscriber solutions. The Ribbon line of Session Border Controller (SBC) solutions help mid-sized and large enterprises take advantage of cost-saving SIP 2 trunking services by securing their network from IP-based attacks, unifying SIP-based communications and controlling traffic in the network. The Ribbon SBC SWe Session Border Controller (SBC SWe) is a software-based, cloud-optimized SBC architected to enable and secure real-time communications in the cloud. Starting at 25 sessions and scaling to tens of thousands per instance, the unique architecture of the SBC SWe allows customers to define where on the performance curve their network needs to reside. The SBC SWe uses a “microservices” architecture designed to separate signaling, media, and transcoding to optimize virtual network resources. It also supports on-demand auto-scaling, with a feedback loop using Key Performance Indicators and the Ribbon Virtual Network Function (VNF) Manager. The SBC SWe features the same code base, resiliency, media transcoding, and security technology found in Ribbon’s hardware-based SBC 5000 Series and SBC 7000 Session Border Controllers. However, as a software solution, customers can deploy the SBC SWe as a VNF on industry-standard servers in a data center environment using a hypervisor, as a VNF in an OpenStack cloud infrastructure, or as a VNF on public cloud or hosted services. Some of the network and security features provided by the SBC SWe are:

1 IP – Internet Protocol
2 SIP – Session Initiation Protocol
3 TLS – Transport Layer Security

IKEv1

5 RTCP – RTP Control Protocol

SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 9
6 SSH – Secure Shell
7 SFTP – SSH File Transport Protocol
8 SNMP – Simple Network Management Protocol
9 HTTPS – Hypertext Transfer Protocol Secure
10 UDP – User Datagram Protocol
11 TCP – Transmission Control Protocol
12 DNS – Domain Name System
13 ENUM – E.164 Number Mapping

SNMPv3

15 CDR – Call Detail Records

SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 10

July 8, 2025 To support TLS, the module employs the following certificate management techniques:

2.1.2 Module Type

The SBC SWe Session Border Controller 10.01.06 is a Software module.

2.1.3 Module Embodiment

The SBC SWe Session Border Controller has a MultiChipStand embodiment.

2.1.4 Module Characteristics

The module does not have any additional characteristics.

2.1.5 Cryptographic Boundary

As a software appliance, the module has no physical components. Since the module has no physical characteristics, it makes use of the physical interfaces of the server hosting the virtual environment upon which the module is installed. The hypervisor controls and directs all interactions between the module and the operator, and it is responsible for mapping the module’s virtual interfaces to the host server’s physical interfaces. The module’s cryptographic boundary consists of all functionalities contained within the module’s compiled source code. This comprises the following primary components:

Page 11

July 8, 2025 Figure 2 shows the logical block diagram of the module executing in memory and its interactions with surrounding software components, as well as the module’s physical perimeter and cryptographic boundary. Virtual Machine HMAC digests SBC SWe application Virtual Machine Virtual Machine Application Application Guest OS Guest OS SonusDB ConnexIP OS KEY: Cryptographic Boundary Physical Perimeter Data Input Data Output Control Input Status Output System Calls Hypervisor Server Hardware Figure 2. Module Block Diagram (with Cryptographic Boundary)

2.1.6 Tested Operational Environment’s Physical Perimeter

(TOEPP) The physical perimeter of the cryptographic module is defined by the hard enclosure around the GPC on which it runs. Figure 3 is a diagram illustrating the hardware components of a GPC (the dashed line surrounding the hardware components represents the module’s physical perimeter and identifies the hardware with which the processors interface. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 12

Hardware Management July 8, 2025 RAM DVD Network Interface HDD Clock Generator SCSI/SATA Controller LEDs/LCD North Bridge Serial CPU(s) Audio Cache Power Interface PCI/PCIe Slots Graphics Controller South Bridge USB PCI/PCIe Slots BIOS External Power Supply Plaintext data Encrypted data Control input Status output Physical Perimeter BIOS

2.2.1 Tested Module Identification – Hardware

This section is only applicable for hardware modules. N/A for this module.

2.2.2 Tested Module Identification – Software, Firmware, Hybrid

(Executable Code Sets) The module has the following executable code sets shown in the table below. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 13
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackage
SBC SWe Session Border Controller10.01.06YesSBC SWe Session Border Controller
Ribbon ConnexIP OS 10Ribbon ConnexIP OS 10HPE ProLiant DL380 Gen910.01.06Intel Xeon CPU E5 v3 (Haswell)YesVMWare ESXi 6.5
Ribbon ConnexIP OS 10Ribbon ConnexIP OS 10HPE ProLiant DL380 Gen910.01.06Intel Xeon CPU E5 v3 (Haswell)NoVMWare ESXi 6.5
OpenStackOpenStack
Amazon Web ServicesAmazon Web Services
Google Cloud PlatformGoogle Cloud Platform
Microsoft AzureMicrosoft Azure
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackage
SBC SWe Session Border Controller10.01.06YesSBC SWe Session Border Controller
Ribbon ConnexIP OS 10Ribbon ConnexIP OS 10HPE ProLiant DL380 Gen910.01.06Intel Xeon CPU E5 v3 (Haswell)YesVMWare ESXi 6.5
Ribbon ConnexIP OS 10Ribbon ConnexIP OS 10HPE ProLiant DL380 Gen910.01.06Intel Xeon CPU E5 v3 (Haswell)NoVMWare ESXi 6.5
OpenStackOpenStack
Amazon Web ServicesAmazon Web Services
Google Cloud PlatformGoogle Cloud Platform
Microsoft AzureMicrosoft Azure
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackage
SBC SWe Session Border Controller10.01.06YesSBC SWe Session Border Controller
Ribbon ConnexIP OS 10Ribbon ConnexIP OS 10HPE ProLiant DL380 Gen910.01.06Intel Xeon CPU E5 v3 (Haswell)YesVMWare ESXi 6.5
Ribbon ConnexIP OS 10Ribbon ConnexIP OS 10HPE ProLiant DL380 Gen910.01.06Intel Xeon CPU E5 v3 (Haswell)NoVMWare ESXi 6.5
OpenStackOpenStack
Amazon Web ServicesAmazon Web Services
Google Cloud PlatformGoogle Cloud Platform
Microsoft AzureMicrosoft Azure

July 8, 2025 Table 2: Tested Module Identification

2.2.3 Tested Module Identification – Hybrid Disjoint Hardware

The module does not have hybrid disjoint hardware. N/A for this module.

2.2.4 Tested Operational Environments – Software, Firmware,

Hybrid The module was tested and found to be compliant with FIPS 140-3 requirements on the environments listed in the table below. Table 3: Tested Operational Environments - Software, Firmware, Hybrid The module is designed to utilize AES-NI 16 extended instruction set when available by the host platform’s CPU for processor algorithm acceleration (PAA) of its AES implementation.

2.2.5 Vendor-Affirmed Operational Environments – Software,

Firmware, Hybrid The cryptographic module maintains validation compliance when operating in a VM with ConnexIP as the guest OS on any compatible GPC using a KVM hypervisor to provide the virtualization layer. Note that the host GPC may be deployed on-prem or in any of the following supported cloud environments:

16 AES-NI – Advanced Encryption Algorithm New Instructions
Page 14
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA5061Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5061Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5061Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5061Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5061Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA5061Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
Counter DRBGA5061Prediction Resistance - No, Yes Mode - AES-128 Derivation Function Enabled - No, YesSP 800-90A Rev. 1
DSA KeyGen (FIPS186-4)A5061L - 2048, 3072 N - 224, 256FIPS 186-4
ECDSA KeyGen (FIPS186-5)A5061Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyVer (FIPS186-5)A5061Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA SigGen (FIPS186-5)A5061Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5061Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-5
HMAC-SHA-1A5061Key Length - Key Length: 112-65528 Increment 8FIPS 198-1
HMAC-SHA2-224A5061Key Length - Key Length: 112-65528 Increment 8FIPS 198-1
HMAC-SHA2-256A5061Key Length - Key Length: 112-65528 Increment 8FIPS 198-1
HMAC-SHA2-384A5061Key Length - Key Length: 112-65528 Increment 8FIPS 198-1
HMAC-SHA2-512A5061Key Length - Key Length: 112-65528 Increment 8FIPS 198-1
KAS-ECC CDH-Component SP800-56Ar3 (CVL)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521SP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5061Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A5061Domain Parameter Generation Methods - FB, FC Scheme - dhEphem - KAS Role - initiator, responderSP 800-56A Rev. 3
KTS-IFCA5061Modulo - 2048, 3072, 4096 Key Generation Methods - rsakpg1-basic Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
PBKDFA5061Iteration Count - Iteration Count: 10-1000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
RSA KeyGen (FIPS186-5)A5061Key Generation Mode - probable Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA SigGen (FIPS186-5)A5061Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5061Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
SHA-1A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4

July 8, 2025 Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment not listed on the validation certificate. 2.3 Excluded Components The module does not exclude any components from the requirements. 2.4

2.4.1 Modes List and Description

mode of operation only; non-Approved operations are not supported. Table 5: Modes List and Description 2.5 Algorithms

2.5.1 Approved Algorithms

The module employs cryptographic algorithm implementations from the following sources:

17 KDF – Key Derivation Function

SRTP

19 IPP – Intel® integrated Performance Primitives

SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 15

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 16
Approved algorithm
NameCAVP CertPropertiesReference
SHA2-224A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
AES-CBCA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
HMAC-SHA-1A5063Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
KDF SRTP (CVL)A5063AES Key Length - 128, 192SP 800-135 Rev. 1
SHA-1A5063Message Length - Message Length: 0-51200 Increment 8FIPS 180-4
ECDSA KeyGen (FIPS186-4)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P- 256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyVer (FIPS186-4)A5061Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K- 571, P-224, P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P- 256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A5061Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K- 571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
RSA KeyGen (FIPS186- 4)A5061Key Generation Mode - B.3.3 Modulo - 2048 Primality Tests - Table C.2 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186- 4)A5061Signature Type - PKCS 1.5 Modulo - 2048FIPS 186-4
RSA SigVer (FIPS186- 4)A5061Signature Type - PKCS 1.5 Modulo - 1024, 2048FIPS 186-4
TLS v1.2 KDF RFC7627 (CVL)A5065Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF IKEv1 (CVL)A5062Authentication Method - Digital Signature, Pre-shared Key, Public Key Encryption Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 2048 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 Preshared Key Length - Preshared Key Length: 64-512 Increment 8SP 800-135 Rev. 1
KDF IKEv2 (CVL)A5062Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 224-4096 Increment 8 Derived Keying Material Length - Derived Keying Material Length: 160-4096 Increment 8 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
Approved algorithm
NameCAVP CertPropertiesReference
SHA2-224A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
AES-CBCA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
HMAC-SHA-1A5063Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
KDF SRTP (CVL)A5063AES Key Length - 128, 192SP 800-135 Rev. 1
SHA-1A5063Message Length - Message Length: 0-51200 Increment 8FIPS 180-4
ECDSA KeyGen (FIPS186-4)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P- 256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyVer (FIPS186-4)A5061Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K- 571, P-224, P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P- 256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A5061Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K- 571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
RSA KeyGen (FIPS186- 4)A5061Key Generation Mode - B.3.3 Modulo - 2048 Primality Tests - Table C.2 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186- 4)A5061Signature Type - PKCS 1.5 Modulo - 2048FIPS 186-4
RSA SigVer (FIPS186- 4)A5061Signature Type - PKCS 1.5 Modulo - 1024, 2048FIPS 186-4
TLS v1.2 KDF RFC7627 (CVL)A5065Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF IKEv1 (CVL)A5062Authentication Method - Digital Signature, Pre-shared Key, Public Key Encryption Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 2048 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 Preshared Key Length - Preshared Key Length: 64-512 Increment 8SP 800-135 Rev. 1
KDF IKEv2 (CVL)A5062Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 224-4096 Increment 8 Derived Keying Material Length - Derived Keying Material Length: 160-4096 Increment 8 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
Approved algorithm
NameCAVP CertPropertiesReference
SHA2-224A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A5061Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
AES-CBCA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5063Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
HMAC-SHA-1A5063Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
KDF SRTP (CVL)A5063AES Key Length - 128, 192SP 800-135 Rev. 1
SHA-1A5063Message Length - Message Length: 0-51200 Increment 8FIPS 180-4
ECDSA KeyGen (FIPS186-4)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P- 256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyVer (FIPS186-4)A5061Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K- 571, P-224, P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A5061Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P- 256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A5061Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K- 571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
RSA KeyGen (FIPS186- 4)A5061Key Generation Mode - B.3.3 Modulo - 2048 Primality Tests - Table C.2 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186- 4)A5061Signature Type - PKCS 1.5 Modulo - 2048FIPS 186-4
RSA SigVer (FIPS186- 4)A5061Signature Type - PKCS 1.5 Modulo - 1024, 2048FIPS 186-4
TLS v1.2 KDF RFC7627 (CVL)A5065Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF IKEv1 (CVL)A5062Authentication Method - Digital Signature, Pre-shared Key, Public Key Encryption Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 2048 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 Preshared Key Length - Preshared Key Length: 64-512 Increment 8SP 800-135 Rev. 1
KDF IKEv2 (CVL)A5062Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 224-4096 Increment 8 Derived Keying Material Length - Derived Keying Material Length: 160-4096 Increment 8 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1

July 8, 2025 Table 6: Approved Algorithms - Ribbon Cryptographic Library Ribbon SRTP KDF Library (IPP) Table 7: Approved Algorithms - Ribbon SRTP KDF Library (IPP) Ribbon IKE KDF Library Table 8: Approved Algorithms Properties SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 17
Approved algorithm
NameCAVP CertPropertiesReference
KDF IKEv1 (CVL)A5062Authentication Method - Digital Signature, Pre-shared Key, Public Key Encryption Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 2048 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 Preshared Key Length - Preshared Key Length: 64-512 Increment 8SP 800-135 Rev. 1
KDF IKEv2 (CVL)A5062Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 224-4096 Increment 8 Derived Keying Material Length - Derived Keying Material Length: 160-4096 Increment 8 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF SSH (CVL)A5064Cipher - AES-128 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF TLS (CVL)A5065TLS Version - v1.2 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
SHA3-256A4087Message Length - Message Length: 0-65536 Increment 8FIPS 202
Service
NamePropertiesImplementation
CKGCKG:SymmetricRibbon Cryptographic LibraryPer SP 800-133 Rev. 2, section 4.

July 8, 2025 Table 9: Approved Algorithms - Ribbon IKE KDF Library Table 10: Approved Algorithms - Ribbon IKE KDF Library Table 11: Approved Algorithms - Ribbon SSH KDF Library Table 12: Approved Algorithms - Ribbon TLS KDF Library Table 13: Approved Algorithms - Ribbon Entropy Library

2.5.2 Vendor Affirmed Algorithms

The vendor affirms the following cryptographic security methods in the table below: Table 14: Vendor-Affirmed Algorithms

2.5.3 Non-Approved, Allowed Algorithms

The table below lists the non-Approved algorithms implemented by the module that are allowed for use in the Approved mode of operation. N/A for this module. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 18
Service
NameDescriptionApproved FunctionsType
DRBG for Random Password GenerationDRBG for generating random passwords.Counter DRBG: (A5061)DRBG
SHA for Password StorageSHA2-512 for hashing stored password values.SHA2-512: (A5061)SHA
RSA SigVer for Certificate LoadingRSA digital signature verification, used for certificate loading.SHA2-224: (A5061) SHA2-256: (A5061) SHA2-384: (A5061) SHA2-512: (A5061) RSA SigVer (FIPS186-5): (A5061) RSA SigVer (FIPS186-4): (A5061)DigSig-SigVer
CKG for CDB Key GenerationCKG for the Config Database (CDB) Key, which is used for the encryption/decryption of RSA or ECDSA private keys and pre-shared secrets for RADIUS.Counter DRBG: (A5061)CKG
IPsec IKEKey Agreement for IKE. Key exchange is performed using ECDH or DH. Public/private keys generation is performed using RSA.AES-CBC: (A5061) AES-CTR: (A5061) AES-GCM: (A5061) DSA KeyGen (FIPS186- 4): (A5061) HMAC-SHA-1: (A5061) HMAC-SHA2-224: (A5061) HMAC-SHA2-384: (A5061) HMAC-SHA2-512: (A5061) KAS-ECC CDH- Component SP800- 56Ar3: (A5061) KAS-ECC-SSC Sp800- 56Ar3: (A5061) KAS-FFC-SSC Sp800- 56Ar3: (A5061) KDF IKEv1: (A5062) KDF IKEv2: (A5062) SHA-1: (A5061) SHA2-224: (A5061) SHA2-256: (A5061) SHA2-384: (A5061) SHA2-512: (A5061) Counter DRBG: (A5061) HMAC-SHA2-256: (A5061) ECDSA KeyGen (FIPS186-5): (A5061) ECDSA KeyVer (FIPS186- 5): (A5061) RSA KeyGen (FIPS186- 5): (A5061) RSA SigGen (FIPS186-5): (A5061) RSA SigVer (FIPS186-5): (A5061) ECDSA SigGen (FIPS186- 5): (A5061) ECDSA SigVer (FIPS186- 5): (A5061) ECDSA KeyGen (FIPS186-4): (A5061) ECDSA KeyVer (FIPS186- 4): (A5061) ECDSA SigGen (FIPS186- 4): (A5061) ECDSA SigVer (FIPS186- 4): (A5061) RSA KeyGen (FIPS186- 4): (A5061) RSA SigGen (FIPS186-4): (A5061) RSA SigVer (FIPS186-4): (A5061)KAS-Full
SRTPKey Agreement for SRTP. Key exchange is performed using ECDH or DH. Public/private keys generation is performed using ECDSA or RSA.AES-CBC: (A5063) AES-CTR: (A5063) AES-ECB: (A5063) Counter DRBG: (A5061) DSA KeyGen (FIPS186- 4): (A5061) HMAC-SHA-1: (A5063) KAS-ECC-SSC Sp800- 56Ar3: (A5061) KAS-FFC-SSC Sp800- 56Ar3: (A5061) KAS-ECC CDH- Component SP800- 56Ar3: (A5061) RSA KeyGen (FIPS186- 5): (A5061) RSA SigGen (FIPS186-5): (A5061) RSA SigVer (FIPS186-5): (A5061) ECDSA KeyGen (FIPS186-5): (A5061) ECDSA KeyVer (FIPS186- 5): (A5061) ECDSA SigGen (FIPS186- 5): (A5061) ECDSA SigVer (FIPS186- 5): (A5061) KDF SRTP: (A5063) SHA-1: (A5063) ECDSA KeyGen (FIPS186-4): (A5061) ECDSA KeyVer (FIPS186- 4): (A5061) ECDSA SigGen (FIPS186- 4): (A5061) ECDSA SigVer (FIPS186- 4): (A5061) RSA KeyGen (FIPS186- 4): (A5061) RSA SigGen (FIPS186-4): (A5061) RSA SigVer (FIPS186-4): (A5061)KAS-Full
AES for SNMPv3AES-CFB for SNMPv3 packet encryption/decryption.AES-CFB1: (A5061) AES-CFB8: (A5061) AES-CFB128: (A5061)BC-UnAuth
HMAC for SNMPv3HMAC for SNMPv3 packet authentication.HMAC-SHA-1: (A5061) SHA-1: (A5061)MAC
SSHKey Agreement for SSH. Key exchange is performed using ECDH or DH. Public/private keys generation is performed using ECDSA or RSA.AES-CBC: (A5061) AES-CTR: (A5061) AES-GCM: (A5061) Counter DRBG: (A5061) DSA KeyGen (FIPS186- 4): (A5061) HMAC-SHA-1: (A5061) KAS-ECC CDH- Component SP800- 56Ar3: (A5061) KAS-ECC-SSC Sp800- 56Ar3: (A5061) KAS-FFC-SSC Sp800- 56Ar3: (A5061) KDF SSH: (A5064) SHA-1: (A5061) ECDSA KeyGen (FIPS186-5): (A5061) ECDSA KeyVer (FIPS186- 5): (A5061) ECDSA SigGen (FIPS186- 5): (A5061) ECDSA SigVer (FIPS186- 5): (A5061) RSA KeyGen (FIPS186- 5): (A5061) RSA SigGen (FIPS186-5): (A5061) RSA SigVer (FIPS186-5): (A5061) ECDSA KeyGen (FIPS186-4): (A5061) ECDSA KeyVer (FIPS186- 4): (A5061) ECDSA SigGen (FIPS186- 4): (A5061) ECDSA SigVer (FIPS186- 4): (A5061) RSA KeyGen (FIPS186- 4): (A5061) RSA SigGen (FIPS186-4): (A5061) RSA SigVer (FIPS186-4): (A5061)KAS-Full
TLS v1.2Key Agreement for TLS v1.2. Key exchange is performed using ECDH or DH. Public/private keys generation is performed using ECDSA or RSA.AES-CBC: (A5061) AES-GCM: (A5061) Counter DRBG: (A5061) DSA KeyGen (FIPS186- 4): (A5061) HMAC-SHA2-256: (A5061) HMAC-SHA2-384: (A5061) KAS-ECC CDH- Component SP800- 56Ar3: (A5061) KAS-ECC-SSC Sp800- 56Ar3: (A5061) KAS-FFC-SSC Sp800- 56Ar3: (A5061) KDF TLS: (A5065) KTS-IFC: (A5061) TLS v1.2 KDF RFC7627: (A5065) ECDSA KeyGen (FIPS186-5): (A5061) ECDSA KeyVer (FIPS186- 5): (A5061) ECDSA SigGen (FIPS186- 5): (A5061) ECDSA SigVer (FIPS186- 5): (A5061) RSA KeyGen (FIPS186- 5): (A5061) RSA SigGen (FIPS186-5): (A5061) RSA SigVer (FIPS186-5): (A5061) ECDSA KeyGen (FIPS186-4): (A5061) ECDSA KeyVer (FIPS186- 4): (A5061) ECDSA SigGen (FIPS186- 4): (A5061) ECDSA SigVer (FIPS186- 4): (A5061) RSA KeyGen (FIPS186- 4): (A5061) RSA SigGen (FIPS186-4): (A5061) RSA SigVer (FIPS186-4): (A5061)KAS-Full
DRBG (Random bits)Get random bits from the DBRG.Counter DRBG: (A5061)DRBG
PBKDFPBKDF for decrypting certificatesPBKDF: (A5061)PBKDF
ECDSA or RSA SigVer for Public Key Certificate AuthenticationECDSA or RSA signature verification for public key certificate authentication.ECDSA SigVer (FIPS186- 4): (A5061) ECDSA SigVer (FIPS186- 5): (A5061) RSA SigVer (FIPS186-5): (A5061) SHA-1: (A5061) SHA2-224: (A5061) SHA2-256: (A5061) SHA2-384: (A5061) Counter DRBG: (A5061) RSA SigVer (FIPS186-4): (A5061)DigSig-SigVer
Entropy Source ConditionerSHA3-256 entropy source conditionerSHA3-256: (A4087)ENT-Cond
2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed

The module does not offer any non-Approved algorithms allowed in the Approved mode of operation with no security claimed. N/A for this module.

2.5.5 Non-Approved, Not Allowed Algorithms

The module does not offer non-Approved algorithms not allowed in the Approved mode of operation. N/A for this module. 2.6 Security Function Implementations The table below lists the security function implementations for this module. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 19

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 20

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 21

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 22

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 23

July 8, 2025 2.7 Table 15: Security Function Implementations Algorithm Specific Information The following is algorithm-specific information related to the module:

8.2.1 of NIST SP 800-38D. In compliance with RFC 7714, the 96-bit IV is formed by first

concatenating 16 bits of zeroes, the 32-bit Synchronization Source identifier, the 32-bit rollover counter, and the 16-octet sequence number. As described in scenario 3 of FIPS 140-3 IG C.H and, the (key, IV) collision probability does not exceed 2-32 for a given key distributed to one or more cryptographic modules. In the event that the module’s power is lost and then restored, the CO shall establish a new key for use with AES-GCM encryption/decryption.

20 IV – Initialization Vector

SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 24
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Ribbon Entropy LibraryNon- Physical64Ribbon ConnexIP OS 10 on VMware ESXi 6.5 running on Intel Xeon CPU E5 v3 (Haswell)Full entropySHA3-256 (A4087)
CertVendor Name
Number
E101Ribbon Communications

July 8, 2025 The length of the password/passphrase used in the PBKDF shall be at least 20 characters, and shall consist of lowercase, uppercase, and numeric characters. The upper bound for the probability of guessing the value is estimated to be 1/6220 = 10-36, which is less than 2-112. As specified in NIST SP 800-132, keys derived from passwords/passphrases may only be used in storage applications.

Page 25
2.10.1 Key Agreement Information

The following is a list of key agreement methods that the module implements:

2.10.2 Key Transport Information

Key transport information does not apply to the module. 2.11 Industry Protocols The module employs the following industry protocols:

Page 26
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData InputEncrypted management traffic over TLS (GUI) and SSH (CLI); user data over SSH; encrypted media and signaling traffic over TLS (GUI); redundancy synchronization traffic; operational/system status information
N/AN/AData OutputEncrypted management traffic over TLS (GUI) and SSH (CLI); encrypted media and signaling traffic over TLS (GUI); redundancy synchronization traffic; operational/system status information
N/AN/AControl InputEncrypted management traffic over TLS (GUI) and SSH (CLI); user data over SSH; encrypted media and signaling traffic over TLS (GUI); redundancy synchronization traffic; operational/system status information
N/AN/AStatus OutputEncrypted management traffic over TLS (GUI) and SSH (CLI); encrypted media and signaling traffic over TLS (GUI); redundancy synchronization traffic; operational/system status information
N/AN/APowerPower

July 8, 2025 3. Cryptographic Module Interfaces 3.1 Ports and Interfaces The module supports the following logical interfaces:

Page 27
Sensitive security parameter
NameDescriptionStrengthSecurity MechanismStrength per Minute
PasswordFor the first-time module access by the CO, the module ships with a factory-set default username ("admin") and password ("admin") for the EMA and the CLI. User accounts are assigned randomly generated passwords upon account activation. Following first-time login using default/assigned credentials, module operators are prompted to set new passwords.1:16,889,161,502,720Username/Password6:16,889,161,502,720
Public Key CertificateThe module supports RSA and ECDSA digital certificate authentication of users during Web GUI/HTTPS (TLS) access.1:5.19 x 10^33ECDSA and RSA SigVer1:96.92 × 10^23

July 8, 2025

  1. Roles, Services, and Authentication 4.1 Authentication Methods Module operators are required to authenticate to the module for assumption of an authorized role. The module supports identity-based authentication. Role assumption is implicit, as module operator roles are assigned to their The module can support multiple operator sessions concurrently from multiple client devices. The maximum number of simultaneous sessions allowed per operator can be configured for any number from 1 to
  2. Each session remains active (logged in) and secured until the operator logs out or is automatically logged out from inactivity. When the module is powered off, result of any previous authentication will be cleared, and module operators will need to re-authenticate in order to re-assume their respective roles. The table below lists the authentication methods and the strength of the authentication mechanisms. Table 19: Authentication Methods The strength objectives of the authentication mechanisms are as follows: • For each attempt to use an authentication mechanism, the probability shall be less than one in 1,000,000 that a random attempt will succeed or a false acceptance will occur. • For multiple attempts to use an authentication mechanism during a one-minute period, the probability shall be less than one in 100,000 that a random attempt will succeed or a false acceptance will occur. To meet the stated strength objectives for password-based authentication, password policies shall be configured such that all passwords shall require: • • • Between 8 and 24 characters At least one lowercase letter At least one uppercase letter SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 28
Read-only access to all commands and data spaces except commands that deal with user accounts
logging and audit controls, the TOD clock and sensitive administrative items. They do not have access to
the Security Event logs and management audit logs.
Read-write access to all commands and data spaces except commands that deal with user
accounts, logging and audit controls, the TOD clock, and sensitive administrative items. They do not have
access to the Security Event logs and management audit logs and cannot execute any commands stopping
or starting these audit log services.
Page 29
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCOIdentityPassword Public Key Certificate
UserUserIdentityPassword Public Key Certificate
Commission the moduleCommission the module by following the Security Policy guidelinesCrypto OfficerNonen/an/anone
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCOIdentityPassword Public Key Certificate
UserUserIdentityPassword Public Key Certificate
Commission the moduleCommission the module by following the Security Policy guidelinesCrypto OfficerNonen/an/anone
Manage SBC licenseInstalls the license to enable SBC features; delete or update license; view current license statusCrypto OfficerNonen/aCommandStatus output
Configure the SBC systemDefine network interfaces and settings; set protocols; configure authentication information; define policies and profilesCrypto OfficerNonen/aCommand and parameterCommand response, status output
Configure routing policy and control servicesConfigure IP network parameters and profiles for signaling, media, call routing, call services, zone, IP ACL rules, NTP and DNS serversCrypto OfficerNonen/aCommand and parameterCommand response, status output
Configure Crypto Suite ProfileSelect crypto suites for SRTP, SRTCP, and SIP communicationCrypto OfficerNonen/aCommand and parameterCommand response, status output
Configure Call Data Record (CDR)Configure log file behaviorCrypto OfficerNonen/aCommand and parameterCommand response, status output
Perform backup and restore servicesBack up the current system configuration; restore the system configuration from a backup file; import and export backup filesCrypto Officer - SNMPv3 Privacy Key: R,W - SNMPv3 Authentication Key: R,WTLS v1.2n/aCommand and parameterCommand response, status output
Manage usersCreate, edit, and delete users; define user accounts and assign permissions.Crypto Officer - User password: R,W - DRBG Entropy Input String: G,E - DRBG Seed: G,E - DRBG 'V' Value: G,E - DRBG 'Key' Value: G,EDRBG for Random Password Generation SHA for Password Storage DRBG (Random bits) Entropy Source Conditionern/aCommand and parameterCommand response, status output
Manage user sessionsTerminate User sessionsCrypto Officer - SSH Session Key: Z - TLS Session Key: ZSSH TLS v1.2n/aCommand and parameterCommand response, status output
Change passwordModify existing login passwordsCrypto Officer - Crypto Officer password: W User - User password: WSHA for Password Storagen/aCommand and parameterCommand response, status output
Load certificateLoad new certificatesCrypto Officer - Certificate Load Key: W - TLS Private Key: W - TLS Public Key: W - CA Public Key: WRSA SigVer for Certificate Loading PBKDFGlobal FIPS status indicatorCommandCommand response, status output
Run scriptRun a script file (a text file containing a list of CLI commands to execute in sequence)Crypto OfficerNoneGlobal FIPS status indicatorCommandCommand response, status output
Perform on- demand self- testsPerform self-tests on- demand using CLI/EMA commandCrypto OfficerNonen/aCommandCommand response, status output
Perform network diagnosticsMonitor connections (e.g., ping)Crypto Officer UserNonen/aCommandCommand response, status output
Show system statusShow the system status (including Approved mode status)Crypto Officer UserNonen/aCommandCommand response, status output
Show system versioningShow operational status information about module components (including hardware type and application version)Crypto Officer UserNonen/aCommandCommand response, status output
View Event LogView event status messagesCrypto OfficerNonen/aCommandCommand response, status output
Zeroize keysZeroize all SSPs (using CLI/EMA command to zeroize)Crypto Officer - Config Database (CBD) Key: Z User - Config Database (CBD) Key: ZNoneCompletion indicator (message/log)CommandCommand response, status output
Perform keying of CDB KeyGenerate CDB keyCrypto Officer - Config Database (CBD) Key: GCKG for CDB Key GenerationGlobal FIPS status indicatorCommand and parametersCommand response, status output
Reboot/ResetReboot or reset the moduleCrypto Officer - Config Database (CBD) Key: ZNoneGlobal FIPS status indicatorCommandCommand response, status output
Page 30

July 8, 2025 n/a n/a n/a n/a n/a n/a n/a n/a n/a R,W G,E Z Z W SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 31

July 8, 2025 n/a n/a n/a n/a W W n/a Perform ondemand selftests SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 32
Establish IPsec connectionEstablish an IPsec session using IKEGlobal FIPS status indicatorCommand and parametersCommand response, status outputIPsec IKECrypto Officer - ECDH Private Key: G,E - ECDH Public Key: G,E - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,E - DH Peer Public Key: W,E - IKE RSA Private Key: G,E - IKE RSA Public Key: G,R - IKE Shared Secret: W,E - IKE SKEYID: G,E - IKE Pre-shared Secret: G,E - IKE Encryption Key: G,E - IKE Authentication Key: G,E - IPsec Shared Secret: G,E - IPsec Encryption Key: G,E - IPsec Authentication Key: G,E - AES GCM IV: G,E - IKE Key Derivation Key: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,E - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,E - DH Peer Public Key: W,E - IKE RSA Private Key: G,E - IKE RSA Public Key: G,R - IKE Shared Secret: W,E - IKE SKEYID: G,E - IKE Pre-shared

July 8, 2025 G,E G,E G,E G,E G,E SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 33
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Establish SRTP connectionEstablish a SRTP session using SIP/TLS protocolsCrypto Officer - SRTP Master Key: W,E - SRTP Authentication Key: G - SRTP Session Key: G - AES GCM IV: G,E User - SRTP Master Key: W,E - SRTP Authentication Key: G - SRTP Session Key: G - AES GCM IV: G,ESRTPGlobal FIPS status indicatorCommand and parametersCommand response, status output
Manage SNMPv3 servicesManage keys, trap targets, users, and traps for SNMPv3Crypto Officer - SNMPv3 Privacy Key: W - SNMPv3 Authentication Key: W User - SNMPv3 Privacy Key: W - SNMPv3 Authentication Key: WNoneGlobal FIPS status indicatorCommand and parametersStatus output
Perform SNMPv3 servicesPerform SNMPv3 servicesCrypto Officer - SNMPv3 Privacy Key: E - SNMPv3 Authentication Key: W User - SNMPv3 Privacy Key: E - SNMPv3 Authentication Key: WAES for SNMPv3 HMAC for SNMPv3Global FIPS status indicatorCommand and parametersStatus output
Establish SSH connectionEstablish SSH connectionCrypto Officer - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G - SSH Authentication Key: G - SSH Shared Secret: G,E - AES GCM IV: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G - SSH Authentication Key: G - SSH Shared Secret: G,E - AES GCM IV: G,ESSHGlobal FIPS status indicatorCommand and parametersCommand response, status output

July 8, 2025 G,E SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 34

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 35

July 8, 2025 G,E G,R G,W,E G,R G G,E G,R G,W,E G,R G SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 36
Perform SFTP functionsPerform FTP functions over SSHGlobal FIPS status indicatorCommand and parametersCommand response, status outputSSHCrypto Officer - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G - SSH Authentication Key: G - SSH Shared Secret: G,E - SFTP Private Key: G,E - SFTP Public Key: G,E - SFTP Peer Public Key: G,E - AES GCM IV: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - SSH Private Key: G,W,E - SSH Public Key: G,R - SSH Peer Public Key: W,E - SSH Session Key: G,E - SSH Authentication Key: G,E - SSH Shared Secret: G,E

July 8, 2025 G,E G,R G,W,E G,R G G,E G,E G,R G,W,E G,R G,E SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 37

July 8, 2025 G,E SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 38
Establish TLS connectionEstablish TLS connectionGlobal FIPS status indicatorCommand and parametersCommand response, status outputTLS v1.2Crypto Officer - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - TLS Private Key: G,W,E - TLS Public Key: G,R,W - TLS Peer Public Key: W,E - TLS Session Key: G - TLS Authentication Key: G - TLS Pre-Master Secret: G,E - TLS Master Secret: G,E - AES GCM IV: G,E User - ECDH Private Key: G,E - ECDH Public Key: G,R - ECDH Peer Public Key: W,E - DH Private Key: G,E - DH Public Key: G,R - DH Peer Public Key: W,E - TLS Private Key: G,W,E - TLS Public Key: G,R,W - TLS Peer Public Key: W,E - TLS Session Key: G - TLS Authentication Key: G - TLS Pre-Master Secret: G,E - TLS Master Secret: G,E - AES GCM IV: G,E

July 8, 2025 G,E G,R G,W,E G,R,W G G,E G,R G,W,E G,R,W G SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 39
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
LogoutLogout of active sessionCrypto Officer UserNonen/aCommandCommand response, status output
Perform manual zeroizationZeroize ephemeral SSPs via power-cycle or reboot of host deviceCrypto OfficerNonen/aCommandCommand response, status output
Perform manual on- demand self- testsPerform pre- operational self-tests on demand via power- cycle or reboot of host deviceCrypto OfficerNonen/aCommandCommand response, status output
Authenticate via passwordAuthenticate to the module by passwordCrypto Officer - Crypto Officer password: W - RADIUS Shared Secret: W,E User - User password: W - RADIUS Shared Secret: W,ESHA for Password Storagen/aCommand and parametersCommand response, status output
Upgrade firmwareLoad new firmware and performs an integrity test using an RSA digital signatureCrypto Officer - Image Verify Key: ERSA SigVer for Certificate LoadingGlobal FIPS status indicatorCommand, firmware imageCommand response, status output
Authenticate via public key certificateAuthenticate to the module by ECDSA or RSA signature verificationUnauthenticatedECDSA or RSA SigVer for Public Key Certificate Authenticationn/aCommandCommand response, service access.

July 8, 2025 n/a n/a manual ondemand selftests n/a n/a n/a 4.4 W Table 21: Approved Services Non-Approved Services The module does not provide any non-Approved services in the non-Approved mode of operation. 4.5 External Software/Firmware Loaded The cryptographic module has the capability of loading software from an external source. All loads comprise a complete image replacement that replaces the existing module image in its entirety, thus forming a completely public key is loaded in write-protected flash at the factory). If the check fails, the new software is ignored and the current software remains loaded. If successful, the module will force an automatic reboot and will perform the required pre-operational integrity test using HMAC SHA digests. Per FIPS 140-3 IG 10.3.F, the integrity test inherently meets the firmware load test requirement when the load constitutes a full image replacement. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 40

July 8, 2025 Only validated software may be loaded to maintain the module’s validation. The new image shall include updated versioning information to represent the newly loaded image. Prior to any execution of the new image, module operators shall zeroize all persistent keys using one of the methods described in section 9.3. All ephemeral keys are zeroized on module reboot. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 41

5. Software/Firmware Security 5.1 Integrity Techniques July 8, 2025 At module start-up, all software components of the cryptographic module are verified using an approved integrity technique implemented within the cryptographic module itself. The module employs a series of HMAC SHA2-256 digests; unsuccessful verification of any of the digest values will cause the module to enter a critical error state. 5.2 Initiate on Demand The CO can initiate the pre-operational integrity tests on demand by issuing a reset/reboot command over the module’s management interfaces. Also, the module can be made to perform pre-operational self-tests by rebooting or power-cycling the module’s VM manually (when using this method, the operator is not required to assume an authorized role). SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 42

6. Operational Environment 6.1 Operational Environment Type and Requirements July 8, 2025 The SBC SWe Session Border Controller comprises a software cryptographic library that executes in a Modifiable operational environment. The module was tested and found to be compliant with FIPS 140-3 requirements on a Dell EMC PowerEdge r740 server with an Intel Xeon processor running Ribbon’s ConnexIP OS as the guest OS in a VM managed by a VMware ESXi 7.0 hypervisor. The cryptographic module has control over its own SSPs. The process and memory management functionality of the guest OS and the hypervisor prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined interfaces. The operational environment provides the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes or operators. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 43

7. July 8, 2025 Physical Security The SBC SWe is a multi-chip standalone software cryptographic module and does not include physical security mechanisms. Therefore, per ISO/IEC 19790:2012 section 7.7.1, the requirements for physical security are not applicable. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 44

8. July 8, 2025 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques references in Annex F of ISO/IEC 19790:2012. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 45
Sensitive security parameter
NameTypeDescription
Flash MemoryStaticPersistent storage of SSPs on flash memory
RAMDynamicDynamic storage of SSPs on RAM
Spinning MediaStaticPersistent storage of SSPs on spinning media
SSDStaticPersistent storage of SSPs on SSD
CDB on SSDStaticPersistent storage of SSPs in CDB on SSD
Service
NameApproved FunctionsTypeFromTo
External to RAM via DER file formatPlaintextExternalRAMManualElectronic
RAM to External via Encrypted FormTLS v1.2EncryptedRAMExternalAutomatedElectronic
External to RAM via Plaintext CertificateRSA SigVer for Certificate LoadingPlaintextExternalRAMAutomatedElectronic
RAM to External via PlaintextTLS v1.2PlaintextRAMExternalAutomatedElectronic
External to CDB on SSD via CLI (SSH)SSHEncryptedExternalCDB on SSDManualElectronic
External to CDB on SSD via EMA (TLS)TLS v1.2EncryptedExternalCDB on SSDManualElectronic
RAM to External via Plaintext CertificateTLS v1.2PlaintextRAMExternalAutomatedElectronic
Backup to External via TLSTLS v1.2EncryptedCDB on SSDExternalAutomatedElectronic

July 8, 2025 9. Sensitive Security Parameters Management 9.1 Storage Areas The table below lists sensitive security parameters (SSPs) storage areas for this module. Section 9.4 selects from the storage areas listed and specifies the appropriate parameter in the “Storage” column if applicable to a specific SSP. 9.2 Table 22: Storage Areas SSP Input-Output Methods The table below lists SSP input and output methods for this module. Section 9.4 selects from the input and output methods listed and specifies the appropriate parameter in the “Inputs/Outputs” column if applicable to a specific SSP. Table 23: SSP Input-Output Methods SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 46
Sensitive security parameter
NameTypeDescriptionStrengthGenerationUse
Config Database (CBD) KeySymmetric Key - CSPEncryption of RSA and ECDSA private keys and pre- shared secrets for RADIUS in CDB192 - 192DRBG (Random bits)CKG for CDB Key Generation
CA Public KeyPublic Key - PSPVerification of Certificate Authority signatures2048 - 112 bitsRSA SigVer for Certificate Loading
ECDH Private KeyPrivate Key - CSPInput to ECDH shared secret computationBetween 224 and 512 bits - Between 112 and 256 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
ECDH Public KeyPublic Key - PSPUsed by peer for ECDH shared secret computationBetween 224 and 512 bits - Between 112 and 256 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
ECDH Peer Public KeyPublic Key - PSPInput to ECDH shared secret computationBetween 224 and 512 bits - Between 112 and 256 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
DH Private KeyPrivate Key - CSPInput to DH shared secret computation2048 or 3072 bits - 112 or 128 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
DH Public KeyPublic Key - PSPUsed by peer for DH shared secret computation2048 or 3072 bits - 112 or 128 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
DH Peer Public KeyPublic Key - PSPInput to DH shared secret computation2048 or 3072 bits - 112 or 128 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
IKE RSA Private KeyPrivate Key - CSPThe key used in IKE authentication2048 - 112 bitsIPsec IKEIPsec IKE
IKE RSA Public KeyPublic Key - PSPThe key used in IKE authentication2048 - 112 bitsIPsec IKEIPsec IKE
IKE Pre-shared SecretShared Secret - CSPUsed in the computation of the SKEYID during IKEv1 Phase 1n/a - n/aIPsec IKE
IKE SKEYIDKeying material - CSPUsed as input to IKEv1 KDF to derive IPsec Encryption Key and IPsec Authentication Key112 minimum - 112 minimumIPsec IKEIPsec IKE
IKE Shared SecretShared Secret - CSPUsed as input to IKEv1 KDF to derive IPsec Encryption Key and IPsec Authentication Keyn/a - n/aIPsec IKEIPsec IKE
IKE Encryption KeySecret Key - CSPUsed during IKE Phase 2 to encrypt and decrypt its messages128, 192, 256 - Between 128 and 256 bitsKDF IKEv1 (A5062)IPsec IKE
IKE Authentication KeySymmetric Key - CSPUsed during IKE Phase 2 to authenticate its messages160 bits - 112 minimumKDF IKEv1 (A5062)IPsec IKE
IKE Key Derivation KeyDerivation Key - CSPUsed by IKE KDFs for derivation of IPsec Encryption Key and IPsec Authentication Key128, 192, 256 - Between 128 and 256 bitsKDF IKEv1 (A5062)IPsec IKE
IPsec Shared SecretShared Secret - CSPUsed by IKE KDFs for derivation of IPsec Encryption Key and IPsec Authentication Keyn/a - n/aIPsec IKEIPsec IKE
IPsec Encryption KeySecret Key - CSPUsed during IPsec for traffic protection128, 192, 256 - Between 128 and 256 bitsKDF IKEv1 (A5062) KDF IKEv2 (A5062)IPsec IKE
IPsec Authentication KeySecret Key - CSPUsed during IPsec for payload traffic verification160 bits - 112 minimumKDF IKEv1 (A5062) KDF IKEv2 (A5062)IPsec IKE
SSH Private KeyPrivate Key - CSPAuthentication during SSH session negotiationBetween 112 and 256 bits - Between 112 and 256 bitsSSHSSH
SSH Public KeyPublic Key - PSPAuthentication by peer during SSH session negotiationBetween 112 and 256 bits - Between 112 and 256 bitsSSHSSH
SSH Peer Public KeyPublic Key - PSPAuthentication during SSH session negotiation 1024-bit key is used for signature verification onlyBetween 112 and 256 bits - Between 112 and 256 bitsSSH
SSH Session KeySecret Key - CSPEncryption and decryption of SSH session packets128 or 256 bits - 128 or 256 bitsSSHSSH
SSH Authentication KeySecret Key - CSPAuthentication of SSH session packets160 bits - 112 minimumSSHSSH
TLS Private KeyPrivate Key - CSPRSA/ECDSA certificate-based authentication during TLS key negotiationBetween 112 and 256 bits - Between 112 and 256 bitsTLS v1.2TLS v1.2
TLS Public KeyPublic Key - PSPRSA/ECDSA certificate-based authentication during TLS key negotiationBetween 112 and 256 bits - Between 112 and 256 bitsTLS v1.2TLS v1.2
TLS Peer Public KeyPublic Key - PSPRSA/ECDSA certificate-based authentication during TLS key negotiationBetween 112 and 256 bits - Between 112 and 256 bitsTLS v1.2TLS v1.2
TLS Session KeySecret Key - CSPEncryption and decryption of TLS session packets128 or 256 bits - Between 128 or 256 bitsTLS v1.2TLS v1.2
TLS Authentication KeySecret Key - CSPAuthentication of TLS session packets160 bits (minimum) - 112 minimumTLS v1.2TLS v1.2
SRTP Session KeySecret Key - CSPEncryption or decryption of SRTP session packets128 or 256 bits - Between 128 or 256 bitsSRTPSRTP
SRTP Authentication KeySecret Key - CSPAuthentication of SRTP session packets160 bits - 112 minimumSRTPSRTP
SFTP Private KeyPrivate Key - CSPUsed for SFTP key negotiation2048 - 112 bitsSSHSSH
SFTP Public KeyPublic Key - PSPUsed for SFTP key negotiation1024 or 2048 bits - 112 bitsSSHSSH
SFTP Peer Public KeyPublic Key - PSPUsed for SFTP key negotiation1024 or 2048 bits - 80 or 112 bitsSSHSSH
SNMPv3 Privacy KeySecret Key - CSPEncrypting SNMPv3 packets128 bits - 128 bits
SNMPv3 Authentication KeySecret Key - CSPSNMPv3 Authentication Key160 bits (minimum) - 112 minimum
Certificate Load KeySecret Key - CSPDecrypting PKCS #12 certificate files when imported from an external workstation128 or 256 bits - Between 128 or 256 bitsRSA SigVer for Certificate LoadingPBKDF
SRTP Master KeySecret Key - CSPPeer Authentication; Input to SRTP KDF for derivation of the SRTP Session Key and SRTP Authentication Keyn/a - n/a
SSH Shared SecretShared Secret - CSPInput to SSH KDF for derivation of the SSH Session Key and SSH Authentication Keyn/a - n/aSSHSSH
TLS Pre-Master SecretPre-Master Secret - CSPInput to TLS KDF for derivation of the TLS Master Secretn/a - n/aDRBG (Random bits)TLS v1.2TLS v1.2
TLS Master SecretMaster Secret - CSPUsed by TLS KDF for derivation of the TLS Session Key and TLS Authentication Keyn/a - n/aTLS v1.2TLS v1.2
Zeroization MethodDescriptionRationaleOperator
Initiation
Command via CLI or EMAZeroization upon command via CLI or EMAZeroize all SSPs (using CLI/EMA command to zeroize)CLI or EMA
RebootZeroization upon rebooting the moduleReboot to zeroize RAMReboot
Session TerminationUpon Session TerminationUpon Session Termination to zeroize session based SSPsTerminate session

9.3 July 8, 2025 SSP Zeroization Methods The table below lists SSP zeroization methods for this module. Section 9.4 selects from the zeroization methods listed and specifies the appropriate parameter in the “Zeroization” column if applicable to a specific SSP. Table 24: SSP Zeroization Methods 9.4 The module supports the keys and other SSPs listed in the tables below. Note that all SSP imports and exports are electronic and performed within the TOEPP. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 47

n/a - n/a July 8, 2025 n/a - n/a n/a - n/a SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 48

July 8, 2025 n/a - n/a n/a - n/a n/a - n/a n/a - n/a SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 49
Sensitive security parameter
NameTypeDescriptionStrengthEstablishmentStorageZeroizationUseInputStorage Duration
RADIUS Shared SecretShared Secret - CSPPeer authentication of RADIUS messagesn/a - n/a
DRBG Entropy Input StringEntropy Input - CSPEstablishment of seed for CTR_DRBG128 - 128DRBG (Random bits)
DRBG SeedSeed - CSPGeneration of random number256 - 256DRBG (Random bits)
DRBG 'V' ValueWorking state value - CSPState value for CTR_DRBG128 - 128DRBG (Random bits)
DRBG 'Key' ValueWorking state value - CSPState value for CTR_DRBG128 - 128
Crypto Officer passwordPassword - CSPAuthenticating the Crypto Officer to the modulen/a - n/a
User passwordPassword - CSPAuthenticating the User to the modulen/a - n/a
AES GCM IVInitialization Vector - CSPInitialization vector for the AES GCM key96 bits - 112 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
Image Verify KeyPublic Key - NeitherVerifying the RSA signature of the digest of a new image load package2048 bits - 112 bitsRSA SigVer for Certificate Loading
Config Database (CBD) KeySSD:PlaintextCommand via CLI or EMA
CA Public KeyRAM:PlaintextRebootExternal to RAM via DER file formatUntil reboot
ECDH Private KeyRAM:PlaintextReboot Session TerminationSession
ECDH Public KeyRAM:PlaintextReboot Session TerminationRAM to External via Plaintext CertificateSession
ECDH Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateSession
DH Private KeyRAM:PlaintextReboot Session TerminationSession
DH Public KeyRAM:PlaintextReboot Session TerminationRAM to External via PlaintextSession
DH Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateSession
IKE RSA Private KeySSD:EncryptedCommand via CLI or EMAUntil zeroized
IKE RSA Public KeySSD:EncryptedCommand via CLI or EMAUntil zeroized
Sensitive security parameter
NameTypeDescriptionStrengthEstablishmentStorageZeroizationUseInputStorage Duration
RADIUS Shared SecretShared Secret - CSPPeer authentication of RADIUS messagesn/a - n/a
DRBG Entropy Input StringEntropy Input - CSPEstablishment of seed for CTR_DRBG128 - 128DRBG (Random bits)
DRBG SeedSeed - CSPGeneration of random number256 - 256DRBG (Random bits)
DRBG 'V' ValueWorking state value - CSPState value for CTR_DRBG128 - 128DRBG (Random bits)
DRBG 'Key' ValueWorking state value - CSPState value for CTR_DRBG128 - 128
Crypto Officer passwordPassword - CSPAuthenticating the Crypto Officer to the modulen/a - n/a
User passwordPassword - CSPAuthenticating the User to the modulen/a - n/a
AES GCM IVInitialization Vector - CSPInitialization vector for the AES GCM key96 bits - 112 bitsIPsec IKE SRTP SSH TLS v1.2IPsec IKE SRTP SSH TLS v1.2
Image Verify KeyPublic Key - NeitherVerifying the RSA signature of the digest of a new image load package2048 bits - 112 bitsRSA SigVer for Certificate Loading
Config Database (CBD) KeySSD:PlaintextCommand via CLI or EMA
CA Public KeyRAM:PlaintextRebootExternal to RAM via DER file formatUntil reboot
ECDH Private KeyRAM:PlaintextReboot Session TerminationSession
ECDH Public KeyRAM:PlaintextReboot Session TerminationRAM to External via Plaintext CertificateSession
ECDH Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateSession
DH Private KeyRAM:PlaintextReboot Session TerminationSession
DH Public KeyRAM:PlaintextReboot Session TerminationRAM to External via PlaintextSession
DH Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateSession
IKE RSA Private KeySSD:EncryptedCommand via CLI or EMAUntil zeroized
IKE RSA Public KeySSD:EncryptedCommand via CLI or EMAUntil zeroized
IKE Pre-shared SecretRAM:PlaintextReboot Session TerminationExternal to CDB on SSD via CLI (SSH) External to CDB on SSD via EMA (TLS)Until reboot or session termination
IKE SKEYIDRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IKE Shared SecretRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IKE Encryption KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IKE Authentication KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IKE Key Derivation KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IPsec Shared SecretRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IPsec Encryption KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
IPsec Authentication KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
SSH Private KeySSD:PlaintextCommand via CLI or EMA
SSH Public KeySSD:PlaintextCommand via CLI or EMA
SSH Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateUntil reboot or session termination
SSH Session KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
SSH Authentication KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
TLS Private KeySSD:EncryptedCommand via CLI or EMAExternal to RAM via DER file format
TLS Public KeySSD:EncryptedCommand via CLI or EMAExternal to RAM via Plaintext Certificate
TLS Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateUntil reboot or session termination
TLS Session KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
TLS Authentication KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
SRTP Session KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
SRTP Authentication KeyRAM:PlaintextReboot Session TerminationUntil reboot or session termination
SFTP Private KeySSD:EncryptedCommand via CLI or EMA
SFTP Public KeySSD:PlaintextCommand via CLI or EMAExternal to RAM via Plaintext Certificate
SFTP Peer Public KeyRAM:PlaintextReboot Session TerminationExternal to RAM via Plaintext CertificateUntil reboot or session termination
SNMPv3 Privacy KeySSD:EncryptedCommand via CLI or EMAExternal to CDB on SSD via CLI (SSH) External to CDB on SSD via EMA (TLS) Backup to External via TLS
SNMPv3 Authentication KeySSD:EncryptedCommand via CLI or EMAExternal to CDB on SSD via CLI (SSH) External to CDB on SSD via EMA (TLS) Backup to External via TLS
Certificate Load KeyRAM:PlaintextRebootUntil reboot
SRTP Master KeyRAM:PlaintextReboot Session TerminationRAM to External via Encrypted FormUntil reboot or session termination
SSH Shared SecretRAM:PlaintextReboot Session TerminationUntil reboot or session termination
TLS Pre-Master SecretRAM:PlaintextReboot Session TerminationUntil reboot or session termination
TLS Master SecretRAM:PlaintextReboot Session TerminationUntil reboot or session termination
RADIUS Shared SecretSSD:EncryptedCommand via CLI or EMAExternal to CDB on SSD via CLI (SSH) External to CDB on SSD via EMA (TLS)
DRBG Entropy Input StringRAM:PlaintextRebootUntil reboot
DRBG SeedRAM:PlaintextRebootUntil reboot
DRBG 'V' ValueRAM:PlaintextRebootUntil reboot
DRBG 'Key' ValueRAM:PlaintextRebootUntil reboot
Crypto Officer passwordSSD:EncryptedCommand via CLI or EMAExternal to CDB on SSD via CLI (SSH) External to CDB on SSD via EMA (TLS)
User passwordSSD:EncryptedCommand via CLI or EMAExternal to CDB on SSD via CLI (SSH) External to CDB on SSD via EMA (TLS)
AES GCM IVRAM:PlaintextRebootUntil reboot
Image Verify KeyFlash Memory:Plaintext Spinning Media:PlaintextN/ARAM to External via Encrypted Form External to RAM via Plaintext Certificate

July 8, 2025 n/a - n/a n/a - n/a n/a - n/a Table 25: SSP Table 1 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 50

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 51

July 8, 2025 SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 52

9.5 July 8, 2025 N/A Table 26: SSP Table 2 Transitions The following list specifies applicable transition periods or timeframes where an algorithm or key length transitions from Approved to non-Approved:

Page 53
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC-SHA2-256 (A5061)HMAC-SHA2-256 (A5061)Integrity testSW/FW Integritysoftware integrity testlog messages
AES-GCM (A5061)AES-GCM (A5061)KATCASTEncrypt/DecryptStatus can be displayed on CLI terminal of Web GUI Interface.256 bitsPerformed during module's initial power-up sequence.
Counter DRBG (A5061)Counter DRBG (A5061)instantiate/generate/reseed KATCASTDRBGStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
DSA KeyGen (FIPS186-4) (A5061)DSA KeyGen (FIPS186-4) (A5061)KATCASTSign/VerifyStatus can be displayed on CLI terminal of Web GUI Interface.2048-bitPerformed during module's initial power-up sequence.
ECDSA SigGen (FIPS186-5) (A5061)ECDSA SigGen (FIPS186-5) (A5061)digital signature generation KATCASTSignature GenerationStatus can be displayed on CLI terminal of Web GUI Interface.curve P-224/K- 233, SHA2-512Performed during module's initial power-up sequence.
ECDSA SigVer (FIPS186-4) (A5061)ECDSA SigVer (FIPS186-4) (A5061)digital signature generation KATCASTSignature VerificationStatus can be displayed on CLI terminal of Web GUI Interface.curve P-224/K- 233, SHA2-512Performed during module's initial power-up sequence.
Entropy Stuck TestEntropy Stuck TestEntropy Stuck TestCASTSP800-90B testsStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC-SHA2-256 (A5061)HMAC-SHA2-256 (A5061)Integrity testSW/FW Integritysoftware integrity testlog messages
AES-GCM (A5061)AES-GCM (A5061)KATCASTEncrypt/DecryptStatus can be displayed on CLI terminal of Web GUI Interface.256 bitsPerformed during module's initial power-up sequence.
Counter DRBG (A5061)Counter DRBG (A5061)instantiate/generate/reseed KATCASTDRBGStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
DSA KeyGen (FIPS186-4) (A5061)DSA KeyGen (FIPS186-4) (A5061)KATCASTSign/VerifyStatus can be displayed on CLI terminal of Web GUI Interface.2048-bitPerformed during module's initial power-up sequence.
ECDSA SigGen (FIPS186-5) (A5061)ECDSA SigGen (FIPS186-5) (A5061)digital signature generation KATCASTSignature GenerationStatus can be displayed on CLI terminal of Web GUI Interface.curve P-224/K- 233, SHA2-512Performed during module's initial power-up sequence.
ECDSA SigVer (FIPS186-4) (A5061)ECDSA SigVer (FIPS186-4) (A5061)digital signature generation KATCASTSignature VerificationStatus can be displayed on CLI terminal of Web GUI Interface.curve P-224/K- 233, SHA2-512Performed during module's initial power-up sequence.
Entropy Stuck TestEntropy Stuck TestEntropy Stuck TestCASTSP800-90B testsStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
Entropy Repetition Stuck TestEntropy Repetition Stuck TestEntropy Repetition Stuck TestCASTSP800-90B testsStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
Entropy Adaptive Proportion TestEntropy Adaptive Proportion TestEntropy Adaptive Proportion TestCASTSP800-90B testsStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
Entropy Lag TestEntropy Lag TestEntropy Lag TestCASTSP800-90B testsStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
HMAC-SHA-1 (A5061)HMAC-SHA-1 (A5061)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.128 bitsPerformed during module's initial power-up sequence.
HMAC-SHA2- 224 (A5061)HMAC-SHA2- 224 (A5061)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.128 bitsPerformed during module's initial power-up sequence.
HMAC-SHA2- 256 (A5061)HMAC-SHA2- 256 (A5061)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.256 bitsPerformed during module's initial power-up sequence.
HMAC-SHA2- 384 (A5061)HMAC-SHA2- 384 (A5061)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.192 bitsPerformed during module's initial power-up sequence.
HMAC-SHA2- 512 (A5061)HMAC-SHA2- 512 (A5061)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.256 bitsPerformed during module's initial power-up sequence.
KAS-FFC-SSC Sp800-56Ar3 (A5061)KAS-FFC-SSC Sp800-56Ar3 (A5061)KATCASTSignature VerificationStatus can be displayed on CLI terminal of Web GUI Interface."Z" computationPerformed during module's initial power-up sequence.
KAS-ECC-SSC Sp800-56Ar3 (A5061)KAS-ECC-SSC Sp800-56Ar3 (A5061)KATCASTPrimitive 'Z' ComputationStatus can be displayed on CLI terminal of Web GUI Interface."Z" computationPerformed during module's initial power-up sequence.
RSA SigGen (FIPS186-5) (A5061)RSA SigGen (FIPS186-5) (A5061)KATCASTSignature GenerationStatus can be displayed on CLI terminal of Web GUI Interface.2048-bit, SHA2-256, PKCS #1Performed during module's initial power-up sequence.
RSA SigVer (FIPS186-5) (A5061)RSA SigVer (FIPS186-5) (A5061)KATCASTSignature VerificationStatus can be displayed on CLI terminal of Web GUI Interface.2048-bit, SHA2-256, PKCS #1Performed during module's initial power-up sequence.
RSA KeyGen (FIPS186-4) (A5061)RSA KeyGen (FIPS186-4) (A5061)KATCASTEncrypt/DecryptStatus can be displayed on CLI terminal of Web GUI InterfacePerformed during module's initial power-up sequence.
SHA3-256 (A4087)SHA3-256 (A4087)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.256 bitsPerformed during module's initial power-up sequence.
KDF SRTP (A5063)KDF SRTP (A5063)STRP KDF KATCASTSTRP KDF TestStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
HMAC-SHA-1 (A5063)HMAC-SHA-1 (A5063)KATCASTHashed Message AuthenticationStatus can be displayed on CLI terminal of Web GUI Interface.128 bitsPerformed during module's initial power-up sequence.
AES-CBC (A5063)AES-CBC (A5063)KATCASTEncrypt/DecryptStatus can be displayed on CLI terminal of Web GUI Interface.128 bitsPerformed during module's initial power-up sequence.
KDF IKEv1 (A5062)KDF IKEv1 (A5062)KATCASTKey DerivationStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
KDF SSH (A5064)KDF SSH (A5064)KATCASTKey DerivationStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
KDF TLS (A5065)KDF TLS (A5065)KATCASTKey DerivationStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.
ECDSA KeyGen (FIPS186-5) (A5061)ECDSA KeyGen (FIPS186-5) (A5061)PCTPCTSign/VerifyStatus can be displayed on CLI terminal of Web GUI Interface.P-256Performed during module's initial power-up sequence.
RSA KeyGen (FIPS186-5) (A5061)RSA KeyGen (FIPS186-5) (A5061)PCTPCTSign/Verify and Encrypt/DecryptOn Demand2048-bit, SHA2-256Performed during module's initial power-up sequence.
DH Key GenerationDH Key GenerationPCTPCTKey GenerationStatus can be displayed on CLI terminal of Web GUI Interface.Conditional before first use.
ECDH Key GenerationECDH Key GenerationPCTPCTKey GenerationStatus can be displayed on CLI terminal of Web GUI Interface.Conditional before first use.
PBKDF (A5061)PBKDF (A5061)KATCASTKey DerivationStatus can be displayed on CLI terminal of Web GUI Interface.Performed during module's initial power-up sequence.

July 8, 2025 10. Self-Tests The module performs pre-operational self-tests and conditional self-tests. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s): 10.2 Table 27: Pre-Operational Self-Tests Conditional Self-Tests The module performs the following conditional self-tests: SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 54

July 8, 2025 "Z" "Z" SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 55

July 8, 2025 Table 28: Conditional Self-Tests 10.3 Periodic Self-Test Information The operator may conduct on demand by rebooting or power-cycling the module’s VM or host server. On-demand self-test information for pre-operational and conditional self-tests are shown in the tables below. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 56
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodTest MethodTest TypePeriod
HMAC-SHA2-256 (A5061)HMAC-SHA2-256 (A5061)Integrity testSW/FW Integrityon module start upon module reboot
AES-GCM (A5061)AES-GCM (A5061)KATCASTOn DemandManual
Counter DRBG (A5061)Counter DRBG (A5061)instantiate/generate/reseed KATCASTOn DemandManual
DSA KeyGen (FIPS186- 4) (A5061)DSA KeyGen (FIPS186- 4) (A5061)KATCASTOn DemandManual
ECDSA SigGen (FIPS186-5) (A5061)ECDSA SigGen (FIPS186-5) (A5061)digital signature generation KATCASTOn DemandManual
ECDSA SigVer (FIPS186- 4) (A5061)ECDSA SigVer (FIPS186- 4) (A5061)digital signature generation KATCASTOn DemandManual
Entropy Stuck TestEntropy Stuck TestEntropy Stuck TestCASTOn DemandManual
Entropy Repetition Stuck TestEntropy Repetition Stuck TestEntropy Repetition Stuck TestCASTOn DemandManual
Entropy Adaptive Proportion TestEntropy Adaptive Proportion TestEntropy Adaptive Proportion TestCASTOn DemandManual
Entropy Lag TestEntropy Lag TestEntropy Lag TestCASTOn DemandManual
HMAC-SHA-1 (A5061)HMAC-SHA-1 (A5061)KATCASTOn DemandManual
HMAC-SHA2-224 (A5061)HMAC-SHA2-224 (A5061)KATCASTOn DemandManual
HMAC-SHA2-256 (A5061)HMAC-SHA2-256 (A5061)KATCASTOn DemandManual
HMAC-SHA2-384 (A5061)HMAC-SHA2-384 (A5061)KATCASTOn DemandManual
HMAC-SHA2-512 (A5061)HMAC-SHA2-512 (A5061)KATCASTOn DemandManual
KAS-FFC-SSC Sp800- 56Ar3 (A5061)KAS-FFC-SSC Sp800- 56Ar3 (A5061)KATCASTOn DemandManual
KAS-ECC-SSC Sp800- 56Ar3 (A5061)KAS-ECC-SSC Sp800- 56Ar3 (A5061)KATCASTOn DemandManual
RSA SigGen (FIPS186-5) (A5061)RSA SigGen (FIPS186-5) (A5061)KATCASTOn DemandManual
RSA SigVer (FIPS186-5) (A5061)RSA SigVer (FIPS186-5) (A5061)KATCASTOn DemandManual
RSA KeyGen (FIPS186- 4) (A5061)RSA KeyGen (FIPS186- 4) (A5061)KATCASTOn DemandManual
SHA3-256 (A4087)SHA3-256 (A4087)KATCASTOn DemandManual
KDF SRTP (A5063)KDF SRTP (A5063)STRP KDF KATCASTOn DemandManual
HMAC-SHA-1 (A5063)HMAC-SHA-1 (A5063)KATCASTOn DemandManual
AES-CBC (A5063)AES-CBC (A5063)KATCASTOn DemandManual
KDF IKEv1 (A5062)KDF IKEv1 (A5062)KATCASTOn DemandManual
KDF SSH (A5064)KDF SSH (A5064)KATCASTOn DemandManual
KDF TLS (A5065)KDF TLS (A5065)KATCASTOn DemandManual
ECDSA KeyGen (FIPS186-5) (A5061)ECDSA KeyGen (FIPS186-5) (A5061)PCTPCTOn DemandManual
RSA KeyGen (FIPS186- 5) (A5061)RSA KeyGen (FIPS186- 5) (A5061)PCTPCTOn DemandManual
DH Key GenerationDH Key GenerationPCTPCTOn DemandManual
ECDH Key GenerationECDH Key GenerationPCTPCTOn DemandManual
PBKDF (A5061)PBKDF (A5061)KATCASTOn DemandManual

July 8, 2025 Table 29: Pre-Operational Periodic Information Table 30: Conditional Periodic Information SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 57
Service
NameDescriptionRole AccessIndicator
Soft ErrorUpon failure of the conditional firmware load testFailure of the conditional firmware load testlog file entry / console messageReject firmware load operation.
Critical ErrorUpon failure of any other pre- operational self-test or conditional self-testFailure of any other pre-operational self-test or conditional self-testlog file entry / console messageReboot or reload module

10.4 July 8, 2025 Error States The table below describes the error states and status indicators of the module. 10.5 Table 31: Error States Operator Initiation of Self-Tests The operator may initiate self-tests on demand by issuing the reboot command or power cycling the module’s VM or host server. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 58

July 8, 2025 11. Life-Cycle Assurance 11.1 Installation, Initialization, and Startup Procedures

11.1.1 Secure Installation

The module is in an unconfigured operational state upon the initial power-up. The Crypto Officer shall be responsible for all initial setup activities, including configuring the virtual machine, installing the guest operating system, and installing the SBC SWe application software. For detailed guidance regarding these activities, please see the SBC Core 10.1.x Documentation webpage on Ribbon’s online Documentation and Support Portal and refer to the following document entries:

11.1.2 Initialization

Prior to initializing the module for operation in the Approved mode, SNMPv3 must be reconfigured. All trap targets with securityLevel set for authPriv and authNoPriv must be disabled. The following steps using the CLI provide an example: % show oam snmp trapTarget EMS_-10.54.71.176 ipAddress 10.54.71.176; port 162; trapType v3; targetUsername emstrapuser; SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 59

July 8, 2025 targetSecurityLevel authPriv; state enabled; % set oam snmp trapTarget EMS_-10.54.71.176 state disabled % commit To initialize the module for operation in the Approved mode, the CO may use the CLI or the EMA. The sections below describe these initialization methods. 11.1.2.1 Initialization using CLI When using the CLI, the CO shall complete the following procedure:

  1. Log in to the CLI using the default username “admin” and password “admin”.
  2. Switch to “configure private” mode using the following command: > configure private
  3. Execute the following commands: % set profiles security tlsProfile defaultTlsProfile v1_0 disabled v1_1 disabled v1_2 enabled % set profiles security EmaTlsProfile defaultEmaTlsProfile v1_0 disabled v1_1 disabled v1_2 enabled % set profiles security ikeProtectionProfile AesSha1IkeProfile algorithms dhGroup modp2048 % set oam snmp version v3only % set system admin <system_name> fips-140-3 mode enabled % commit NOTE: Once the “fips-140-3 mode” is set to ‘enabled’, it cannot be disabled through the configuration. A fresh software installation is required to set the operational mode back to ‘disabled’. Setting “fips-140-3 mode” to ‘enabled’ accomplishes the following: • • • regenerates all SSH keys. regenerates encryption keys used by the system configuration database. zeroizes all persistent CSPs from the system and causes the server to reboot after confirmation. 11.1.2.2 Initialization using EMA + CLI The EMA does not include all of the commands necessary to enable/disable the Approved mode. The user must use the CLI to complete the procedure. When using the EMA and CLI, the CO shall complete the following procedure:
  4. Log in to the EMA using the default username “admin” and password “admin”.
  5. Navigate to All -> Profiles -> Security -> TLS Profile. The TLS Profile window is displayed, with the TLS Profile List pane.
  6. Select the radio button corresponding to the defaultTlsProfile. The Edit Selected TLS Profile pane is displayed.
  7. Set the fields V1_0 and V1_1 to “Disabled”. Set the field V1_2 to “Enabled”. Click Save to save the changes.
  8. Navigate to All -> Profiles -> Security -> EMA TLS Profile. The EMA TLS Profile window is displayed, with the EMA TLS Profile List pane.
  9. Select the radio button corresponding to the defaultEmaTlsProfile. The Edit Selected EMA TLS Profile pane is displayed.
  10. Set the fields V1_0 and V1_1 to “Disabled”. Set the field V1_2 to “Enabled”. Click Save to save the changes.
  11. Navigate to All -> OAM -> Snmp. The Snmp window is displayed, with the Edit Snmp pane. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 60

July 8, 2025

  1. Set the Version field to “V3only”. Click Save to save the changes.
  2. Log in to the CLI and execute the following commands: % set system admin <system_name> fips-140-3 mode enabled % commit Setting “fips-140-3 mode” to ‘enabled’ accomplishes the following: • • • regenerates all SSH keys. regenerates encryption keys used by the system configuration database. zeroizes all persistent CSPs from the system and causes the server to reboot after confirmation.
11.1.3 Startup

After completion and confirmation of the above steps, the module’s VM will reboot. After this reboot, and on all subsequent reboots, the module will be operating in its Approved mode. The following steps are required for module startup. 11.1.3.1 Restoring EMA in Platform Mode To restore service to the EMA in Platform Mode after “fips-140-3 mode” is set to ‘enabled’, CA certificates and newly-generated SBC certificates must be imported using the CLI. • Import CA Certificates – Use the following procedure to import up to twenty CA certificates and associate them with the EmaTlsProfile named "defaultEmaTlsProfile." > configure private % set system security pki certificate intermediateCaCert fileName intCaCert.der state enabled type remote % set system security pki certificate rootCaCert fileName rootCaCert.der state enabled type remote % commit % set profiles security EmaTlsProfile defaultEmaTlsProfile ClientCaCert intermediateCaCert % set profiles security EmaTlsProfile defaultEmaTlsProfile ClientCaCert rootCaCert % commit • Import SBC Certificates – The SBC enables importing SBC server certificates generated with either of two different methods: those generated externally and those generated locally in the SBC. Use the following procedure to import an externally-generated SBC key and certificate in PKCS#12 format:

  1. Transfer the PKCS#12 formatted key/certificate file to the SBC and save it as opt/sonus/external/<filename>.p12.
  2. Install the certificate using the following steps (the following example uses a certificate named "sbxCert.p12" with a passPhrase "sonus"): > configure private % set system security pki certificate sbxCert fileName sbxCert.p12 passPhrase sonus state enabled type local % commit % set profiles security EmaTlsProfile defaultEmaTlsProfile serverCertName sbxCert % commit SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 61
After “fips-140-3 mode” is set to ‘enabled’, the SNMP Authentication Keys and SNMPv3 Privacy Keys must be
reconfigured for all SNMPv3 users (this applies to all SNMPv3 users for authPriv/authNoPriv security level trap
targets).
1. Use the following CLI commands to reconfigure the keys:
% set oam snmp users <username> authKey <colon separated hex string>
% set oam snmp users <username> privKey <colon separated hex string>
% commit
2. Enable the authPriv/authNoPriv trap targets:
% set oam snmp trapTarget <trap_target_name> state enabled
% commit

July 8, 2025 Use the following procedure to generate an SBC key and CSR locally in the SBC, and then import as a PEM externally-signed certificate: The CO shall ensure that only keys providing at least 112 bits of encryption strength are used for signing certificate requests.

  1. Generate a CSR: > configure private % set system security pki certificate sbxCert type local-internal % exit > request system security pki certificate sbxCert generateCSR keySize keySize2K csrSub "/C=US/ST=MA/L=Westford/O=Sonus Networks Inc./CN=www.sonusnet.com"
  2. Copy the CSR output from the request in step 1 and obtain a signed certificate in a PEM formatted file from the appropriate Certificate Authority.
  3. Transfer the certificate to the SBC and save it as /opt/sonus/external/<filename>.pem.
  4. Install the certificate using the following steps (the following example uses the certificate file name "sbxCert.pem"): > configure private % set system security pki certificate sbxCert fileName sbxCert.pem % set profiles security EmaTlsProfile defaultEmaTlsProfile serverCertName sbxCert 11.1.3.2 11.2 Administrator Guidance The Crypto Officer is responsible for initialization and security-relevant configuration and management of the module. Once the module is properly configured, the Crypto Officer is responsible for maintaining and monitoring the status of the module to ensure that it is running in its Approved mode. For details regarding the general management of the module, please refer to the appropriate entries on Ribbon’s SBC Core 10.1.x Documentation webpage. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.
Page 62
11.2.1 Status Information

Operational mode status of the module can be viewed by navigating to Administration -> Users and Application Management -> Fips-140-3 from the SBC main screen via the EMA and selecting the desired SBC system from the dropdown menu. When running in Approved mode, the radio button marked “Enabled” will be selected. The Crypto Officer shall monitor the module’s status regularly. If any irregular activity is noticed, or the module is consistently reporting errors, customers should contact Ribbon Customer Support.

11.2.2 Versioning Information

The module’s versioning information can be viewed by navigating to Monitoring -> Dashboard -> System Status from the SBC main screen via the EMA. The System Status window display will include the hardware type and SBC application version, which can be correlated with the module name and software version (respectively) on the module’s validation record.

11.2.3 Software Loading

Procedures for loading a new module image can be found under the appropriate entries on Ribbon’s Upgrading SBC Core Software webpage.

11.2.4 High Availability Configuration

When configuring the module for high availability, the VMs for the active instance and the standby instance must reside on the same physical host for operation in the Approved mode. For connection details, refer to the instructions found under the online document entry “Setting Up Logical Connection Between High Availability Nodes”.

11.2.5 Additional Administrator Policies and Guidance

This section notes additional policies below that must be followed by the CO:

Page 63
Page 64

July 8, 2025 12. Mitigation of Other Attacks The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Therefore, per ISO/IEC 19790:2012 section 7.12, requirements for this section are not applicable. SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc.

Page 65
Acronyms
NameTermDefinition
AESAESAdvanced Encryption Standard
CBCCBCCipher Block Chaining
CCCSCCCSCanadian Centre for Cyber Security
CMVPCMVPCryptographic Module Validation Program
COCOCryptographic Officer
CPUCPUCentral Processing Unit
CTRCTRCounter
CVLCVLComponent Validation List
DESDESData Encryption Standard
DHDHDiffie-Hellman
DRBGDRBGDeterministic Random Bit Generator
ECBECBElectronic Code Book
ECC CDHECC CDHElliptic Curve Cryptography Cofactor Diffie-Hellman
ECDHECDHElliptic Curve Diffie-Hellman
ECDSAECDSAElliptic Curve Digital Signature Algorithm
EMI/EMCEMI/EMCElectromagnetic Interference /Electromagnetic Compatibility
FIPSFIPSFederal Information Processing Standard
GCMGCMGalois/Counter Mode
GMACGMACGalois Message Authentication Code
GPCGPCGeneral-Purpose Computer
HMACHMAC(keyed-) Hash Message Authentication Code
KASKASKey Agreement Scheme
KATKATKnown Answer Test
KTSKTSKey Transport Scheme
KWKWKey Wrap
KWPKWPKey Wrap with Padding
NISTNISTNational Institute of Standards and Technology
OSOSOperating System
PCTPCTPairwise Consistency Test
PKCSPKCSPublic Key Cryptography Standard
PSSPSSProbabilistic Signature Scheme
RNGRNGRandom Number Generator
RSARSARivest, Shamir, and Adleman
SHASHASecure Hash Algorithm
SHSSHSSecure Hash Standard
SPSPSpecial Publication

Appendix A. Acronyms and Abbreviations Table 32 provides definitions for the acronyms and abbreviations used in this document. Table 32. Acronyms and Abbreviations SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc. July 8, 2025

Page 66

SBC SWe Session Border Controller 10.01.06 ©2025 Ribbon Communications, Inc. July 8, 2025

Page 67

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com Web: www.corsec.com

Referenced URLs